Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/ed1594-2b3f-4962-acab-ceb21b8e832b/1/ynM6IvXfsuUjpyYsy4kx_rRuF8s.roa
File:                     ynM6IvXfsuUjpyYsy4kx_rRuF8s.roa (raw, json)
Hash identifier:          +ZQZWNecoyBQ944a5NWHb6PnuOySQVxAxVIEBhDA6NE=
Subject key identifier:   CA:73:3A:22:F5:DF:B2:E5:23:A7:26:2C:CB:89:31:FE:B4:6E:17:CB
Certificate issuer:       /CN=72a3c6ca435ebdbf96fffa4c5d98e4600828f712
Certificate serial:       018CC424E4B28109B9CB6A4DD3A546808FAD
Authority key identifier: 72:A3:C6:CA:43:5E:BD:BF:96:FF:FA:4C:5D:98:E4:60:08:28:F7:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cqPGykNevb-W__pMXZjkYAgo9xI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/ed1594-2b3f-4962-acab-ceb21b8e832b/1/ynM6IvXfsuUjpyYsy4kx_rRuF8s.roa
Signing time:             Mon 01 Jan 2024 08:30:01 +0000
ROA not before:           Mon 01 Jan 2024 08:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48642
IP address blocks:        91.211.20.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/ed1594-2b3f-4962-acab-ceb21b8e832b/1/cqPGykNevb-W__pMXZjkYAgo9xI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/ed1594-2b3f-4962-acab-ceb21b8e832b/1/cqPGykNevb-W__pMXZjkYAgo9xI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cqPGykNevb-W__pMXZjkYAgo9xI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:e4:b2:81:09:b9:cb:6a:4d:d3:a5:46:80:8f:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72a3c6ca435ebdbf96fffa4c5d98e4600828f712
        Validity
            Not Before: Jan  1 08:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca733a22f5dfb2e523a7262ccb8931feb46e17cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:74:9e:5b:11:ef:c1:cd:2b:0b:85:ee:5d:f2:
                    22:28:74:9c:5b:3c:22:23:96:4b:79:8f:db:97:0b:
                    4b:55:de:3e:7f:24:8f:ab:2f:7d:a8:01:76:a1:ba:
                    db:bd:dc:b7:59:b8:4b:30:36:9c:71:76:71:11:cc:
                    01:e3:8a:28:99:3f:a6:77:8c:1a:a4:1b:2e:e6:96:
                    49:86:fe:2f:fe:8b:4c:fd:84:80:5d:5a:2d:31:b3:
                    5e:2d:7a:cd:63:76:80:65:97:bd:b0:b9:22:ab:6e:
                    09:9c:73:5a:4d:91:6c:a6:3e:d2:f8:41:a4:e1:3c:
                    be:63:bc:19:2a:eb:2e:d9:65:85:59:c2:93:53:90:
                    f6:91:fe:5d:ef:94:0a:5b:2e:80:9a:b9:05:9b:0b:
                    9a:da:89:7d:cc:b9:64:2f:e8:ec:cd:e0:bf:81:9d:
                    a3:da:0c:3a:c4:50:52:a0:bf:76:d9:64:24:b1:53:
                    24:3f:19:22:ed:e6:cf:3d:a0:35:00:57:12:94:00:
                    01:98:56:ea:a6:c6:85:5d:32:7a:c5:eb:01:7e:fb:
                    94:3f:4d:57:da:96:78:d0:3d:bf:bb:68:c8:51:8a:
                    46:19:f6:8e:83:10:bf:89:67:70:4a:bc:62:c4:57:
                    95:4f:45:54:b3:0a:5c:df:bd:2c:0b:45:d5:eb:c4:
                    f6:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:73:3A:22:F5:DF:B2:E5:23:A7:26:2C:CB:89:31:FE:B4:6E:17:CB
            X509v3 Authority Key Identifier:
                keyid:72:A3:C6:CA:43:5E:BD:BF:96:FF:FA:4C:5D:98:E4:60:08:28:F7:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cqPGykNevb-W__pMXZjkYAgo9xI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/ed1594-2b3f-4962-acab-ceb21b8e832b/1/ynM6IvXfsuUjpyYsy4kx_rRuF8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/ed1594-2b3f-4962-acab-ceb21b8e832b/1/cqPGykNevb-W__pMXZjkYAgo9xI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         54:8f:97:25:91:95:cc:47:a8:8b:c1:b8:cc:51:2e:eb:de:b9:
         2e:40:c3:5e:c9:71:23:fa:21:2c:43:fc:f3:10:41:6f:35:69:
         22:7e:fa:44:35:05:e1:ab:7c:75:92:d0:be:7c:25:a3:86:25:
         4c:53:52:29:c4:4c:05:eb:ae:9f:e3:51:10:58:70:f5:37:2c:
         b8:b1:06:1b:d9:f4:05:ca:58:a8:87:9f:81:58:16:75:32:cf:
         65:78:5b:78:d4:b6:47:e5:3c:ad:9f:94:06:36:8d:23:b0:89:
         d2:8d:fc:cd:e1:09:5f:20:8d:81:25:ec:27:12:4c:dd:d1:3c:
         a8:1c:2c:67:d8:58:37:88:84:ba:97:9f:1b:99:33:70:29:1c:
         d1:e7:8f:dc:aa:61:6e:04:bd:78:06:6d:55:e6:10:66:2f:91:
         c6:93:61:93:d7:f2:8f:e2:e6:ba:8d:04:81:45:c2:d3:cf:04:
         59:10:84:2b:4e:e8:f6:80:20:71:0f:7e:b2:60:e1:63:45:9f:
         74:b5:1f:48:05:5f:2a:18:19:44:3b:57:3a:57:0a:e5:56:27:
         58:ed:34:6f:16:20:30:54:e8:cb:5c:07:61:ba:44:9d:6a:71:
         8f:25:52:66:4d:20:c2:46:e1:e4:f9:3b:4f:cf:df:27:66:1d:
         3b:df:f3:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJOSygQm5y2pN06VGgI+tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYTNjNmNhNDM1ZWJkYmY5NmZmZmE0YzVkOThlNDYwMDgy
OGY3MTIwHhcNMjQwMTAxMDgzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTczM2EyMmY1ZGZiMmU1MjNhNzI2MmNjYjg5MzFmZWI0NmUxN2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnSeWxHvwc0rC4XuXfIiKHScWzwi
I5ZLeY/blwtLVd4+fySPqy99qAF2obrbvdy3WbhLMDaccXZxEcwB44oomT+md4wa
pBsu5pZJhv4v/otM/YSAXVotMbNeLXrNY3aAZZe9sLkiq24JnHNaTZFspj7S+EGk
4Ty+Y7wZKusu2WWFWcKTU5D2kf5d75QKWy6AmrkFmwua2ol9zLlkL+jszeC/gZ2j
2gw6xFBSoL922WQksVMkPxki7ebPPaA1AFcSlAABmFbqpsaFXTJ6xesBfvuUP01X
2pZ40D2/u2jIUYpGGfaOgxC/iWdwSrxixFeVT0VUswpc370sC0XV68T2RwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMpzOiL137LlI6cmLMuJMf60bhfLMB8GA1UdIwQY
MBaAFHKjxspDXr2/lv/6TF2Y5GAIKPcSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3FQR3lrTmV2Yi1XX19wTVhaamtZQWdvOXhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9lZDE1OTQtMmIzZi00OTYyLWFjYWIt
Y2ViMjFiOGU4MzJiLzEveW5NNkl2WGZzdVVqcHlZc3k0a3hfclJ1RjhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9lZDE1OTQtMmIzZi00OTYyLWFjYWItY2ViMjFiOGU4MzJi
LzEvY3FQR3lrTmV2Yi1XX19wTVhaamtZQWdvOXhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9MUMA0G
CSqGSIb3DQEBCwUAA4IBAQBUj5clkZXMR6iLwbjMUS7r3rkuQMNeyXEj+iEsQ/zz
EEFvNWkifvpENQXhq3x1ktC+fCWjhiVMU1IpxEwF666f41EQWHD1Nyy4sQYb2fQF
ylioh5+BWBZ1Ms9leFt41LZH5Tytn5QGNo0jsInSjfzN4QlfII2BJewnEkzd0Tyo
HCxn2Fg3iIS6l58bmTNwKRzR54/cqmFuBL14Bm1V5hBmL5HGk2GT1/KP4ua6jQSB
RcLTzwRZEIQrTuj2gCBxD36yYOFjRZ90tR9IBV8qGBlEO1c6VwrlVidY7TRvFiAw
VOjLXAdhukSdanGPJVJmTSDCRuHk+TtPz98nZh073/Mq
-----END CERTIFICATE-----