Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/ayQXDZCwXLW_Kz3wVRcrWEo-nr0.roa
File:                     ayQXDZCwXLW_Kz3wVRcrWEo-nr0.roa (raw, json)
Hash identifier:          R+c+6LE4QRsEnemCf3aKWWKnWUGeXYbr7NP3fsGXxHY=
Subject key identifier:   6B:24:17:0D:90:B0:5C:B5:BF:2B:3D:F0:55:17:2B:58:4A:3E:9E:BD
Certificate issuer:       /CN=6161470d39be4ba2dd5df8fa47b16396278e670a
Certificate serial:       018CC3493F798512E761109BB746F4493DBA
Authority key identifier: 61:61:47:0D:39:BE:4B:A2:DD:5D:F8:FA:47:B1:63:96:27:8E:67:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YWFHDTm-S6LdXfj6R7FjlieOZwo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/ayQXDZCwXLW_Kz3wVRcrWEo-nr0.roa
Signing time:             Mon 01 Jan 2024 04:30:06 +0000
ROA not before:           Mon 01 Jan 2024 04:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202422
IP address blocks:        91.188.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/YWFHDTm-S6LdXfj6R7FjlieOZwo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/YWFHDTm-S6LdXfj6R7FjlieOZwo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YWFHDTm-S6LdXfj6R7FjlieOZwo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 19:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:3f:79:85:12:e7:61:10:9b:b7:46:f4:49:3d:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6161470d39be4ba2dd5df8fa47b16396278e670a
        Validity
            Not Before: Jan  1 04:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b24170d90b05cb5bf2b3df055172b584a3e9ebd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:4d:ec:ad:96:c2:92:21:b7:3e:ac:23:b3:ac:
                    36:1a:b5:a8:37:b5:67:c1:f6:97:74:5c:84:59:67:
                    b7:ae:95:a2:44:bf:5b:f5:48:a1:24:89:da:df:1c:
                    34:1b:b4:88:09:3e:a6:f6:fe:1d:c4:a7:bf:54:2c:
                    7f:bc:4d:bf:55:a1:94:23:d9:c3:e9:08:e1:af:14:
                    5f:0c:7b:0d:66:4d:9f:ff:4d:de:71:52:18:d7:dd:
                    fb:86:b3:77:8d:b4:b6:89:74:f7:e7:42:d0:2d:fd:
                    ba:14:97:7b:e4:1c:fb:54:2a:c3:4d:3b:7e:7d:6d:
                    51:27:93:d6:f8:f3:33:7e:a3:6d:38:a4:3d:4f:9e:
                    45:21:a5:e7:cb:53:f0:20:39:0b:d0:63:0e:fa:3c:
                    f8:6b:88:e1:30:b4:18:99:9a:ef:d8:70:18:37:9d:
                    6a:a7:d7:04:52:bf:9d:70:ce:2f:f9:5d:c4:a7:4d:
                    fd:54:14:b7:6e:00:36:bb:fc:75:e3:b7:93:d8:07:
                    b6:72:e7:07:dd:de:a7:be:76:bf:7e:6c:b9:fc:21:
                    9d:9e:bd:8b:3e:7f:c3:17:2e:97:af:7b:61:08:43:
                    ca:e4:2b:01:50:11:51:3c:95:b4:f9:db:9c:3f:7d:
                    5d:b9:76:93:53:76:53:bd:0d:9d:9d:ef:90:59:c2:
                    db:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:24:17:0D:90:B0:5C:B5:BF:2B:3D:F0:55:17:2B:58:4A:3E:9E:BD
            X509v3 Authority Key Identifier:
                keyid:61:61:47:0D:39:BE:4B:A2:DD:5D:F8:FA:47:B1:63:96:27:8E:67:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YWFHDTm-S6LdXfj6R7FjlieOZwo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/ayQXDZCwXLW_Kz3wVRcrWEo-nr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/YWFHDTm-S6LdXfj6R7FjlieOZwo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.188.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:f3:94:54:21:70:f4:19:f8:6a:34:5d:f8:4e:3a:6a:9c:fb:
         0f:30:28:80:4c:ee:4c:2d:cc:5c:37:c7:62:30:e1:64:23:49:
         8c:a2:a4:ef:ba:6a:ee:6e:af:35:4c:b4:53:92:ea:f9:5c:0e:
         ac:ce:37:da:68:27:e2:f8:bc:f9:06:33:88:94:4c:cb:24:8a:
         16:28:a0:dc:39:42:ab:ee:5a:1f:0c:f8:a6:c7:bb:6b:51:a7:
         10:84:38:8e:75:55:5b:e8:c0:09:06:c1:97:4d:31:f0:d3:33:
         3a:8e:cd:fd:b7:03:19:16:4b:dc:22:4b:cb:81:55:16:0a:c1:
         b1:16:75:4c:7a:9a:b2:a4:6d:f0:5f:ee:df:c6:aa:6b:61:8c:
         7c:cf:a8:47:5f:d6:31:04:cb:cf:37:12:04:07:77:35:54:bf:
         16:2e:06:de:72:47:d4:87:60:02:aa:7d:03:7d:3d:ef:85:87:
         2d:7b:02:12:d7:00:3b:a6:f2:86:43:d0:d2:85:2b:9a:b7:8f:
         79:3d:9d:6b:40:99:82:32:3d:79:b8:89:a0:32:85:21:a2:fd:
         5b:57:da:2d:54:64:c7:29:54:17:6e:7e:e0:03:c7:12:53:0e:
         01:4f:98:f6:0e:f0:92:66:95:f6:5c:03:0a:1c:5a:6f:51:2a:
         a4:43:bd:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDST95hRLnYRCbt0b0ST26MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxNjE0NzBkMzliZTRiYTJkZDVkZjhmYTQ3YjE2Mzk2Mjc4
ZTY3MGEwHhcNMjQwMTAxMDQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjI0MTcwZDkwYjA1Y2I1YmYyYjNkZjA1NTE3MmI1ODRhM2U5ZWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvE3srZbCkiG3Pqwjs6w2GrWoN7Vn
wfaXdFyEWWe3rpWiRL9b9UihJIna3xw0G7SICT6m9v4dxKe/VCx/vE2/VaGUI9nD
6QjhrxRfDHsNZk2f/03ecVIY1937hrN3jbS2iXT350LQLf26FJd75Bz7VCrDTTt+
fW1RJ5PW+PMzfqNtOKQ9T55FIaXny1PwIDkL0GMO+jz4a4jhMLQYmZrv2HAYN51q
p9cEUr+dcM4v+V3Ep039VBS3bgA2u/x147eT2Ae2cucH3d6nvna/fmy5/CGdnr2L
Pn/DFy6Xr3thCEPK5CsBUBFRPJW0+ducP31duXaTU3ZTvQ2dne+QWcLb3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGskFw2QsFy1vys98FUXK1hKPp69MB8GA1UdIwQY
MBaAFGFhRw05vkui3V34+kexY5YnjmcKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVdGSERUbS1TNkxkWGZqNlI3RmpsaWVPWndvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9lNTE4NTYtZTUyZS00YjI0LThjOTkt
YzI0MGJmYzljYmMxLzEvYXlRWERaQ3dYTFdfS3ozd1ZSY3JXRW8tbnIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9lNTE4NTYtZTUyZS00YjI0LThjOTktYzI0MGJmYzljYmMx
LzEvWVdGSERUbS1TNkxkWGZqNlI3RmpsaWVPWndvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW7z7MA0G
CSqGSIb3DQEBCwUAA4IBAQAH85RUIXD0GfhqNF34TjpqnPsPMCiATO5MLcxcN8di
MOFkI0mMoqTvumrubq81TLRTkur5XA6szjfaaCfi+Lz5BjOIlEzLJIoWKKDcOUKr
7lofDPimx7trUacQhDiOdVVb6MAJBsGXTTHw0zM6js39twMZFkvcIkvLgVUWCsGx
FnVMepqypG3wX+7fxqprYYx8z6hHX9YxBMvPNxIEB3c1VL8WLgbeckfUh2ACqn0D
fT3vhYctewIS1wA7pvKGQ9DShSuat495PZ1rQJmCMj15uImgMoUhov1bV9otVGTH
KVQXbn7gA8cSUw4BT5j2DvCSZpX2XAMKHFpvUSqkQ71u
-----END CERTIFICATE-----