Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/bf73f5-f414-4a13-b716-9cb7fc154425/1/C6MHOxtBPEq5tFOV9YHXmNgZkow.roa
File:                     C6MHOxtBPEq5tFOV9YHXmNgZkow.roa (raw, json)
Hash identifier:          qbu0T8hvFECPyPhYdCavGOiNN/RXwbdElPgdoVxMXdQ=
Subject key identifier:   0B:A3:07:3B:1B:41:3C:4A:B9:B4:53:95:F5:81:D7:98:D8:19:92:8C
Certificate issuer:       /CN=5a21f185b4b3866755dba0010bcf10b94a8aa66c
Certificate serial:       018CC64B4A389C72489102372BC665C994E8
Authority key identifier: 5A:21:F1:85:B4:B3:86:67:55:DB:A0:01:0B:CF:10:B9:4A:8A:A6:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WiHxhbSzhmdV26ABC88QuUqKpmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/bf73f5-f414-4a13-b716-9cb7fc154425/1/C6MHOxtBPEq5tFOV9YHXmNgZkow.roa
Signing time:             Mon 01 Jan 2024 18:31:12 +0000
ROA not before:           Mon 01 Jan 2024 18:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205805
IP address blocks:        185.246.224.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/bf73f5-f414-4a13-b716-9cb7fc154425/1/WiHxhbSzhmdV26ABC88QuUqKpmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/bf73f5-f414-4a13-b716-9cb7fc154425/1/WiHxhbSzhmdV26ABC88QuUqKpmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WiHxhbSzhmdV26ABC88QuUqKpmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:4a:38:9c:72:48:91:02:37:2b:c6:65:c9:94:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a21f185b4b3866755dba0010bcf10b94a8aa66c
        Validity
            Not Before: Jan  1 18:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ba3073b1b413c4ab9b45395f581d798d819928c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:25:59:5b:d4:69:8b:b1:55:dd:a4:e5:f0:62:
                    56:38:b9:84:ac:bc:a2:0c:ad:5a:22:d1:af:59:77:
                    70:11:6d:b9:51:fd:e7:8a:cf:1b:40:66:34:3b:29:
                    9b:e3:26:2b:11:b2:5d:af:a8:3e:05:91:58:aa:c6:
                    39:87:4a:7d:9a:83:cc:c7:45:a7:a2:4f:39:b3:28:
                    82:54:f7:53:71:d8:ce:06:a3:49:49:d2:58:62:16:
                    8c:05:0b:4f:1d:d7:29:be:2f:5f:cf:d3:f0:e8:4a:
                    fb:63:77:95:b1:f2:65:ba:ba:bf:ea:07:6e:c4:20:
                    2c:a4:78:8c:48:b6:6a:88:b7:d2:71:6c:9a:95:45:
                    71:ed:c8:19:bf:d4:5a:a8:df:b6:7a:ab:56:74:23:
                    d2:a1:49:dd:05:e5:a0:f1:e9:25:e4:9b:93:a4:f0:
                    c0:64:a5:49:2e:a4:51:16:c7:7d:25:f7:7a:45:55:
                    c5:65:e4:a6:14:ff:78:cf:cb:2b:5e:f1:51:cc:15:
                    51:ac:a2:b6:29:2e:a2:37:6b:e9:30:e9:b4:08:91:
                    c3:72:a8:de:9f:7e:d1:00:40:35:9d:af:36:fe:55:
                    2d:e2:ad:50:f6:de:7b:75:79:b1:05:cf:b3:ae:89:
                    b1:76:d2:22:d6:23:75:14:39:06:58:5e:ac:fa:2d:
                    8f:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:A3:07:3B:1B:41:3C:4A:B9:B4:53:95:F5:81:D7:98:D8:19:92:8C
            X509v3 Authority Key Identifier:
