Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/4dae7f-ba0e-4277-9e92-b4f007ef7e86/1/kd6eSxbPkgcUlogK8Io_j6_j_TY.roa
File:                     kd6eSxbPkgcUlogK8Io_j6_j_TY.roa (raw, json)
Hash identifier:          rEBEFdmi4dQCwvAbhlLNxOSG07+WVNok/iFD1aysB5g=
Subject key identifier:   91:DE:9E:4B:16:CF:92:07:14:96:88:0A:F0:8A:3F:8F:AF:E3:FD:36
Certificate issuer:       /CN=f360540925dbcb1a09fb65f3b29003d68f23de6b
Certificate serial:       018CC3B6764ADEC07C73A2268EE5A233FAAB
Authority key identifier: F3:60:54:09:25:DB:CB:1A:09:FB:65:F3:B2:90:03:D6:8F:23:DE:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/82BUCSXbyxoJ-2XzspAD1o8j3ms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/4dae7f-ba0e-4277-9e92-b4f007ef7e86/1/kd6eSxbPkgcUlogK8Io_j6_j_TY.roa
Signing time:             Mon 01 Jan 2024 06:29:24 +0000
ROA not before:           Mon 01 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.169.80.0/24 maxlen: 24
                          185.169.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/4dae7f-ba0e-4277-9e92-b4f007ef7e86/1/82BUCSXbyxoJ-2XzspAD1o8j3ms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/4dae7f-ba0e-4277-9e92-b4f007ef7e86/1/82BUCSXbyxoJ-2XzspAD1o8j3ms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/82BUCSXbyxoJ-2XzspAD1o8j3ms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 18:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:76:4a:de:c0:7c:73:a2:26:8e:e5:a2:33:fa:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f360540925dbcb1a09fb65f3b29003d68f23de6b
        Validity
            Not Before: Jan  1 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91de9e4b16cf92071496880af08a3f8fafe3fd36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:a3:3f:e5:5f:79:b8:25:1b:97:ae:f0:e2:de:
                    b9:c0:22:af:8d:de:b2:50:34:6e:d4:ef:97:4e:35:
                    2e:8d:46:60:59:6b:92:7d:de:87:08:07:38:77:28:
                    b8:0b:6c:a0:b0:fc:97:27:29:96:c4:b2:99:90:b7:
                    19:9d:4b:a3:c8:3a:53:47:f5:1b:34:eb:73:0d:e7:
                    07:cb:1b:a3:ed:1d:97:de:3e:d2:49:67:df:ef:f4:
                    e7:da:db:02:b4:02:bc:8a:0a:79:75:1b:b7:43:93:
                    bb:a3:a5:89:b4:15:83:e7:db:29:5b:54:86:af:20:
                    74:61:d9:fa:0a:50:03:7e:b4:7b:c2:b5:f0:4d:f1:
                    57:77:c3:ff:74:47:1c:ee:21:9d:3e:d3:ca:07:13:
                    36:6a:0c:0f:68:95:2f:27:ed:a6:0e:c0:e2:3d:bb:
                    20:e5:a8:83:e5:cf:d8:6c:c1:e5:c6:91:24:e1:b6:
                    7e:6f:6c:79:6c:ba:f1:4e:88:32:b1:18:cd:c9:10:
                    12:1e:dc:86:e7:bd:18:6b:00:61:aa:d3:f7:d9:3d:
                    9f:93:10:4d:01:68:c0:a0:3e:8e:98:71:a3:40:41:
                    48:5c:15:d5:fd:a1:19:64:38:f8:b4:0d:19:11:2a:
                    9f:1e:37:d7:b3:24:96:51:67:72:88:90:b2:15:6c:
                    a9:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:DE:9E:4B:16:CF:92:07:14:96:88:0A:F0:8A:3F:8F:AF:E3:FD:36
            X509v3 Authority Key Identifier:
                keyid:F3:60:54:09:25:DB:CB:1A:09:FB:65:F3:B2:90:03:D6:8F:23:DE:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/82BUCSXbyxoJ-2XzspAD1o8j3ms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/4dae7f-ba0e-4277-9e92-b4f007ef7e86/1/kd6eSxbPkgcUlogK8Io_j6_j_TY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/4dae7f-ba0e-4277-9e92-b4f007ef7e86/1/82BUCSXbyxoJ-2XzspAD1o8j3ms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:1f:b4:c9:08:5f:a7:76:9c:54:dd:2e:48:92:e5:04:18:b4:
         49:3e:ff:02:ce:17:b5:8f:bd:0b:c0:ac:80:7b:af:10:af:91:
         a9:12:30:d5:ca:23:5c:01:46:f0:76:9e:c9:55:b5:0e:35:1c:
         27:1e:b4:93:66:60:2a:e1:67:f4:94:53:28:4d:5c:da:b5:c5:
         c9:96:a4:7d:2e:d2:17:8b:f9:a8:6a:37:a9:06:34:1d:49:5d:
         44:3e:3a:ea:a0:16:7a:88:8f:bf:24:36:1f:2a:81:a4:0c:73:
         41:ff:ee:b3:66:d1:45:c6:c8:b7:c9:bb:b6:b2:cd:7d:0a:1c:
         20:be:60:3f:dc:7b:50:c1:43:c1:98:dd:03:9c:72:ba:b4:de:
         d0:63:03:02:ea:56:ab:be:27:e8:bc:e4:03:e3:62:59:83:f7:
         15:c3:55:de:22:3e:de:bb:8e:8b:3f:2e:54:ae:dc:3a:fe:4e:
         fe:65:38:06:89:ce:c7:7a:0e:3a:51:f2:93:ac:da:64:c3:85:
         bd:76:e4:79:e5:c7:3e:c3:88:30:00:09:0f:f0:32:4c:98:d6:
         d1:28:8e:ed:3e:aa:10:87:28:02:f6:05:2f:b8:66:e3:b7:29:
         47:5c:ce:90:3d:71:8b:d8:88:96:f6:c5:e1:a2:d6:96:6a:b3:
         b7:72:32:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtnZK3sB8c6ImjuWiM/qrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNjA1NDA5MjVkYmNiMWEwOWZiNjVmM2IyOTAwM2Q2OGYy
M2RlNmIwHhcNMjQwMTAxMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWRlOWU0YjE2Y2Y5MjA3MTQ5Njg4MGFmMDhhM2Y4ZmFmZTNmZDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiaM/5V95uCUbl67w4t65wCKvjd6y
UDRu1O+XTjUujUZgWWuSfd6HCAc4dyi4C2ygsPyXJymWxLKZkLcZnUujyDpTR/Ub
NOtzDecHyxuj7R2X3j7SSWff7/Tn2tsCtAK8igp5dRu3Q5O7o6WJtBWD59spW1SG
ryB0Ydn6ClADfrR7wrXwTfFXd8P/dEcc7iGdPtPKBxM2agwPaJUvJ+2mDsDiPbsg
5aiD5c/YbMHlxpEk4bZ+b2x5bLrxTogysRjNyRASHtyG570YawBhqtP32T2fkxBN
AWjAoD6OmHGjQEFIXBXV/aEZZDj4tA0ZESqfHjfXsySWUWdyiJCyFWypCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJHenksWz5IHFJaICvCKP4+v4/02MB8GA1UdIwQY
MBaAFPNgVAkl28saCftl87KQA9aPI95rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODJCVUNTWGJ5eG9KLTJYenNwQUQxbzhqM21zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy80ZGFlN2YtYmEwZS00Mjc3LTllOTIt
YjRmMDA3ZWY3ZTg2LzEva2Q2ZVN4YlBrZ2NVbG9nSzhJb19qNl9qX1RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy80ZGFlN2YtYmEwZS00Mjc3LTllOTItYjRmMDA3ZWY3ZTg2
LzEvODJCVUNTWGJ5eG9KLTJYenNwQUQxbzhqM21zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBualQMA0G
CSqGSIb3DQEBCwUAA4IBAQApH7TJCF+ndpxU3S5IkuUEGLRJPv8Czhe1j70LwKyA
e68Qr5GpEjDVyiNcAUbwdp7JVbUONRwnHrSTZmAq4Wf0lFMoTVzatcXJlqR9LtIX
i/moajepBjQdSV1EPjrqoBZ6iI+/JDYfKoGkDHNB/+6zZtFFxsi3ybu2ss19Chwg
vmA/3HtQwUPBmN0DnHK6tN7QYwMC6larvifovOQD42JZg/cVw1XeIj7eu46LPy5U
rtw6/k7+ZTgGic7Heg46UfKTrNpkw4W9duR55cc+w4gwAAkP8DJMmNbRKI7tPqoQ
hygC9gUvuGbjtylHXM6QPXGL2IiW9sXhotaWarO3cjIt
-----END CERTIFICATE-----