Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/35477f-80d0-4ea4-bbde-767b72eb407b/1/6UZ0DPDC4K1xAEDV1VWgDCfS6so.roa
File:                     6UZ0DPDC4K1xAEDV1VWgDCfS6so.roa (raw, json)
Hash identifier:          yJDEJuskkbinwYCj07HEM273TTc8pQFJbuoQz0oTfpY=
Subject key identifier:   E9:46:74:0C:F0:C2:E0:AD:71:00:40:D5:D5:55:A0:0C:27:D2:EA:CA
Certificate issuer:       /CN=8226a9974102ba582217188be6d49d8776d3bebb
Certificate serial:       018CC492A7AADE8D8E3CE0817C747AE8A2A5
Authority key identifier: 82:26:A9:97:41:02:BA:58:22:17:18:8B:E6:D4:9D:87:76:D3:BE:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/giapl0ECulgiFxiL5tSdh3bTvrs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/35477f-80d0-4ea4-bbde-767b72eb407b/1/6UZ0DPDC4K1xAEDV1VWgDCfS6so.roa
Signing time:             Mon 01 Jan 2024 10:29:54 +0000
ROA not before:           Mon 01 Jan 2024 10:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204382
IP address blocks:        185.250.176.0/22 maxlen: 22
                          2a0c:1040::/29 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/35477f-80d0-4ea4-bbde-767b72eb407b/1/giapl0ECulgiFxiL5tSdh3bTvrs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/35477f-80d0-4ea4-bbde-767b72eb407b/1/giapl0ECulgiFxiL5tSdh3bTvrs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/giapl0ECulgiFxiL5tSdh3bTvrs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:a7:aa:de:8d:8e:3c:e0:81:7c:74:7a:e8:a2:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8226a9974102ba582217188be6d49d8776d3bebb
        Validity
            Not Before: Jan  1 10:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e946740cf0c2e0ad710040d5d555a00c27d2eaca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:6b:b4:f3:ef:56:51:61:a8:03:ab:9b:cc:af:
                    ff:de:38:cb:f4:13:66:6c:57:12:86:8b:60:c4:1f:
                    0b:e2:4e:dd:02:b6:3e:5c:6e:0e:cb:32:e0:d2:84:
                    11:f6:27:12:14:da:0f:2e:34:f3:98:34:d6:64:9a:
                    27:79:93:94:9b:2b:6f:21:92:7c:cf:12:da:6d:b5:
                    64:72:d0:66:cb:8c:d6:f0:f3:73:d9:29:1d:53:da:
                    70:02:72:fd:28:af:72:1a:e7:7c:b5:2d:24:54:2a:
                    f1:1d:03:87:26:8a:12:b8:51:f0:86:3f:d8:57:6b:
                    d7:d1:f6:ce:32:1f:4b:34:b3:49:bd:76:70:d0:fe:
                    de:5d:ba:b6:ed:3c:7c:5a:8f:51:57:05:87:b2:47:
                    0e:b0:6c:e6:cb:4b:28:a3:f9:1d:c3:eb:e1:a6:b7:
                    4f:21:9f:84:cd:3b:95:23:80:8b:69:9b:07:79:60:
                    cb:41:07:61:f6:e6:b1:de:e4:5b:0a:fa:b1:e8:0e:
                    6e:52:65:a1:72:98:0a:ac:6a:18:77:27:ef:6c:c1:
                    a3:77:27:07:29:17:f0:6a:f9:4e:86:f9:42:8f:5b:
                    64:a1:77:70:35:53:4e:bc:6f:84:e8:b0:f8:17:00:
                    c8:f6:34:58:04:7e:1d:fb:b6:5c:49:56:40:d8:ce:
                    de:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:46:74:0C:F0:C2:E0:AD:71:00:40:D5:D5:55:A0:0C:27:D2:EA:CA
            X509v3 Authority Key Identifier:
