Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/eb874a-892c-4c93-984a-c87ca9f2b95f/1/KwI6QXa2bH3b3_NHnDH5O8uJKFc.roa
File:                     KwI6QXa2bH3b3_NHnDH5O8uJKFc.roa (raw, json)
Hash identifier:          uuN0Qq/UG8z3JCbI6p8x0JzwjnuMOKNBkhwzueDRMHc=
Subject key identifier:   2B:02:3A:41:76:B6:6C:7D:DB:DF:F3:47:9C:31:F9:3B:CB:89:28:57
Certificate issuer:       /CN=0203616ca2f9aefa70c3914cce90dce09706cfbb
Certificate serial:       018CC86F45B15C7C4B023EC47DD44566CB3C
Authority key identifier: 02:03:61:6C:A2:F9:AE:FA:70:C3:91:4C:CE:90:DC:E0:97:06:CF:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AgNhbKL5rvpww5FMzpDc4JcGz7s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/eb874a-892c-4c93-984a-c87ca9f2b95f/1/KwI6QXa2bH3b3_NHnDH5O8uJKFc.roa
Signing time:             Tue 02 Jan 2024 04:29:44 +0000
ROA not before:           Tue 02 Jan 2024 04:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25885
IP address blocks:        185.249.164.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/eb874a-892c-4c93-984a-c87ca9f2b95f/1/AgNhbKL5rvpww5FMzpDc4JcGz7s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/eb874a-892c-4c93-984a-c87ca9f2b95f/1/AgNhbKL5rvpww5FMzpDc4JcGz7s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AgNhbKL5rvpww5FMzpDc4JcGz7s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:45:b1:5c:7c:4b:02:3e:c4:7d:d4:45:66:cb:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0203616ca2f9aefa70c3914cce90dce09706cfbb
        Validity
            Not Before: Jan  2 04:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b023a4176b66c7ddbdff3479c31f93bcb892857
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:2c:42:d2:fd:31:47:18:cc:a1:d7:bc:8f:73:
                    f2:34:88:bf:d5:37:30:a9:53:58:26:f9:d6:ad:2a:
                    7b:97:46:d0:8d:3e:27:bd:aa:f3:7b:79:4a:e9:78:
                    70:53:f5:16:dc:83:c8:de:53:a5:00:e6:87:e9:1d:
                    2a:f8:56:18:2a:b1:77:c4:2a:51:2f:e6:1d:ad:41:
                    83:e3:59:47:d9:bf:9f:ca:0f:d0:1b:27:8e:f7:01:
                    f2:80:0e:49:2c:dc:cf:b6:9a:99:a3:90:c6:52:3b:
                    db:f5:13:f7:df:ec:a6:8d:68:ef:e7:2f:a6:42:d1:
                    27:90:0b:7f:35:53:02:7e:f6:02:65:c3:03:92:30:
                    d1:b0:91:16:f8:2c:c8:fe:be:3f:14:6b:b4:8f:0f:
                    00:f0:8b:5b:43:f4:65:09:b7:f3:cb:1e:7c:eb:f7:
                    30:cf:a2:ff:57:b7:e9:f7:3e:02:b4:53:41:1b:f0:
                    45:e9:bd:5c:28:55:84:ca:20:90:f2:9a:02:d2:c0:
                    7e:62:49:11:b3:d5:b5:3e:f3:bc:d7:df:a3:a5:a5:
                    5c:69:a0:6b:e7:9d:28:40:f4:45:9c:a9:a7:f2:af:
                    fe:19:e2:23:55:01:df:9c:58:cf:df:64:fb:7d:f9:
                    23:df:9d:03:27:ca:94:82:c8:cc:0a:68:c0:e1:fc:
                    5f:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:02:3A:41:76:B6:6C:7D:DB:DF:F3:47:9C:31:F9:3B:CB:89:28:57
            X509v3 Authority Key Identifier:
