Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/88a383-030c-4545-9e9c-4ebeec7e8275/1/h6Dkrn5BJF-WX80QyKCvHIPuvGA.roa
File:                     h6Dkrn5BJF-WX80QyKCvHIPuvGA.roa (raw, json)
Hash identifier:          ryPcBm7elyPL7uLTW3TVlHGN+jsY9u9masa0rFaDZAw=
Subject key identifier:   87:A0:E4:AE:7E:41:24:5F:96:5F:CD:10:C8:A0:AF:1C:83:EE:BC:60
Certificate issuer:       /CN=f2a959dc16715c8a54c8094267b8e491fe321d2c
Certificate serial:       018CC42482334767E2B725BAB4E606F20A6B
Authority key identifier: F2:A9:59:DC:16:71:5C:8A:54:C8:09:42:67:B8:E4:91:FE:32:1D:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8qlZ3BZxXIpUyAlCZ7jkkf4yHSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/88a383-030c-4545-9e9c-4ebeec7e8275/1/h6Dkrn5BJF-WX80QyKCvHIPuvGA.roa
Signing time:             Mon 01 Jan 2024 08:29:36 +0000
ROA not before:           Mon 01 Jan 2024 08:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197615
IP address blocks:        91.224.180.0/23 maxlen: 23
                          91.223.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/88a383-030c-4545-9e9c-4ebeec7e8275/1/8qlZ3BZxXIpUyAlCZ7jkkf4yHSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/88a383-030c-4545-9e9c-4ebeec7e8275/1/8qlZ3BZxXIpUyAlCZ7jkkf4yHSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8qlZ3BZxXIpUyAlCZ7jkkf4yHSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:51:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:82:33:47:67:e2:b7:25:ba:b4:e6:06:f2:0a:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2a959dc16715c8a54c8094267b8e491fe321d2c
        Validity
            Not Before: Jan  1 08:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87a0e4ae7e41245f965fcd10c8a0af1c83eebc60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:74:25:a8:fb:93:9d:52:31:fa:69:be:10:82:
                    5b:58:fe:fb:1d:8c:fa:bb:dc:84:aa:f6:3c:c3:7e:
                    98:83:43:4e:e0:62:95:35:d9:e8:f5:8c:da:ee:01:
                    2c:8a:39:aa:36:a4:2e:59:0e:e7:67:81:d3:66:a2:
                    e1:73:fb:81:7e:b0:89:ba:04:05:fe:c1:50:74:c2:
                    77:96:98:d9:ae:e6:fe:ae:10:3d:a7:7a:41:8a:00:
                    e7:af:1a:00:df:ce:57:45:c4:34:e1:24:4f:f0:4b:
                    13:1b:bf:cd:b8:cc:ff:43:15:50:5f:f0:3e:f8:a8:
                    18:e8:58:d3:6c:1f:ec:69:b2:23:9b:a2:9e:96:b9:
                    b6:11:62:df:62:01:c5:a2:04:f1:9a:bd:d5:0c:ef:
                    46:eb:92:5d:1f:21:7d:f9:61:5c:16:2c:f0:df:bb:
                    e8:d3:73:d1:53:9d:20:38:27:61:35:f1:b1:09:eb:
                    65:b6:8f:62:78:13:ab:f4:c8:a6:50:7f:08:36:71:
                    3f:66:19:79:0c:65:fb:16:06:84:5f:05:19:f4:e0:
                    0d:f6:d3:e2:40:94:75:db:a4:b6:56:56:3b:95:68:
                    20:0d:dd:13:c0:b4:df:f1:f0:69:dc:7f:63:dd:de:
                    ae:6f:9f:3a:b0:50:db:dd:18:9c:6f:19:db:22:2d:
                    31:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:A0:E4:AE:7E:41:24:5F:96:5F:CD:10:C8:A0:AF:1C:83:EE:BC:60
            X509v3 Authority Key Identifier:
