Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/edb208-6fed-44e4-b1ab-df0ca4d41955/1/IWauoYmEpj6N8ESc_tuw5Ffyyts.roa
File:                     IWauoYmEpj6N8ESc_tuw5Ffyyts.roa (raw, json)
Hash identifier:          sAOAnqIUoVUa0hvL3w6UftpjebkKRA9n9wzODudi57w=
Subject key identifier:   21:66:AE:A1:89:84:A6:3E:8D:F0:44:9C:FE:DB:B0:E4:57:F2:CA:DB
Certificate issuer:       /CN=6611a57d2a03b7065fa8c17b313735bdcda390e9
Certificate serial:       018CC64B2DFCF57B174DA9E88DBEC63DF117
Authority key identifier: 66:11:A5:7D:2A:03:B7:06:5F:A8:C1:7B:31:37:35:BD:CD:A3:90:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZhGlfSoDtwZfqMF7MTc1vc2jkOk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/edb208-6fed-44e4-b1ab-df0ca4d41955/1/IWauoYmEpj6N8ESc_tuw5Ffyyts.roa
Signing time:             Mon 01 Jan 2024 18:31:04 +0000
ROA not before:           Mon 01 Jan 2024 18:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31027
IP address blocks:        91.238.206.0/24 maxlen: 24
                          2001:67c:2a78::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/edb208-6fed-44e4-b1ab-df0ca4d41955/1/ZhGlfSoDtwZfqMF7MTc1vc2jkOk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/edb208-6fed-44e4-b1ab-df0ca4d41955/1/ZhGlfSoDtwZfqMF7MTc1vc2jkOk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZhGlfSoDtwZfqMF7MTc1vc2jkOk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:2d:fc:f5:7b:17:4d:a9:e8:8d:be:c6:3d:f1:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6611a57d2a03b7065fa8c17b313735bdcda390e9
        Validity
            Not Before: Jan  1 18:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2166aea18984a63e8df0449cfedbb0e457f2cadb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:cd:db:f2:66:83:e7:7c:27:8a:fe:2b:4d:4c:
                    dc:94:bc:04:51:a7:b3:7e:38:e4:fa:60:11:9d:b3:
                    5f:34:3f:e5:b0:7e:cf:ee:48:90:6f:c3:82:91:da:
                    d0:ce:50:3e:5e:9a:7e:50:a3:d2:fe:a9:e1:00:09:
                    c5:f4:bc:8b:94:94:56:86:4e:8a:68:b4:9b:d5:74:
                    8d:ea:38:45:42:30:59:12:ba:f3:74:26:00:13:bf:
                    51:33:9d:75:25:39:5b:79:47:57:26:2b:e3:ff:c4:
                    0f:e6:f1:ef:06:d3:55:c3:91:c6:76:27:93:78:e8:
                    38:09:76:d8:c8:9d:cf:5f:4f:41:66:17:bd:97:9c:
                    03:87:9d:6c:2e:f6:ce:04:6c:60:02:88:08:22:35:
                    61:33:76:d9:d0:92:e9:32:94:09:ab:6f:42:3b:93:
                    ca:88:73:ed:33:a3:cc:55:13:8a:1c:bc:0c:3e:b8:
                    e1:95:3b:75:a9:d2:75:51:56:9d:3c:5d:06:31:fc:
                    ff:fc:dd:58:56:d3:87:90:49:8c:17:c8:4a:1e:c0:
                    dc:b1:2b:75:06:8d:12:8c:28:a9:70:fa:65:7d:1c:
                    c0:14:33:f9:b5:8a:b2:6c:16:bf:ec:3d:1a:4a:df:
                    91:d3:87:19:20:54:d6:63:34:60:d6:84:27:b8:64:
                    02:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:66:AE:A1:89:84:A6:3E:8D:F0:44:9C:FE:DB:B0:E4:57:F2:CA:DB
            X509v3 Authority Key Identifier:
                keyid:66:11:A5:7D:2A:03:B7:06:5F:A8:C1:7B:31:37:35:BD:CD:A3:90:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZhGlfSoDtwZfqMF7MTc1vc2jkOk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/edb208-6fed-44e4-b1ab-df0ca4d41955/1/IWauoYmEpj6N8ESc_tuw5Ffyyts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/edb208-6fed-44e4-b1ab-df0ca4d41955/1/ZhGlfSoDtwZfqMF7MTc1vc2jkOk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.206.0/24
                IPv6:
                  2001:67c:2a78::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:6a:f9:c8:2f:f9:f7:d0:79:97:9e:dd:ce:f5:d8:7e:30:0d:
         7e:76:ca:f8:f9:c0:ba:ca:03:3c:a6:cb:a7:63:77:9d:a1:c3:
         1b:4e:ad:ec:fa:e1:b1:d2:d1:84:7b:a7:e1:2f:bd:55:30:a3:
         94:ad:8b:7e:20:c9:74:1d:c7:39:c0:31:61:cf:90:80:00:40:
         50:e3:e9:e2:47:c0:cf:d7:dd:38:99:da:c9:a5:9f:29:b2:84:
         73:82:4f:22:27:50:3a:47:e7:a9:69:d9:b0:02:e6:aa:8b:32:
         29:f8:7d:a6:8a:cd:fb:e5:26:cb:77:80:8e:cc:cf:de:41:9d:
         1d:a2:d7:5b:e1:59:9b:11:43:2e:76:fc:ab:b6:7e:5e:d8:ec:
         d7:29:28:08:93:9d:0e:a7:ec:fd:1f:27:50:ba:e9:e6:36:5e:
         bd:a1:9a:35:9c:14:0b:45:d0:83:f0:51:99:cf:b6:35:cb:ca:
         7c:55:fe:79:73:6d:20:1c:5c:a2:aa:c9:0a:ae:6c:e2:96:af:
         bf:ac:c3:bc:fd:1c:39:59:8b:02:d5:0e:10:64:c0:4e:b5:19:
         5a:b8:b0:da:7d:12:19:6c:b4:ce:ec:ac:24:a2:45:80:ee:95:
         a4:cd:40:37:fe:05:d2:b2:c2:fc:ee:19:dc:ac:f6:0d:4e:a9:
         e9:a1:69:40
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGSy389XsXTanojb7GPfEXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2MTFhNTdkMmEwM2I3MDY1ZmE4YzE3YjMxMzczNWJkY2Rh
MzkwZTkwHhcNMjQwMTAxMTgzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTY2YWVhMTg5ODRhNjNlOGRmMDQ0OWNmZWRiYjBlNDU3ZjJjYWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlM3b8maD53wniv4rTUzclLwEUaez
fjjk+mARnbNfND/lsH7P7kiQb8OCkdrQzlA+Xpp+UKPS/qnhAAnF9LyLlJRWhk6K
aLSb1XSN6jhFQjBZErrzdCYAE79RM511JTlbeUdXJivj/8QP5vHvBtNVw5HGdieT
eOg4CXbYyJ3PX09BZhe9l5wDh51sLvbOBGxgAogIIjVhM3bZ0JLpMpQJq29CO5PK
iHPtM6PMVROKHLwMPrjhlTt1qdJ1UVadPF0GMfz//N1YVtOHkEmMF8hKHsDcsSt1
Bo0SjCipcPplfRzAFDP5tYqybBa/7D0aSt+R04cZIFTWYzRg1oQnuGQC3wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCFmrqGJhKY+jfBEnP7bsORX8srbMB8GA1UdIwQY
MBaAFGYRpX0qA7cGX6jBezE3Nb3No5DpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmhHbGZTb0R0d1pmcU1GN01UYzF2YzJqa09rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9lZGIyMDgtNmZlZC00NGU0LWIxYWIt
ZGYwY2E0ZDQxOTU1LzEvSVdhdW9ZbUVwajZOOEVTY190dXc1RmZ5eXRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS9lZGIyMDgtNmZlZC00NGU0LWIxYWItZGYwY2E0ZDQxOTU1
LzEvWmhHbGZTb0R0d1pmcU1GN01UYzF2YzJqa09rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW+7OMA8E
AgACMAkDBwAgAQZ8KngwDQYJKoZIhvcNAQELBQADggEBAHZq+cgv+ffQeZee3c71
2H4wDX52yvj5wLrKAzymy6djd52hwxtOrez64bHS0YR7p+EvvVUwo5Sti34gyXQd
xznAMWHPkIAAQFDj6eJHwM/X3TiZ2smlnymyhHOCTyInUDpH56lp2bAC5qqLMin4
faaKzfvlJst3gI7Mz95BnR2i11vhWZsRQy52/Ku2fl7Y7NcpKAiTnQ6n7P0fJ1C6
6eY2Xr2hmjWcFAtF0IPwUZnPtjXLynxV/nlzbSAcXKKqyQqubOKWr7+sw7z9HDlZ
iwLVDhBkwE61GVq4sNp9EhlstM7srCSiRYDulaTNQDf+BdKywvzuGdys9g1Oqemh
aUA=
-----END CERTIFICATE-----