Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/6i_1N6fIcLJomxgnICwnHEd-rAg.roa
File:                     6i_1N6fIcLJomxgnICwnHEd-rAg.roa (raw, json)
Hash identifier:          WXBtxJ/OT1su4MkWNF9GsxhEY4+gGS/SyDQE6RsxeI0=
Subject key identifier:   EA:2F:F5:37:A7:C8:70:B2:68:9B:18:27:20:2C:27:1C:47:7E:AC:08
Certificate issuer:       /CN=25776c77f8ebe7094ca007ace1a9c0bfdc2b3aec
Certificate serial:       018CC8DE2ABCAA9F3995B614C7DBF7A10E57
Authority key identifier: 25:77:6C:77:F8:EB:E7:09:4C:A0:07:AC:E1:A9:C0:BF:DC:2B:3A:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/6i_1N6fIcLJomxgnICwnHEd-rAg.roa
Signing time:             Tue 02 Jan 2024 06:30:52 +0000
ROA not before:           Tue 02 Jan 2024 06:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     133865
IP address blocks:        193.118.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:2a:bc:aa:9f:39:95:b6:14:c7:db:f7:a1:0e:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25776c77f8ebe7094ca007ace1a9c0bfdc2b3aec
        Validity
            Not Before: Jan  2 06:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea2ff537a7c870b2689b1827202c271c477eac08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:a9:3d:0c:4c:67:1a:23:2a:ff:8f:fd:a1:12:
                    3a:dc:68:48:af:3d:77:0c:7a:d9:c5:02:58:06:f7:
                    8e:a8:43:72:51:90:db:ce:b8:ae:21:48:60:65:9e:
                    e6:84:90:04:fb:97:99:3d:55:77:2e:40:03:a8:2a:
                    53:3a:ce:f0:54:80:49:c7:43:9c:2e:7b:ec:ce:a9:
                    f6:09:02:3f:09:9c:d6:3f:16:56:2c:8f:42:97:0b:
                    2e:02:7b:67:00:b5:fa:dc:1d:8f:c4:64:69:aa:c7:
                    d4:57:e4:4d:fe:a5:13:b0:8f:85:6b:7f:f6:1b:5d:
                    c1:4e:d2:11:a9:54:67:02:34:89:d2:cf:1e:50:64:
                    c0:16:e5:3d:b0:ea:a7:06:4b:64:61:9e:d9:ee:d0:
                    a9:a9:65:6a:e5:11:d0:dd:58:c9:34:ac:6f:bd:01:
                    01:56:41:fc:4a:65:3c:e7:83:cf:bb:c9:72:37:8d:
                    7c:a9:09:14:8e:6b:c4:c6:84:40:21:03:61:31:7c:
                    da:5a:5d:18:dd:d8:f7:47:19:6a:e4:51:5f:56:82:
                    cb:4d:85:35:0b:50:b6:6d:c7:a1:9a:25:09:56:9d:
                    21:ae:be:aa:18:15:41:ae:20:3b:22:2b:ec:19:63:
                    e0:f0:4e:57:6d:5a:ae:cf:1c:d6:0d:6c:78:f9:70:
                    43:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:2F:F5:37:A7:C8:70:B2:68:9B:18:27:20:2C:27:1C:47:7E:AC:08
            X509v3 Authority Key Identifier:
                keyid:25:77:6C:77:F8:EB:E7:09:4C:A0:07:AC:E1:A9:C0:BF:DC:2B:3A:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/6i_1N6fIcLJomxgnICwnHEd-rAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.118.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:e4:30:75:07:cd:b6:5d:37:4e:65:a9:0e:5b:d5:73:01:37:
