Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/dda98e-8646-4d07-80ac-a35eaf005af5/1/6-R0Oetma9BpDszPU8KrETBhiLw.roa
File:                     6-R0Oetma9BpDszPU8KrETBhiLw.roa (raw, json)
Hash identifier:          1qbBokfklf0z6Asi+KN4lR/QgDQgBAZ30HCKs7pOXCs=
Subject key identifier:   EB:E4:74:39:EB:66:6B:D0:69:0E:CC:CF:53:C2:AB:11:30:61:88:BC
Certificate issuer:       /CN=bd175e878d33b47d806f2cf3e04628220935123d
Certificate serial:       018CC7273ACEA5A1FBC73FFB823CCB33479A
Authority key identifier: BD:17:5E:87:8D:33:B4:7D:80:6F:2C:F3:E0:46:28:22:09:35:12:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vRdeh40ztH2Abyzz4EYoIgk1Ej0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/dda98e-8646-4d07-80ac-a35eaf005af5/1/6-R0Oetma9BpDszPU8KrETBhiLw.roa
Signing time:             Mon 01 Jan 2024 22:31:26 +0000
ROA not before:           Mon 01 Jan 2024 22:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12586
IP address blocks:        91.199.8.0/24 maxlen: 32
                          2001:67c:2f84::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/dda98e-8646-4d07-80ac-a35eaf005af5/1/vRdeh40ztH2Abyzz4EYoIgk1Ej0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/dda98e-8646-4d07-80ac-a35eaf005af5/1/vRdeh40ztH2Abyzz4EYoIgk1Ej0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vRdeh40ztH2Abyzz4EYoIgk1Ej0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:3a:ce:a5:a1:fb:c7:3f:fb:82:3c:cb:33:47:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd175e878d33b47d806f2cf3e04628220935123d
        Validity
            Not Before: Jan  1 22:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ebe47439eb666bd0690ecccf53c2ab11306188bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:42:62:15:33:17:56:11:cc:de:67:37:31:88:
                    7e:a8:43:4a:22:7f:a5:e1:6c:08:9c:e1:45:39:af:
                    ca:23:71:22:95:af:c7:bd:97:fa:62:bb:9c:6f:02:
                    e2:08:36:a4:c4:0a:f1:cd:c5:dd:19:f0:29:c6:21:
                    24:37:54:8c:c3:dd:64:bc:2e:ee:8a:70:3b:55:69:
                    1b:6e:60:83:55:a4:d5:24:3f:ee:98:26:c7:e2:2e:
                    15:39:d0:65:18:c0:de:eb:10:da:9d:17:ef:39:8b:
                    73:62:ce:70:aa:80:5d:02:2d:dc:b5:05:e1:3f:43:
                    13:35:e6:74:67:69:24:dc:72:7a:02:75:27:b1:b0:
                    f1:41:1d:7b:d0:8a:51:89:ea:45:c8:71:07:cc:35:
                    ed:db:c0:ff:40:0e:6f:2e:c1:cb:f7:fa:26:41:15:
                    f9:6e:ad:13:50:e5:60:f9:28:72:65:91:be:76:d0:
                    fd:a7:f1:dd:20:e4:f9:f3:03:3e:b7:cb:6b:3a:9f:
                    9b:b8:04:fe:80:78:75:98:86:5d:0b:a4:15:21:5e:
                    ae:0b:ec:fc:fc:b1:1d:cf:99:5c:49:b4:7b:99:53:
                    e8:42:30:a8:7e:75:ac:d4:92:a4:b8:0a:c4:b5:d5:
                    6d:f8:dd:53:b2:51:f7:83:bb:cf:e6:ec:11:8c:4e:
                    8b:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:E4:74:39:EB:66:6B:D0:69:0E:CC:CF:53:C2:AB:11:30:61:88:BC
            X509v3 Authority Key Identifier:
                keyid:BD:17:5E:87:8D:33:B4:7D:80:6F:2C:F3:E0:46:28:22:09:35:12:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vRdeh40ztH2Abyzz4EYoIgk1Ej0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/dda98e-8646-4d07-80ac-a35eaf005af5/1/6-R0Oetma9BpDszPU8KrETBhiLw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/dda98e-8646-4d07-80ac-a35eaf005af5/1/vRdeh40ztH2Abyzz4EYoIgk1Ej0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.8.0/24
                IPv6:
                  2001:67c:2f84::/48

    Signature Algorithm: sha256WithRSAEncryption
         92:17:9f:43:c2:1d:a6:55:03:a7:01:12:cd:45:c6:91:ad:68:
         44:46:11:4d:8b:ae:e5:59:00:02:ab:e5:0c:a6:aa:2b:38:76:
         af:05:c3:7c:19:ae:24:5c:be:72:7e:1c:2e:fc:fd:b4:90:f2:
         cb:bd:b9:30:93:ad:04:64:70:5b:69:52:28:b9:b2:b4:19:43:
         42:db:59:4e:98:42:0b:cf:1c:b5:f4:75:ee:23:48:42:83:5b:
         5e:b8:62:84:71:00:86:a1:32:80:89:0b:8f:76:47:5d:4e:87:
         0c:b6:14:f6:a3:83:9b:a4:0e:30:50:70:20:d8:2f:ea:63:3b:
         7d:0b:88:3d:ee:95:cd:82:79:3b:fe:b5:01:0b:b3:59:f1:42:
         0f:ac:b0:20:eb:c7:9d:6b:6b:a5:3d:b4:ff:c6:25:1e:f0:68:
         5d:66:44:0d:48:c6:31:42:da:fc:b0:6d:15:03:92:88:31:e3:
         95:2f:c3:0a:f3:2e:a9:e1:17:ae:28:4e:00:d7:33:50:a0:3b:
         f5:cb:e3:0d:c6:eb:1b:7a:50:07:9d:00:ce:08:ac:12:fd:36:
         3b:5b:13:b7:2c:38:68:a5:65:7d:91:1d:08:d7:e8:8f:8a:0d:
         79:47:e4:8d:e1:f2:a3:8c:76:7c:ce:40:2c:47:e3:70:55:a7:
         af:1f:a4:bf
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHJzrOpaH7xz/7gjzLM0eaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMTc1ZTg3OGQzM2I0N2Q4MDZmMmNmM2UwNDYyODIyMDkz
NTEyM2QwHhcNMjQwMTAxMjIzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmU0NzQzOWViNjY2YmQwNjkwZWNjY2Y1M2MyYWIxMTMwNjE4OGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEJiFTMXVhHM3mc3MYh+qENKIn+l
4WwInOFFOa/KI3Eila/HvZf6YrucbwLiCDakxArxzcXdGfApxiEkN1SMw91kvC7u
inA7VWkbbmCDVaTVJD/umCbH4i4VOdBlGMDe6xDanRfvOYtzYs5wqoBdAi3ctQXh
P0MTNeZ0Z2kk3HJ6AnUnsbDxQR170IpRiepFyHEHzDXt28D/QA5vLsHL9/omQRX5
bq0TUOVg+ShyZZG+dtD9p/HdIOT58wM+t8trOp+buAT+gHh1mIZdC6QVIV6uC+z8
/LEdz5lcSbR7mVPoQjCofnWs1JKkuArEtdVt+N1TslH3g7vP5uwRjE6LjwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOvkdDnrZmvQaQ7Mz1PCqxEwYYi8MB8GA1UdIwQY
MBaAFL0XXoeNM7R9gG8s8+BGKCIJNRI9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlJkZWg0MHp0SDJBYnl6ejRFWW9JZ2sxRWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9kZGE5OGUtODY0Ni00ZDA3LTgwYWMt
YTM1ZWFmMDA1YWY1LzEvNi1SME9ldG1hOUJwRHN6UFU4S3JFVEJoaUx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9kZGE5OGUtODY0Ni00ZDA3LTgwYWMtYTM1ZWFmMDA1YWY1
LzEvdlJkZWg0MHp0SDJBYnl6ejRFWW9JZ2sxRWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW8cIMA8E
AgACMAkDBwAgAQZ8L4QwDQYJKoZIhvcNAQELBQADggEBAJIXn0PCHaZVA6cBEs1F
xpGtaERGEU2LruVZAAKr5Qymqis4dq8Fw3wZriRcvnJ+HC78/bSQ8su9uTCTrQRk
cFtpUii5srQZQ0LbWU6YQgvPHLX0de4jSEKDW164YoRxAIahMoCJC492R11Ohwy2
FPajg5ukDjBQcCDYL+pjO30LiD3ulc2CeTv+tQELs1nxQg+ssCDrx51ra6U9tP/G
JR7waF1mRA1IxjFC2vywbRUDkogx45UvwwrzLqnhF64oTgDXM1CgO/XL4w3G6xt6
UAedAM4IrBL9NjtbE7csOGilZX2RHQjX6I+KDXlH5I3h8qOMdnzOQCxH43BVp68f
pL8=
-----END CERTIFICATE-----