                keyid:82:26:A9:97:41:02:BA:58:22:17:18:8B:E6:D4:9D:87:76:D3:BE:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/giapl0ECulgiFxiL5tSdh3bTvrs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/35477f-80d0-4ea4-bbde-767b72eb407b/1/6UZ0DPDC4K1xAEDV1VWgDCfS6so.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/35477f-80d0-4ea4-bbde-767b72eb407b/1/giapl0ECulgiFxiL5tSdh3bTvrs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.176.0/22
                IPv6:
                  2a0c:1040::/29

    Signature Algorithm: sha256WithRSAEncryption
         90:f7:21:fa:7d:e0:f7:3c:e4:ba:c5:16:b3:e3:22:06:8a:a7:
         12:3c:e0:3a:24:5d:ac:1a:63:77:69:7c:0d:76:fa:7d:3a:c4:
         c2:4f:87:f6:2d:6c:69:36:6c:e3:22:c8:ed:2b:c8:fd:ac:7b:
         cc:b0:35:d9:52:8d:1a:68:95:ed:89:50:99:4c:62:91:e0:b1:
         b6:46:3b:34:17:56:1d:75:90:da:35:e0:e6:61:27:f6:68:a8:
         48:88:e7:ec:51:86:31:9c:6f:68:4f:5a:08:34:4c:3d:ba:92:
         76:e2:be:5f:0b:ed:ad:72:11:35:32:55:c5:4a:2a:29:ec:7b:
         44:46:f1:88:7a:ed:dc:ad:5d:ac:78:0a:0b:36:5c:24:5e:cd:
         e9:88:6b:1a:4d:12:9a:0d:42:60:91:92:34:af:a3:82:da:55:
         f6:11:75:95:d1:38:95:99:43:0e:af:6c:24:eb:4f:4a:28:7a:
         64:45:7e:e0:ad:a6:94:df:6d:86:0e:46:c5:62:d1:d0:dd:9a:
         96:54:6e:3d:25:d6:f7:6b:71:9c:41:ea:8a:ef:02:22:7e:63:
         12:07:b2:83:ae:2f:da:c1:7d:e7:76:40:c7:57:1b:8f:42:39:
         9d:4a:c6:16:6d:d4:4a:12:8a:60:cb:e4:4f:5c:41:8f:d3:fb:
         64:bc:6f:7d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEkqeq3o2OPOCBfHR66KKlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyMjZhOTk3NDEwMmJhNTgyMjE3MTg4YmU2ZDQ5ZDg3NzZk
M2JlYmIwHhcNMjQwMTAxMTAyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTQ2NzQwY2YwYzJlMGFkNzEwMDQwZDVkNTU1YTAwYzI3ZDJlYWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmu08+9WUWGoA6ubzK//3jjL9BNm
bFcShotgxB8L4k7dArY+XG4OyzLg0oQR9icSFNoPLjTzmDTWZJoneZOUmytvIZJ8
zxLabbVkctBmy4zW8PNz2SkdU9pwAnL9KK9yGud8tS0kVCrxHQOHJooSuFHwhj/Y
V2vX0fbOMh9LNLNJvXZw0P7eXbq27Tx8Wo9RVwWHskcOsGzmy0soo/kdw+vhprdP
IZ+EzTuVI4CLaZsHeWDLQQdh9uax3uRbCvqx6A5uUmWhcpgKrGoYdyfvbMGjdycH
KRfwavlOhvlCj1tkoXdwNVNOvG+E6LD4FwDI9jRYBH4d+7ZcSVZA2M7ezwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOlGdAzwwuCtcQBA1dVVoAwn0urKMB8GA1UdIwQY
MBaAFIImqZdBArpYIhcYi+bUnYd20767MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2lhcGwwRUN1bGdpRnhpTDV0U2RoM2JUdnJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8zNTQ3N2YtODBkMC00ZWE0LWJiZGUt
NzY3YjcyZWI0MDdiLzEvNlVaMERQREM0SzF4QUVEVjFWV2dEQ2ZTNnNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8zNTQ3N2YtODBkMC00ZWE0LWJiZGUtNzY3YjcyZWI0MDdi
LzEvZ2lhcGwwRUN1bGdpRnhpTDV0U2RoM2JUdnJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufqwMA0E
AgACMAcDBQMqDBBAMA0GCSqGSIb3DQEBCwUAA4IBAQCQ9yH6feD3POS6xRaz4yIG
iqcSPOA6JF2sGmN3aXwNdvp9OsTCT4f2LWxpNmzjIsjtK8j9rHvMsDXZUo0aaJXt
iVCZTGKR4LG2Rjs0F1YddZDaNeDmYSf2aKhIiOfsUYYxnG9oT1oINEw9upJ24r5f
C+2tchE1MlXFSiop7HtERvGIeu3crV2seAoLNlwkXs3piGsaTRKaDUJgkZI0r6OC
2lX2EXWV0TiVmUMOr2wk609KKHpkRX7graaU322GDkbFYtHQ3ZqWVG49Jdb3a3Gc
QeqK7wIifmMSB7KDri/awX3ndkDHVxuPQjmdSsYWbdRKEopgy+RPXEGP0/tkvG99
-----END CERTIFICATE-----