         7c:a7:65:88:d7:b5:b7:4f:1f:a8:7d:da:3d:74:1f:29:f1:62:
         ff:da:0c:7f:82:0e:c9:63:b9:70:59:5c:2c:ca:ba:e1:6f:24:
         84:6c:6f:79:dd:57:1e:6b:77:1b:10:36:1d:a8:9d:a5:7e:f5:
         ab:66:f9:bd:70:4b:d4:8d:01:ad:bd:31:aa:01:c7:2e:4c:21:
         93:9e:87:49:80:3d:c5:db:9e:fe:1f:04:d5:30:c1:81:1e:93:
         d5:a6:a4:d0:12:a8:44:82:94:2d:5e:a2:42:c7:5a:35:65:68:
         ba:f4:4d:d6:8f:08:a5:7b:80:21:e6:32:83:1d:b9:e6:e0:2d:
         6d:1c:22:a7:4b:e6:e3:ad:1a:a6:11:e5:e2:bd:d5:36:bd:00:
         2c:f3:4c:05:96:0a:1b:f0:ed:9f:12:45:0a:d1:52:45:95:8a:
         4b:80:4b:5c:99:ce:bd:de:82:6e:0e:7a:a0:ae:b4:45:d6:eb:
         24:04:53:dc:fc:81:08:dd:3b:44:be:c6:4c:73:c3:91:be:0e:
         64:8d:e6:fa:49:30:87:8f:86:ae:9a:13:cd:da:9c:01:fe:70:
         ce:ff:9a:42:49:2c:32:c3:c6:ea:0e:d2:be:9b:f8:dd:d6:23:
         4e:29:37:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3iq8qp85lbYUx9v3oQ5XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1Nzc2Yzc3ZjhlYmU3MDk0Y2EwMDdhY2UxYTljMGJmZGMy
YjNhZWMwHhcNMjQwMTAyMDYzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTJmZjUzN2E3Yzg3MGIyNjg5YjE4MjcyMDJjMjcxYzQ3N2VhYzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqk9DExnGiMq/4/9oRI63GhIrz13
DHrZxQJYBveOqENyUZDbzriuIUhgZZ7mhJAE+5eZPVV3LkADqCpTOs7wVIBJx0Oc
Lnvszqn2CQI/CZzWPxZWLI9ClwsuAntnALX63B2PxGRpqsfUV+RN/qUTsI+Fa3/2
G13BTtIRqVRnAjSJ0s8eUGTAFuU9sOqnBktkYZ7Z7tCpqWVq5RHQ3VjJNKxvvQEB
VkH8SmU854PPu8lyN418qQkUjmvExoRAIQNhMXzaWl0Y3dj3Rxlq5FFfVoLLTYU1
C1C2bcehmiUJVp0hrr6qGBVBriA7IivsGWPg8E5XbVquzxzWDWx4+XBDSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOov9TenyHCyaJsYJyAsJxxHfqwIMB8GA1UdIwQY
MBaAFCV3bHf46+cJTKAHrOGpwL/cKzrsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlhkc2RfanI1d2xNb0FlczRhbkF2OXdyT3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS81N2UwOGMtY2EzYS00MDk5LWFlNzQt
ZTdkYWVjMTk0YTY5LzEvNmlfMU42ZkljTEpvbXhnbklDd25IRWQtckFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS81N2UwOGMtY2EzYS00MDk5LWFlNzQtZTdkYWVjMTk0YTY5
LzEvSlhkc2RfanI1d2xNb0FlczRhbkF2OXdyT3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXYhMA0G
CSqGSIb3DQEBCwUAA4IBAQAm5DB1B822XTdOZakOW9VzATd8p2WI17W3Tx+ofdo9
dB8p8WL/2gx/gg7JY7lwWVwsyrrhbySEbG953Vcea3cbEDYdqJ2lfvWrZvm9cEvU
jQGtvTGqAccuTCGTnodJgD3F257+HwTVMMGBHpPVpqTQEqhEgpQtXqJCx1o1ZWi6
9E3Wjwile4Ah5jKDHbnm4C1tHCKnS+bjrRqmEeXivdU2vQAs80wFlgob8O2fEkUK
0VJFlYpLgEtcmc693oJuDnqgrrRF1uskBFPc/IEI3TtEvsZMc8ORvg5kjeb6STCH
j4aumhPN2pwB/nDO/5pCSSwyw8bqDtK+m/jd1iNOKTfU
-----END CERTIFICATE-----