Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/26a0a3-22f1-4ca1-a6cd-67ebbc8c6862/1/6N7Ml25-ORZUiA4RzpwwTiq-Z54.roa
File:                     6N7Ml25-ORZUiA4RzpwwTiq-Z54.roa (raw, json)
Hash identifier:          5JwhRWdbPObakPkuMHCpmF0VdmALpAsg19OrfuVoWnI=
Subject key identifier:   E8:DE:CC:97:6E:7E:39:16:54:88:0E:11:CE:9C:30:4E:2A:BE:67:9E
Certificate issuer:       /CN=77347e168d69658545374e6a0b68d24b97fcd006
Certificate serial:       018CC2DB42C84F0F39AB17E0F5FD9C42FE24
Authority key identifier: 77:34:7E:16:8D:69:65:85:45:37:4E:6A:0B:68:D2:4B:97:FC:D0:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dzR-Fo1pZYVFN05qC2jSS5f80AY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/26a0a3-22f1-4ca1-a6cd-67ebbc8c6862/1/6N7Ml25-ORZUiA4RzpwwTiq-Z54.roa
Signing time:             Mon 01 Jan 2024 02:29:58 +0000
ROA not before:           Mon 01 Jan 2024 02:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206260
IP address blocks:        88.84.32.0/20 maxlen: 20
                          185.9.88.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/26a0a3-22f1-4ca1-a6cd-67ebbc8c6862/1/dzR-Fo1pZYVFN05qC2jSS5f80AY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/26a0a3-22f1-4ca1-a6cd-67ebbc8c6862/1/dzR-Fo1pZYVFN05qC2jSS5f80AY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dzR-Fo1pZYVFN05qC2jSS5f80AY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:42:c8:4f:0f:39:ab:17:e0:f5:fd:9c:42:fe:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77347e168d69658545374e6a0b68d24b97fcd006
        Validity
            Not Before: Jan  1 02:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8decc976e7e391654880e11ce9c304e2abe679e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:82:bf:61:d4:81:b9:0c:1b:a7:b4:79:04:c0:
                    8e:ca:e8:1e:25:59:45:e2:f3:bd:fb:bf:1a:b1:86:
                    4a:d8:9d:42:cd:a1:75:23:23:be:f0:e0:7c:64:31:
                    94:7a:71:a4:3d:52:ed:3a:9b:e5:34:55:b7:9b:63:
                    95:e3:ea:a7:d4:c4:45:4f:76:07:cb:b1:15:19:d3:
                    d0:15:9e:73:9c:02:22:36:c1:52:4f:4b:0e:e3:0e:
                    59:d4:97:7c:51:c5:5e:86:f7:70:36:01:86:4f:f3:
                    57:49:f6:13:6f:29:8f:7c:7f:5e:7a:61:2a:e6:a0:
                    01:46:7c:be:7b:21:53:3d:88:e9:4d:b7:8e:18:23:
                    9c:c5:c7:ae:4e:28:f4:a1:ab:83:ce:b7:3e:a9:61:
                    b9:43:2f:a5:af:e7:2a:5f:41:68:b5:fd:fe:c8:a7:
                    6f:aa:a6:9b:41:ec:15:8c:03:f3:1c:b9:02:b1:12:
                    31:0c:b4:45:26:b8:29:7e:8f:24:f8:64:0d:b1:d5:
                    29:b1:10:70:9a:3d:80:c3:7b:58:4c:39:80:28:20:
                    37:91:0b:68:a1:7f:cb:91:c3:96:f4:cd:83:50:21:
                    7d:8e:e1:ed:2e:74:7c:2d:01:2e:08:44:6b:a6:ec:
                    15:6b:7b:79:6a:7a:18:b1:b6:56:eb:17:1f:18:7f:
                    89:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:DE:CC:97:6E:7E:39:16:54:88:0E:11:CE:9C:30:4E:2A:BE:67:9E
            X509v3 Authority Key Identifier:
