Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/13b144-be16-4922-a983-25ae9293f6b4/1/8r0Pw1i7GV7teN3hHEa_s9eHLnc.roa
File:                     8r0Pw1i7GV7teN3hHEa_s9eHLnc.roa (raw, json)
Hash identifier:          y8OIzf+PyqZ46X46PvSzRBTC719r6bsUGNpOzv9P0Ys=
Subject key identifier:   F2:BD:0F:C3:58:BB:19:5E:ED:78:DD:E1:1C:46:BF:B3:D7:87:2E:77
Certificate issuer:       /CN=6821c8ff0437f7edd829166fde03446f86109d80
Certificate serial:       01930C20E1F91F211A93CA191C058CA55CDC
Authority key identifier: 68:21:C8:FF:04:37:F7:ED:D8:29:16:6F:DE:03:44:6F:86:10:9D:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aCHI_wQ39-3YKRZv3gNEb4YQnYA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/13b144-be16-4922-a983-25ae9293f6b4/1/8r0Pw1i7GV7teN3hHEa_s9eHLnc.roa
Signing time:             Fri 08 Nov 2024 14:15:01 +0000
ROA not before:           Fri 08 Nov 2024 14:15:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212761
IP address blocks:        91.227.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/13b144-be16-4922-a983-25ae9293f6b4/1/aCHI_wQ39-3YKRZv3gNEb4YQnYA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/13b144-be16-4922-a983-25ae9293f6b4/1/aCHI_wQ39-3YKRZv3gNEb4YQnYA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aCHI_wQ39-3YKRZv3gNEb4YQnYA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:0c:20:e1:f9:1f:21:1a:93:ca:19:1c:05:8c:a5:5c:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6821c8ff0437f7edd829166fde03446f86109d80
        Validity
            Not Before: Nov  8 14:15:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2bd0fc358bb195eed78dde11c46bfb3d7872e77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f8:0b:d1:42:dd:45:26:f7:b5:3b:8e:46:d0:
                    a3:94:b5:6f:ed:51:41:59:ee:5a:47:2f:3f:a2:50:
                    ab:73:aa:e7:22:11:6f:78:f9:95:57:8f:21:52:6a:
                    3a:af:4d:7e:64:51:4e:6e:45:00:c3:38:63:ea:50:
                    65:da:3e:5b:86:9f:4d:9f:cf:f1:61:31:5b:85:8b:
                    7a:e0:e2:8e:e2:f2:6c:f1:87:0d:58:2a:c1:14:cc:
                    a7:e1:3f:dc:3c:38:78:6d:95:86:17:64:5f:05:fc:
                    ef:c7:0d:c2:bf:20:b6:1d:01:3e:98:12:5f:36:f7:
                    90:32:3c:2b:bc:9b:ef:e6:1d:a7:6c:8f:49:14:e2:
                    76:50:be:d4:ce:46:3d:94:6e:12:ba:ee:02:9f:63:
                    49:6b:34:52:32:0f:12:3c:f9:ee:6d:34:bc:93:3e:
                    98:7e:e6:8d:42:ff:32:f3:b4:c3:52:b0:ef:d5:37:
                    ff:b4:bc:97:ae:56:b8:ad:ee:26:b7:bc:54:dd:4e:
                    bf:5b:1d:9c:3c:e1:27:1b:03:60:34:c8:d9:7b:c6:
                    2e:35:e9:0e:e6:6e:7b:3d:11:66:e8:ed:8f:18:ac:
                    65:5e:a4:e9:1e:38:80:04:b7:8e:aa:e1:5b:4c:12:
                    0e:ea:b8:70:68:57:ae:da:02:1c:b3:d9:09:36:78:
                    49:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:BD:0F:C3:58:BB:19:5E:ED:78:DD:E1:1C:46:BF:B3:D7:87:2E:77
            X509v3 Authority Key Identifier:
