Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/0d2be9-da0b-4672-9b14-87314df7deb4/1/N0UQ4LJ_Og6ZvvzbOU2iK8C8UdI.roa
File:                     N0UQ4LJ_Og6ZvvzbOU2iK8C8UdI.roa (raw, json)
Hash identifier:          ca6pNVpPfIaLTZYiE6tqUIJ35sDGh17EPtcuZHAu9a0=
Subject key identifier:   37:45:10:E0:B2:7F:3A:0E:99:BE:FC:DB:39:4D:A2:2B:C0:BC:51:D2
Certificate issuer:       /CN=f6982561d2da17902f83effe132499f82d52f163
Certificate serial:       018CC4255FCAFBD14DE969D59AD3049626F4
Authority key identifier: F6:98:25:61:D2:DA:17:90:2F:83:EF:FE:13:24:99:F8:2D:52:F1:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9pglYdLaF5Avg-_-EySZ-C1S8WM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/0d2be9-da0b-4672-9b14-87314df7deb4/1/N0UQ4LJ_Og6ZvvzbOU2iK8C8UdI.roa
Signing time:             Mon 01 Jan 2024 08:30:32 +0000
ROA not before:           Mon 01 Jan 2024 08:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13204
IP address blocks:        185.116.152.0/24 maxlen: 24
                          185.116.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/0d2be9-da0b-4672-9b14-87314df7deb4/1/9pglYdLaF5Avg-_-EySZ-C1S8WM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/0d2be9-da0b-4672-9b14-87314df7deb4/1/9pglYdLaF5Avg-_-EySZ-C1S8WM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9pglYdLaF5Avg-_-EySZ-C1S8WM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5f:ca:fb:d1:4d:e9:69:d5:9a:d3:04:96:26:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6982561d2da17902f83effe132499f82d52f163
        Validity
            Not Before: Jan  1 08:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=374510e0b27f3a0e99befcdb394da22bc0bc51d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:c0:0a:28:05:d8:12:cc:8e:9e:40:ea:96:b9:
                    60:04:60:08:54:ce:82:4e:fe:68:01:30:79:e5:a4:
                    e5:4d:cd:d6:7d:20:f8:74:b4:a9:f5:29:fd:9d:be:
                    b8:6e:e9:22:06:3e:b5:a8:fc:3d:b6:53:9b:e6:2d:
                    62:48:30:30:26:79:e5:cc:ba:6e:15:f6:57:a2:84:
                    37:e0:55:82:05:a7:18:71:03:96:e1:f1:ce:e4:52:
                    ba:93:8c:e8:a8:e9:37:2d:b6:36:ad:f6:60:c4:ba:
                    5d:a6:00:28:46:a1:77:10:ca:fb:3a:2b:ec:ac:1d:
                    42:d7:ad:cb:ff:81:a6:4c:4b:07:34:8e:7d:43:7c:
                    ea:2e:01:88:ee:2b:af:ca:05:9b:12:2c:36:cb:da:
                    e6:55:61:3f:7c:b0:18:4b:53:73:17:69:2f:7e:de:
                    56:86:87:12:0a:9c:d3:41:96:d4:78:23:01:32:00:
                    3b:f6:dc:10:13:a3:43:7c:d0:3f:d8:cb:aa:10:74:
                    59:13:7b:75:0f:b6:ad:04:42:ef:31:c6:b3:1d:5b:
                    db:5d:c6:86:b2:c7:a7:eb:15:f5:96:f4:e3:ce:72:
                    8c:5c:b8:d8:89:87:04:8e:ae:51:3f:bb:36:7f:c9:
                    57:76:2f:f6:3a:6a:59:f9:26:e1:ef:18:17:e3:51:
                    ca:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:45:10:E0:B2:7F:3A:0E:99:BE:FC:DB:39:4D:A2:2B:C0:BC:51:D2
            X509v3 Authority Key Identifier:
