Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/tY2Qqq1Vv_RMjheeLJFxvHXgNRo.roa
File:                     tY2Qqq1Vv_RMjheeLJFxvHXgNRo.roa (raw, json)
Hash identifier:          h75W+DtYaZRZQpFHibBj/wPxEE7Lpx3s4CV4BnXWmN4=
Subject key identifier:   B5:8D:90:AA:AD:55:BF:F4:4C:8E:17:9E:2C:91:71:BC:75:E0:35:1A
Certificate issuer:       /CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
Certificate serial:       018FA4D2FFEDA882A51FA2ADA58D5EE7A8AA
Authority key identifier: 27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/tY2Qqq1Vv_RMjheeLJFxvHXgNRo.roa
Signing time:             Thu 23 May 2024 09:40:42 +0000
ROA not before:           Thu 23 May 2024 09:40:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215155
IP address blocks:        91.102.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 04:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a4:d2:ff:ed:a8:82:a5:1f:a2:ad:a5:8d:5e:e7:a8:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
        Validity
            Not Before: May 23 09:40:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b58d90aaad55bff44c8e179e2c9171bc75e0351a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ca:d7:5d:f8:3f:3d:1d:a3:de:c1:76:3e:15:
                    7c:76:79:43:7d:28:1c:40:03:98:72:e1:bc:c8:d2:
                    06:b3:27:1f:51:f3:9f:98:8b:47:c1:f0:a5:64:41:
                    af:06:ff:3a:df:4b:62:32:db:6e:fc:48:9e:43:d0:
                    56:3b:1b:7c:dc:7b:37:68:e9:3b:67:a8:4a:74:1a:
                    20:74:e0:c7:a0:f1:a0:6f:c9:06:37:80:e3:35:71:
                    c4:9d:2f:f9:a3:0a:76:06:7a:ee:36:52:74:d4:6c:
                    31:76:0e:18:7e:e0:c6:aa:38:9b:4b:e0:c4:b5:71:
                    d3:88:a4:cd:4b:d1:a8:e9:00:1f:3c:21:0c:d6:ce:
                    b5:64:7c:f2:0f:66:94:ea:12:b0:43:36:e0:93:b3:
                    bf:83:f6:86:06:b3:a6:7c:79:51:a2:43:e9:5c:ec:
                    54:d2:33:66:df:6e:96:4b:73:f0:6d:62:1d:bc:f0:
                    10:14:20:f8:f0:c1:d8:52:2a:d1:23:41:51:9b:95:
                    b4:ba:f4:d9:89:c4:01:b2:ce:1d:c5:c2:26:3a:20:
                    fe:37:1b:50:9b:d3:11:57:6f:20:9e:51:dd:ef:6b:
                    51:30:d4:3c:1a:08:4f:65:b1:db:90:2c:4d:04:26:
                    62:04:f0:84:bb:3c:45:e5:3c:92:98:8e:e9:4e:50:
                    a8:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:8D:90:AA:AD:55:BF:F4:4C:8E:17:9E:2C:91:71:BC:75:E0:35:1A
            X509v3 Authority Key Identifier:
                keyid:27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/tY2Qqq1Vv_RMjheeLJFxvHXgNRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:4f:3b:94:e5:06:a1:9f:56:64:b2:bd:96:16:ef:be:a2:6a:
         80:0f:0d:8f:63:4e:29:94:2f:1f:81:a1:ba:73:57:ab:d5:06:
         ba:46:31:25:cb:16:33:33:2d:f3:e3:59:4f:07:75:cb:5c:a3:
         64:e1:46:8d:b9:6f:66:da:56:fb:85:6d:13:2b:f4:e9:ed:6f:
         5f:39:ee:93:f2:8d:ca:8f:84:a9:1c:13:a1:35:b2:87:96:bb:
         d7:5c:35:f7:b5:af:2c:fa:f0:a2:26:cc:95:50:dc:6f:32:db:
         78:cb:04:61:1c:73:bf:95:26:27:32:9d:1e:07:23:c3:66:65:
         c0:ef:63:5e:80:03:b4:89:7d:45:12:13:8b:85:1d:50:c5:ac:
         58:0b:b2:91:b2:c3:58:14:fc:d2:7a:7f:88:56:3d:27:8f:18:
         b5:c1:91:2d:24:e4:69:a6:fe:f2:1a:d5:a7:55:a1:78:cf:a8:
         30:51:9c:64:5c:d5:22:11:8d:e6:b5:38:a1:eb:83:47:3b:a7:
         14:45:07:f6:20:08:a6:7a:9c:98:10:25:dc:fb:e0:f5:f4:26:
         6e:d3:94:2a:98:7d:db:44:35:70:ff:eb:86:aa:47:35:1d:db:
         5f:61:aa:9b:70:88:2f:69:ff:02:92:05:68:4b:a0:26:a9:a5:
         76:12:4d:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+k0v/tqIKlH6KtpY1e56iqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YzhiNDI3YzMxMzU5OGE5MmU4ZDhlYzYwZTI5NTBkYTM5
ZmMyYzkwHhcNMjQwNTIzMDk0MDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNThkOTBhYWFkNTViZmY0NGM4ZTE3OWUyYzkxNzFiYzc1ZTAzNTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMrXXfg/PR2j3sF2PhV8dnlDfSgc
QAOYcuG8yNIGsycfUfOfmItHwfClZEGvBv8630tiMttu/EieQ9BWOxt83Hs3aOk7
Z6hKdBogdODHoPGgb8kGN4DjNXHEnS/5owp2BnruNlJ01Gwxdg4YfuDGqjibS+DE
tXHTiKTNS9Go6QAfPCEM1s61ZHzyD2aU6hKwQzbgk7O/g/aGBrOmfHlRokPpXOxU
0jNm326WS3PwbWIdvPAQFCD48MHYUirRI0FRm5W0uvTZicQBss4dxcImOiD+NxtQ
m9MRV28gnlHd72tRMNQ8GghPZbHbkCxNBCZiBPCEuzxF5TySmI7pTlCoowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLWNkKqtVb/0TI4XniyRcbx14DUaMB8GA1UdIwQY
MBaAFCfItCfDE1mKkujY7GDilQ2jn8LJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzct
MWM2ZWU0NGUxMWFkLzEvdFkyUXFxMVZ2X1JNamhlZUxKRnh2SFhnTlJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzctMWM2ZWU0NGUxMWFk
LzEvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2ajMA0G
CSqGSIb3DQEBCwUAA4IBAQBNTzuU5Qahn1Zksr2WFu++omqADw2PY04plC8fgaG6
c1er1Qa6RjElyxYzMy3z41lPB3XLXKNk4UaNuW9m2lb7hW0TK/Tp7W9fOe6T8o3K
j4SpHBOhNbKHlrvXXDX3ta8s+vCiJsyVUNxvMtt4ywRhHHO/lSYnMp0eByPDZmXA
72NegAO0iX1FEhOLhR1QxaxYC7KRssNYFPzSen+IVj0njxi1wZEtJORppv7yGtWn
VaF4z6gwUZxkXNUiEY3mtTih64NHO6cURQf2IAimepyYECXc++D19CZu05QqmH3b
RDVw/+uGqkc1HdtfYaqbcIgvaf8CkgVoS6AmqaV2Ek14
-----END CERTIFICATE-----