                keyid:68:21:C8:FF:04:37:F7:ED:D8:29:16:6F:DE:03:44:6F:86:10:9D:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aCHI_wQ39-3YKRZv3gNEb4YQnYA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/13b144-be16-4922-a983-25ae9293f6b4/1/8r0Pw1i7GV7teN3hHEa_s9eHLnc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/13b144-be16-4922-a983-25ae9293f6b4/1/aCHI_wQ39-3YKRZv3gNEb4YQnYA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:eb:ce:d9:0f:2a:0c:8f:8a:71:bf:d3:ae:0f:d7:bf:3e:27:
         d4:9c:cc:c9:1a:fc:81:57:ed:0c:06:fe:38:b2:a7:e0:69:bf:
         23:62:71:40:65:6e:15:19:57:67:d2:ad:4a:aa:5e:b7:9d:ad:
         b1:6f:c1:1a:89:5c:0f:e4:4e:a1:52:0c:6f:3e:e4:08:5a:0d:
         ae:05:c5:31:85:97:9e:9b:57:c3:4b:1d:48:32:07:4c:51:86:
         0c:d3:0f:fc:83:23:c1:56:df:c9:10:93:85:31:df:df:dc:21:
         d6:ca:8d:3d:51:2c:2c:bc:6c:53:ad:f9:b8:78:b7:ed:be:11:
         85:75:26:84:13:76:a6:62:10:63:c1:f5:09:aa:34:f3:5f:e4:
         2e:fd:33:5d:53:3a:fb:5f:e7:a7:00:9d:fa:98:9b:2c:dd:55:
         c6:ee:ee:c8:1c:f1:3b:73:8f:7f:d1:ac:e0:52:df:35:51:a2:
         e4:0c:b0:5f:3e:02:30:da:1c:bd:ce:ac:7b:e7:ce:50:3b:e9:
         24:b3:ee:da:ce:0e:7a:11:de:9e:04:f6:63:1f:9d:55:64:29:
         28:f7:14:5c:33:ff:ee:6a:f2:44:ea:5c:95:60:a1:45:14:3b:
         4f:1c:83:51:8a:bb:9a:7f:16:c1:4d:1c:f7:1e:f2:8e:89:39:
         ca:62:d6:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMMIOH5HyEak8oZHAWMpVzcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MjFjOGZmMDQzN2Y3ZWRkODI5MTY2ZmRlMDM0NDZmODYx
MDlkODAwHhcNMjQxMTA4MTQxNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmJkMGZjMzU4YmIxOTVlZWQ3OGRkZTExYzQ2YmZiM2Q3ODcyZTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPgL0ULdRSb3tTuORtCjlLVv7VFB
We5aRy8/olCrc6rnIhFvePmVV48hUmo6r01+ZFFObkUAwzhj6lBl2j5bhp9Nn8/x
YTFbhYt64OKO4vJs8YcNWCrBFMyn4T/cPDh4bZWGF2RfBfzvxw3CvyC2HQE+mBJf
NveQMjwrvJvv5h2nbI9JFOJ2UL7UzkY9lG4Suu4Cn2NJazRSMg8SPPnubTS8kz6Y
fuaNQv8y87TDUrDv1Tf/tLyXrla4re4mt7xU3U6/Wx2cPOEnGwNgNMjZe8YuNekO
5m57PRFm6O2PGKxlXqTpHjiABLeOquFbTBIO6rhwaFeu2gIcs9kJNnhJpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPK9D8NYuxle7Xjd4RxGv7PXhy53MB8GA1UdIwQY
MBaAFGghyP8EN/ft2CkWb94DRG+GEJ2AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUNISV93UTM5LTNZS1JadjNnTkViNFlRbllBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8xM2IxNDQtYmUxNi00OTIyLWE5ODMt
MjVhZTkyOTNmNmI0LzEvOHIwUHcxaTdHVjd0ZU4zaEhFYV9zOWVITG5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8xM2IxNDQtYmUxNi00OTIyLWE5ODMtMjVhZTkyOTNmNmI0
LzEvYUNISV93UTM5LTNZS1JadjNnTkViNFlRbllBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+MqMA0G
CSqGSIb3DQEBCwUAA4IBAQBg687ZDyoMj4pxv9OuD9e/PifUnMzJGvyBV+0MBv44
sqfgab8jYnFAZW4VGVdn0q1Kql63na2xb8EaiVwP5E6hUgxvPuQIWg2uBcUxhZee
m1fDSx1IMgdMUYYM0w/8gyPBVt/JEJOFMd/f3CHWyo09USwsvGxTrfm4eLftvhGF
dSaEE3amYhBjwfUJqjTzX+Qu/TNdUzr7X+enAJ36mJss3VXG7u7IHPE7c49/0azg
Ut81UaLkDLBfPgIw2hy9zqx7585QO+kks+7azg56Ed6eBPZjH51VZCko9xRcM//u
avJE6lyVYKFFFDtPHINRiruafxbBTRz3HvKOiTnKYtZn
-----END CERTIFICATE-----