                keyid:F6:98:25:61:D2:DA:17:90:2F:83:EF:FE:13:24:99:F8:2D:52:F1:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9pglYdLaF5Avg-_-EySZ-C1S8WM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/0d2be9-da0b-4672-9b14-87314df7deb4/1/N0UQ4LJ_Og6ZvvzbOU2iK8C8UdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/0d2be9-da0b-4672-9b14-87314df7deb4/1/9pglYdLaF5Avg-_-EySZ-C1S8WM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.116.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:5b:64:2b:e3:df:2e:46:87:ab:09:70:54:b8:4b:d9:1a:dc:
         ca:61:92:4a:5b:5d:78:00:42:81:b8:69:0f:ab:8d:c2:44:f1:
         14:e3:9f:b3:54:64:86:16:9c:8b:52:eb:1a:9e:24:8a:fb:a1:
         58:51:40:82:47:be:b6:31:96:0f:6f:b5:82:4e:9f:f3:43:a5:
         4b:28:27:7e:6a:82:17:e8:8e:81:23:c9:2d:7f:a2:45:72:73:
         3b:d6:ce:38:af:2b:a8:2a:f4:44:e7:44:4b:b4:62:30:0c:8a:
         63:f5:e2:71:c0:69:9b:59:fd:df:30:d7:7d:be:89:3f:7f:b3:
         12:0f:7b:db:b9:d1:9f:36:81:4d:d9:00:27:c6:2c:c6:d9:6f:
         c9:22:0f:5e:ec:62:bb:fb:79:b2:0a:eb:7c:1c:7a:d0:42:85:
         61:9b:86:39:be:30:d1:77:3c:93:eb:98:b0:2d:60:39:09:18:
         3e:52:28:0b:45:2a:28:15:54:fe:eb:ed:5c:e8:e0:6d:21:a3:
         ec:fe:6d:df:14:02:4a:dc:54:13:61:7a:18:33:dc:08:19:75:
         0d:c7:f9:43:1c:99:2c:7a:cd:df:ba:c2:12:36:df:97:0d:59:
         9e:67:65:6f:27:3d:7a:0c:0c:5b:a2:24:98:5b:eb:02:d0:f7:
         56:0e:cc:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJV/K+9FN6WnVmtMElib0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2OTgyNTYxZDJkYTE3OTAyZjgzZWZmZTEzMjQ5OWY4MmQ1
MmYxNjMwHhcNMjQwMTAxMDgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzQ1MTBlMGIyN2YzYTBlOTliZWZjZGIzOTRkYTIyYmMwYmM1MWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMAKKAXYEsyOnkDqlrlgBGAIVM6C
Tv5oATB55aTlTc3WfSD4dLSp9Sn9nb64bukiBj61qPw9tlOb5i1iSDAwJnnlzLpu
FfZXooQ34FWCBacYcQOW4fHO5FK6k4zoqOk3LbY2rfZgxLpdpgAoRqF3EMr7Oivs
rB1C163L/4GmTEsHNI59Q3zqLgGI7iuvygWbEiw2y9rmVWE/fLAYS1NzF2kvft5W
hocSCpzTQZbUeCMBMgA79twQE6NDfNA/2MuqEHRZE3t1D7atBELvMcazHVvbXcaG
ssen6xX1lvTjznKMXLjYiYcEjq5RP7s2f8lXdi/2OmpZ+Sbh7xgX41HKgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDdFEOCyfzoOmb782zlNoivAvFHSMB8GA1UdIwQY
MBaAFPaYJWHS2heQL4Pv/hMkmfgtUvFjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXBnbFlkTGFGNUF2Zy1fLUV5U1otQzFTOFdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi8wZDJiZTktZGEwYi00NjcyLTliMTQt
ODczMTRkZjdkZWI0LzEvTjBVUTRMSl9PZzZadnZ6Yk9VMmlLOEM4VWRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi8wZDJiZTktZGEwYi00NjcyLTliMTQtODczMTRkZjdkZWI0
LzEvOXBnbFlkTGFGNUF2Zy1fLUV5U1otQzFTOFdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXSYMA0G
CSqGSIb3DQEBCwUAA4IBAQB0W2Qr498uRoerCXBUuEvZGtzKYZJKW114AEKBuGkP
q43CRPEU45+zVGSGFpyLUusaniSK+6FYUUCCR762MZYPb7WCTp/zQ6VLKCd+aoIX
6I6BI8ktf6JFcnM71s44ryuoKvRE50RLtGIwDIpj9eJxwGmbWf3fMNd9vok/f7MS
D3vbudGfNoFN2QAnxizG2W/JIg9e7GK7+3myCut8HHrQQoVhm4Y5vjDRdzyT65iw
LWA5CRg+UigLRSooFVT+6+1c6OBtIaPs/m3fFAJK3FQTYXoYM9wIGXUNx/lDHJks
es3fusISNt+XDVmeZ2VvJz16DAxboiSYW+sC0PdWDszD
-----END CERTIFICATE-----