Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/e6a02e-0146-44a6-9dfc-d4209fc7f3c9/1/R6lGP7Oysjfs7YbPpm0d6vKb8ZM.roa
File:                     R6lGP7Oysjfs7YbPpm0d6vKb8ZM.roa (raw, json)
Hash identifier:          DmgdzNFUvJyv3/DpAkPxFfE5HkrwWAhKcx7mCCj0kYo=
Subject key identifier:   47:A9:46:3F:B3:B2:B2:37:EC:ED:86:CF:A6:6D:1D:EA:F2:9B:F1:93
Certificate issuer:       /CN=762c60af4d73725845ceaf0b7b585e7757066965
Certificate serial:       018CC2DB505597CAB3E885AA8B927FEBC456
Authority key identifier: 76:2C:60:AF:4D:73:72:58:45:CE:AF:0B:7B:58:5E:77:57:06:69:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dixgr01zclhFzq8Le1hed1cGaWU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/e6a02e-0146-44a6-9dfc-d4209fc7f3c9/1/R6lGP7Oysjfs7YbPpm0d6vKb8ZM.roa
Signing time:             Mon 01 Jan 2024 02:30:02 +0000
ROA not before:           Mon 01 Jan 2024 02:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203134
IP address blocks:        91.240.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/e6a02e-0146-44a6-9dfc-d4209fc7f3c9/1/dixgr01zclhFzq8Le1hed1cGaWU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/e6a02e-0146-44a6-9dfc-d4209fc7f3c9/1/dixgr01zclhFzq8Le1hed1cGaWU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dixgr01zclhFzq8Le1hed1cGaWU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:50:55:97:ca:b3:e8:85:aa:8b:92:7f:eb:c4:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=762c60af4d73725845ceaf0b7b585e7757066965
        Validity
            Not Before: Jan  1 02:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47a9463fb3b2b237eced86cfa66d1deaf29bf193
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:9d:76:35:96:42:b3:a3:7b:2a:9b:ce:a6:19:
                    70:91:d2:2f:2a:35:1a:e3:57:90:ba:41:f9:a9:3e:
                    a7:e0:20:f6:12:cc:d9:7a:e2:f4:66:58:e9:ac:ab:
                    73:67:1c:fd:ba:7e:1f:84:70:cc:78:e4:5f:92:2b:
                    94:d1:fd:54:63:77:02:23:8b:35:ff:61:c1:6c:7a:
                    32:32:89:96:73:c1:1e:54:94:b8:1d:80:62:a9:6a:
                    67:6c:fe:38:cf:0b:18:0a:52:52:a7:0b:03:cf:8c:
                    a9:aa:75:0d:ad:32:95:cd:43:8e:a6:1a:80:9b:f9:
                    66:a7:f5:90:80:70:34:c6:a1:dd:2d:8f:ad:38:5b:
                    67:d6:28:25:eb:14:1a:49:a6:46:4a:98:54:9f:51:
                    8e:8b:50:18:41:43:47:6c:b1:51:13:9f:8b:41:f0:
                    fd:1c:11:20:7b:36:89:77:04:7e:34:12:ef:09:87:
                    d9:77:ec:d6:7d:00:36:ec:ac:15:df:9d:c5:7c:0f:
                    cc:5d:3e:6f:06:5f:82:b1:a5:f6:e2:7d:8f:c0:f9:
                    56:76:af:f7:df:5f:e3:20:24:23:4d:73:e5:45:27:
                    98:40:c1:c3:6d:5d:0e:65:fd:e8:fc:25:5d:dc:23:
                    d7:83:66:f9:c8:0d:66:c5:97:dc:e6:aa:ae:90:9f:
                    93:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:A9:46:3F:B3:B2:B2:37:EC:ED:86:CF:A6:6D:1D:EA:F2:9B:F1:93
            X509v3 Authority Key Identifier:
                keyid:76:2C:60:AF:4D:73:72:58:45:CE:AF:0B:7B:58:5E:77:57:06:69:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dixgr01zclhFzq8Le1hed1cGaWU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/e6a02e-0146-44a6-9dfc-d4209fc7f3c9/1/R6lGP7Oysjfs7YbPpm0d6vKb8ZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/e6a02e-0146-44a6-9dfc-d4209fc7f3c9/1/dixgr01zclhFzq8Le1hed1cGaWU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:2b:39:bc:26:91:3d:4f:79:9d:dd:1f:d4:b7:fb:58:56:c6:
         ac:cd:e9:98:8d:39:26:58:ce:5d:a0:f0:f0:c1:11:08:9f:c9:
         c2:fc:12:92:16:70:a6:81:98:b5:13:8a:f5:d1:b7:b8:df:6f:
         9b:22:61:12:a3:0c:de:94:82:cd:a0:c4:75:ae:05:6f:20:a0:
         1c:db:89:d0:24:f6:b2:f0:90:fb:a9:16:83:94:b5:3a:72:e8:
         3d:7f:41:a3:55:c8:19:c3:d5:95:18:d4:82:72:21:7a:4f:ad:
         85:b3:7a:80:41:f0:1e:2b:a3:15:39:36:40:69:66:d9:4d:e4:
         2d:b1:59:ef:46:c7:f8:55:73:09:53:ec:fa:15:bf:12:64:ba:
         26:11:11:b7:b5:64:ed:5e:bb:4f:69:4b:ed:8d:54:18:2b:37:
         a3:1d:8c:3b:c8:40:d1:24:1f:d5:5c:fe:34:3e:24:c3:d1:88:
         c9:08:31:03:7b:60:1b:29:78:65:b4:e8:f9:0f:ed:07:61:c3:
         58:4b:a4:1a:d4:16:c4:ee:13:2f:ce:9e:28:f5:bb:f2:e0:4d:
         e8:3e:80:3b:f3:67:85:79:f2:d5:29:9b:48:05:70:38:39:ce:
         c4:9e:c1:dd:69:17:11:1b:a4:f0:d0:d8:47:8b:fa:d7:5c:2c:
         64:14:ee:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC21BVl8qz6IWqi5J/68RWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2MmM2MGFmNGQ3MzcyNTg0NWNlYWYwYjdiNTg1ZTc3NTcw
NjY5NjUwHhcNMjQwMTAxMDIzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2E5NDYzZmIzYjJiMjM3ZWNlZDg2Y2ZhNjZkMWRlYWYyOWJmMTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx512NZZCs6N7KpvOphlwkdIvKjUa
41eQukH5qT6n4CD2EszZeuL0ZljprKtzZxz9un4fhHDMeORfkiuU0f1UY3cCI4s1
/2HBbHoyMomWc8EeVJS4HYBiqWpnbP44zwsYClJSpwsDz4ypqnUNrTKVzUOOphqA
m/lmp/WQgHA0xqHdLY+tOFtn1igl6xQaSaZGSphUn1GOi1AYQUNHbLFRE5+LQfD9
HBEgezaJdwR+NBLvCYfZd+zWfQA27KwV353FfA/MXT5vBl+CsaX24n2PwPlWdq/3
31/jICQjTXPlRSeYQMHDbV0OZf3o/CVd3CPXg2b5yA1mxZfc5qqukJ+TJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEepRj+zsrI37O2Gz6ZtHerym/GTMB8GA1UdIwQY
MBaAFHYsYK9Nc3JYRc6vC3tYXndXBmllMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGl4Z3IwMXpjbGhGenE4TGUxaGVkMWNHYVdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9lNmEwMmUtMDE0Ni00NGE2LTlkZmMt
ZDQyMDlmYzdmM2M5LzEvUjZsR1A3T3lzamZzN1liUHBtMGQ2dktiOFpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9lNmEwMmUtMDE0Ni00NGE2LTlkZmMtZDQyMDlmYzdmM2M5
LzEvZGl4Z3IwMXpjbGhGenE4TGUxaGVkMWNHYVdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/BTMA0G
CSqGSIb3DQEBCwUAA4IBAQAYKzm8JpE9T3md3R/Ut/tYVsaszemYjTkmWM5doPDw
wREIn8nC/BKSFnCmgZi1E4r10be432+bImESowzelILNoMR1rgVvIKAc24nQJPay
8JD7qRaDlLU6cug9f0GjVcgZw9WVGNSCciF6T62Fs3qAQfAeK6MVOTZAaWbZTeQt
sVnvRsf4VXMJU+z6Fb8SZLomERG3tWTtXrtPaUvtjVQYKzejHYw7yEDRJB/VXP40
PiTD0YjJCDEDe2AbKXhltOj5D+0HYcNYS6Qa1BbE7hMvzp4o9bvy4E3oPoA782eF
efLVKZtIBXA4Oc7EnsHdaRcRG6Tw0NhHi/rXXCxkFO6J
-----END CERTIFICATE-----