                keyid:5A:21:F1:85:B4:B3:86:67:55:DB:A0:01:0B:CF:10:B9:4A:8A:A6:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WiHxhbSzhmdV26ABC88QuUqKpmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/bf73f5-f414-4a13-b716-9cb7fc154425/1/C6MHOxtBPEq5tFOV9YHXmNgZkow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/bf73f5-f414-4a13-b716-9cb7fc154425/1/WiHxhbSzhmdV26ABC88QuUqKpmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.246.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:b7:1c:93:96:9e:08:fb:94:26:08:49:a1:33:09:96:e6:d1:
         18:73:a3:63:31:b7:b5:48:32:4f:a0:de:5c:60:a8:ac:e6:7f:
         53:ed:c7:65:03:47:99:98:77:90:84:1e:4b:9b:f0:39:e3:26:
         29:1a:02:fe:f3:7f:91:25:7f:7d:f3:e7:a0:9d:86:b2:52:e4:
         52:c2:50:cf:de:ae:da:34:8f:89:32:cd:33:39:b7:9a:33:c6:
         8b:d6:6c:27:cd:89:23:b5:9c:d8:a1:7b:34:e9:bc:72:d9:e1:
         8b:d2:89:86:bb:2c:82:62:8c:de:4f:a7:0a:b2:9a:ac:49:88:
         72:69:6a:40:ab:c4:17:62:c7:b6:ca:ef:86:fb:c1:8b:cc:f1:
         9c:57:a7:df:aa:51:9e:64:9e:ea:9a:3e:ab:20:b7:01:49:b7:
         71:ab:44:f2:5a:df:ba:d2:9c:12:6f:a8:ce:1f:8d:65:9f:e1:
         89:40:11:32:93:3b:a3:8c:3f:2c:2b:53:d9:4e:65:83:be:53:
         d3:47:86:5d:f7:6b:d2:25:bf:20:eb:2c:c1:06:55:80:d1:f7:
         01:b2:73:b2:49:72:f9:36:ad:2a:7b:44:02:a5:12:3c:de:6c:
         57:60:e6:4f:ca:14:2d:b6:b5:8a:48:1e:9b:48:fd:7d:2d:6e:
         6f:c6:ff:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS0o4nHJIkQI3K8ZlyZToMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMjFmMTg1YjRiMzg2Njc1NWRiYTAwMTBiY2YxMGI5NGE4
YWE2NmMwHhcNMjQwMTAxMTgzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmEzMDczYjFiNDEzYzRhYjliNDUzOTVmNTgxZDc5OGQ4MTk5MjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgCVZW9Rpi7FV3aTl8GJWOLmErLyi
DK1aItGvWXdwEW25Uf3nis8bQGY0Oymb4yYrEbJdr6g+BZFYqsY5h0p9moPMx0Wn
ok85syiCVPdTcdjOBqNJSdJYYhaMBQtPHdcpvi9fz9Pw6Er7Y3eVsfJlurq/6gdu
xCAspHiMSLZqiLfScWyalUVx7cgZv9RaqN+2eqtWdCPSoUndBeWg8ekl5JuTpPDA
ZKVJLqRRFsd9Jfd6RVXFZeSmFP94z8srXvFRzBVRrKK2KS6iN2vpMOm0CJHDcqje
n37RAEA1na82/lUt4q1Q9t57dXmxBc+zromxdtIi1iN1FDkGWF6s+i2PpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAujBzsbQTxKubRTlfWB15jYGZKMMB8GA1UdIwQY
MBaAFFoh8YW0s4ZnVdugAQvPELlKiqZsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2lIeGhiU3pobWRWMjZBQkM4OFF1VXFLcG13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9iZjczZjUtZjQxNC00YTEzLWI3MTYt
OWNiN2ZjMTU0NDI1LzEvQzZNSE94dEJQRXE1dEZPVjlZSFhtTmdaa293LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9iZjczZjUtZjQxNC00YTEzLWI3MTYtOWNiN2ZjMTU0NDI1
LzEvV2lIeGhiU3pobWRWMjZBQkM4OFF1VXFLcG13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufbgMA0G
CSqGSIb3DQEBCwUAA4IBAQAhtxyTlp4I+5QmCEmhMwmW5tEYc6NjMbe1SDJPoN5c
YKis5n9T7cdlA0eZmHeQhB5Lm/A54yYpGgL+83+RJX998+egnYayUuRSwlDP3q7a
NI+JMs0zObeaM8aL1mwnzYkjtZzYoXs06bxy2eGL0omGuyyCYozeT6cKspqsSYhy
aWpAq8QXYse2yu+G+8GLzPGcV6ffqlGeZJ7qmj6rILcBSbdxq0TyWt+60pwSb6jO
H41ln+GJQBEykzujjD8sK1PZTmWDvlPTR4Zd92vSJb8g6yzBBlWA0fcBsnOySXL5
Nq0qe0QCpRI83mxXYOZPyhQttrWKSB6bSP19LW5vxv/G
-----END CERTIFICATE-----