Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/1e36e8-8fa6-4c17-a240-32e57bc5474b/1/6M9ixYNNVKka6pI1Su4DOjqZw9Y.roa
File:                     6M9ixYNNVKka6pI1Su4DOjqZw9Y.roa (raw, json)
Hash identifier:          vDAbalyhK/6d+DwVAtohgv2ub9V4bsRRQPrTDayGWlY=
Subject key identifier:   E8:CF:62:C5:83:4D:54:A9:1A:EA:92:35:4A:EE:03:3A:3A:99:C3:D6
Certificate issuer:       /CN=4f2fc3e86035a0b8e9380ffb23f23f57430b7acb
Certificate serial:       018CC5DC5DD66B1083C96C2DECEC19E3AA94
Authority key identifier: 4F:2F:C3:E8:60:35:A0:B8:E9:38:0F:FB:23:F2:3F:57:43:0B:7A:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ty_D6GA1oLjpOA_7I_I_V0MLess.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/1e36e8-8fa6-4c17-a240-32e57bc5474b/1/6M9ixYNNVKka6pI1Su4DOjqZw9Y.roa
Signing time:             Mon 01 Jan 2024 16:30:02 +0000
ROA not before:           Mon 01 Jan 2024 16:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48576
IP address blocks:        185.77.44.0/22 maxlen: 22
                          2a03:5260::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/1e36e8-8fa6-4c17-a240-32e57bc5474b/1/Ty_D6GA1oLjpOA_7I_I_V0MLess.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/1e36e8-8fa6-4c17-a240-32e57bc5474b/1/Ty_D6GA1oLjpOA_7I_I_V0MLess.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ty_D6GA1oLjpOA_7I_I_V0MLess.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:5d:d6:6b:10:83:c9:6c:2d:ec:ec:19:e3:aa:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f2fc3e86035a0b8e9380ffb23f23f57430b7acb
        Validity
            Not Before: Jan  1 16:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8cf62c5834d54a91aea92354aee033a3a99c3d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c6:84:f0:a2:10:16:eb:25:e8:26:8c:96:54:
                    95:34:e7:c2:93:1e:57:5a:dc:b2:86:30:a7:77:aa:
                    64:2a:fc:94:e3:b1:f2:b8:9a:28:03:52:e3:f8:28:
                    c9:bd:46:73:ae:2a:21:e4:b9:f1:a8:45:bf:fc:6b:
                    8d:af:55:44:2f:8c:99:9b:bb:dc:d6:ae:b3:dc:bb:
                    30:cd:37:4a:b1:01:24:b4:4e:12:e6:9f:2b:ea:32:
                    21:da:0f:1a:67:ab:0c:2a:e9:5d:18:66:3d:c5:6b:
                    19:d3:74:75:c8:b6:56:31:ff:38:15:23:ca:80:9e:
                    60:8e:55:7b:5c:ed:13:b6:96:bb:e8:9e:99:18:d9:
                    5d:9a:9c:4f:8d:9c:d4:ec:a2:9a:69:74:d0:cf:77:
                    99:f6:a7:16:86:50:d7:94:40:f4:ba:67:9c:1c:ff:
                    b3:58:e8:d8:6a:96:cf:cf:93:b9:b9:21:f2:ef:7b:
                    02:42:61:64:5c:1f:b7:48:4e:69:9e:3a:f7:39:58:
                    33:44:3b:4b:0b:fb:bf:07:83:08:1e:49:dd:ad:ea:
                    e3:5d:a5:34:06:8f:de:6f:9b:fd:53:d3:74:3a:eb:
                    33:fd:83:78:c7:09:72:7b:8d:85:1b:1c:f6:70:2a:
                    9b:c9:b8:d1:d2:7e:e1:80:a0:91:ff:5f:27:66:41:
                    09:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:CF:62:C5:83:4D:54:A9:1A:EA:92:35:4A:EE:03:3A:3A:99:C3:D6
            X509v3 Authority Key Identifier:
                keyid:4F:2F:C3:E8:60:35:A0:B8:E9:38:0F:FB:23:F2:3F:57:43:0B:7A:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ty_D6GA1oLjpOA_7I_I_V0MLess.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/1e36e8-8fa6-4c17-a240-32e57bc5474b/1/6M9ixYNNVKka6pI1Su4DOjqZw9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/1e36e8-8fa6-4c17-a240-32e57bc5474b/1/Ty_D6GA1oLjpOA_7I_I_V0MLess.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.77.44.0/22
                IPv6:
                  2a03:5260::/32

    Signature Algorithm: sha256WithRSAEncryption
         54:d3:85:de:f5:f0:d7:32:5c:fd:d0:63:47:26:46:0f:6f:c1:
         92:fd:e1:69:6e:97:cc:61:63:a5:2c:b0:08:80:e3:52:6d:ba:
         07:0e:a2:5e:91:ae:e9:8d:89:18:67:43:4b:b5:ce:de:57:83:
         d3:23:44:c4:c9:73:3c:fe:77:eb:28:ca:4a:4f:95:f2:db:66:
         1c:da:a1:c2:53:63:b6:18:01:23:d7:eb:5b:d3:98:57:f6:bb:
         48:c9:25:b9:99:2c:27:99:0e:24:5f:52:a0:5d:4c:8a:ab:34:
         7f:e6:6c:b6:d0:ff:df:01:0c:74:84:73:ae:fe:e4:49:91:e2:
         58:fe:fb:3e:f4:15:bb:66:00:a3:83:30:99:b7:39:20:c6:a5:
         99:d1:87:2c:d8:11:13:f2:d7:f0:26:c9:f5:7c:90:b0:84:78:
         c4:a9:3e:13:34:44:84:6f:d4:ad:aa:9d:3b:ce:db:dd:ef:a9:
         f3:27:d6:fd:52:df:f8:a1:6c:85:11:47:5e:d5:e3:a9:3e:a3:
         d3:08:97:71:f9:37:41:cb:77:ef:0b:51:93:dd:f7:b9:09:f3:
         36:f8:bd:5c:c9:56:2d:d6:36:07:ef:6c:ff:01:9b:1a:8c:0b:
         54:29:fc:74:04:61:8a:dd:ec:e0:e9:1c:95:c2:fc:f0:15:ae:
         81:0f:3c:4b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3F3WaxCDyWwt7OwZ46qUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMmZjM2U4NjAzNWEwYjhlOTM4MGZmYjIzZjIzZjU3NDMw
YjdhY2IwHhcNMjQwMTAxMTYzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGNmNjJjNTgzNGQ1NGE5MWFlYTkyMzU0YWVlMDMzYTNhOTljM2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMaE8KIQFusl6CaMllSVNOfCkx5X
WtyyhjCnd6pkKvyU47HyuJooA1Lj+CjJvUZzrioh5LnxqEW//GuNr1VEL4yZm7vc
1q6z3LswzTdKsQEktE4S5p8r6jIh2g8aZ6sMKuldGGY9xWsZ03R1yLZWMf84FSPK
gJ5gjlV7XO0Ttpa76J6ZGNldmpxPjZzU7KKaaXTQz3eZ9qcWhlDXlED0umecHP+z
WOjYapbPz5O5uSHy73sCQmFkXB+3SE5pnjr3OVgzRDtLC/u/B4MIHkndrerjXaU0
Bo/eb5v9U9N0Ousz/YN4xwlye42FGxz2cCqbybjR0n7hgKCR/18nZkEJ1wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOjPYsWDTVSpGuqSNUruAzo6mcPWMB8GA1UdIwQY
MBaAFE8vw+hgNaC46TgP+yPyP1dDC3rLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHlfRDZHQTFvTGpwT0FfN0lfSV9WME1MZXNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi8xZTM2ZTgtOGZhNi00YzE3LWEyNDAt
MzJlNTdiYzU0NzRiLzEvNk05aXhZTk5WS2thNnBJMVN1NERPanFadzlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi8xZTM2ZTgtOGZhNi00YzE3LWEyNDAtMzJlNTdiYzU0NzRi
LzEvVHlfRDZHQTFvTGpwT0FfN0lfSV9WME1MZXNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuU0sMA0E
AgACMAcDBQAqA1JgMA0GCSqGSIb3DQEBCwUAA4IBAQBU04Xe9fDXMlz90GNHJkYP
b8GS/eFpbpfMYWOlLLAIgONSbboHDqJeka7pjYkYZ0NLtc7eV4PTI0TEyXM8/nfr
KMpKT5Xy22Yc2qHCU2O2GAEj1+tb05hX9rtIySW5mSwnmQ4kX1KgXUyKqzR/5my2
0P/fAQx0hHOu/uRJkeJY/vs+9BW7ZgCjgzCZtzkgxqWZ0Ycs2BET8tfwJsn1fJCw
hHjEqT4TNESEb9Stqp07ztvd76nzJ9b9Ut/4oWyFEUde1eOpPqPTCJdx+TdBy3fv
C1GT3fe5CfM2+L1cyVYt1jYH72z/AZsajAtUKfx0BGGK3ezg6RyVwvzwFa6BDzxL
-----END CERTIFICATE-----