Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/021022-0b27-4b4e-ab32-c990003b24ca/1/006DyEUQqXD-PHfsz286hHG4ZiY.roa
File:                     006DyEUQqXD-PHfsz286hHG4ZiY.roa (raw, json)
Hash identifier:          GSqkR2pRPWW4E9Y8qO7upQuBjL4NfAokVsOkNSukSWY=
Subject key identifier:   D3:4E:83:C8:45:10:A9:70:FE:3C:77:EC:CF:6F:3A:84:71:B8:66:26
Certificate issuer:       /CN=226a87216d7e3c59315f778b2c8f4a9ef478b93e
Certificate serial:       018CC9BC0B19F51504545D5B41915949173C
Authority key identifier: 22:6A:87:21:6D:7E:3C:59:31:5F:77:8B:2C:8F:4A:9E:F4:78:B9:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ImqHIW1-PFkxX3eLLI9KnvR4uT4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/021022-0b27-4b4e-ab32-c990003b24ca/1/006DyEUQqXD-PHfsz286hHG4ZiY.roa
Signing time:             Tue 02 Jan 2024 10:33:13 +0000
ROA not before:           Tue 02 Jan 2024 10:33:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62378
IP address blocks:        91.217.178.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/021022-0b27-4b4e-ab32-c990003b24ca/1/ImqHIW1-PFkxX3eLLI9KnvR4uT4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/021022-0b27-4b4e-ab32-c990003b24ca/1/ImqHIW1-PFkxX3eLLI9KnvR4uT4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ImqHIW1-PFkxX3eLLI9KnvR4uT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:0b:19:f5:15:04:54:5d:5b:41:91:59:49:17:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=226a87216d7e3c59315f778b2c8f4a9ef478b93e
        Validity
            Not Before: Jan  2 10:33:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d34e83c84510a970fe3c77eccf6f3a8471b86626
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:be:8c:0c:8d:9e:fb:74:51:50:f9:00:71:c9:
                    db:72:75:21:79:d0:56:ed:13:7e:2f:ff:5b:ef:bf:
                    2d:61:95:8a:bd:02:71:57:55:80:84:a9:60:67:31:
                    78:34:0e:a9:ba:ce:8f:98:5c:50:ea:ca:94:e6:55:
                    bf:bd:da:0b:1a:29:27:72:14:bd:bd:34:70:61:70:
                    7d:06:d2:70:0f:f8:d0:69:95:5c:a1:c6:f4:9c:76:
                    ec:91:b9:9e:e0:8f:e9:53:ab:02:b5:f0:f3:4a:51:
                    12:dc:19:ad:7c:81:33:5c:05:52:d1:d9:c6:1b:7d:
                    e9:53:c6:3f:b9:3c:72:b5:ca:26:0f:ee:ac:fa:13:
                    2b:10:b2:4f:0c:fc:14:46:d2:ad:c3:6f:5a:53:8d:
                    b8:c1:ce:ea:7b:5b:98:9f:0b:d4:5a:ba:0c:50:5a:
                    ec:51:bb:d0:88:11:9c:3a:3d:45:2e:77:1b:09:ea:
                    ed:a7:15:46:8f:a8:bf:eb:2d:d1:2b:0c:8d:34:08:
                    13:b5:a1:4d:4d:7a:bf:73:2e:a7:2f:a0:c7:50:d5:
                    46:68:21:8c:70:28:bd:59:e7:77:6a:42:53:65:6d:
                    b1:a1:4f:70:22:91:00:dc:3e:9c:30:49:74:1b:15:
                    19:cd:80:6b:85:5b:f2:49:12:c0:d5:87:35:05:71:
                    12:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:4E:83:C8:45:10:A9:70:FE:3C:77:EC:CF:6F:3A:84:71:B8:66:26
            X509v3 Authority Key Identifier:
                keyid:22:6A:87:21:6D:7E:3C:59:31:5F:77:8B:2C:8F:4A:9E:F4:78:B9:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ImqHIW1-PFkxX3eLLI9KnvR4uT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/021022-0b27-4b4e-ab32-c990003b24ca/1/006DyEUQqXD-PHfsz286hHG4ZiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/021022-0b27-4b4e-ab32-c990003b24ca/1/ImqHIW1-PFkxX3eLLI9KnvR4uT4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:74:5e:e1:08:a4:e5:13:09:c7:13:be:bf:06:cc:47:0b:60:
         33:70:31:b6:b3:5f:31:42:1c:a7:3b:59:6e:bc:ea:d8:9d:d3:
         4e:ea:cf:f2:f8:06:65:e4:8a:af:09:92:b0:dc:cd:5b:c2:c4:
         a3:03:64:fe:7e:0d:da:fb:5a:ee:10:7d:44:96:7b:c3:c1:7f:
         51:b3:26:d7:2d:81:a0:eb:19:61:32:7c:37:48:31:e4:4a:0f:
         4c:27:3c:e9:f8:fb:25:16:d5:2a:be:35:ee:cf:ec:6b:55:f8:
         81:00:a9:30:a5:bd:fd:df:de:7a:70:ff:ab:b4:48:8f:34:b8:
         f8:a0:c8:c5:f0:56:66:53:22:2d:79:93:6d:7b:cb:41:02:45:
         a9:2c:40:97:31:5f:d3:03:63:6b:88:eb:84:0e:9c:11:cf:72:
         b3:f9:10:1f:60:89:14:87:14:a1:16:9d:59:35:9a:95:e8:54:
         f3:94:06:dd:28:e8:62:0b:3e:02:8a:b1:75:25:59:45:10:58:
         4a:d3:19:fd:59:27:04:b5:66:66:a5:1c:2a:db:5d:c2:47:40:
         01:b2:cc:28:8a:fe:66:b9:1f:f4:92:08:94:a6:49:50:5d:af:
         4b:a5:84:05:7a:01:d5:25:26:10:25:2d:8e:00:15:33:0e:c0:
         7c:7f:15:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvAsZ9RUEVF1bQZFZSRc8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyNmE4NzIxNmQ3ZTNjNTkzMTVmNzc4YjJjOGY0YTllZjQ3
OGI5M2UwHhcNMjQwMTAyMTAzMzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzRlODNjODQ1MTBhOTcwZmUzYzc3ZWNjZjZmM2E4NDcxYjg2NjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqb6MDI2e+3RRUPkAccnbcnUhedBW
7RN+L/9b778tYZWKvQJxV1WAhKlgZzF4NA6pus6PmFxQ6sqU5lW/vdoLGiknchS9
vTRwYXB9BtJwD/jQaZVcocb0nHbskbme4I/pU6sCtfDzSlES3BmtfIEzXAVS0dnG
G33pU8Y/uTxytcomD+6s+hMrELJPDPwURtKtw29aU424wc7qe1uYnwvUWroMUFrs
UbvQiBGcOj1FLncbCertpxVGj6i/6y3RKwyNNAgTtaFNTXq/cy6nL6DHUNVGaCGM
cCi9Wed3akJTZW2xoU9wIpEA3D6cMEl0GxUZzYBrhVvySRLA1Yc1BXESCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNNOg8hFEKlw/jx37M9vOoRxuGYmMB8GA1UdIwQY
MBaAFCJqhyFtfjxZMV93iyyPSp70eLk+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSW1xSElXMS1QRmt4WDNlTExJOUtudlI0dVQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8wMjEwMjItMGIyNy00YjRlLWFiMzIt
Yzk5MDAwM2IyNGNhLzEvMDA2RHlFVVFxWEQtUEhmc3oyODZoSEc0WmlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8wMjEwMjItMGIyNy00YjRlLWFiMzItYzk5MDAwM2IyNGNh
LzEvSW1xSElXMS1QRmt4WDNlTExJOUtudlI0dVQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9myMA0G
CSqGSIb3DQEBCwUAA4IBAQCddF7hCKTlEwnHE76/BsxHC2AzcDG2s18xQhynO1lu
vOrYndNO6s/y+AZl5IqvCZKw3M1bwsSjA2T+fg3a+1ruEH1ElnvDwX9RsybXLYGg
6xlhMnw3SDHkSg9MJzzp+PslFtUqvjXuz+xrVfiBAKkwpb393956cP+rtEiPNLj4
oMjF8FZmUyIteZNte8tBAkWpLECXMV/TA2NriOuEDpwRz3Kz+RAfYIkUhxShFp1Z
NZqV6FTzlAbdKOhiCz4CirF1JVlFEFhK0xn9WScEtWZmpRwq213CR0ABsswoiv5m
uR/0kgiUpklQXa9LpYQFegHVJSYQJS2OABUzDsB8fxVy
-----END CERTIFICATE-----