Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/45c689-751f-46d7-9b6c-b1fc547b7322/1/h6wzQpJhqqRXLVSSNX76iJRFaAI.roa
File:                     h6wzQpJhqqRXLVSSNX76iJRFaAI.roa (raw, json)
Hash identifier:          M+fHF4o4k7Ua88UXJSXnPG24mCESu8q7y7YeuYHBRGI=
Subject key identifier:   87:AC:33:42:92:61:AA:A4:57:2D:54:92:35:7E:FA:88:94:45:68:02
Certificate issuer:       /CN=ce28340a209b2ba12ae903a74cbb5e2e23aed238
Certificate serial:       018CC42562D3C6638B49A6A1DAA7DF907C4F
Authority key identifier: CE:28:34:0A:20:9B:2B:A1:2A:E9:03:A7:4C:BB:5E:2E:23:AE:D2:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zig0CiCbK6Eq6QOnTLteLiOu0jg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/45c689-751f-46d7-9b6c-b1fc547b7322/1/h6wzQpJhqqRXLVSSNX76iJRFaAI.roa
Signing time:             Mon 01 Jan 2024 08:30:33 +0000
ROA not before:           Mon 01 Jan 2024 08:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62298
IP address blocks:        91.205.40.0/24 maxlen: 24
                          2a01:5340::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/45c689-751f-46d7-9b6c-b1fc547b7322/1/zig0CiCbK6Eq6QOnTLteLiOu0jg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/45c689-751f-46d7-9b6c-b1fc547b7322/1/zig0CiCbK6Eq6QOnTLteLiOu0jg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zig0CiCbK6Eq6QOnTLteLiOu0jg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:62:d3:c6:63:8b:49:a6:a1:da:a7:df:90:7c:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce28340a209b2ba12ae903a74cbb5e2e23aed238
        Validity
            Not Before: Jan  1 08:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87ac33429261aaa4572d5492357efa8894456802
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f1:32:18:d8:da:d4:a4:d9:bd:59:6f:78:f8:
                    36:8b:53:8b:a9:86:5a:f8:8d:a4:ba:5d:1a:44:a3:
                    33:0d:6b:68:d2:b6:00:b8:6b:5d:06:db:7a:93:ae:
                    eb:0e:59:ee:92:97:2e:5a:b7:90:a4:2b:a4:16:67:
                    11:37:33:b2:ae:c2:e9:08:96:45:24:da:af:b8:9a:
                    25:6c:28:ae:3a:fc:7a:bb:58:a2:66:bf:1c:3f:16:
                    09:c3:c1:f7:29:7c:e8:e5:d2:33:fa:00:db:1e:ec:
                    23:7b:57:22:a4:4f:d3:b3:36:78:97:e7:09:c5:5b:
                    34:59:84:64:f7:10:b4:87:d0:82:8b:69:b9:bc:fe:
                    cb:9b:a5:ff:67:e1:3e:64:52:ec:02:79:48:af:c6:
                    c8:8c:79:e1:da:db:2f:00:7e:6d:5f:65:ce:f0:b6:
                    b5:a9:cc:9b:99:a3:93:b2:8c:cc:28:53:95:d5:fe:
                    43:03:30:67:4f:18:26:02:c2:85:11:09:7f:a1:39:
                    3d:f6:39:b3:f8:55:e2:89:ff:bf:5b:ad:cc:57:87:
                    f5:7e:5a:ae:3a:72:26:b6:53:43:b1:7b:36:81:52:
                    4e:c1:f7:15:1a:79:13:70:63:16:ba:4d:06:5e:2c:
                    fc:0c:46:74:6e:48:9a:77:89:00:94:73:ce:43:30:
                    7a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:AC:33:42:92:61:AA:A4:57:2D:54:92:35:7E:FA:88:94:45:68:02
            X509v3 Authority Key Identifier:
                keyid:CE:28:34:0A:20:9B:2B:A1:2A:E9:03:A7:4C:BB:5E:2E:23:AE:D2:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zig0CiCbK6Eq6QOnTLteLiOu0jg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/45c689-751f-46d7-9b6c-b1fc547b7322/1/h6wzQpJhqqRXLVSSNX76iJRFaAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/45c689-751f-46d7-9b6c-b1fc547b7322/1/zig0CiCbK6Eq6QOnTLteLiOu0jg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.40.0/24
                IPv6:
                  2a01:5340::/29

    Signature Algorithm: sha256WithRSAEncryption
         6e:21:95:b3:12:11:e8:98:fd:10:65:c3:c0:c9:f6:2b:5c:c4:
         2c:f7:32:1e:34:9a:b1:1e:1d:93:5f:77:6a:82:d3:cd:b6:3f:
         be:9a:c5:38:83:a0:90:72:3f:2a:b4:27:db:81:cf:c8:a6:43:
         ec:83:63:38:44:48:66:77:49:dc:33:eb:ac:38:96:f3:3a:24:
         04:b1:6d:03:5b:54:67:6b:e8:fc:ee:45:8e:8e:76:d0:a7:02:
         8b:7e:87:3b:8c:2d:62:1b:c6:21:a8:d1:cf:52:b0:43:09:f6:
         10:b1:79:58:34:eb:56:10:8e:64:ac:b7:82:65:a2:e9:a8:9b:
         f9:8e:7e:4e:18:3e:9d:36:1d:6f:b7:af:9f:79:ef:07:3c:bd:
         cd:65:ca:b1:0c:2b:fb:3e:66:83:b7:a2:8e:0f:46:96:c0:ee:
         fe:16:c4:cb:bd:08:ff:c6:f9:64:8a:2d:6f:82:f8:0f:7e:05:
         9d:c9:8b:ff:3b:df:0f:62:e8:22:1c:c7:de:a0:ea:74:ea:3f:
         cd:35:1d:6c:0c:75:45:ef:04:2d:89:e1:13:0a:bf:ad:d2:6b:
         70:a4:0b:d2:ab:54:c0:c2:18:ce:85:b0:9d:5d:b5:59:3a:52:
         fb:74:e9:b4:3b:6b:70:8a:8e:6a:d9:66:b5:5c:22:7d:ca:27:
         4e:ac:24:cf
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJWLTxmOLSaah2qffkHxPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlMjgzNDBhMjA5YjJiYTEyYWU5MDNhNzRjYmI1ZTJlMjNh
ZWQyMzgwHhcNMjQwMTAxMDgzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2FjMzM0MjkyNjFhYWE0NTcyZDU0OTIzNTdlZmE4ODk0NDU2ODAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofEyGNja1KTZvVlvePg2i1OLqYZa
+I2kul0aRKMzDWto0rYAuGtdBtt6k67rDlnukpcuWreQpCukFmcRNzOyrsLpCJZF
JNqvuJolbCiuOvx6u1iiZr8cPxYJw8H3KXzo5dIz+gDbHuwje1cipE/TszZ4l+cJ
xVs0WYRk9xC0h9CCi2m5vP7Lm6X/Z+E+ZFLsAnlIr8bIjHnh2tsvAH5tX2XO8La1
qcybmaOTsozMKFOV1f5DAzBnTxgmAsKFEQl/oTk99jmz+FXiif+/W63MV4f1flqu
OnImtlNDsXs2gVJOwfcVGnkTcGMWuk0GXiz8DEZ0bkiad4kAlHPOQzB6oQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIesM0KSYaqkVy1UkjV++oiURWgCMB8GA1UdIwQY
MBaAFM4oNAogmyuhKukDp0y7Xi4jrtI4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemlnMENpQ2JLNkVxNlFPblRMdGVMaU91MGpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS80NWM2ODktNzUxZi00NmQ3LTliNmMt
YjFmYzU0N2I3MzIyLzEvaDZ3elFwSmhxcVJYTFZTU05YNzZpSlJGYUFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS80NWM2ODktNzUxZi00NmQ3LTliNmMtYjFmYzU0N2I3MzIy
LzEvemlnMENpQ2JLNkVxNlFPblRMdGVMaU91MGpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW80oMA0E
AgACMAcDBQMqAVNAMA0GCSqGSIb3DQEBCwUAA4IBAQBuIZWzEhHomP0QZcPAyfYr
XMQs9zIeNJqxHh2TX3dqgtPNtj++msU4g6CQcj8qtCfbgc/IpkPsg2M4REhmd0nc
M+usOJbzOiQEsW0DW1Rna+j87kWOjnbQpwKLfoc7jC1iG8YhqNHPUrBDCfYQsXlY
NOtWEI5krLeCZaLpqJv5jn5OGD6dNh1vt6+fee8HPL3NZcqxDCv7PmaDt6KOD0aW
wO7+FsTLvQj/xvlkii1vgvgPfgWdyYv/O98PYugiHMfeoOp06j/NNR1sDHVF7wQt
ieETCr+t0mtwpAvSq1TAwhjOhbCdXbVZOlL7dOm0O2twio5q2Wa1XCJ9yidOrCTP
-----END CERTIFICATE-----