                keyid:F2:A9:59:DC:16:71:5C:8A:54:C8:09:42:67:B8:E4:91:FE:32:1D:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8qlZ3BZxXIpUyAlCZ7jkkf4yHSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/88a383-030c-4545-9e9c-4ebeec7e8275/1/h6Dkrn5BJF-WX80QyKCvHIPuvGA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/88a383-030c-4545-9e9c-4ebeec7e8275/1/8qlZ3BZxXIpUyAlCZ7jkkf4yHSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.167.0/24
                  91.224.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         e2:af:cc:8f:3a:a9:01:9b:83:1a:29:fa:de:af:47:40:6f:a4:
         b7:ba:55:a1:47:6d:2a:f5:13:3e:2a:fc:a4:43:99:86:03:a9:
         f3:91:28:54:0a:8d:34:7b:ae:92:e2:0f:77:00:17:b4:d8:70:
         fc:8a:cc:1c:61:eb:5f:8d:a4:8b:37:20:ab:25:fd:0e:85:fb:
         28:8f:27:20:ad:b9:84:4f:3b:09:78:8e:94:26:11:c2:35:78:
         51:7d:4a:5d:b1:31:a4:c9:6e:e4:95:de:3f:0d:ca:ef:dd:da:
         ce:bc:55:71:05:9f:af:33:14:08:fc:7e:9a:e6:c0:6b:ba:f3:
         02:ee:2b:cc:62:bf:32:e7:00:4c:28:21:2d:ae:30:f4:43:2e:
         dd:76:f5:e1:f5:c3:23:8d:7b:c1:ef:0e:0d:e7:ba:bd:de:71:
         9d:d0:84:00:d6:e8:64:97:7d:13:0a:c7:fc:af:21:1f:91:87:
         c3:4e:fa:cc:19:de:ea:f8:e2:e0:cb:30:4a:e4:cb:15:dd:cb:
         88:f0:75:b8:4c:64:97:66:ad:08:3b:80:a9:01:69:31:44:3e:
         15:db:1d:60:60:a8:14:31:21:3b:c6:67:af:21:8c:eb:30:63:
         90:33:f7:ea:1c:77:df:4e:29:a3:dc:11:96:68:31:76:3e:fb:
         d7:7e:dc:a5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJIIzR2fityW6tOYG8gprMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyYTk1OWRjMTY3MTVjOGE1NGM4MDk0MjY3YjhlNDkxZmUz
MjFkMmMwHhcNMjQwMTAxMDgyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2EwZTRhZTdlNDEyNDVmOTY1ZmNkMTBjOGEwYWYxYzgzZWViYzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXQlqPuTnVIx+mm+EIJbWP77HYz6
u9yEqvY8w36Yg0NO4GKVNdno9Yza7gEsijmqNqQuWQ7nZ4HTZqLhc/uBfrCJugQF
/sFQdMJ3lpjZrub+rhA9p3pBigDnrxoA385XRcQ04SRP8EsTG7/NuMz/QxVQX/A+
+KgY6FjTbB/sabIjm6Kelrm2EWLfYgHFogTxmr3VDO9G65JdHyF9+WFcFizw37vo
03PRU50gOCdhNfGxCetlto9ieBOr9MimUH8INnE/Zhl5DGX7FgaEXwUZ9OAN9tPi
QJR126S2VlY7lWggDd0TwLTf8fBp3H9j3d6ub586sFDb3RicbxnbIi0x9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIeg5K5+QSRfll/NEMigrxyD7rxgMB8GA1UdIwQY
MBaAFPKpWdwWcVyKVMgJQme45JH+Mh0sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHFsWjNCWnhYSXBVeUFsQ1o3amtrZjR5SFN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi84OGEzODMtMDMwYy00NTQ1LTllOWMt
NGViZWVjN2U4Mjc1LzEvaDZEa3JuNUJKRi1XWDgwUXlLQ3ZISVB1dkdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi84OGEzODMtMDMwYy00NTQ1LTllOWMtNGViZWVjN2U4Mjc1
LzEvOHFsWjNCWnhYSXBVeUFsQ1o3amtrZjR5SFN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9+nAwQB
W+C0MA0GCSqGSIb3DQEBCwUAA4IBAQDir8yPOqkBm4MaKfrer0dAb6S3ulWhR20q
9RM+KvykQ5mGA6nzkShUCo00e66S4g93ABe02HD8iswcYetfjaSLNyCrJf0Ohfso
jycgrbmETzsJeI6UJhHCNXhRfUpdsTGkyW7kld4/Dcrv3drOvFVxBZ+vMxQI/H6a
5sBruvMC7ivMYr8y5wBMKCEtrjD0Qy7ddvXh9cMjjXvB7w4N57q93nGd0IQA1uhk
l30TCsf8ryEfkYfDTvrMGd7q+OLgyzBK5MsV3cuI8HW4TGSXZq0IO4CpAWkxRD4V
2x1gYKgUMSE7xmevIYzrMGOQM/fqHHffTimj3BGWaDF2PvvXftyl
-----END CERTIFICATE-----