Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/e3efc8-5f1d-4eb8-9720-379733ab38cd/1/6hYPps6upqMPpPY_AH4fU_sBm3k.roa
File:                     6hYPps6upqMPpPY_AH4fU_sBm3k.roa (raw, json)
Hash identifier:          pJA3P1u1VlDV9gsetR13VzEZGMmKrFfnLljenpuQDEA=
Subject key identifier:   EA:16:0F:A6:CE:AE:A6:A3:0F:A4:F6:3F:00:7E:1F:53:FB:01:9B:79
Certificate issuer:       /CN=5f8ad135412bf9041be5fd08e74a24120db3eec7
Certificate serial:       018CC4244ECBB81B6945816B1667F171C888
Authority key identifier: 5F:8A:D1:35:41:2B:F9:04:1B:E5:FD:08:E7:4A:24:12:0D:B3:EE:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X4rRNUEr-QQb5f0I50okEg2z7sc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/e3efc8-5f1d-4eb8-9720-379733ab38cd/1/6hYPps6upqMPpPY_AH4fU_sBm3k.roa
Signing time:             Mon 01 Jan 2024 08:29:22 +0000
ROA not before:           Mon 01 Jan 2024 08:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198367
IP address blocks:        91.234.60.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/e3efc8-5f1d-4eb8-9720-379733ab38cd/1/X4rRNUEr-QQb5f0I50okEg2z7sc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/e3efc8-5f1d-4eb8-9720-379733ab38cd/1/X4rRNUEr-QQb5f0I50okEg2z7sc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X4rRNUEr-QQb5f0I50okEg2z7sc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:4e:cb:b8:1b:69:45:81:6b:16:67:f1:71:c8:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f8ad135412bf9041be5fd08e74a24120db3eec7
        Validity
            Not Before: Jan  1 08:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea160fa6ceaea6a30fa4f63f007e1f53fb019b79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:d9:20:62:fc:ee:5e:29:80:a4:b2:a4:31:04:
                    54:7c:d9:b1:21:54:02:62:5a:07:9c:65:db:64:c2:
                    3f:b1:43:11:21:c0:b6:15:86:1b:f0:45:0e:5e:7d:
                    5a:04:a6:b8:b2:20:68:b8:cb:35:e8:11:2e:db:50:
                    62:9f:11:65:ac:02:f4:90:ab:5d:75:f9:a2:70:bd:
                    13:fd:ff:73:84:3b:e0:ef:6f:c7:59:2d:d4:44:46:
                    de:4a:fa:7a:2d:6c:9e:24:38:19:12:ad:be:e6:6e:
                    1e:23:5d:c8:06:ac:f6:c3:8c:d7:cf:e3:64:dd:1d:
                    3c:b2:5f:0e:4c:d0:ef:9a:f1:69:52:64:02:0f:a4:
                    74:3c:71:f6:58:bd:f3:37:cb:72:04:45:ae:d8:72:
                    84:37:4c:c2:d2:5e:31:1b:ca:b6:db:11:ca:8b:7e:
                    c0:9e:45:13:2c:d5:18:55:d3:65:a4:7d:7e:e5:57:
                    c4:a5:d4:2a:7b:92:eb:80:53:08:7e:21:19:57:c6:
                    39:c8:21:72:84:ad:cf:29:2a:e5:1c:4f:51:e7:0d:
                    8e:19:c7:61:9e:99:1e:c5:d9:4b:62:2c:a9:51:7a:
                    ab:af:f0:31:79:d6:30:7a:3d:65:d0:d3:25:68:5c:
                    18:ec:8a:ad:0a:30:2c:a2:2a:78:c4:de:3b:38:e2:
                    be:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:16:0F:A6:CE:AE:A6:A3:0F:A4:F6:3F:00:7E:1F:53:FB:01:9B:79
            X509v3 Authority Key Identifier:
                keyid:5F:8A:D1:35:41:2B:F9:04:1B:E5:FD:08:E7:4A:24:12:0D:B3:EE:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X4rRNUEr-QQb5f0I50okEg2z7sc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/e3efc8-5f1d-4eb8-9720-379733ab38cd/1/6hYPps6upqMPpPY_AH4fU_sBm3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/e3efc8-5f1d-4eb8-9720-379733ab38cd/1/X4rRNUEr-QQb5f0I50okEg2z7sc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ba:b5:e0:c0:ef:86:41:9c:9d:36:35:0e:30:c2:40:8d:27:e6:
         28:8d:3c:ca:7e:48:f1:2e:7a:39:70:e6:a0:7c:1d:47:68:0a:
         8e:bc:7b:51:ba:6c:16:83:b5:e7:3b:36:d8:b6:89:b1:92:9d:
         96:90:08:ac:54:f1:b3:8a:89:1e:34:fb:db:ae:7c:b9:6e:ab:
         01:06:71:7b:dc:8c:39:4b:92:c2:07:bd:3d:ca:c5:5e:c0:1e:
         af:45:65:65:ad:82:3a:71:c3:e0:2b:1c:81:e2:e6:35:b0:61:
         d1:2d:fd:25:e0:10:33:cf:8b:7b:57:47:81:47:69:42:39:70:
         bc:f9:fe:da:0c:34:9b:54:08:35:70:eb:be:d3:b1:3b:93:3f:
         a1:f0:84:3d:90:14:8c:ad:de:3e:0d:92:ec:7d:f8:c4:89:b8:
         2c:12:b6:96:97:ce:c7:66:4f:14:1c:fc:33:eb:04:96:7a:34:
         df:5f:74:d5:a7:4a:df:7f:b2:6e:cb:8a:0e:da:9f:b6:1f:ab:
         c6:ab:9d:55:6b:e5:f6:16:71:e0:fd:19:01:ef:80:50:f8:b8:
         23:e8:5a:7c:12:13:5b:c0:4b:f6:eb:be:47:42:90:c2:f4:9b:
         d1:f4:b6:3e:8c:09:97:1c:98:33:10:96:48:99:37:0d:49:cb:
         5e:01:b5:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJE7LuBtpRYFrFmfxcciIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmOGFkMTM1NDEyYmY5MDQxYmU1ZmQwOGU3NGEyNDEyMGRi
M2VlYzcwHhcNMjQwMTAxMDgyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTE2MGZhNmNlYWVhNmEzMGZhNGY2M2YwMDdlMWY1M2ZiMDE5Yjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitkgYvzuXimApLKkMQRUfNmxIVQC
YloHnGXbZMI/sUMRIcC2FYYb8EUOXn1aBKa4siBouMs16BEu21BinxFlrAL0kKtd
dfmicL0T/f9zhDvg72/HWS3UREbeSvp6LWyeJDgZEq2+5m4eI13IBqz2w4zXz+Nk
3R08sl8OTNDvmvFpUmQCD6R0PHH2WL3zN8tyBEWu2HKEN0zC0l4xG8q22xHKi37A
nkUTLNUYVdNlpH1+5VfEpdQqe5LrgFMIfiEZV8Y5yCFyhK3PKSrlHE9R5w2OGcdh
npkexdlLYiypUXqrr/AxedYwej1l0NMlaFwY7IqtCjAsoip4xN47OOK+GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOoWD6bOrqajD6T2PwB+H1P7AZt5MB8GA1UdIwQY
MBaAFF+K0TVBK/kEG+X9COdKJBINs+7HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDRyUk5VRXItUVFiNWYwSTUwb2tFZzJ6N3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9lM2VmYzgtNWYxZC00ZWI4LTk3MjAt
Mzc5NzMzYWIzOGNkLzEvNmhZUHBzNnVwcU1QcFBZX0FINGZVX3NCbTNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9lM2VmYzgtNWYxZC00ZWI4LTk3MjAtMzc5NzMzYWIzOGNk
LzEvWDRyUk5VRXItUVFiNWYwSTUwb2tFZzJ6N3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+o8MA0G
CSqGSIb3DQEBCwUAA4IBAQC6teDA74ZBnJ02NQ4wwkCNJ+YojTzKfkjxLno5cOag
fB1HaAqOvHtRumwWg7XnOzbYtomxkp2WkAisVPGziokeNPvbrny5bqsBBnF73Iw5
S5LCB709ysVewB6vRWVlrYI6ccPgKxyB4uY1sGHRLf0l4BAzz4t7V0eBR2lCOXC8
+f7aDDSbVAg1cOu+07E7kz+h8IQ9kBSMrd4+DZLsffjEibgsEraWl87HZk8UHPwz
6wSWejTfX3TVp0rff7Juy4oO2p+2H6vGq51Va+X2FnHg/RkB74BQ+Lgj6Fp8EhNb
wEv2675HQpDC9JvR9LY+jAmXHJgzEJZImTcNScteAbVg
-----END CERTIFICATE-----