Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/4a05f0-7abb-4e1f-8c27-215cd570e409/1/6-sCJvaP9qVjvdHqZd-i1k-RhME.roa
File:                     6-sCJvaP9qVjvdHqZd-i1k-RhME.roa (raw, json)
Hash identifier:          xnCmqqSJwrIQiAvsm0ZtEtlj+fB1MLeLuffGJRiYICU=
Subject key identifier:   EB:EB:02:26:F6:8F:F6:A5:63:BD:D1:EA:65:DF:A2:D6:4F:91:84:C1
Certificate issuer:       /CN=cea179e4f353ea9dcaf02f37a72b750ecfa1c354
Certificate serial:       018CC8DEB8869E56C66C6D271E10596A7D62
Authority key identifier: CE:A1:79:E4:F3:53:EA:9D:CA:F0:2F:37:A7:2B:75:0E:CF:A1:C3:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zqF55PNT6p3K8C83pyt1Ds-hw1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/4a05f0-7abb-4e1f-8c27-215cd570e409/1/6-sCJvaP9qVjvdHqZd-i1k-RhME.roa
Signing time:             Tue 02 Jan 2024 06:31:28 +0000
ROA not before:           Tue 02 Jan 2024 06:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48666
IP address blocks:        91.223.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/4a05f0-7abb-4e1f-8c27-215cd570e409/1/zqF55PNT6p3K8C83pyt1Ds-hw1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/4a05f0-7abb-4e1f-8c27-215cd570e409/1/zqF55PNT6p3K8C83pyt1Ds-hw1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zqF55PNT6p3K8C83pyt1Ds-hw1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 09:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:b8:86:9e:56:c6:6c:6d:27:1e:10:59:6a:7d:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cea179e4f353ea9dcaf02f37a72b750ecfa1c354
        Validity
            Not Before: Jan  2 06:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ebeb0226f68ff6a563bdd1ea65dfa2d64f9184c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ab:eb:ae:01:0a:6f:9a:7f:f4:fc:8c:3e:8f:
                    a8:c9:1b:0c:83:c6:c1:8c:1f:d2:3d:ab:ad:14:bd:
                    89:6d:07:82:6d:f1:0f:ad:7b:e7:b1:36:9d:13:e6:
                    46:f3:3f:87:bb:51:eb:18:b8:39:8a:d9:3a:0e:76:
                    03:1d:ac:aa:2b:04:0a:5d:bc:5e:03:b6:60:ad:ba:
                    5c:4a:e0:38:40:36:d9:37:90:73:16:d8:85:5c:de:
                    d2:f7:41:39:7e:c7:1b:ba:b0:b4:19:b9:91:b5:a2:
                    07:e8:5c:6d:48:65:48:f1:02:81:cc:34:9c:a7:44:
                    65:23:83:78:a9:f4:86:03:61:45:e9:c1:fa:82:ef:
                    ee:f0:f8:97:c2:71:e6:c7:78:a0:97:db:90:b0:3f:
                    0e:07:6b:38:2f:40:52:94:15:98:5c:a6:1a:96:95:
                    a6:d9:17:85:9e:33:f4:b0:b6:b4:66:c4:17:77:13:
                    52:bd:75:ee:07:bd:bf:12:89:b9:8b:98:7e:56:29:
                    cb:8d:1f:20:93:0a:3d:4c:06:fc:7e:2e:13:99:4b:
                    97:0a:bb:9d:32:8b:25:60:ed:68:05:ce:73:b9:b5:
                    e9:07:cd:81:82:ce:d0:0f:0a:ef:00:f1:64:2f:2c:
                    af:c9:ad:b8:aa:dd:eb:a6:55:ce:ed:96:b6:54:f0:
                    d6:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:EB:02:26:F6:8F:F6:A5:63:BD:D1:EA:65:DF:A2:D6:4F:91:84:C1
            X509v3 Authority Key Identifier:
                keyid:CE:A1:79:E4:F3:53:EA:9D:CA:F0:2F:37:A7:2B:75:0E:CF:A1:C3:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zqF55PNT6p3K8C83pyt1Ds-hw1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/4a05f0-7abb-4e1f-8c27-215cd570e409/1/6-sCJvaP9qVjvdHqZd-i1k-RhME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/4a05f0-7abb-4e1f-8c27-215cd570e409/1/zqF55PNT6p3K8C83pyt1Ds-hw1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:a9:63:f3:ee:de:09:35:89:ef:ff:47:c0:ed:ce:c7:36:cb:
         79:50:80:6d:48:92:95:45:1a:77:40:96:aa:85:76:a5:ec:f8:
         f6:2b:3a:44:9c:55:35:ee:56:2f:bd:ea:62:06:33:18:ca:1c:
         42:db:2f:70:23:e7:d5:95:48:16:61:55:c5:21:67:34:b9:44:
         1e:9f:79:d1:86:e5:ff:1d:63:2e:7b:29:8a:41:31:97:88:93:
         98:47:6e:2b:c2:11:1e:c2:b5:a6:95:c4:84:dc:d9:a7:b3:27:
         76:d7:af:ef:eb:d9:01:79:a5:98:61:bf:07:54:2f:cf:13:6c:
         d7:00:60:35:5e:26:a1:bb:57:65:06:b6:56:37:c6:79:05:9a:
         21:89:a0:33:02:f1:1a:0b:76:b4:0b:e3:9b:6d:86:47:d7:2b:
         14:0e:79:db:cd:6c:b9:08:b7:e5:37:75:e8:65:2c:68:59:68:
         25:ff:4c:18:d8:a2:48:83:77:5d:75:6e:10:33:f1:5b:61:84:
         3e:88:9e:a8:13:6f:44:46:60:bb:3a:b1:18:dc:06:33:d3:3f:
         47:f6:42:6e:33:2d:ae:2e:cd:46:fb:28:a0:0e:96:4b:c5:94:
         80:fe:06:6b:e8:64:a6:03:f6:33:fd:53:d4:dc:96:23:bf:cd:
         75:a5:57:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3riGnlbGbG0nHhBZan1iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYTE3OWU0ZjM1M2VhOWRjYWYwMmYzN2E3MmI3NTBlY2Zh
MWMzNTQwHhcNMjQwMTAyMDYzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmViMDIyNmY2OGZmNmE1NjNiZGQxZWE2NWRmYTJkNjRmOTE4NGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmavrrgEKb5p/9PyMPo+oyRsMg8bB
jB/SPautFL2JbQeCbfEPrXvnsTadE+ZG8z+Hu1HrGLg5itk6DnYDHayqKwQKXbxe
A7ZgrbpcSuA4QDbZN5BzFtiFXN7S90E5fscburC0GbmRtaIH6FxtSGVI8QKBzDSc
p0RlI4N4qfSGA2FF6cH6gu/u8PiXwnHmx3igl9uQsD8OB2s4L0BSlBWYXKYalpWm
2ReFnjP0sLa0ZsQXdxNSvXXuB72/Eom5i5h+VinLjR8gkwo9TAb8fi4TmUuXCrud
MoslYO1oBc5zubXpB82Bgs7QDwrvAPFkLyyvya24qt3rplXO7Za2VPDWNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOvrAib2j/alY73R6mXfotZPkYTBMB8GA1UdIwQY
MBaAFM6heeTzU+qdyvAvN6crdQ7PocNUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenFGNTVQTlQ2cDNLOEM4M3B5dDFEcy1odzFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy80YTA1ZjAtN2FiYi00ZTFmLThjMjct
MjE1Y2Q1NzBlNDA5LzEvNi1zQ0p2YVA5cVZqdmRIcVpkLWkxay1SaE1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy80YTA1ZjAtN2FiYi00ZTFmLThjMjctMjE1Y2Q1NzBlNDA5
LzEvenFGNTVQTlQ2cDNLOEM4M3B5dDFEcy1odzFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9+QMA0G
CSqGSIb3DQEBCwUAA4IBAQBMqWPz7t4JNYnv/0fA7c7HNst5UIBtSJKVRRp3QJaq
hXal7Pj2KzpEnFU17lYvvepiBjMYyhxC2y9wI+fVlUgWYVXFIWc0uUQen3nRhuX/
HWMueymKQTGXiJOYR24rwhEewrWmlcSE3Nmnsyd216/v69kBeaWYYb8HVC/PE2zX
AGA1Xiahu1dlBrZWN8Z5BZohiaAzAvEaC3a0C+ObbYZH1ysUDnnbzWy5CLflN3Xo
ZSxoWWgl/0wY2KJIg3dddW4QM/FbYYQ+iJ6oE29ERmC7OrEY3AYz0z9H9kJuMy2u
Ls1G+yigDpZLxZSA/gZr6GSmA/Yz/VPU3JYjv811pVei
-----END CERTIFICATE-----