Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/006f56-1d8e-45cc-8694-1f188fcce855/1/XmvF-7pJC7vJdUYAbCRfY56FNLY.roa
File:                     XmvF-7pJC7vJdUYAbCRfY56FNLY.roa (raw, json)
Hash identifier:          R7BVQsROki3Iw+2ZZLalksgm3nUnB3IaGVg04wr9cbU=
Subject key identifier:   5E:6B:C5:FB:BA:49:0B:BB:C9:75:46:00:6C:24:5F:63:9E:85:34:B6
Certificate issuer:       /CN=a27c641b530a7c6ba234022e3327246232367100
Certificate serial:       018F86D20FF832F99F99D5677043E2A003C3
Authority key identifier: A2:7C:64:1B:53:0A:7C:6B:A2:34:02:2E:33:27:24:62:32:36:71:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/onxkG1MKfGuiNAIuMyckYjI2cQA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/006f56-1d8e-45cc-8694-1f188fcce855/1/XmvF-7pJC7vJdUYAbCRfY56FNLY.roa
Signing time:             Fri 17 May 2024 13:51:04 +0000
ROA not before:           Fri 17 May 2024 13:51:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43541
IP address blocks:        91.239.200.0/22 maxlen: 22
                          2001:67c:e94::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/006f56-1d8e-45cc-8694-1f188fcce855/1/onxkG1MKfGuiNAIuMyckYjI2cQA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/006f56-1d8e-45cc-8694-1f188fcce855/1/onxkG1MKfGuiNAIuMyckYjI2cQA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/onxkG1MKfGuiNAIuMyckYjI2cQA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 04:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:86:d2:0f:f8:32:f9:9f:99:d5:67:70:43:e2:a0:03:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a27c641b530a7c6ba234022e3327246232367100
        Validity
            Not Before: May 17 13:51:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e6bc5fbba490bbbc97546006c245f639e8534b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ae:e1:a0:d4:a4:e5:18:a9:a5:51:94:95:80:
                    af:78:94:17:41:d1:d8:74:79:00:76:64:46:7a:3c:
                    47:6d:29:e5:ff:db:b0:4d:4c:b0:18:ea:51:31:88:
                    36:80:f0:a3:d5:ce:aa:54:12:d8:ab:07:97:b1:74:
                    f7:92:4b:a6:2e:24:1e:62:c1:91:73:f9:26:62:26:
                    31:7e:04:3f:21:4b:6f:74:64:f4:74:c7:79:2e:57:
                    07:04:ca:09:78:73:04:04:27:84:1a:9d:dd:b6:dd:
                    49:31:98:ec:e6:6d:c0:1d:c2:e5:99:cc:22:22:3d:
                    0f:fb:17:7f:03:c1:eb:e5:43:71:4b:1d:f8:25:95:
                    1c:c4:f4:79:6c:5d:16:1f:bc:65:a5:c6:a5:54:eb:
                    e7:0b:21:20:6a:07:62:c7:a1:b1:37:d7:61:02:f8:
                    cd:c7:51:14:6d:f1:aa:6e:f2:de:e7:eb:d3:7c:34:
                    78:f2:35:73:ac:f1:9d:ac:03:47:53:7f:e8:99:b5:
                    41:a6:cd:66:e5:6e:9a:f5:d8:b4:3a:e1:77:b4:18:
                    5b:57:b9:fc:bf:4d:fc:d8:e8:f0:a0:d2:66:18:a7:
                    a2:04:66:96:b3:9a:d7:5e:d9:b7:4e:b7:86:31:50:
                    5d:cc:00:bf:d8:85:3e:67:f8:08:b7:bd:f1:b9:06:
                    be:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:6B:C5:FB:BA:49:0B:BB:C9:75:46:00:6C:24:5F:63:9E:85:34:B6
            X509v3 Authority Key Identifier:
                keyid:A2:7C:64:1B:53:0A:7C:6B:A2:34:02:2E:33:27:24:62:32:36:71:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/onxkG1MKfGuiNAIuMyckYjI2cQA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/006f56-1d8e-45cc-8694-1f188fcce855/1/XmvF-7pJC7vJdUYAbCRfY56FNLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/006f56-1d8e-45cc-8694-1f188fcce855/1/onxkG1MKfGuiNAIuMyckYjI2cQA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.200.0/22
                IPv6:
                  2001:67c:e94::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:97:5e:d3:25:3b:0e:55:cf:24:fe:c3:77:25:69:d4:e5:20:
         0c:9d:e7:8a:7e:8e:0f:ff:97:a5:62:3a:df:e3:fd:92:04:45:
         95:54:3a:a9:b6:b4:6f:08:58:56:91:0f:41:de:84:93:58:e4:
         c0:a0:2b:1c:18:44:a0:86:3e:86:f2:bb:2f:3b:d8:b2:2e:d3:
         17:32:ee:69:17:93:c7:03:c6:a3:c5:e0:e0:a2:90:8e:1e:33:
         94:40:e8:9a:86:ce:38:96:cd:64:2a:b6:7a:83:03:68:f3:87:
         24:13:bc:97:4e:94:65:c7:1a:75:78:2d:65:55:50:59:8d:38:
         c9:41:ae:d1:14:3a:16:de:90:7f:64:5f:1a:03:da:1a:59:5c:
         0b:8a:94:35:b1:33:8c:ab:31:a7:b4:b3:c2:fd:c5:2f:8a:d3:
         2f:18:93:55:30:11:08:1a:ac:75:d0:30:c0:0f:fa:12:fe:97:
         28:0d:ba:26:75:f9:2f:77:7c:42:50:94:f0:5d:2b:d5:4b:69:
         b0:e7:01:71:75:f7:ed:68:3e:89:aa:b5:7c:3c:8f:31:90:ef:
         7b:fd:25:0d:0a:fd:62:e2:5d:fd:d6:25:19:9c:25:49:af:92:
         70:68:b2:36:27:c7:8f:93:2d:26:85:f6:ba:41:46:3c:f3:0d:
         8b:89:10:91
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY+G0g/4MvmfmdVncEPioAPDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyN2M2NDFiNTMwYTdjNmJhMjM0MDIyZTMzMjcyNDYyMzIz
NjcxMDAwHhcNMjQwNTE3MTM1MTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTZiYzVmYmJhNDkwYmJiYzk3NTQ2MDA2YzI0NWY2MzllODUzNGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx67hoNSk5RippVGUlYCveJQXQdHY
dHkAdmRGejxHbSnl/9uwTUywGOpRMYg2gPCj1c6qVBLYqweXsXT3kkumLiQeYsGR
c/kmYiYxfgQ/IUtvdGT0dMd5LlcHBMoJeHMEBCeEGp3dtt1JMZjs5m3AHcLlmcwi
Ij0P+xd/A8Hr5UNxSx34JZUcxPR5bF0WH7xlpcalVOvnCyEgagdix6GxN9dhAvjN
x1EUbfGqbvLe5+vTfDR48jVzrPGdrANHU3/ombVBps1m5W6a9di0OuF3tBhbV7n8
v0382OjwoNJmGKeiBGaWs5rXXtm3TreGMVBdzAC/2IU+Z/gIt73xuQa+rQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFF5rxfu6SQu7yXVGAGwkX2OehTS2MB8GA1UdIwQY
MBaAFKJ8ZBtTCnxrojQCLjMnJGIyNnEAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb254a0cxTUtmR3VpTkFJdU15Y2tZakkyY1FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8wMDZmNTYtMWQ4ZS00NWNjLTg2OTQt
MWYxODhmY2NlODU1LzEvWG12Ri03cEpDN3ZKZFVZQWJDUmZZNTZGTkxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8wMDZmNTYtMWQ4ZS00NWNjLTg2OTQtMWYxODhmY2NlODU1
LzEvb254a0cxTUtmR3VpTkFJdU15Y2tZakkyY1FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCW+/IMA8E
AgACMAkDBwAgAQZ8DpQwDQYJKoZIhvcNAQELBQADggEBAECXXtMlOw5VzyT+w3cl
adTlIAyd54p+jg//l6ViOt/j/ZIERZVUOqm2tG8IWFaRD0HehJNY5MCgKxwYRKCG
Pobyuy872LIu0xcy7mkXk8cDxqPF4OCikI4eM5RA6JqGzjiWzWQqtnqDA2jzhyQT
vJdOlGXHGnV4LWVVUFmNOMlBrtEUOhbekH9kXxoD2hpZXAuKlDWxM4yrMae0s8L9
xS+K0y8Yk1UwEQgarHXQMMAP+hL+lygNuiZ1+S93fEJQlPBdK9VLabDnAXF19+1o
PomqtXw8jzGQ73v9JQ0K/WLiXf3WJRmcJUmvknBosjYnx4+TLSaF9rpBRjzzDYuJ
EJE=
-----END CERTIFICATE-----