                keyid:02:03:61:6C:A2:F9:AE:FA:70:C3:91:4C:CE:90:DC:E0:97:06:CF:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AgNhbKL5rvpww5FMzpDc4JcGz7s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/eb874a-892c-4c93-984a-c87ca9f2b95f/1/KwI6QXa2bH3b3_NHnDH5O8uJKFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/eb874a-892c-4c93-984a-c87ca9f2b95f/1/AgNhbKL5rvpww5FMzpDc4JcGz7s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:20:ae:87:d4:d7:8b:03:ed:92:98:67:f6:e2:59:ae:8e:b1:
         91:69:cb:ec:d6:2b:3d:ec:ec:3c:e3:4e:e8:eb:f4:a8:35:bc:
         b6:f9:4c:b5:14:a6:c8:3f:0c:ff:14:8c:73:d8:09:93:0c:43:
         6b:fa:d5:d6:f0:99:de:4f:1c:a3:26:e5:79:05:c5:3d:6f:d1:
         44:34:a4:70:c5:29:50:84:8b:db:94:4a:4b:25:54:f5:90:18:
         b1:7f:22:08:13:fb:5c:1f:36:45:7e:44:73:3b:dd:48:79:8c:
         8d:bf:aa:c4:49:df:93:5b:3c:2b:bd:34:46:ce:03:97:cc:b0:
         18:e9:06:bc:08:47:89:17:d6:10:71:6c:51:55:e2:bd:f3:72:
         78:95:12:8e:a5:34:24:b7:35:5c:89:7c:c8:a3:7b:f9:a9:6f:
         04:3b:3c:2e:0a:56:87:98:00:ad:35:92:a7:a1:a5:36:48:b3:
         42:8f:8f:f9:06:1c:d9:20:84:6d:81:e8:cb:4d:7a:8f:7a:a3:
         98:7b:03:ea:62:ce:0e:91:ff:50:85:07:58:74:d0:52:61:8c:
         91:3b:24:3f:c5:39:05:4c:fb:79:32:c5:bc:22:06:88:91:ca:
         af:70:42:5d:2f:4d:db:09:b6:60:1b:2d:12:37:d7:9a:61:1b:
         0e:80:41:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb0WxXHxLAj7EfdRFZss8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyMDM2MTZjYTJmOWFlZmE3MGMzOTE0Y2NlOTBkY2UwOTcw
NmNmYmIwHhcNMjQwMTAyMDQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjAyM2E0MTc2YjY2YzdkZGJkZmYzNDc5YzMxZjkzYmNiODkyODU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2yxC0v0xRxjMode8j3PyNIi/1Tcw
qVNYJvnWrSp7l0bQjT4nvarze3lK6XhwU/UW3IPI3lOlAOaH6R0q+FYYKrF3xCpR
L+YdrUGD41lH2b+fyg/QGyeO9wHygA5JLNzPtpqZo5DGUjvb9RP33+ymjWjv5y+m
QtEnkAt/NVMCfvYCZcMDkjDRsJEW+CzI/r4/FGu0jw8A8ItbQ/RlCbfzyx586/cw
z6L/V7fp9z4CtFNBG/BF6b1cKFWEyiCQ8poC0sB+YkkRs9W1PvO819+jpaVcaaBr
550oQPRFnKmn8q/+GeIjVQHfnFjP32T7ffkj350DJ8qUgsjMCmjA4fxfNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCsCOkF2tmx929/zR5wx+TvLiShXMB8GA1UdIwQY
MBaAFAIDYWyi+a76cMORTM6Q3OCXBs+7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWdOaGJLTDVydnB3dzVGTXpwRGM0SmNHejdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9lYjg3NGEtODkyYy00YzkzLTk4NGEt
Yzg3Y2E5ZjJiOTVmLzEvS3dJNlFYYTJiSDNiM19OSG5ESDVPOHVKS0ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9lYjg3NGEtODkyYy00YzkzLTk4NGEtYzg3Y2E5ZjJiOTVm
LzEvQWdOaGJLTDVydnB3dzVGTXpwRGM0SmNHejdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufmkMA0G
CSqGSIb3DQEBCwUAA4IBAQATIK6H1NeLA+2SmGf24lmujrGRacvs1is97Ow8407o
6/SoNby2+Uy1FKbIPwz/FIxz2AmTDENr+tXW8JneTxyjJuV5BcU9b9FENKRwxSlQ
hIvblEpLJVT1kBixfyIIE/tcHzZFfkRzO91IeYyNv6rESd+TWzwrvTRGzgOXzLAY
6Qa8CEeJF9YQcWxRVeK983J4lRKOpTQktzVciXzIo3v5qW8EOzwuClaHmACtNZKn
oaU2SLNCj4/5BhzZIIRtgejLTXqPeqOYewPqYs4Okf9QhQdYdNBSYYyROyQ/xTkF
TPt5MsW8IgaIkcqvcEJdL03bCbZgGy0SN9eaYRsOgEG8
-----END CERTIFICATE-----