Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/2456e5-61dd-4ae3-a24f-b852bd8123f0/1/6J-J8LZo94z6gE063U9AgVwDGt4.roa
File:                     6J-J8LZo94z6gE063U9AgVwDGt4.roa (raw, json)
Hash identifier:          8BoZffFQcM/CGtS3sVHPCj980ZnJQQvhJUUCSHQzeWw=
Subject key identifier:   E8:9F:89:F0:B6:68:F7:8C:FA:80:4D:3A:DD:4F:40:81:5C:03:1A:DE
Certificate issuer:       /CN=3d70fe1d75f7da76d2e3dc344fb1f0b0b69de001
Certificate serial:       018CC7951C748D5295F9FC9014C48ECA616C
Authority key identifier: 3D:70:FE:1D:75:F7:DA:76:D2:E3:DC:34:4F:B1:F0:B0:B6:9D:E0:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PXD-HXX32nbS49w0T7HwsLad4AE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/2456e5-61dd-4ae3-a24f-b852bd8123f0/1/6J-J8LZo94z6gE063U9AgVwDGt4.roa
Signing time:             Tue 02 Jan 2024 00:31:27 +0000
ROA not before:           Tue 02 Jan 2024 00:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12886
IP address blocks:        193.23.148.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/2456e5-61dd-4ae3-a24f-b852bd8123f0/1/PXD-HXX32nbS49w0T7HwsLad4AE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/2456e5-61dd-4ae3-a24f-b852bd8123f0/1/PXD-HXX32nbS49w0T7HwsLad4AE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PXD-HXX32nbS49w0T7HwsLad4AE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:1c:74:8d:52:95:f9:fc:90:14:c4:8e:ca:61:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d70fe1d75f7da76d2e3dc344fb1f0b0b69de001
        Validity
            Not Before: Jan  2 00:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e89f89f0b668f78cfa804d3add4f40815c031ade
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:a0:b2:aa:63:c5:9e:c2:8f:0a:5a:f9:05:e1:
                    af:17:9b:13:7f:55:75:b8:b2:67:14:cd:4b:51:61:
                    08:49:3f:0c:ea:54:d9:81:34:16:00:de:93:bd:6b:
                    51:a8:57:6f:82:af:ac:d4:cb:b3:96:4d:ef:a9:44:
                    f0:5b:23:41:62:ec:f2:d5:f8:5e:aa:23:40:39:78:
                    94:6e:14:73:0c:fa:b4:11:a7:56:7b:b1:60:46:0f:
                    97:2c:e3:a2:de:97:12:28:be:31:55:7e:33:31:9a:
                    5e:41:d9:60:e1:b8:a3:e9:de:f3:85:5b:a4:3f:26:
                    fd:17:02:0a:ea:e9:f0:73:bd:31:ca:e7:d5:88:14:
                    6e:4a:7c:7c:a2:c4:3c:96:f1:40:61:dc:d9:3f:74:
                    7a:bb:dd:82:d8:10:01:91:7d:ac:19:11:ef:f7:ba:
                    4f:8e:68:6c:bd:4f:5f:a5:5e:d2:41:ad:15:2b:cc:
                    c6:e6:73:a2:95:5c:b2:fe:71:dc:f2:13:bd:0a:56:
                    63:6d:1f:4e:a6:8b:11:30:8b:9c:9e:d4:d0:34:45:
                    8e:5c:9d:a2:6d:95:55:46:d4:1c:e1:ec:1a:c0:e2:
                    9e:f2:d7:fe:03:65:68:30:ac:76:ee:ae:8e:06:a3:
                    9d:77:08:ec:0c:11:8e:e4:a2:27:0d:07:2a:ac:e1:
                    f1:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:9F:89:F0:B6:68:F7:8C:FA:80:4D:3A:DD:4F:40:81:5C:03:1A:DE
            X509v3 Authority Key Identifier:
                keyid:3D:70:FE:1D:75:F7:DA:76:D2:E3:DC:34:4F:B1:F0:B0:B6:9D:E0:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PXD-HXX32nbS49w0T7HwsLad4AE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/2456e5-61dd-4ae3-a24f-b852bd8123f0/1/6J-J8LZo94z6gE063U9AgVwDGt4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/2456e5-61dd-4ae3-a24f-b852bd8123f0/1/PXD-HXX32nbS49w0T7HwsLad4AE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:9e:ca:ee:40:f2:c2:f2:c6:9c:06:5c:24:bd:f7:84:14:3b:
         0c:b9:4b:47:59:bb:d3:99:19:d5:2f:01:fc:58:47:df:85:06:
         66:85:f6:0f:0e:22:e3:4d:3a:52:25:1b:f2:54:29:2d:d6:73:
         66:0f:84:fd:34:c0:9c:09:b1:69:96:22:47:b2:9a:f9:40:26:
         90:2f:40:e4:43:33:0e:f4:95:d0:99:9b:f0:17:09:18:e4:df:
         b3:9c:58:30:95:e5:1c:f9:99:9c:a6:e3:47:0e:ce:15:1c:d7:
         12:9a:b1:cd:93:d1:e9:cc:14:e7:dd:7a:2b:ef:59:05:3f:a7:
         a1:31:70:3f:24:55:96:01:b1:fa:bc:c1:0d:fb:91:b3:6e:6d:
         34:a6:01:02:3d:e9:e6:e0:50:17:aa:23:ab:10:ac:1f:49:5e:
         f2:62:09:45:35:e7:95:c3:75:70:0a:6e:12:3a:a8:2d:f2:4c:
         28:4d:8e:7f:b4:68:46:33:aa:24:0f:eb:a2:9b:72:c3:0c:09:
         f7:e1:7e:04:89:2a:20:a0:51:4c:fe:33:7f:33:cd:8f:fb:f0:
         e3:2c:36:64:33:9e:a1:13:36:8d:1d:9e:09:75:96:2a:32:52:
         7d:30:f8:e2:57:b2:09:83:b5:8c:ea:59:2c:85:68:8d:84:20:
         e1:14:3f:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlRx0jVKV+fyQFMSOymFsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkNzBmZTFkNzVmN2RhNzZkMmUzZGMzNDRmYjFmMGIwYjY5
ZGUwMDEwHhcNMjQwMTAyMDAzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODlmODlmMGI2NjhmNzhjZmE4MDRkM2FkZDRmNDA4MTVjMDMxYWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6CyqmPFnsKPClr5BeGvF5sTf1V1
uLJnFM1LUWEIST8M6lTZgTQWAN6TvWtRqFdvgq+s1Muzlk3vqUTwWyNBYuzy1fhe
qiNAOXiUbhRzDPq0EadWe7FgRg+XLOOi3pcSKL4xVX4zMZpeQdlg4bij6d7zhVuk
Pyb9FwIK6unwc70xyufViBRuSnx8osQ8lvFAYdzZP3R6u92C2BABkX2sGRHv97pP
jmhsvU9fpV7SQa0VK8zG5nOilVyy/nHc8hO9ClZjbR9OposRMIucntTQNEWOXJ2i
bZVVRtQc4ewawOKe8tf+A2VoMKx27q6OBqOddwjsDBGO5KInDQcqrOHx/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOififC2aPeM+oBNOt1PQIFcAxreMB8GA1UdIwQY
MBaAFD1w/h1199p20uPcNE+x8LC2neABMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFhELUhYWDMybmJTNDl3MFQ3SHdzTGFkNEFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8yNDU2ZTUtNjFkZC00YWUzLWEyNGYt
Yjg1MmJkODEyM2YwLzEvNkotSjhMWm85NHo2Z0UwNjNVOUFnVndER3Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8yNDU2ZTUtNjFkZC00YWUzLWEyNGYtYjg1MmJkODEyM2Yw
LzEvUFhELUhYWDMybmJTNDl3MFQ3SHdzTGFkNEFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwReUMA0G
CSqGSIb3DQEBCwUAA4IBAQADnsruQPLC8sacBlwkvfeEFDsMuUtHWbvTmRnVLwH8
WEffhQZmhfYPDiLjTTpSJRvyVCkt1nNmD4T9NMCcCbFpliJHspr5QCaQL0DkQzMO
9JXQmZvwFwkY5N+znFgwleUc+ZmcpuNHDs4VHNcSmrHNk9HpzBTn3Xor71kFP6eh
MXA/JFWWAbH6vMEN+5Gzbm00pgECPenm4FAXqiOrEKwfSV7yYglFNeeVw3VwCm4S
Oqgt8kwoTY5/tGhGM6okD+uim3LDDAn34X4EiSogoFFM/jN/M82P+/DjLDZkM56h
EzaNHZ4JdZYqMlJ9MPjiV7IJg7WM6lkshWiNhCDhFD9Q
-----END CERTIFICATE-----