Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/55d3cc-bcf0-425e-983d-4f3c46f17737/1/K6JKEnIOmt7wFLlSySuaocbgjKA.roa
File:                     K6JKEnIOmt7wFLlSySuaocbgjKA.roa (raw, json)
Hash identifier:          yP7QhTUhpyaXmtWJpKNDmVoI0hLBJCkqT2QANV38Mas=
Subject key identifier:   2B:A2:4A:12:72:0E:9A:DE:F0:14:B9:52:C9:2B:9A:A1:C6:E0:8C:A0
Certificate issuer:       /CN=32e15d384c38f4872b0ff9352ff19c4d6dfb64c6
Certificate serial:       018CC500E8AC9C3F82402B68E5A592CA0EE0
Authority key identifier: 32:E1:5D:38:4C:38:F4:87:2B:0F:F9:35:2F:F1:9C:4D:6D:FB:64:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MuFdOEw49IcrD_k1L_GcTW37ZMY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/55d3cc-bcf0-425e-983d-4f3c46f17737/1/K6JKEnIOmt7wFLlSySuaocbgjKA.roa
Signing time:             Mon 01 Jan 2024 12:30:20 +0000
ROA not before:           Mon 01 Jan 2024 12:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199663
IP address blocks:        91.245.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/55d3cc-bcf0-425e-983d-4f3c46f17737/1/MuFdOEw49IcrD_k1L_GcTW37ZMY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/55d3cc-bcf0-425e-983d-4f3c46f17737/1/MuFdOEw49IcrD_k1L_GcTW37ZMY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MuFdOEw49IcrD_k1L_GcTW37ZMY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 18:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:e8:ac:9c:3f:82:40:2b:68:e5:a5:92:ca:0e:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32e15d384c38f4872b0ff9352ff19c4d6dfb64c6
        Validity
            Not Before: Jan  1 12:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ba24a12720e9adef014b952c92b9aa1c6e08ca0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:6b:d6:d1:bc:82:d2:23:00:48:59:0a:fa:5e:
                    01:97:2f:65:ed:57:5b:74:f3:79:1c:ab:ab:6e:85:
                    e5:7b:5b:e9:7c:94:29:c0:ef:98:86:22:7e:a2:18:
                    73:de:5c:62:8a:54:a0:09:29:4b:5d:4b:19:7a:03:
                    02:ea:cf:97:7c:82:8b:4c:9e:51:24:c7:1a:40:45:
                    76:8b:b2:8e:e3:a1:96:44:b6:17:5d:97:7f:95:e4:
                    f3:1b:2b:89:1f:70:76:c2:60:a9:a0:01:2f:58:6d:
                    9b:7a:bd:c8:19:c8:9b:b4:88:b5:06:47:b9:de:f8:
                    03:72:7b:da:44:98:83:59:0d:fd:7b:50:ea:25:4d:
                    d3:f1:9b:ff:d0:de:46:3d:6d:51:3f:38:14:e4:1d:
                    ae:68:be:f0:53:08:96:9b:7c:a2:4c:6b:31:76:95:
                    b1:f4:18:9d:0b:b3:43:01:d4:d7:85:c1:4a:fe:b1:
                    f1:ec:8e:74:f7:60:f3:99:b7:86:86:73:a2:a1:aa:
                    17:a2:4d:b4:32:5b:cf:da:70:ea:88:05:e0:c1:e9:
                    04:21:27:cf:18:4d:2e:e9:3d:27:d7:df:52:71:f3:
                    b1:71:0b:7e:22:e2:f4:23:ff:69:04:22:fb:ce:eb:
                    28:3c:ed:78:18:df:5e:f2:df:f9:34:23:60:8e:2c:
                    ec:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:A2:4A:12:72:0E:9A:DE:F0:14:B9:52:C9:2B:9A:A1:C6:E0:8C:A0
            X509v3 Authority Key Identifier:
                keyid:32:E1:5D:38:4C:38:F4:87:2B:0F:F9:35:2F:F1:9C:4D:6D:FB:64:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MuFdOEw49IcrD_k1L_GcTW37ZMY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/55d3cc-bcf0-425e-983d-4f3c46f17737/1/K6JKEnIOmt7wFLlSySuaocbgjKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/55d3cc-bcf0-425e-983d-4f3c46f17737/1/MuFdOEw49IcrD_k1L_GcTW37ZMY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.245.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:7b:81:30:58:55:fa:49:c9:4c:d6:d2:d9:d0:07:a5:2c:62:
         3c:b0:df:dc:f3:c3:8e:84:88:65:a2:fe:89:16:9d:0e:e3:09:
         1b:a6:76:d3:0a:44:a4:88:9f:8b:21:15:c1:4e:71:24:94:7c:
         0a:eb:1f:2e:2e:93:d3:97:4f:dd:ec:9f:de:85:9a:46:78:ca:
         fc:82:3d:dd:b1:fb:64:95:4e:1e:1a:d2:f5:2d:49:53:30:3f:
         fc:53:45:25:f4:85:c1:e2:b6:d4:14:14:80:cb:d2:fb:e7:00:
         2b:c0:ae:47:dc:74:03:7d:a8:5b:87:dc:42:c0:e8:06:89:01:
         d2:57:29:a6:5a:2c:ab:f0:3d:e5:e0:cc:f9:18:5b:8f:f3:1e:
         a6:4a:96:d3:cd:e5:ac:ac:db:d2:33:fb:08:4a:4f:c7:3c:6d:
         89:b6:49:c6:63:5e:a5:1d:cc:bb:63:a4:3d:52:c3:f2:ab:00:
         83:1f:fa:d6:2c:20:b2:d5:bd:41:1a:6c:43:bf:1f:50:10:4a:
         fd:f4:21:4a:ec:54:d4:36:17:b6:c3:a3:6e:d0:6c:19:a1:87:
         3e:c6:18:64:f9:4f:65:e6:e0:ec:8a:59:e9:41:1a:85:05:dd:
         fb:56:48:d9:dd:d3:2e:c7:8c:a8:b9:83:c7:7a:3d:c6:c8:4a:
         67:d0:22:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAOisnD+CQCto5aWSyg7gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyZTE1ZDM4NGMzOGY0ODcyYjBmZjkzNTJmZjE5YzRkNmRm
YjY0YzYwHhcNMjQwMTAxMTIzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmEyNGExMjcyMGU5YWRlZjAxNGI5NTJjOTJiOWFhMWM2ZTA4Y2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgmvW0byC0iMASFkK+l4Bly9l7Vdb
dPN5HKurboXle1vpfJQpwO+YhiJ+ohhz3lxiilSgCSlLXUsZegMC6s+XfIKLTJ5R
JMcaQEV2i7KO46GWRLYXXZd/leTzGyuJH3B2wmCpoAEvWG2ber3IGcibtIi1Bke5
3vgDcnvaRJiDWQ39e1DqJU3T8Zv/0N5GPW1RPzgU5B2uaL7wUwiWm3yiTGsxdpWx
9BidC7NDAdTXhcFK/rHx7I5092DzmbeGhnOioaoXok20MlvP2nDqiAXgwekEISfP
GE0u6T0n199ScfOxcQt+IuL0I/9pBCL7zusoPO14GN9e8t/5NCNgjizsvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCuiShJyDpre8BS5UskrmqHG4IygMB8GA1UdIwQY
MBaAFDLhXThMOPSHKw/5NS/xnE1t+2TGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXVGZE9FdzQ5SWNyRF9rMUxfR2NUVzM3Wk1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS81NWQzY2MtYmNmMC00MjVlLTk4M2Qt
NGYzYzQ2ZjE3NzM3LzEvSzZKS0VuSU9tdDd3RkxsU3lTdWFvY2JnaktBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS81NWQzY2MtYmNmMC00MjVlLTk4M2QtNGYzYzQ2ZjE3NzM3
LzEvTXVGZE9FdzQ5SWNyRF9rMUxfR2NUVzM3Wk1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/XCMA0G
CSqGSIb3DQEBCwUAA4IBAQAce4EwWFX6SclM1tLZ0AelLGI8sN/c88OOhIhlov6J
Fp0O4wkbpnbTCkSkiJ+LIRXBTnEklHwK6x8uLpPTl0/d7J/ehZpGeMr8gj3dsftk
lU4eGtL1LUlTMD/8U0Ul9IXB4rbUFBSAy9L75wArwK5H3HQDfahbh9xCwOgGiQHS
VymmWiyr8D3l4Mz5GFuP8x6mSpbTzeWsrNvSM/sISk/HPG2JtknGY16lHcy7Y6Q9
UsPyqwCDH/rWLCCy1b1BGmxDvx9QEEr99CFK7FTUNhe2w6Nu0GwZoYc+xhhk+U9l
5uDsilnpQRqFBd37VkjZ3dMux4youYPHej3GyEpn0CIb
-----END CERTIFICATE-----