                keyid:77:34:7E:16:8D:69:65:85:45:37:4E:6A:0B:68:D2:4B:97:FC:D0:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dzR-Fo1pZYVFN05qC2jSS5f80AY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/26a0a3-22f1-4ca1-a6cd-67ebbc8c6862/1/6N7Ml25-ORZUiA4RzpwwTiq-Z54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/26a0a3-22f1-4ca1-a6cd-67ebbc8c6862/1/dzR-Fo1pZYVFN05qC2jSS5f80AY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.84.32.0/20
                  185.9.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a9:f9:eb:b7:18:67:1a:b0:0f:6f:fb:4e:f0:4d:4c:26:7a:45:
         b8:e2:43:d2:fe:42:62:42:1a:92:01:72:bf:d8:ed:59:6a:6e:
         4c:54:d8:2a:e8:60:70:8f:4d:30:1f:2d:ac:e8:c4:96:24:37:
         ee:cb:d7:7f:22:56:60:0f:5a:30:2c:1f:33:64:ab:04:3b:51:
         d3:c7:e4:91:2b:01:01:9d:33:47:41:fd:e1:cb:3d:d2:64:78:
         73:86:9f:b3:ee:04:f5:ab:52:a2:2e:13:2e:aa:37:9f:0a:b0:
         e8:ee:35:3a:fb:42:af:e4:5a:0c:a0:ea:cd:94:90:2e:b5:20:
         1a:12:1c:10:f1:b8:8d:66:96:43:53:c3:09:37:50:32:40:35:
         c7:e4:ec:47:b1:f6:2c:e2:43:c3:f7:31:31:38:83:41:42:46:
         4e:18:7c:e2:2c:bf:8b:2e:44:99:d6:ec:d9:99:fe:ea:c1:09:
         5a:53:bc:be:76:4f:c7:e4:21:70:9d:ac:bc:8b:0f:18:03:cd:
         c8:9d:e5:8b:f8:c6:99:68:3b:63:eb:22:19:c3:0f:5b:ad:28:
         36:0b:13:81:61:a3:7f:df:ab:bd:49:91:0f:24:cb:cd:1e:10:
         7f:95:52:be:6e:fb:06:ab:dd:8a:6d:94:bb:e2:68:d5:0d:a4:
         6f:ea:c2:cc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC20LITw85qxfg9f2cQv4kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MzQ3ZTE2OGQ2OTY1ODU0NTM3NGU2YTBiNjhkMjRiOTdm
Y2QwMDYwHhcNMjQwMTAxMDIyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGRlY2M5NzZlN2UzOTE2NTQ4ODBlMTFjZTljMzA0ZTJhYmU2NzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnIK/YdSBuQwbp7R5BMCOyugeJVlF
4vO9+78asYZK2J1CzaF1IyO+8OB8ZDGUenGkPVLtOpvlNFW3m2OV4+qn1MRFT3YH
y7EVGdPQFZ5znAIiNsFST0sO4w5Z1Jd8UcVehvdwNgGGT/NXSfYTbymPfH9eemEq
5qABRny+eyFTPYjpTbeOGCOcxceuTij0oauDzrc+qWG5Qy+lr+cqX0Fotf3+yKdv
qqabQewVjAPzHLkCsRIxDLRFJrgpfo8k+GQNsdUpsRBwmj2Aw3tYTDmAKCA3kQto
oX/LkcOW9M2DUCF9juHtLnR8LQEuCERrpuwVa3t5anoYsbZW6xcfGH+JswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOjezJdufjkWVIgOEc6cME4qvmeeMB8GA1UdIwQY
MBaAFHc0fhaNaWWFRTdOagto0kuX/NAGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHpSLUZvMXBaWVZGTjA1cUMyalNTNWY4MEFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8yNmEwYTMtMjJmMS00Y2ExLWE2Y2Qt
NjdlYmJjOGM2ODYyLzEvNk43TWwyNS1PUlpVaUE0Unpwd3dUaXEtWjU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8yNmEwYTMtMjJmMS00Y2ExLWE2Y2QtNjdlYmJjOGM2ODYy
LzEvZHpSLUZvMXBaWVZGTjA1cUMyalNTNWY4MEFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEWFQgAwQB
uQlYMA0GCSqGSIb3DQEBCwUAA4IBAQCp+eu3GGcasA9v+07wTUwmekW44kPS/kJi
QhqSAXK/2O1Zam5MVNgq6GBwj00wHy2s6MSWJDfuy9d/IlZgD1owLB8zZKsEO1HT
x+SRKwEBnTNHQf3hyz3SZHhzhp+z7gT1q1KiLhMuqjefCrDo7jU6+0Kv5FoMoOrN
lJAutSAaEhwQ8biNZpZDU8MJN1AyQDXH5OxHsfYs4kPD9zExOINBQkZOGHziLL+L
LkSZ1uzZmf7qwQlaU7y+dk/H5CFwnay8iw8YA83IneWL+MaZaDtj6yIZww9brSg2
CxOBYaN/36u9SZEPJMvNHhB/lVK+bvsGq92KbZS74mjVDaRv6sLM
-----END CERTIFICATE-----