Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/c8585a-cdf7-4aa3-bc21-212acc4351ff/1/6aRXUlRUG1xGarUwhlzveBikkHo.roa
File:                     6aRXUlRUG1xGarUwhlzveBikkHo.roa (raw, json)
Hash identifier:          psk3xrDpchZWqdjpAAYvgIjo4O72wR4ovGGHHKTAl8Q=
Subject key identifier:   E9:A4:57:52:54:54:1B:5C:46:6A:B5:30:86:5C:EF:78:18:A4:90:7A
Certificate issuer:       /CN=1f31120fe225775eb53152d4920e9c573ff2b65e
Certificate serial:       018CC5DC99CD171EEF4A094DC5859D634B48
Authority key identifier: 1F:31:12:0F:E2:25:77:5E:B5:31:52:D4:92:0E:9C:57:3F:F2:B6:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HzESD-Ild161MVLUkg6cVz_ytl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/c8585a-cdf7-4aa3-bc21-212acc4351ff/1/6aRXUlRUG1xGarUwhlzveBikkHo.roa
Signing time:             Mon 01 Jan 2024 16:30:17 +0000
ROA not before:           Mon 01 Jan 2024 16:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198817
IP address blocks:        91.236.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/c8585a-cdf7-4aa3-bc21-212acc4351ff/1/HzESD-Ild161MVLUkg6cVz_ytl4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/c8585a-cdf7-4aa3-bc21-212acc4351ff/1/HzESD-Ild161MVLUkg6cVz_ytl4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HzESD-Ild161MVLUkg6cVz_ytl4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:99:cd:17:1e:ef:4a:09:4d:c5:85:9d:63:4b:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f31120fe225775eb53152d4920e9c573ff2b65e
        Validity
            Not Before: Jan  1 16:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9a4575254541b5c466ab530865cef7818a4907a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b0:e3:99:87:26:b0:88:8a:2e:8c:ca:77:a9:
                    33:ea:58:26:92:c3:c7:04:3e:22:76:6b:83:bb:d7:
                    70:de:8d:e5:48:79:65:60:2d:52:2b:2c:22:5e:ac:
                    5f:82:24:98:63:6a:95:ba:a6:57:49:81:5a:0d:9d:
                    07:71:82:b3:30:ea:ad:5b:63:ca:c8:76:49:0a:30:
                    01:09:20:e6:c8:f2:b5:f4:57:32:56:6c:f1:a6:6a:
                    df:1f:21:ee:3f:0b:14:57:f3:d6:25:4d:32:8d:9e:
                    ae:91:eb:b4:5c:c1:ec:76:42:a4:98:fa:0c:38:6f:
                    fb:1c:8e:ba:64:9c:d3:2f:a1:bb:c5:29:3e:ec:81:
                    f6:db:e8:0a:bd:5d:3f:80:6e:17:b4:b2:59:de:68:
                    c1:e5:dc:90:1c:b2:df:3d:e0:0d:75:28:4f:dd:e2:
                    3c:85:28:e0:19:20:5c:2a:de:12:7a:5a:18:63:47:
                    dd:7c:e1:80:7f:4d:74:37:42:20:f2:05:69:e9:81:
                    39:57:2f:d3:2f:e4:b7:16:b2:79:f2:00:f9:7d:bb:
                    fa:aa:11:51:1b:8e:ae:fe:13:a2:17:25:82:8a:5d:
                    cb:d8:36:8b:ff:98:fd:0f:46:ed:39:0f:8a:0c:a9:
                    00:31:87:55:0b:c9:b8:e2:4e:c2:61:8f:24:4c:c2:
                    51:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:A4:57:52:54:54:1B:5C:46:6A:B5:30:86:5C:EF:78:18:A4:90:7A
            X509v3 Authority Key Identifier:
                keyid:1F:31:12:0F:E2:25:77:5E:B5:31:52:D4:92:0E:9C:57:3F:F2:B6:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HzESD-Ild161MVLUkg6cVz_ytl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/c8585a-cdf7-4aa3-bc21-212acc4351ff/1/6aRXUlRUG1xGarUwhlzveBikkHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/c8585a-cdf7-4aa3-bc21-212acc4351ff/1/HzESD-Ild161MVLUkg6cVz_ytl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:a4:d2:52:cb:6e:85:42:65:5e:7d:ee:a9:b6:f5:de:5b:eb:
         f5:db:46:e7:92:b5:a7:9b:10:80:a0:81:c2:d7:df:4e:d3:3d:
         88:72:3c:ec:33:e5:a7:bc:bc:00:58:96:69:b5:6a:b3:28:cd:
         a7:10:b7:43:a5:42:b2:3f:b9:f5:01:e6:45:b3:b8:de:3f:22:
         46:c4:c9:76:72:94:ec:33:79:38:4d:e2:3e:ee:e0:57:5b:37:
         a9:3b:bb:9b:35:a2:b7:14:80:28:71:56:1b:8a:d1:57:30:b8:
         7c:99:ab:5d:11:a1:04:83:18:2e:4f:dd:e9:1b:d2:73:b2:f0:
         df:fd:32:1f:80:ba:42:ef:9d:c1:0a:54:22:8d:a9:f0:fc:7d:
         1c:3e:71:b0:af:bd:54:59:84:5a:2d:f1:7c:82:42:2a:76:d3:
         6f:dc:a3:df:95:20:1a:66:d6:88:fe:fd:5a:45:bc:60:c8:8d:
         c1:7e:b3:6c:90:c7:6c:58:b4:84:52:27:86:ef:d3:6e:0b:04:
         eb:44:11:b8:b7:b8:2c:aa:0e:f0:08:59:99:76:24:b1:b9:e6:
         50:09:46:39:4a:e7:0d:57:98:18:b4:35:d2:4c:f6:fe:42:93:
         50:a3:41:0f:18:53:50:42:50:d6:03:b4:72:d9:e3:e9:88:0c:
         89:a8:8d:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3JnNFx7vSglNxYWdY0tIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMzExMjBmZTIyNTc3NWViNTMxNTJkNDkyMGU5YzU3M2Zm
MmI2NWUwHhcNMjQwMTAxMTYzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWE0NTc1MjU0NTQxYjVjNDY2YWI1MzA4NjVjZWY3ODE4YTQ5MDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrDjmYcmsIiKLozKd6kz6lgmksPH
BD4idmuDu9dw3o3lSHllYC1SKywiXqxfgiSYY2qVuqZXSYFaDZ0HcYKzMOqtW2PK
yHZJCjABCSDmyPK19FcyVmzxpmrfHyHuPwsUV/PWJU0yjZ6ukeu0XMHsdkKkmPoM
OG/7HI66ZJzTL6G7xSk+7IH22+gKvV0/gG4XtLJZ3mjB5dyQHLLfPeANdShP3eI8
hSjgGSBcKt4SeloYY0fdfOGAf010N0Ig8gVp6YE5Vy/TL+S3FrJ58gD5fbv6qhFR
G46u/hOiFyWCil3L2DaL/5j9D0btOQ+KDKkAMYdVC8m44k7CYY8kTMJRJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOmkV1JUVBtcRmq1MIZc73gYpJB6MB8GA1UdIwQY
MBaAFB8xEg/iJXdetTFS1JIOnFc/8rZeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHpFU0QtSWxkMTYxTVZMVWtnNmNWel95dGw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9jODU4NWEtY2RmNy00YWEzLWJjMjEt
MjEyYWNjNDM1MWZmLzEvNmFSWFVsUlVHMXhHYXJVd2hsenZlQmlra0hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9jODU4NWEtY2RmNy00YWEzLWJjMjEtMjEyYWNjNDM1MWZm
LzEvSHpFU0QtSWxkMTYxTVZMVWtnNmNWel95dGw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+zqMA0G
CSqGSIb3DQEBCwUAA4IBAQAapNJSy26FQmVefe6ptvXeW+v120bnkrWnmxCAoIHC
199O0z2IcjzsM+WnvLwAWJZptWqzKM2nELdDpUKyP7n1AeZFs7jePyJGxMl2cpTs
M3k4TeI+7uBXWzepO7ubNaK3FIAocVYbitFXMLh8matdEaEEgxguT93pG9JzsvDf
/TIfgLpC753BClQijanw/H0cPnGwr71UWYRaLfF8gkIqdtNv3KPflSAaZtaI/v1a
RbxgyI3BfrNskMdsWLSEUieG79NuCwTrRBG4t7gsqg7wCFmZdiSxueZQCUY5SucN
V5gYtDXSTPb+QpNQo0EPGFNQQlDWA7Ry2ePpiAyJqI3Y
-----END CERTIFICATE-----