Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/ac1738-6c67-4204-8901-74748bc93bca/1/z6ubru5bGG5whpZXK-VYpDSMhDE.roa
File:                     z6ubru5bGG5whpZXK-VYpDSMhDE.roa (raw, json)
Hash identifier:          w04zapq0dfj1nH9jTVXw9KMs1vadcTS5QmRvRP1XA4o=
Subject key identifier:   CF:AB:9B:AE:EE:5B:18:6E:70:86:96:57:2B:E5:58:A4:34:8C:84:31
Certificate issuer:       /CN=6b5635dd380215a03c9307da56206c566b38a3cf
Certificate serial:       018CC26D74CC9A2F9F70F51F87D796DCAF7C
Authority key identifier: 6B:56:35:DD:38:02:15:A0:3C:93:07:DA:56:20:6C:56:6B:38:A3:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1Y13TgCFaA8kwfaViBsVms4o88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/ac1738-6c67-4204-8901-74748bc93bca/1/z6ubru5bGG5whpZXK-VYpDSMhDE.roa
Signing time:             Mon 01 Jan 2024 00:30:02 +0000
ROA not before:           Mon 01 Jan 2024 00:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51419
IP address blocks:        91.217.16.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/ac1738-6c67-4204-8901-74748bc93bca/1/a1Y13TgCFaA8kwfaViBsVms4o88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/ac1738-6c67-4204-8901-74748bc93bca/1/a1Y13TgCFaA8kwfaViBsVms4o88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1Y13TgCFaA8kwfaViBsVms4o88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 01:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:74:cc:9a:2f:9f:70:f5:1f:87:d7:96:dc:af:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5635dd380215a03c9307da56206c566b38a3cf
        Validity
            Not Before: Jan  1 00:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfab9baeee5b186e708696572be558a4348c8431
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:01:18:8d:84:b1:65:93:96:bd:4b:3d:b4:30:
                    e3:d8:61:ba:ec:fe:d7:39:10:51:14:aa:ef:67:f4:
                    53:64:fd:47:b1:12:5b:48:ef:2e:83:b2:86:c5:29:
                    e0:f5:ad:2d:64:ca:be:d4:c0:72:7b:81:1a:70:fe:
                    3f:e5:01:9f:d7:25:5a:fe:be:c9:10:2a:f5:9e:de:
                    3d:75:54:d5:c0:ef:99:c4:d2:b6:28:bc:77:52:8d:
                    c1:10:3c:1d:9b:ad:4c:1f:44:9b:50:41:71:0e:d3:
                    33:d9:44:23:3b:5a:57:b4:79:51:22:db:ea:da:41:
                    0a:ff:f2:d7:73:e3:44:fe:f4:30:cc:f7:66:bc:bb:
                    d5:f9:3f:55:a0:1b:e1:21:05:61:19:4f:72:a0:d6:
                    93:22:d8:2c:e9:f3:d1:f5:66:ab:bf:ed:be:8e:57:
                    58:be:5c:42:65:2b:0c:3e:ad:11:ec:e8:4e:89:9a:
                    ed:bb:22:07:00:76:ff:41:07:b9:f3:e1:76:40:2e:
                    2c:f7:8d:33:52:05:7b:58:4e:26:0f:e1:f1:eb:d6:
                    4d:ba:31:4c:de:90:a5:55:65:1d:9f:74:ed:44:b1:
                    23:20:85:34:62:4e:71:2b:d5:2a:b6:c4:42:9a:f9:
                    68:be:ba:4f:4b:2f:13:c4:30:7d:d1:7d:7f:a6:f1:
                    43:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:AB:9B:AE:EE:5B:18:6E:70:86:96:57:2B:E5:58:A4:34:8C:84:31
            X509v3 Authority Key Identifier:
                keyid:6B:56:35:DD:38:02:15:A0:3C:93:07:DA:56:20:6C:56:6B:38:A3:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1Y13TgCFaA8kwfaViBsVms4o88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/ac1738-6c67-4204-8901-74748bc93bca/1/z6ubru5bGG5whpZXK-VYpDSMhDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/ac1738-6c67-4204-8901-74748bc93bca/1/a1Y13TgCFaA8kwfaViBsVms4o88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3b:02:3f:06:a8:bf:fd:6c:8a:3a:3f:68:d2:1b:42:76:95:e4:
         ce:bd:d1:7b:39:b9:81:a4:d2:96:a7:3d:1e:28:e4:f1:c9:50:
         a6:07:4c:95:6f:4f:55:65:d5:c4:42:b7:9e:b2:85:58:ce:f8:
         d5:81:e1:46:b9:6e:56:9a:d5:6b:f2:49:cf:2b:9a:f5:47:90:
         00:f6:a0:be:56:38:8b:96:19:a2:69:6d:86:61:6b:31:1c:fe:
         08:b2:44:95:c4:c6:d4:b5:94:46:d2:23:b3:50:09:f2:15:0e:
         bb:d8:a7:b2:4f:6c:73:f3:6b:2c:52:2c:3a:45:73:37:31:92:
         df:a1:dd:12:1e:c1:00:7c:b6:f9:74:58:bb:9a:cf:c5:da:d3:
         50:16:2e:17:06:37:eb:56:fa:6d:08:79:f5:28:c4:82:6c:8b:
         72:94:d2:24:2a:0d:c7:d3:43:56:63:ce:26:c1:a5:36:17:c0:
         13:1a:1d:95:bf:79:97:ee:be:4e:06:ed:27:3b:52:74:4a:36:
         ec:f1:e9:53:c2:14:4d:e0:8f:2b:9d:72:f3:73:bc:50:43:c1:
         6d:2a:06:34:e3:25:2e:89:9e:72:c3:fc:30:ac:fb:6e:e2:79:
         f5:f0:30:a4:ee:8f:d3:df:16:78:35:11:f4:8a:f5:00:cb:22:
         42:fd:6d:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXTMmi+fcPUfh9eW3K98MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNTYzNWRkMzgwMjE1YTAzYzkzMDdkYTU2MjA2YzU2NmIz
OGEzY2YwHhcNMjQwMTAxMDAzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmFiOWJhZWVlNWIxODZlNzA4Njk2NTcyYmU1NThhNDM0OGM4NDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAEYjYSxZZOWvUs9tDDj2GG67P7X
ORBRFKrvZ/RTZP1HsRJbSO8ug7KGxSng9a0tZMq+1MBye4EacP4/5QGf1yVa/r7J
ECr1nt49dVTVwO+ZxNK2KLx3Uo3BEDwdm61MH0SbUEFxDtMz2UQjO1pXtHlRItvq
2kEK//LXc+NE/vQwzPdmvLvV+T9VoBvhIQVhGU9yoNaTItgs6fPR9Warv+2+jldY
vlxCZSsMPq0R7OhOiZrtuyIHAHb/QQe58+F2QC4s940zUgV7WE4mD+Hx69ZNujFM
3pClVWUdn3TtRLEjIIU0Yk5xK9UqtsRCmvlovrpPSy8TxDB90X1/pvFDTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM+rm67uWxhucIaWVyvlWKQ0jIQxMB8GA1UdIwQY
MBaAFGtWNd04AhWgPJMH2lYgbFZrOKPPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFZMTNUZ0NGYUE4a3dmYVZpQnNWbXM0bzg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9hYzE3MzgtNmM2Ny00MjA0LTg5MDEt
NzQ3NDhiYzkzYmNhLzEvejZ1YnJ1NWJHRzV3aHBaWEstVllwRFNNaERFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9hYzE3MzgtNmM2Ny00MjA0LTg5MDEtNzQ3NDhiYzkzYmNh
LzEvYTFZMTNUZ0NGYUE4a3dmYVZpQnNWbXM0bzg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW9kQMA0G
CSqGSIb3DQEBCwUAA4IBAQA7Aj8GqL/9bIo6P2jSG0J2leTOvdF7ObmBpNKWpz0e
KOTxyVCmB0yVb09VZdXEQreesoVYzvjVgeFGuW5WmtVr8knPK5r1R5AA9qC+VjiL
lhmiaW2GYWsxHP4IskSVxMbUtZRG0iOzUAnyFQ672KeyT2xz82ssUiw6RXM3MZLf
od0SHsEAfLb5dFi7ms/F2tNQFi4XBjfrVvptCHn1KMSCbItylNIkKg3H00NWY84m
waU2F8ATGh2Vv3mX7r5OBu0nO1J0Sjbs8elTwhRN4I8rnXLzc7xQQ8FtKgY04yUu
iZ5yw/wwrPtu4nn18DCk7o/T3xZ4NRH0ivUAyyJC/W20
-----END CERTIFICATE-----