Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/8bb3c1-199d-449b-ac46-bbd92ccafa88/1/XBTY5oCPnSKO-pGOkQMDyX5FDn8.roa
File:                     XBTY5oCPnSKO-pGOkQMDyX5FDn8.roa (raw, json)
Hash identifier:          2a/XVYHT2J+BnY6dAg9IOCKCBjVC+x7J6D+KwQPhT4k=
Subject key identifier:   5C:14:D8:E6:80:8F:9D:22:8E:FA:91:8E:91:03:03:C9:7E:45:0E:7F
Certificate issuer:       /CN=daafe90f9d081334cc928edee9bc731540708dfd
Certificate serial:       018CC26D446C2A438FDF65D08E177EFC2B5C
Authority key identifier: DA:AF:E9:0F:9D:08:13:34:CC:92:8E:DE:E9:BC:73:15:40:70:8D:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q_pD50IEzTMko7e6bxzFUBwjf0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/8bb3c1-199d-449b-ac46-bbd92ccafa88/1/XBTY5oCPnSKO-pGOkQMDyX5FDn8.roa
Signing time:             Mon 01 Jan 2024 00:29:49 +0000
ROA not before:           Mon 01 Jan 2024 00:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50951
IP address blocks:        91.216.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/8bb3c1-199d-449b-ac46-bbd92ccafa88/1/2q_pD50IEzTMko7e6bxzFUBwjf0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/8bb3c1-199d-449b-ac46-bbd92ccafa88/1/2q_pD50IEzTMko7e6bxzFUBwjf0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q_pD50IEzTMko7e6bxzFUBwjf0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:44:6c:2a:43:8f:df:65:d0:8e:17:7e:fc:2b:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daafe90f9d081334cc928edee9bc731540708dfd
        Validity
            Not Before: Jan  1 00:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c14d8e6808f9d228efa918e910303c97e450e7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:df:26:87:06:74:6b:56:0f:d5:ba:4f:a8:af:
                    de:cd:c9:67:3c:e6:a3:b8:cf:eb:b9:34:94:c9:0c:
                    ed:45:3a:34:98:d7:09:69:49:8e:b2:5c:bd:0f:4d:
                    d4:df:91:9a:e1:7e:39:e0:b3:4c:b0:82:74:1e:4e:
                    e1:95:fe:f2:8e:09:3c:d8:06:94:e6:2b:42:bf:b5:
                    f9:6e:4d:21:d0:4d:c5:24:7f:2c:97:44:16:be:0f:
                    e9:d9:4c:a0:d1:bc:e7:e5:78:d3:30:61:6d:4e:f0:
                    58:ed:15:8f:46:b4:94:e8:ab:a3:76:83:fd:9d:53:
                    b7:69:73:f8:d8:84:22:8a:2e:27:1a:a0:58:4b:87:
                    2e:b7:8a:0b:4b:b1:f3:08:f0:6a:2d:9f:84:e8:ae:
                    3a:d5:57:19:79:c7:bd:72:61:52:ca:a9:c5:99:12:
                    e3:df:16:d3:2a:0b:dc:55:69:1b:65:4d:6b:d3:46:
                    4b:50:5b:2f:83:84:32:1a:3d:dc:8d:c3:39:5f:f5:
                    b5:9f:2e:51:ec:32:ba:1f:ea:54:2e:39:32:85:cf:
                    c3:a8:a3:0b:5f:e2:ed:19:e0:0e:b4:2f:45:e5:69:
                    30:fc:9d:34:cd:cc:b8:39:69:99:e6:f6:a2:69:2c:
                    56:1d:cb:d9:64:e5:cc:e2:2b:5e:07:da:57:bc:61:
                    92:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:14:D8:E6:80:8F:9D:22:8E:FA:91:8E:91:03:03:C9:7E:45:0E:7F
            X509v3 Authority Key Identifier:
                keyid:DA:AF:E9:0F:9D:08:13:34:CC:92:8E:DE:E9:BC:73:15:40:70:8D:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q_pD50IEzTMko7e6bxzFUBwjf0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/8bb3c1-199d-449b-ac46-bbd92ccafa88/1/XBTY5oCPnSKO-pGOkQMDyX5FDn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/8bb3c1-199d-449b-ac46-bbd92ccafa88/1/2q_pD50IEzTMko7e6bxzFUBwjf0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:f3:b2:49:d9:22:47:00:aa:60:3f:0b:36:cc:11:81:1c:c9:
         50:3c:dd:7f:45:b0:54:1c:7b:83:86:ab:f8:c3:bf:76:5a:80:
         1a:75:db:43:99:17:93:21:9b:39:5a:b0:1e:31:f8:bf:70:59:
         e2:3d:6e:8c:d4:59:d6:e5:6a:4a:fd:23:17:7d:58:11:3b:4a:
         3a:60:51:0a:71:72:fc:37:2a:ca:4b:6d:79:65:9d:34:b5:63:
         d3:cc:05:e6:8a:e3:7a:69:e2:b3:f0:67:46:68:52:26:ce:12:
         86:25:94:f5:53:f4:ea:40:9e:24:d1:33:09:8b:6a:d6:12:67:
         32:aa:8d:db:0d:25:bb:3d:29:65:8e:28:db:5d:81:b7:7b:f7:
         32:ac:65:d8:ce:8b:49:6a:39:8c:c0:d6:62:42:9a:9a:0b:ac:
         69:45:b6:57:c7:ee:91:e2:de:99:1d:24:29:09:c3:1e:54:43:
         81:e3:b2:de:f2:86:ed:6f:12:85:88:55:be:4c:0a:e7:05:22:
         d0:1d:53:1f:67:58:24:6a:8e:25:8c:08:32:90:72:06:6b:1f:
         54:7b:17:18:42:8a:ac:88:a4:e8:38:1e:6e:cf:69:3a:a6:52:
         51:ac:31:4b:8e:72:65:2f:75:3d:0a:f2:7f:9f:e7:38:19:b8:
         19:ac:6b:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbURsKkOP32XQjhd+/CtcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWZlOTBmOWQwODEzMzRjYzkyOGVkZWU5YmM3MzE1NDA3
MDhkZmQwHhcNMjQwMTAxMDAyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzE0ZDhlNjgwOGY5ZDIyOGVmYTkxOGU5MTAzMDNjOTdlNDUwZTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlN8mhwZ0a1YP1bpPqK/ezclnPOaj
uM/ruTSUyQztRTo0mNcJaUmOsly9D03U35Ga4X454LNMsIJ0Hk7hlf7yjgk82AaU
5itCv7X5bk0h0E3FJH8sl0QWvg/p2Uyg0bzn5XjTMGFtTvBY7RWPRrSU6KujdoP9
nVO3aXP42IQiii4nGqBYS4cut4oLS7HzCPBqLZ+E6K461VcZece9cmFSyqnFmRLj
3xbTKgvcVWkbZU1r00ZLUFsvg4QyGj3cjcM5X/W1ny5R7DK6H+pULjkyhc/DqKML
X+LtGeAOtC9F5Wkw/J00zcy4OWmZ5vaiaSxWHcvZZOXM4iteB9pXvGGSmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFwU2OaAj50ijvqRjpEDA8l+RQ5/MB8GA1UdIwQY
MBaAFNqv6Q+dCBM0zJKO3um8cxVAcI39MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnFfcEQ1MElFelRNa283ZTZieHpGVUJ3amYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS84YmIzYzEtMTk5ZC00NDliLWFjNDYt
YmJkOTJjY2FmYTg4LzEvWEJUWTVvQ1BuU0tPLXBHT2tRTUR5WDVGRG44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS84YmIzYzEtMTk5ZC00NDliLWFjNDYtYmJkOTJjY2FmYTg4
LzEvMnFfcEQ1MElFelRNa283ZTZieHpGVUJ3amYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9gyMA0G
CSqGSIb3DQEBCwUAA4IBAQBf87JJ2SJHAKpgPws2zBGBHMlQPN1/RbBUHHuDhqv4
w792WoAaddtDmReTIZs5WrAeMfi/cFniPW6M1FnW5WpK/SMXfVgRO0o6YFEKcXL8
NyrKS215ZZ00tWPTzAXmiuN6aeKz8GdGaFImzhKGJZT1U/TqQJ4k0TMJi2rWEmcy
qo3bDSW7PSlljijbXYG3e/cyrGXYzotJajmMwNZiQpqaC6xpRbZXx+6R4t6ZHSQp
CcMeVEOB47Le8obtbxKFiFW+TArnBSLQHVMfZ1gkao4ljAgykHIGax9UexcYQoqs
iKToOB5uz2k6plJRrDFLjnJlL3U9CvJ/n+c4GbgZrGvM
-----END CERTIFICATE-----