Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/4dbcb2-3a96-4817-9971-5007dde35045/1/6iwAnsKrvIzW_8kWxukMBv6_7-8.roa
File:                     6iwAnsKrvIzW_8kWxukMBv6_7-8.roa (raw, json)
Hash identifier:          B5lqJOu3kAHiS4R57Sfyd1HoOQ3st29J+9s18/WFb88=
Subject key identifier:   EA:2C:00:9E:C2:AB:BC:8C:D6:FF:C9:16:C6:E9:0C:06:FE:BF:EF:EF
Certificate issuer:       /CN=ac0852af5a8e436b2d4da72e92b64114e1f4d15f
Certificate serial:       01941FFA143B54621E6A9ABFF551F8F0DE31
Authority key identifier: AC:08:52:AF:5A:8E:43:6B:2D:4D:A7:2E:92:B6:41:14:E1:F4:D1:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rAhSr1qOQ2stTacukrZBFOH00V8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/4dbcb2-3a96-4817-9971-5007dde35045/1/6iwAnsKrvIzW_8kWxukMBv6_7-8.roa
Signing time:             Wed 01 Jan 2025 03:47:50 +0000
ROA not before:           Wed 01 Jan 2025 03:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        91.108.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/4dbcb2-3a96-4817-9971-5007dde35045/1/rAhSr1qOQ2stTacukrZBFOH00V8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/4dbcb2-3a96-4817-9971-5007dde35045/1/rAhSr1qOQ2stTacukrZBFOH00V8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rAhSr1qOQ2stTacukrZBFOH00V8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:14:3b:54:62:1e:6a:9a:bf:f5:51:f8:f0:de:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac0852af5a8e436b2d4da72e92b64114e1f4d15f
        Validity
            Not Before: Jan  1 03:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ea2c009ec2abbc8cd6ffc916c6e90c06febfefef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:70:c7:43:ac:14:f6:d0:52:09:5c:ac:18:7f:
                    1d:6e:ef:f0:b9:2c:a5:e8:5e:f7:e7:cf:3c:6a:a2:
                    1e:0a:61:61:83:b4:ff:3a:ee:84:58:0b:d7:b0:06:
                    98:d9:41:5a:34:34:ce:69:71:2e:3d:04:fd:9a:e7:
                    79:6f:15:be:2c:e5:99:9d:63:62:1b:fe:53:d0:e8:
                    8f:44:bd:f7:a0:66:32:3e:d2:c7:61:d5:6b:0f:c5:
                    a1:59:4c:30:aa:59:a3:39:af:2f:16:c2:5d:86:5c:
                    b3:21:32:f3:bd:96:43:bd:17:fd:95:8f:81:4c:0a:
                    f9:c4:bc:85:51:2f:54:32:6e:56:a0:83:04:95:7a:
                    87:dc:36:e1:6a:d0:a3:e9:4f:5f:06:71:cd:b5:02:
                    e6:ba:0d:bc:16:8a:01:60:74:a9:16:aa:da:a7:fd:
                    3a:95:53:a2:ff:24:51:e6:26:16:4b:b4:38:91:e0:
                    87:cc:a4:3e:d5:fc:ec:c3:13:d1:f0:09:5f:06:17:
                    f8:47:e9:40:4c:dc:1a:ed:c6:3e:e0:90:be:81:8b:
                    6a:12:91:df:44:bb:1b:54:5a:e1:27:e6:64:39:2f:
                    8e:f2:93:d9:83:3c:12:d0:63:63:43:06:f3:b2:f2:
                    a6:86:46:a7:f6:98:1a:f9:ba:89:01:80:8a:77:28:
                    09:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:2C:00:9E:C2:AB:BC:8C:D6:FF:C9:16:C6:E9:0C:06:FE:BF:EF:EF
            X509v3 Authority Key Identifier:
                keyid:AC:08:52:AF:5A:8E:43:6B:2D:4D:A7:2E:92:B6:41:14:E1:F4:D1:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rAhSr1qOQ2stTacukrZBFOH00V8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4dbcb2-3a96-4817-9971-5007dde35045/1/6iwAnsKrvIzW_8kWxukMBv6_7-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4dbcb2-3a96-4817-9971-5007dde35045/1/rAhSr1qOQ2stTacukrZBFOH00V8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:e4:e1:dc:f0:43:1e:ab:4b:13:a3:7b:0a:80:a4:74:9e:a4:
         aa:8a:7f:80:f8:43:6f:a3:30:64:0d:2b:70:fc:b3:97:04:67:
         d8:cc:33:b5:56:47:d1:41:8b:4e:84:ae:00:02:4b:f1:89:5a:
         e4:e4:2d:e8:1c:ea:e7:b9:41:96:3e:3c:0a:13:02:b4:f1:84:
         45:48:a0:c0:81:31:08:2e:9e:f7:0e:87:46:79:4f:77:98:4b:
         ec:44:c6:85:ac:82:67:5c:57:12:17:4e:3a:87:e7:9a:f5:3b:
         5a:ed:54:08:0f:29:f1:f0:63:68:c0:ad:be:af:72:1b:cf:25:
         f1:78:e6:20:06:8e:4b:db:29:b5:a5:fd:2a:bb:07:09:c0:7d:
         a4:20:3c:18:00:4a:96:76:7b:88:70:23:8d:b3:2f:d9:51:f9:
         9c:ba:1f:b8:f5:e8:1b:6f:f3:cd:ed:44:c6:35:ce:6d:27:54:
         f0:9d:86:98:62:b5:31:13:47:8b:ba:ee:eb:aa:0e:f9:79:b5:
         b4:3d:f5:62:5c:1b:46:ea:34:f2:90:95:49:ed:9d:d9:20:61:
         7b:de:c8:68:30:50:92:7f:4e:fb:5e:1f:d8:7f:a1:8f:d0:6b:
         01:5e:ea:b0:0a:0c:79:e9:f9:a6:ba:c2:0a:fd:cd:a3:de:ba:
         91:89:6e:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+hQ7VGIeapq/9VH48N4xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjMDg1MmFmNWE4ZTQzNmIyZDRkYTcyZTkyYjY0MTE0ZTFm
NGQxNWYwHhcNMjUwMTAxMDM0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTJjMDA5ZWMyYWJiYzhjZDZmZmM5MTZjNmU5MGMwNmZlYmZlZmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHDHQ6wU9tBSCVysGH8dbu/wuSyl
6F735888aqIeCmFhg7T/Ou6EWAvXsAaY2UFaNDTOaXEuPQT9mud5bxW+LOWZnWNi
G/5T0OiPRL33oGYyPtLHYdVrD8WhWUwwqlmjOa8vFsJdhlyzITLzvZZDvRf9lY+B
TAr5xLyFUS9UMm5WoIMElXqH3DbhatCj6U9fBnHNtQLmug28FooBYHSpFqrap/06
lVOi/yRR5iYWS7Q4keCHzKQ+1fzswxPR8AlfBhf4R+lATNwa7cY+4JC+gYtqEpHf
RLsbVFrhJ+ZkOS+O8pPZgzwS0GNjQwbzsvKmhkan9pga+bqJAYCKdygJcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOosAJ7Cq7yM1v/JFsbpDAb+v+/vMB8GA1UdIwQY
MBaAFKwIUq9ajkNrLU2nLpK2QRTh9NFfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckFoU3IxcU9RMnN0VGFjdWtyWkJGT0gwMFY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny80ZGJjYjItM2E5Ni00ODE3LTk5NzEt
NTAwN2RkZTM1MDQ1LzEvNml3QW5zS3J2SXpXXzhrV3h1a01CdjZfNy04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny80ZGJjYjItM2E5Ni00ODE3LTk5NzEtNTAwN2RkZTM1MDQ1
LzEvckFoU3IxcU9RMnN0VGFjdWtyWkJGT0gwMFY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2y6MA0G
CSqGSIb3DQEBCwUAA4IBAQA/5OHc8EMeq0sTo3sKgKR0nqSqin+A+ENvozBkDStw
/LOXBGfYzDO1VkfRQYtOhK4AAkvxiVrk5C3oHOrnuUGWPjwKEwK08YRFSKDAgTEI
Lp73DodGeU93mEvsRMaFrIJnXFcSF046h+ea9Tta7VQIDynx8GNowK2+r3IbzyXx
eOYgBo5L2ym1pf0quwcJwH2kIDwYAEqWdnuIcCONsy/ZUfmcuh+49egbb/PN7UTG
Nc5tJ1TwnYaYYrUxE0eLuu7rqg75ebW0PfViXBtG6jTykJVJ7Z3ZIGF73shoMFCS
f077Xh/Yf6GP0GsBXuqwCgx56fmmusIK/c2j3rqRiW7S
-----END CERTIFICATE-----