Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/hQ6gTgP8tZWYzB6e3MKleUXCJMQ.roa
File:                     hQ6gTgP8tZWYzB6e3MKleUXCJMQ.roa (raw, json)
Hash identifier:          QTBOaWTokemCG0CvFYb6ycKfVHea/tu8TjegDOjXgdg=
Subject key identifier:   85:0E:A0:4E:03:FC:B5:95:98:CC:1E:9E:DC:C2:A5:79:45:C2:24:C4
Certificate issuer:       /CN=6278a768c910badcd5c4aef7c172a9f061547e8c
Certificate serial:       018CC8DF79F4446404EADE8047BED63B1918
Authority key identifier: 62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/hQ6gTgP8tZWYzB6e3MKleUXCJMQ.roa
Signing time:             Tue 02 Jan 2024 06:32:18 +0000
ROA not before:           Tue 02 Jan 2024 06:32:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203545
IP address blocks:        91.148.126.0/23 maxlen: 24
                          62.108.100.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:79:f4:44:64:04:ea:de:80:47:be:d6:3b:19:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6278a768c910badcd5c4aef7c172a9f061547e8c
        Validity
            Not Before: Jan  2 06:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=850ea04e03fcb59598cc1e9edcc2a57945c224c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:7e:1e:57:df:e4:03:03:30:35:37:a6:91:ca:
                    4d:79:93:25:2a:d0:3c:b5:fd:92:36:0c:fe:b0:44:
                    78:f9:08:98:73:bb:31:ca:b5:d0:dc:9e:52:f9:ae:
                    9f:4f:ff:a6:bf:69:fd:8f:aa:59:23:13:54:e9:08:
                    c3:54:0c:f5:d0:bf:7e:30:93:49:0e:d9:ec:4b:00:
                    4b:75:7c:37:ca:6d:1c:0c:bc:8e:96:63:03:43:91:
                    64:46:01:35:1c:d8:ca:d4:4c:57:71:e6:ad:a5:c8:
                    6f:3e:c9:b4:3d:13:a8:cb:f3:85:27:c5:30:04:e6:
                    05:5e:c8:7f:b6:56:f1:8e:4e:55:80:e5:91:d2:40:
                    57:fa:e8:ef:3f:10:bd:18:46:12:84:39:d7:de:8b:
                    43:df:9e:ee:c5:44:34:ee:62:40:10:ee:bd:1c:5f:
                    41:5f:bb:06:9b:48:dd:4a:68:7a:87:f5:0c:ab:10:
                    b4:91:e6:6f:97:06:1f:7b:76:a1:1f:5f:38:1c:11:
                    b7:54:c0:94:e1:4c:b7:bd:59:aa:29:c2:60:1b:87:
                    d8:80:b3:1a:89:91:9f:46:03:ce:90:6f:03:7e:d9:
                    4d:9d:c6:62:2b:a6:d3:11:4c:2e:99:9d:9e:83:d7:
                    77:d1:27:21:d7:8f:e9:51:90:78:7e:c5:4f:d1:cd:
                    ff:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:0E:A0:4E:03:FC:B5:95:98:CC:1E:9E:DC:C2:A5:79:45:C2:24:C4
            X509v3 Authority Key Identifier:
                keyid:62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/hQ6gTgP8tZWYzB6e3MKleUXCJMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.108.100.0/23
                  91.148.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:45:55:3a:7f:0a:7d:42:fe:6e:d3:1f:21:c9:d9:d7:aa:2f:
         d6:b4:0a:78:64:1a:0e:1d:be:35:ed:8e:88:51:10:f2:cb:e0:
         a0:fe:3f:c5:c1:52:45:df:2b:42:7d:d6:32:fd:81:ae:bb:36:
         0e:0c:6b:15:c1:bf:cd:47:d7:f0:c8:0d:41:57:dc:e7:78:b4:
         f8:6f:b5:a4:92:a7:99:05:20:0e:78:86:30:92:a5:39:4b:c1:
         bc:c5:f0:cf:b1:ad:ba:27:2e:4d:56:2b:33:59:85:5f:1b:ea:
         55:f3:96:71:02:75:bd:c6:62:bf:c4:a1:e8:7c:4d:ea:03:98:
         3d:f4:e4:cf:ea:42:c8:8b:97:5b:62:5f:eb:45:93:cd:5a:ec:
         28:5d:48:ce:91:e0:bc:63:8d:11:b0:12:ce:ae:03:82:79:7f:
         5b:ad:89:78:64:f3:df:fc:f4:af:b8:a6:d6:35:b7:68:6d:80:
         8f:41:d5:6a:f1:4c:cf:bb:87:41:3a:e7:ce:49:6e:f9:e0:ce:
         a4:27:38:7d:f6:5e:d2:4e:69:44:99:29:c8:c8:c2:55:d8:a0:
         3a:52:ce:76:d6:ff:f7:0c:7c:4e:30:cb:d3:a6:ef:bc:d7:7b:
         44:82:17:8a:1b:d8:5e:19:1b:00:df:30:2a:92:80:c0:d8:52:
         82:ff:4e:8b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI33n0RGQE6t6AR77WOxkYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzhhNzY4YzkxMGJhZGNkNWM0YWVmN2MxNzJhOWYwNjE1
NDdlOGMwHhcNMjQwMTAyMDYzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTBlYTA0ZTAzZmNiNTk1OThjYzFlOWVkY2MyYTU3OTQ1YzIyNGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0n4eV9/kAwMwNTemkcpNeZMlKtA8
tf2SNgz+sER4+QiYc7sxyrXQ3J5S+a6fT/+mv2n9j6pZIxNU6QjDVAz10L9+MJNJ
DtnsSwBLdXw3ym0cDLyOlmMDQ5FkRgE1HNjK1ExXceatpchvPsm0PROoy/OFJ8Uw
BOYFXsh/tlbxjk5VgOWR0kBX+ujvPxC9GEYShDnX3otD357uxUQ07mJAEO69HF9B
X7sGm0jdSmh6h/UMqxC0keZvlwYfe3ahH184HBG3VMCU4Uy3vVmqKcJgG4fYgLMa
iZGfRgPOkG8DftlNncZiK6bTEUwumZ2eg9d30Sch14/pUZB4fsVP0c3/wQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIUOoE4D/LWVmMwentzCpXlFwiTEMB8GA1UdIwQY
MBaAFGJ4p2jJELrc1cSu98FyqfBhVH6MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQt
MzQ1NGY0OTBmZDk2LzEvaFE2Z1RnUDh0WldZekI2ZTNNS2xlVVhDSk1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQtMzQ1NGY0OTBmZDk2
LzEvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBPmxkAwQB
W5R+MA0GCSqGSIb3DQEBCwUAA4IBAQARRVU6fwp9Qv5u0x8hydnXqi/WtAp4ZBoO
Hb417Y6IURDyy+Cg/j/FwVJF3ytCfdYy/YGuuzYODGsVwb/NR9fwyA1BV9zneLT4
b7WkkqeZBSAOeIYwkqU5S8G8xfDPsa26Jy5NViszWYVfG+pV85ZxAnW9xmK/xKHo
fE3qA5g99OTP6kLIi5dbYl/rRZPNWuwoXUjOkeC8Y40RsBLOrgOCeX9brYl4ZPPf
/PSvuKbWNbdobYCPQdVq8UzPu4dBOufOSW754M6kJzh99l7STmlEmSnIyMJV2KA6
Us521v/3DHxOMMvTpu+813tEgheKG9heGRsA3zAqkoDA2FKC/06L
-----END CERTIFICATE-----