Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/d5cc4a-d266-40e6-88f9-d91484eb0c38/1/GAmVA6t-D-FFxXbwPrnr_RENf6Q.roa
File:                     GAmVA6t-D-FFxXbwPrnr_RENf6Q.roa (raw, json)
Hash identifier:          XeZwS4x8ksnMz5eJDqtAOrLJUVJVEr2NJQUwGoWnHNY=
Subject key identifier:   18:09:95:03:AB:7E:0F:E1:45:C5:76:F0:3E:B9:EB:FD:11:0D:7F:A4
Certificate issuer:       /CN=6a6fdd2fd42fabf872720952468d29634c68c9dc
Certificate serial:       018EC8B1EA0BBC29C23267331BE7DD62CBC8
Authority key identifier: 6A:6F:DD:2F:D4:2F:AB:F8:72:72:09:52:46:8D:29:63:4C:68:C9:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/am_dL9Qvq_hycglSRo0pY0xoydw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/d5cc4a-d266-40e6-88f9-d91484eb0c38/1/GAmVA6t-D-FFxXbwPrnr_RENf6Q.roa
Signing time:             Wed 10 Apr 2024 15:48:06 +0000
ROA not before:           Wed 10 Apr 2024 15:48:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201118
IP address blocks:        185.85.120.0/24 maxlen: 24
                          185.85.121.0/24 maxlen: 24
                          185.85.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/d5cc4a-d266-40e6-88f9-d91484eb0c38/1/am_dL9Qvq_hycglSRo0pY0xoydw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/d5cc4a-d266-40e6-88f9-d91484eb0c38/1/am_dL9Qvq_hycglSRo0pY0xoydw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/am_dL9Qvq_hycglSRo0pY0xoydw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c8:b1:ea:0b:bc:29:c2:32:67:33:1b:e7:dd:62:cb:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a6fdd2fd42fabf872720952468d29634c68c9dc
        Validity
            Not Before: Apr 10 15:48:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18099503ab7e0fe145c576f03eb9ebfd110d7fa4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:76:f8:f0:40:0a:ae:85:98:8b:16:10:52:36:
                    d5:4b:72:d9:e5:92:3e:04:1d:77:1f:75:d7:30:9d:
                    f2:7e:13:21:fb:f0:15:c5:b8:9a:9a:c1:90:97:81:
                    ff:ac:bf:5d:09:a4:6c:a7:b5:43:09:42:e1:98:c0:
                    95:d7:9c:a0:21:a4:19:62:56:c0:8d:b9:1c:ad:37:
                    66:1f:8d:08:b1:a3:40:90:3d:d5:96:9e:dc:0e:25:
                    1c:d0:1b:c5:60:6d:e8:d1:d4:2c:4f:2d:d7:a9:42:
                    23:22:f4:68:14:77:8a:d3:1c:63:73:7c:be:4f:d6:
                    39:4c:be:c5:8e:98:97:42:0b:e1:33:3d:0c:7b:3a:
                    bc:86:40:cb:82:d3:64:f6:7f:8c:b3:c8:3d:56:18:
                    39:e6:8f:42:67:34:60:c6:75:8b:3f:df:e4:4a:c7:
                    24:b2:8f:43:87:e5:ae:96:62:db:28:43:3f:52:ef:
                    03:ec:05:0f:bf:d5:42:be:72:2c:80:e4:4c:64:e8:
                    aa:66:bd:60:e5:09:a1:ff:a1:a9:61:53:a6:b2:17:
                    a3:03:12:98:20:aa:10:09:8a:d7:3e:7d:c2:dc:85:
                    77:2e:41:21:6b:de:1c:70:23:8d:81:62:f0:72:ef:
                    df:14:c2:94:a7:a5:01:1c:34:3a:1a:0b:50:1c:5a:
                    88:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:09:95:03:AB:7E:0F:E1:45:C5:76:F0:3E:B9:EB:FD:11:0D:7F:A4
            X509v3 Authority Key Identifier:
                keyid:6A:6F:DD:2F:D4:2F:AB:F8:72:72:09:52:46:8D:29:63:4C:68:C9:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/am_dL9Qvq_hycglSRo0pY0xoydw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/d5cc4a-d266-40e6-88f9-d91484eb0c38/1/GAmVA6t-D-FFxXbwPrnr_RENf6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/d5cc4a-d266-40e6-88f9-d91484eb0c38/1/am_dL9Qvq_hycglSRo0pY0xoydw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.85.120.0/23
                  185.85.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:b6:66:3c:aa:f3:40:cd:56:b4:0d:b9:0d:2e:b0:85:ee:e4:
         9a:a4:35:e8:2a:1a:cc:4a:5d:c4:01:2a:31:0f:0d:c4:59:11:
         26:85:2d:3d:15:62:22:82:ed:cc:d6:eb:bf:e1:72:15:75:5b:
         d6:b5:30:e7:a1:fb:25:00:a0:c0:88:3f:ee:fa:6f:16:a8:39:
         88:03:a8:2c:90:ac:22:37:08:34:53:54:e8:a0:b2:fa:cc:e0:
         c3:26:96:df:ed:98:f2:61:63:98:28:63:6a:69:6f:7d:32:94:
         a3:69:58:94:02:98:e4:d2:98:a8:36:78:db:5f:0b:47:98:83:
         e5:4d:49:7f:b6:2c:6e:61:a6:68:d3:24:8f:49:96:86:58:09:
         7f:23:39:f7:49:6f:90:7a:1b:99:e4:d6:6d:fc:a4:c5:bf:7f:
         1f:78:2b:c0:1f:86:51:c6:0c:c3:e1:b4:8c:d9:02:83:d3:76:
         64:18:f5:35:28:6d:88:1b:2b:9d:d7:06:5e:04:ce:8d:7f:55:
         9a:6f:7a:f8:bf:07:73:2f:28:b9:70:5b:5d:92:8b:fa:fd:bd:
         b8:e5:0d:1e:51:25:7b:08:f4:8f:7a:6c:73:37:30:80:e0:7d:
         e3:a3:5b:1d:26:02:82:a7:4d:b5:ef:70:95:b0:95:31:41:4e:
         82:33:0c:61
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7IseoLvCnCMmczG+fdYsvIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNmZkZDJmZDQyZmFiZjg3MjcyMDk1MjQ2OGQyOTYzNGM2
OGM5ZGMwHhcNMjQwNDEwMTU0ODA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODA5OTUwM2FiN2UwZmUxNDVjNTc2ZjAzZWI5ZWJmZDExMGQ3ZmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3b48EAKroWYixYQUjbVS3LZ5ZI+
BB13H3XXMJ3yfhMh+/AVxbiamsGQl4H/rL9dCaRsp7VDCULhmMCV15ygIaQZYlbA
jbkcrTdmH40IsaNAkD3Vlp7cDiUc0BvFYG3o0dQsTy3XqUIjIvRoFHeK0xxjc3y+
T9Y5TL7FjpiXQgvhMz0Mezq8hkDLgtNk9n+Ms8g9Vhg55o9CZzRgxnWLP9/kSsck
so9Dh+WulmLbKEM/Uu8D7AUPv9VCvnIsgORMZOiqZr1g5Qmh/6GpYVOmshejAxKY
IKoQCYrXPn3C3IV3LkEha94ccCONgWLwcu/fFMKUp6UBHDQ6GgtQHFqI9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBgJlQOrfg/hRcV28D656/0RDX+kMB8GA1UdIwQY
MBaAFGpv3S/UL6v4cnIJUkaNKWNMaMncMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYW1fZEw5UXZxX2h5Y2dsU1JvMHBZMHhveWR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9kNWNjNGEtZDI2Ni00MGU2LTg4Zjkt
ZDkxNDg0ZWIwYzM4LzEvR0FtVkE2dC1ELUZGeFhid1BybnJfUkVOZjZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9kNWNjNGEtZDI2Ni00MGU2LTg4ZjktZDkxNDg0ZWIwYzM4
LzEvYW1fZEw5UXZxX2h5Y2dsU1JvMHBZMHhveWR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuVV4AwQA
uVV7MA0GCSqGSIb3DQEBCwUAA4IBAQAztmY8qvNAzVa0DbkNLrCF7uSapDXoKhrM
Sl3EASoxDw3EWREmhS09FWIigu3M1uu/4XIVdVvWtTDnofslAKDAiD/u+m8WqDmI
A6gskKwiNwg0U1TooLL6zODDJpbf7ZjyYWOYKGNqaW99MpSjaViUApjk0pioNnjb
XwtHmIPlTUl/tixuYaZo0ySPSZaGWAl/Izn3SW+QehuZ5NZt/KTFv38feCvAH4ZR
xgzD4bSM2QKD03ZkGPU1KG2IGyud1wZeBM6Nf1Wab3r4vwdzLyi5cFtdkov6/b24
5Q0eUSV7CPSPemxzNzCA4H3jo1sdJgKCp02173CVsJUxQU6CMwxh
-----END CERTIFICATE-----