Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/bcf09a-7c8e-4e20-8450-e088aa0aa8dd/1/6zB-9-w2yIQVWm5-Xu5wStCfkGw.roa
File:                     6zB-9-w2yIQVWm5-Xu5wStCfkGw.roa (raw, json)
Hash identifier:          bOGwMCEeTN2qYvkmOVTxhr7pyGbI0CNLswoQSfaCR64=
Subject key identifier:   EB:30:7E:F7:EC:36:C8:84:15:5A:6E:7E:5E:EE:70:4A:D0:9F:90:6C
Certificate issuer:       /CN=1d0db3568e455f3da2b2274a9d525cac0931c7d5
Certificate serial:       0191C7849D9B3B0121B7D60BA3E202A48DA9
Authority key identifier: 1D:0D:B3:56:8E:45:5F:3D:A2:B2:27:4A:9D:52:5C:AC:09:31:C7:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HQ2zVo5FXz2isidKnVJcrAkxx9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/bcf09a-7c8e-4e20-8450-e088aa0aa8dd/1/6zB-9-w2yIQVWm5-Xu5wStCfkGw.roa
Signing time:             Fri 06 Sep 2024 13:27:22 +0000
ROA not before:           Fri 06 Sep 2024 13:27:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198130
IP address blocks:        91.231.196.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/bcf09a-7c8e-4e20-8450-e088aa0aa8dd/1/HQ2zVo5FXz2isidKnVJcrAkxx9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/bcf09a-7c8e-4e20-8450-e088aa0aa8dd/1/HQ2zVo5FXz2isidKnVJcrAkxx9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HQ2zVo5FXz2isidKnVJcrAkxx9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c7:84:9d:9b:3b:01:21:b7:d6:0b:a3:e2:02:a4:8d:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d0db3568e455f3da2b2274a9d525cac0931c7d5
        Validity
            Not Before: Sep  6 13:27:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb307ef7ec36c884155a6e7e5eee704ad09f906c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:69:86:60:35:92:8b:eb:c2:99:3a:76:eb:3b:
                    8d:80:a4:3e:5e:4a:c0:ee:d0:b3:b4:5f:d6:fa:05:
                    b3:48:3a:95:2d:54:43:60:e1:93:1e:d9:23:1a:06:
                    43:5a:6a:88:8f:58:46:48:5d:b6:21:11:66:6c:a5:
                    89:36:36:1d:77:b4:c0:97:c8:81:0e:bf:27:75:73:
                    94:49:a0:70:7c:28:90:7b:15:37:20:57:f2:33:c0:
                    68:8b:d0:a7:2f:95:69:ce:a0:d4:7e:bc:67:4d:39:
                    c5:26:13:d7:1a:3a:87:f9:5f:a2:e5:c0:10:95:c3:
                    c9:6a:0f:03:e2:04:8a:38:af:56:97:18:c8:28:6b:
                    85:13:6f:55:f7:ed:3d:6d:23:1f:a3:4e:55:30:8d:
                    6f:dd:74:6d:5d:bd:ca:1e:39:54:65:9d:9d:7e:1b:
                    62:ba:da:c0:00:a6:d4:a7:48:7f:fa:86:4a:4d:f6:
                    d1:d0:83:f2:3f:28:6e:54:a5:d5:52:0a:d2:68:81:
                    52:d9:2f:50:49:5c:e5:9c:24:f0:4e:b0:4a:4b:6d:
                    e9:11:33:4d:4e:e3:0e:83:e8:2a:2d:7f:41:c1:74:
                    06:a7:41:ea:2c:bc:fe:e7:bc:20:cd:ed:c3:50:67:
                    7b:cc:84:32:3f:a3:93:f5:71:dd:d7:da:f7:eb:de:
                    8f:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:30:7E:F7:EC:36:C8:84:15:5A:6E:7E:5E:EE:70:4A:D0:9F:90:6C
            X509v3 Authority Key Identifier:
                keyid:1D:0D:B3:56:8E:45:5F:3D:A2:B2:27:4A:9D:52:5C:AC:09:31:C7:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQ2zVo5FXz2isidKnVJcrAkxx9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/bcf09a-7c8e-4e20-8450-e088aa0aa8dd/1/6zB-9-w2yIQVWm5-Xu5wStCfkGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/bcf09a-7c8e-4e20-8450-e088aa0aa8dd/1/HQ2zVo5FXz2isidKnVJcrAkxx9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:e1:3f:33:ae:41:c1:6f:de:fa:f9:1f:80:ec:bc:a7:09:43:
         16:4e:3f:bb:3a:b1:04:30:47:9b:d9:cb:1b:0c:8c:ad:d6:fd:
         04:8e:72:fd:ad:c7:d7:aa:52:20:41:bd:df:83:23:f0:e0:cd:
         5c:dc:c1:8a:d1:2a:58:c0:b9:ad:46:43:8d:b1:47:08:13:2f:
         94:63:bd:b1:8c:b3:bc:f2:ca:6c:98:4d:02:8f:69:98:da:9c:
         c2:74:8b:35:93:1d:ea:03:81:f7:4c:df:d7:ae:bc:46:aa:6e:
         fe:6a:cb:65:43:f3:bb:35:68:ff:ee:f1:75:83:8e:15:25:8f:
         f4:6e:77:af:98:f1:8e:8a:4b:45:f0:0d:00:12:e6:09:fd:11:
         05:03:87:b3:9c:13:1e:f0:bf:73:8e:49:f3:3a:92:3c:35:8f:
         f9:c9:cd:1c:db:7f:19:9e:4a:e5:ee:15:d6:7b:1d:6c:51:4c:
         4b:ae:41:5a:bf:dd:15:f1:56:7e:2f:3e:b6:b5:f7:bf:a5:c3:
         bd:0f:9e:7b:4c:3a:3d:46:82:2d:2e:b7:9f:79:f4:25:52:b1:
         55:c9:6c:ea:e7:88:1b:c7:a1:65:6a:cf:6c:11:69:4a:0f:7b:
         a0:e5:37:6d:77:3e:18:f9:4e:a8:4e:e6:47:e6:8e:a5:e1:55:
         41:8a:c5:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHHhJ2bOwEht9YLo+ICpI2pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMGRiMzU2OGU0NTVmM2RhMmIyMjc0YTlkNTI1Y2FjMDkz
MWM3ZDUwHhcNMjQwOTA2MTMyNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjMwN2VmN2VjMzZjODg0MTU1YTZlN2U1ZWVlNzA0YWQwOWY5MDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWmGYDWSi+vCmTp26zuNgKQ+XkrA
7tCztF/W+gWzSDqVLVRDYOGTHtkjGgZDWmqIj1hGSF22IRFmbKWJNjYdd7TAl8iB
Dr8ndXOUSaBwfCiQexU3IFfyM8Boi9CnL5VpzqDUfrxnTTnFJhPXGjqH+V+i5cAQ
lcPJag8D4gSKOK9WlxjIKGuFE29V9+09bSMfo05VMI1v3XRtXb3KHjlUZZ2dfhti
utrAAKbUp0h/+oZKTfbR0IPyPyhuVKXVUgrSaIFS2S9QSVzlnCTwTrBKS23pETNN
TuMOg+gqLX9BwXQGp0HqLLz+57wgze3DUGd7zIQyP6OT9XHd19r3696PwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOswfvfsNsiEFVpufl7ucErQn5BsMB8GA1UdIwQY
MBaAFB0Ns1aORV89orInSp1SXKwJMcfVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFEyelZvNUZYejJpc2lkS25WSmNyQWt4eDlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9iY2YwOWEtN2M4ZS00ZTIwLTg0NTAt
ZTA4OGFhMGFhOGRkLzEvNnpCLTktdzJ5SVFWV201LVh1NXdTdENma0d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9iY2YwOWEtN2M4ZS00ZTIwLTg0NTAtZTA4OGFhMGFhOGRk
LzEvSFEyelZvNUZYejJpc2lkS25WSmNyQWt4eDlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+fEMA0G
CSqGSIb3DQEBCwUAA4IBAQAB4T8zrkHBb976+R+A7LynCUMWTj+7OrEEMEeb2csb
DIyt1v0EjnL9rcfXqlIgQb3fgyPw4M1c3MGK0SpYwLmtRkONsUcIEy+UY72xjLO8
8spsmE0Cj2mY2pzCdIs1kx3qA4H3TN/XrrxGqm7+astlQ/O7NWj/7vF1g44VJY/0
bnevmPGOiktF8A0AEuYJ/REFA4eznBMe8L9zjknzOpI8NY/5yc0c238Znkrl7hXW
ex1sUUxLrkFav90V8VZ+Lz62tfe/pcO9D557TDo9RoItLrefefQlUrFVyWzq54gb
x6Flas9sEWlKD3ug5Tdtdz4Y+U6oTuZH5o6l4VVBisVF
-----END CERTIFICATE-----