Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/7d83b9-1946-4b47-99de-05c06796e938/1/86gkbUXGh4amKC8B9q0G245KeCU.roa
File:                     86gkbUXGh4amKC8B9q0G245KeCU.roa (raw, json)
Hash identifier:          rNQHzdcflJ12jsqdaytmPsPXdFZuChB9e7FCNt8v5YA=
Subject key identifier:   F3:A8:24:6D:45:C6:87:86:A6:28:2F:01:F6:AD:06:DB:8E:4A:78:25
Certificate issuer:       /CN=ef2a8ec03eec3bcfc33cf90f1f4f8e7e90234e69
Certificate serial:       0191D646A38E9DF705BE44755E8016C2E90A
Authority key identifier: EF:2A:8E:C0:3E:EC:3B:CF:C3:3C:F9:0F:1F:4F:8E:7E:90:23:4E:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7yqOwD7sO8_DPPkPH0-OfpAjTmk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/7d83b9-1946-4b47-99de-05c06796e938/1/86gkbUXGh4amKC8B9q0G245KeCU.roa
Signing time:             Mon 09 Sep 2024 10:13:59 +0000
ROA not before:           Mon 09 Sep 2024 10:13:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60195
IP address blocks:        91.204.28.0/22 maxlen: 22
                          91.238.166.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/7d83b9-1946-4b47-99de-05c06796e938/1/7yqOwD7sO8_DPPkPH0-OfpAjTmk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/7d83b9-1946-4b47-99de-05c06796e938/1/7yqOwD7sO8_DPPkPH0-OfpAjTmk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7yqOwD7sO8_DPPkPH0-OfpAjTmk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d6:46:a3:8e:9d:f7:05:be:44:75:5e:80:16:c2:e9:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef2a8ec03eec3bcfc33cf90f1f4f8e7e90234e69
        Validity
            Not Before: Sep  9 10:13:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3a8246d45c68786a6282f01f6ad06db8e4a7825
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ea:d4:35:47:6e:6d:ff:fc:5e:38:aa:46:dd:
                    97:4b:0f:b3:8c:73:85:e2:5b:5d:b7:49:6b:21:54:
                    9c:87:e7:05:ec:88:09:1f:7e:64:26:d0:6c:a3:2f:
                    fd:9e:fa:bb:08:77:26:a4:e1:c7:81:72:af:9a:07:
                    f1:dc:0d:b4:b9:19:e1:a2:bf:2e:62:76:38:c6:97:
                    79:bd:e8:07:22:57:61:6f:36:e5:75:ee:a7:22:e7:
                    5e:f2:30:70:11:ae:70:41:5f:b3:c8:1b:5b:2d:d7:
                    b7:2b:23:c8:6b:d6:e9:09:23:a2:0e:09:4b:22:e1:
                    94:90:77:a0:37:44:a6:f0:5f:06:04:58:65:4e:8c:
                    be:ee:87:82:aa:3d:32:ad:13:e3:6f:86:60:cf:f3:
                    71:09:a3:c1:f1:e8:a3:02:20:9d:06:af:8e:5d:7c:
                    22:fd:0b:ea:0e:31:7a:2f:e6:2f:ee:d6:92:0c:d4:
                    3a:89:01:1d:ef:ab:6f:e9:9a:08:29:b2:6a:78:68:
                    ff:95:df:27:12:eb:7f:40:d0:0f:be:c7:9b:01:41:
                    2e:00:85:01:84:11:41:be:0a:3c:ae:bb:fc:ce:4e:
                    11:de:04:dc:c1:03:05:1f:95:42:d4:fa:03:ce:d4:
                    d7:af:b9:6a:ff:ac:36:0e:49:2f:8d:76:37:93:e0:
                    8c:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:A8:24:6D:45:C6:87:86:A6:28:2F:01:F6:AD:06:DB:8E:4A:78:25
            X509v3 Authority Key Identifier:
                keyid:EF:2A:8E:C0:3E:EC:3B:CF:C3:3C:F9:0F:1F:4F:8E:7E:90:23:4E:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7yqOwD7sO8_DPPkPH0-OfpAjTmk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/7d83b9-1946-4b47-99de-05c06796e938/1/86gkbUXGh4amKC8B9q0G245KeCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/7d83b9-1946-4b47-99de-05c06796e938/1/7yqOwD7sO8_DPPkPH0-OfpAjTmk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.204.28.0/22
                  91.238.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:31:6f:c8:4d:02:d3:dc:22:f3:32:13:d9:4f:2d:9f:47:30:
         80:37:d9:1c:96:4d:5f:77:19:a4:3e:49:ff:85:2a:8a:3d:21:
         f0:7f:12:dc:fa:cf:df:be:12:fa:c2:71:2b:72:07:66:2a:ec:
         e6:4a:2f:6a:40:ea:63:43:b3:f1:b5:7d:22:6e:fb:21:db:ec:
         38:5a:8c:87:52:24:36:41:95:59:2f:04:33:b7:70:7a:ab:7d:
         94:cc:4d:18:d8:a6:9b:1d:5a:00:76:9f:a5:35:af:c3:df:c8:
         dc:5e:12:cf:02:cf:55:d7:89:de:93:3f:72:e3:40:06:dd:5f:
         22:d5:45:d6:50:f9:c5:d3:ae:67:64:2d:51:34:ca:37:b6:95:
         c6:ce:02:6a:4a:18:93:93:94:b8:38:2a:cb:10:41:11:2f:d6:
         14:2f:77:b4:ba:8e:17:f0:24:3c:e3:73:06:61:29:22:12:08:
         44:5b:5f:ab:c5:e7:2c:85:e0:b8:e0:43:f2:e2:95:92:32:5f:
         4e:44:08:fb:eb:22:5f:1f:67:32:49:b0:a7:a1:51:91:1f:f4:
         15:ed:94:97:b6:8f:80:7f:3b:a6:69:d2:89:a6:c0:e1:c1:a4:
         66:18:36:d0:b4:84:c3:98:83:c9:b3:b0:66:12:4c:87:35:f0:
         8c:8b:fe:19
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZHWRqOOnfcFvkR1XoAWwukKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMmE4ZWMwM2VlYzNiY2ZjMzNjZjkwZjFmNGY4ZTdlOTAy
MzRlNjkwHhcNMjQwOTA5MTAxMzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2E4MjQ2ZDQ1YzY4Nzg2YTYyODJmMDFmNmFkMDZkYjhlNGE3ODI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqurUNUdubf/8XjiqRt2XSw+zjHOF
4ltdt0lrIVSch+cF7IgJH35kJtBsoy/9nvq7CHcmpOHHgXKvmgfx3A20uRnhor8u
YnY4xpd5vegHIldhbzblde6nIude8jBwEa5wQV+zyBtbLde3KyPIa9bpCSOiDglL
IuGUkHegN0Sm8F8GBFhlToy+7oeCqj0yrRPjb4Zgz/NxCaPB8eijAiCdBq+OXXwi
/QvqDjF6L+Yv7taSDNQ6iQEd76tv6ZoIKbJqeGj/ld8nEut/QNAPvsebAUEuAIUB
hBFBvgo8rrv8zk4R3gTcwQMFH5VC1PoDztTXr7lq/6w2DkkvjXY3k+CMpwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPOoJG1FxoeGpigvAfatBtuOSnglMB8GA1UdIwQY
MBaAFO8qjsA+7DvPwzz5Dx9Pjn6QI05pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3lxT3dEN3NPOF9EUFBrUEgwLU9mcEFqVG1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS83ZDgzYjktMTk0Ni00YjQ3LTk5ZGUt
MDVjMDY3OTZlOTM4LzEvODZna2JVWEdoNGFtS0M4QjlxMEcyNDVLZUNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS83ZDgzYjktMTk0Ni00YjQ3LTk5ZGUtMDVjMDY3OTZlOTM4
LzEvN3lxT3dEN3NPOF9EUFBrUEgwLU9mcEFqVG1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW8wcAwQB
W+6mMA0GCSqGSIb3DQEBCwUAA4IBAQASMW/ITQLT3CLzMhPZTy2fRzCAN9kclk1f
dxmkPkn/hSqKPSHwfxLc+s/fvhL6wnErcgdmKuzmSi9qQOpjQ7PxtX0ibvsh2+w4
WoyHUiQ2QZVZLwQzt3B6q32UzE0Y2KabHVoAdp+lNa/D38jcXhLPAs9V14nekz9y
40AG3V8i1UXWUPnF065nZC1RNMo3tpXGzgJqShiTk5S4OCrLEEERL9YUL3e0uo4X
8CQ843MGYSkiEghEW1+rxecsheC44EPy4pWSMl9ORAj76yJfH2cySbCnoVGRH/QV
7ZSXto+AfzumadKJpsDhwaRmGDbQtITDmIPJs7BmEkyHNfCMi/4Z
-----END CERTIFICATE-----