Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/22581e-fe8c-4fb8-9585-9880f04db94a/1/S6OeJCLxpFaxC4L0vRYHkdbaJuk.roa
File:                     S6OeJCLxpFaxC4L0vRYHkdbaJuk.roa (raw, json)
Hash identifier:          nI+JRRKNkLkzk5s2RjaqCjv8SFyeKZjoD7h4C//RH3M=
Subject key identifier:   4B:A3:9E:24:22:F1:A4:56:B1:0B:82:F4:BD:16:07:91:D6:DA:26:E9
Certificate issuer:       /CN=62beaa57c67aeb5bafd99793ab4846850a796c28
Certificate serial:       01901B13B4DA207D319E1FDC004920201DF7
Authority key identifier: 62:BE:AA:57:C6:7A:EB:5B:AF:D9:97:93:AB:48:46:85:0A:79:6C:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yr6qV8Z661uv2ZeTq0hGhQp5bCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/22581e-fe8c-4fb8-9585-9880f04db94a/1/S6OeJCLxpFaxC4L0vRYHkdbaJuk.roa
Signing time:             Sat 15 Jun 2024 08:46:34 +0000
ROA not before:           Sat 15 Jun 2024 08:46:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216344
IP address blocks:        91.239.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/22581e-fe8c-4fb8-9585-9880f04db94a/1/Yr6qV8Z661uv2ZeTq0hGhQp5bCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/22581e-fe8c-4fb8-9585-9880f04db94a/1/Yr6qV8Z661uv2ZeTq0hGhQp5bCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yr6qV8Z661uv2ZeTq0hGhQp5bCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:1b:13:b4:da:20:7d:31:9e:1f:dc:00:49:20:20:1d:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62beaa57c67aeb5bafd99793ab4846850a796c28
        Validity
            Not Before: Jun 15 08:46:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ba39e2422f1a456b10b82f4bd160791d6da26e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ce:65:9d:73:b0:77:9a:90:c5:37:af:84:cd:
                    4e:84:8b:aa:96:d0:e4:e9:8a:55:3c:5d:b1:f6:cd:
                    96:d2:ab:d1:d6:b8:be:5a:58:fa:75:bd:80:1e:44:
                    7a:86:03:cc:75:5c:4c:47:83:63:db:16:a4:29:29:
                    de:ae:99:6e:ea:80:48:89:b8:d4:6c:72:7a:84:b8:
                    2c:09:bd:ec:90:b9:c8:1d:93:72:dc:57:65:7e:42:
                    04:9f:31:95:b6:8c:7a:a3:72:07:01:1b:31:d9:3a:
                    73:1b:d4:74:90:0b:7f:03:9e:35:82:1a:0a:be:f3:
                    b1:c4:8f:fb:f8:95:46:33:07:84:2f:99:a4:35:ec:
                    18:44:f3:65:c9:c3:43:7e:19:77:da:f1:d6:0a:7c:
                    b7:66:ee:5c:90:4a:5a:32:c2:d1:70:a0:ac:74:4e:
                    17:78:b3:56:77:bc:c4:6b:b8:d2:ff:2f:c0:16:d0:
                    12:1a:b2:7b:b8:52:28:a1:8c:80:b4:56:93:2a:05:
                    b2:e4:a4:78:73:38:d7:26:30:b0:d8:df:03:f8:2a:
                    23:ea:e6:53:bf:fc:32:f7:db:9b:02:a9:41:33:7c:
                    2f:95:6f:ac:11:25:8f:46:7c:fe:6e:35:2e:36:ec:
                    20:bc:c0:21:3e:85:a0:42:f9:0e:9f:46:4c:e3:3d:
                    88:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:A3:9E:24:22:F1:A4:56:B1:0B:82:F4:BD:16:07:91:D6:DA:26:E9
            X509v3 Authority Key Identifier:
                keyid:62:BE:AA:57:C6:7A:EB:5B:AF:D9:97:93:AB:48:46:85:0A:79:6C:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yr6qV8Z661uv2ZeTq0hGhQp5bCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/22581e-fe8c-4fb8-9585-9880f04db94a/1/S6OeJCLxpFaxC4L0vRYHkdbaJuk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/22581e-fe8c-4fb8-9585-9880f04db94a/1/Yr6qV8Z661uv2ZeTq0hGhQp5bCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:59:fd:4c:45:1d:bd:ab:ef:be:b5:cb:b7:cc:74:d1:02:fa:
         d9:67:71:62:d8:6f:b4:a0:8d:10:f0:4f:6e:fc:d1:0d:d4:c7:
         7f:f1:5e:d7:a3:5e:3b:e3:16:5b:bf:b6:e5:9c:41:2f:22:95:
         6d:a0:d4:2b:58:b3:2e:b8:d6:0d:71:71:47:c3:8e:5e:32:41:
         98:5d:89:55:c4:00:80:d2:ae:1c:9e:a8:db:b3:de:86:3d:53:
         0b:46:95:a0:fd:94:27:12:c6:d4:7b:c9:ed:91:c3:a8:9d:12:
         ab:3b:40:ff:0b:6d:09:82:0e:ef:ec:f9:49:7a:11:6b:6b:0a:
         d1:f4:f8:f1:c4:65:57:e3:27:68:1a:80:cd:ea:92:ed:12:d7:
         88:e9:87:08:8c:25:da:74:78:7d:03:aa:ad:32:92:fe:cd:7d:
         d8:b5:2c:a2:91:51:11:63:02:46:f5:53:ba:ce:ab:b4:81:d0:
         ba:61:31:91:49:60:7d:9f:6e:f4:56:ce:31:53:c2:f2:b7:2f:
         e1:ee:a7:8b:5e:b9:81:e8:00:54:1d:26:1c:43:3e:fb:13:97:
         cb:7b:18:1c:04:fb:f0:e6:2b:9d:2a:b8:d7:da:87:6b:4b:1a:
         79:5c:91:b4:a4:ec:b4:12:78:77:d3:d9:d2:11:ba:d2:80:3f:
         8f:23:15:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAbE7TaIH0xnh/cAEkgIB33MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYmVhYTU3YzY3YWViNWJhZmQ5OTc5M2FiNDg0Njg1MGE3
OTZjMjgwHhcNMjQwNjE1MDg0NjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmEzOWUyNDIyZjFhNDU2YjEwYjgyZjRiZDE2MDc5MWQ2ZGEyNmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvs5lnXOwd5qQxTevhM1OhIuqltDk
6YpVPF2x9s2W0qvR1ri+Wlj6db2AHkR6hgPMdVxMR4Nj2xakKSnerplu6oBIibjU
bHJ6hLgsCb3skLnIHZNy3FdlfkIEnzGVtox6o3IHARsx2TpzG9R0kAt/A541ghoK
vvOxxI/7+JVGMweEL5mkNewYRPNlycNDfhl32vHWCny3Zu5ckEpaMsLRcKCsdE4X
eLNWd7zEa7jS/y/AFtASGrJ7uFIooYyAtFaTKgWy5KR4czjXJjCw2N8D+Coj6uZT
v/wy99ubAqlBM3wvlW+sESWPRnz+bjUuNuwgvMAhPoWgQvkOn0ZM4z2IBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEujniQi8aRWsQuC9L0WB5HW2ibpMB8GA1UdIwQY
MBaAFGK+qlfGeutbr9mXk6tIRoUKeWwoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXI2cVY4WjY2MXV2MlplVHEwaEdoUXA1YkNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8yMjU4MWUtZmU4Yy00ZmI4LTk1ODUt
OTg4MGYwNGRiOTRhLzEvUzZPZUpDTHhwRmF4QzRMMHZSWUhrZGJhSnVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8yMjU4MWUtZmU4Yy00ZmI4LTk1ODUtOTg4MGYwNGRiOTRh
LzEvWXI2cVY4WjY2MXV2MlplVHEwaEdoUXA1YkNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW++9MA0G
CSqGSIb3DQEBCwUAA4IBAQCQWf1MRR29q+++tcu3zHTRAvrZZ3Fi2G+0oI0Q8E9u
/NEN1Md/8V7Xo1474xZbv7blnEEvIpVtoNQrWLMuuNYNcXFHw45eMkGYXYlVxACA
0q4cnqjbs96GPVMLRpWg/ZQnEsbUe8ntkcOonRKrO0D/C20Jgg7v7PlJehFrawrR
9PjxxGVX4ydoGoDN6pLtEteI6YcIjCXadHh9A6qtMpL+zX3YtSyikVERYwJG9VO6
zqu0gdC6YTGRSWB9n270Vs4xU8Lyty/h7qeLXrmB6ABUHSYcQz77E5fLexgcBPvw
5iudKrjX2odrSxp5XJG0pOy0Enh309nSEbrSgD+PIxU7
-----END CERTIFICATE-----