Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/6vMTJVbSoBocLeAscprOSxfDJyQ.roa
File:                     6vMTJVbSoBocLeAscprOSxfDJyQ.roa (raw, json)
Hash identifier:          bZzU3ZQDJDbMbfJZdbBX0RzvlNN7erl/R2mD5324qmY=
Subject key identifier:   EA:F3:13:25:56:D2:A0:1A:1C:2D:E0:2C:72:9A:CE:4B:17:C3:27:24
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E1CEAB40F11127D6A3770C9DC37A5
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/6vMTJVbSoBocLeAscprOSxfDJyQ.roa
Signing time:             Mon 01 Jan 2024 14:29:37 +0000
ROA not before:           Mon 01 Jan 2024 14:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     265627
IP address blocks:        91.109.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:1c:ea:b4:0f:11:12:7d:6a:37:70:c9:dc:37:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eaf3132556d2a01a1c2de02c729ace4b17c32724
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:a6:5d:bf:22:03:17:c8:de:b8:6f:43:55:a1:
                    d2:96:5f:b3:a7:53:fe:86:b0:2e:95:d0:b3:77:e0:
                    bd:ee:8b:cf:34:93:d7:ad:6c:ec:29:07:64:a4:52:
                    ee:80:44:85:12:51:8a:7a:e9:ac:a5:b8:27:20:4a:
                    e2:4f:51:25:b4:8c:52:6c:e4:90:6a:20:6d:7b:05:
                    2c:81:32:0b:64:43:ef:fd:e1:d7:93:9d:ca:26:41:
                    81:ec:9a:1c:e0:c5:c6:55:7e:7b:d7:14:3a:e3:2a:
                    ae:bf:1a:30:b7:88:b1:c0:65:70:0c:43:81:2d:11:
                    e3:de:32:c6:49:a3:2d:a3:ac:94:20:ae:72:2c:9d:
                    28:5c:e7:be:da:b8:53:69:ae:24:4b:a5:f9:94:86:
                    4a:9d:71:db:ec:f2:06:e2:cf:17:eb:7e:4f:51:a0:
                    63:e0:f8:23:62:33:a4:53:98:39:90:ce:30:df:f8:
                    0f:96:9d:60:a1:c6:fa:4f:27:d7:ed:3f:4a:9e:da:
                    b0:12:00:f8:5d:d3:55:0d:72:14:e1:ee:dc:e3:8b:
                    b0:1b:df:97:2b:b6:11:d9:37:a4:74:cc:ed:90:41:
                    23:fc:9d:89:4c:ba:be:e7:8a:fc:5a:70:e1:d4:c8:
                    d0:3c:74:3a:f4:22:85:93:c8:c1:96:71:f9:d9:68:
                    d1:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:F3:13:25:56:D2:A0:1A:1C:2D:E0:2C:72:9A:CE:4B:17:C3:27:24
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/6vMTJVbSoBocLeAscprOSxfDJyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.109.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:b7:95:a5:a7:73:c2:25:f5:f7:08:62:4e:0a:e9:5d:f9:07:
         d4:91:f2:3d:be:a2:c6:e9:ee:be:34:e0:4d:87:9c:6b:42:65:
         b2:52:1d:60:b5:65:64:ce:43:ba:35:03:bb:b2:51:17:98:45:
         30:4f:14:db:69:80:2b:5b:05:dd:89:15:96:f1:4a:a7:21:d3:
         bf:29:33:2d:77:24:88:b7:22:c5:ac:60:05:aa:95:c4:87:2f:
         77:52:84:c3:9e:40:7c:91:a9:ac:02:5b:bd:56:d4:c8:b7:af:
         4a:08:73:f2:c4:e1:11:58:e1:84:1c:91:cc:f7:1a:88:b9:f6:
         6b:bb:85:32:be:ba:a1:c8:8d:96:3d:ac:01:87:f6:45:7d:ff:
         cd:ab:23:e1:14:64:d5:f9:04:81:9c:8a:d7:fc:bb:33:ad:67:
         3b:d5:d4:db:2a:25:7d:cc:6f:72:73:03:b2:80:b6:1d:02:73:
         17:f9:6e:51:9f:d3:4e:79:97:bc:63:2d:9b:b0:4d:99:86:29:
         c9:88:0f:99:42:64:6c:dd:42:cf:1f:87:ae:2d:48:b9:0a:b9:
         10:00:48:78:61:c8:ea:0b:74:20:ab:9c:48:ce:7e:60:0d:df:
         c3:fd:86:d3:5b:30:27:f5:83:d3:ed:af:a1:62:d9:c2:fe:46:
         05:d4:e2:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhzqtA8REn1qN3DJ3DelMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWYzMTMyNTU2ZDJhMDFhMWMyZGUwMmM3MjlhY2U0YjE3YzMyNzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiaZdvyIDF8jeuG9DVaHSll+zp1P+
hrAuldCzd+C97ovPNJPXrWzsKQdkpFLugESFElGKeumspbgnIEriT1EltIxSbOSQ
aiBtewUsgTILZEPv/eHXk53KJkGB7Joc4MXGVX571xQ64yquvxowt4ixwGVwDEOB
LRHj3jLGSaMto6yUIK5yLJ0oXOe+2rhTaa4kS6X5lIZKnXHb7PIG4s8X635PUaBj
4PgjYjOkU5g5kM4w3/gPlp1gocb6TyfX7T9KntqwEgD4XdNVDXIU4e7c44uwG9+X
K7YR2TekdMztkEEj/J2JTLq+54r8WnDh1MjQPHQ69CKFk8jBlnH52WjRFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOrzEyVW0qAaHC3gLHKazksXwyckMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvNnZNVEpWYlNvQm9jTGVBc2Nwck9TeGZESnlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW22iMA0G
CSqGSIb3DQEBCwUAA4IBAQCtt5Wlp3PCJfX3CGJOCuld+QfUkfI9vqLG6e6+NOBN
h5xrQmWyUh1gtWVkzkO6NQO7slEXmEUwTxTbaYArWwXdiRWW8UqnIdO/KTMtdySI
tyLFrGAFqpXEhy93UoTDnkB8kamsAlu9VtTIt69KCHPyxOERWOGEHJHM9xqIufZr
u4UyvrqhyI2WPawBh/ZFff/NqyPhFGTV+QSBnIrX/LszrWc71dTbKiV9zG9ycwOy
gLYdAnMX+W5Rn9NOeZe8Yy2bsE2ZhinJiA+ZQmRs3ULPH4euLUi5CrkQAEh4Ycjq
C3Qgq5xIzn5gDd/D/YbTWzAn9YPT7a+hYtnC/kYF1OIM
-----END CERTIFICATE-----