Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/9620ce-43f0-42bc-af59-435bda5bd048/1/iHkiOyoUKXqNu6XHk2lSY0pA9C0.roa
File:                     iHkiOyoUKXqNu6XHk2lSY0pA9C0.roa (raw, json)
Hash identifier:          iF3I+Fjo9tBGMv1XTdvg279ZPU6h5UTXo0y/zhV9tHU=
Subject key identifier:   88:79:22:3B:2A:14:29:7A:8D:BB:A5:C7:93:69:52:63:4A:40:F4:2D
Certificate issuer:       /CN=731535a2eaebc68c1657aafcf5a788c8751d9b62
Certificate serial:       018CC9BB8E36591F3B3FB0CBA343D6C1DA4B
Authority key identifier: 73:15:35:A2:EA:EB:C6:8C:16:57:AA:FC:F5:A7:88:C8:75:1D:9B:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cxU1ourrxowWV6r89aeIyHUdm2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/9620ce-43f0-42bc-af59-435bda5bd048/1/iHkiOyoUKXqNu6XHk2lSY0pA9C0.roa
Signing time:             Tue 02 Jan 2024 10:32:41 +0000
ROA not before:           Tue 02 Jan 2024 10:32:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        91.218.37.0/24 maxlen: 24
                          2a02:ef80::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/9620ce-43f0-42bc-af59-435bda5bd048/1/cxU1ourrxowWV6r89aeIyHUdm2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/9620ce-43f0-42bc-af59-435bda5bd048/1/cxU1ourrxowWV6r89aeIyHUdm2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cxU1ourrxowWV6r89aeIyHUdm2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 19:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:8e:36:59:1f:3b:3f:b0:cb:a3:43:d6:c1:da:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=731535a2eaebc68c1657aafcf5a788c8751d9b62
        Validity
            Not Before: Jan  2 10:32:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8879223b2a14297a8dbba5c7936952634a40f42d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:3d:0d:98:d7:22:f7:5a:4f:f0:95:52:bb:95:
                    45:15:4c:56:66:ae:0d:20:c2:9e:65:29:8e:2d:cb:
                    ed:9b:20:2d:54:56:41:cf:d1:37:fa:5c:7f:7b:d5:
                    77:04:2a:06:fa:4f:cf:38:9f:ef:20:04:39:76:ba:
                    18:f3:f0:9d:85:42:c1:42:07:10:c4:55:54:7e:c5:
                    4d:e2:7a:89:29:92:2d:ae:4e:62:27:9d:4e:3f:a7:
                    34:6f:f6:dc:e8:ca:5f:01:47:91:8b:25:f4:3f:22:
                    b6:62:39:9e:e6:b6:db:b4:60:7b:e9:18:47:84:6b:
                    c0:4b:7f:11:f8:7d:fc:cb:56:e5:19:a0:e5:6a:7e:
                    f8:5f:5a:39:40:29:f0:79:0b:df:8f:34:d7:ba:67:
                    fd:51:b5:44:10:1e:a6:4d:e9:0a:8c:57:20:3c:37:
                    d0:87:2a:b9:fb:7e:df:59:b6:4d:ae:0f:bd:d6:f1:
                    61:23:7d:fa:f9:99:5f:27:62:a6:93:80:9f:d9:cb:
                    fa:8b:eb:bf:be:ce:8e:23:ea:70:06:f0:a4:8e:ca:
                    37:39:eb:ca:8e:e0:79:55:58:db:67:b8:28:1b:77:
                    da:40:d3:c1:7e:28:e4:f7:1d:d1:04:bd:24:84:c1:
                    34:b4:3e:4d:e0:12:9c:a2:46:8a:2c:fd:bb:31:32:
                    83:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:79:22:3B:2A:14:29:7A:8D:BB:A5:C7:93:69:52:63:4A:40:F4:2D
            X509v3 Authority Key Identifier:
                keyid:73:15:35:A2:EA:EB:C6:8C:16:57:AA:FC:F5:A7:88:C8:75:1D:9B:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cxU1ourrxowWV6r89aeIyHUdm2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/9620ce-43f0-42bc-af59-435bda5bd048/1/iHkiOyoUKXqNu6XHk2lSY0pA9C0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/9620ce-43f0-42bc-af59-435bda5bd048/1/cxU1ourrxowWV6r89aeIyHUdm2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.218.37.0/24
                IPv6:
                  2a02:ef80::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:b5:1e:21:cf:fe:c0:c9:76:70:90:75:09:f0:53:29:aa:6c:
         8e:13:17:09:a4:1f:15:e9:f4:73:6d:42:01:42:e8:d4:52:e0:
         8c:42:2b:75:8e:6c:26:e4:97:3a:75:7a:83:9f:3c:b8:f8:4f:
         e0:d1:61:81:b2:a5:28:c4:70:d1:3d:8e:0a:24:1a:5c:a2:76:
         32:f5:54:ba:79:42:c9:55:14:41:bf:c3:2b:11:e5:74:3f:2a:
         60:5d:00:e9:3b:06:57:d1:4a:fb:4d:e5:41:bf:d0:ae:c7:f6:
         33:29:63:01:d4:cf:41:5d:72:c3:f6:bb:e9:cf:11:5d:43:7b:
         d0:a7:d4:2b:fe:36:a9:80:59:ff:a1:e5:72:11:96:2c:dc:df:
         66:b1:08:8a:da:bd:94:23:46:48:f0:a7:46:bd:a6:70:8e:e2:
         c0:ac:0e:fe:bd:30:14:54:9a:d3:78:c6:e5:3a:1a:d7:f6:5e:
         7d:17:a1:2f:a3:59:77:bb:2e:5d:1e:cc:7a:48:f1:1a:f6:7d:
         20:2e:07:d1:0d:dd:5f:5b:1d:45:39:ea:ea:65:2d:78:0a:1e:
         50:13:4f:57:ff:33:2c:1c:18:fa:ce:28:0f:c7:75:41:ed:76:
         2a:25:17:41:dc:ea:7a:08:40:f4:83:b9:4e:dd:47:eb:ad:6f:
         94:42:86:d1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJu442WR87P7DLo0PWwdpLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczMTUzNWEyZWFlYmM2OGMxNjU3YWFmY2Y1YTc4OGM4NzUx
ZDliNjIwHhcNMjQwMTAyMTAzMjQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODc5MjIzYjJhMTQyOTdhOGRiYmE1Yzc5MzY5NTI2MzRhNDBmNDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkz0NmNci91pP8JVSu5VFFUxWZq4N
IMKeZSmOLcvtmyAtVFZBz9E3+lx/e9V3BCoG+k/POJ/vIAQ5droY8/CdhULBQgcQ
xFVUfsVN4nqJKZItrk5iJ51OP6c0b/bc6MpfAUeRiyX0PyK2Yjme5rbbtGB76RhH
hGvAS38R+H38y1blGaDlan74X1o5QCnweQvfjzTXumf9UbVEEB6mTekKjFcgPDfQ
hyq5+37fWbZNrg+91vFhI336+ZlfJ2Kmk4Cf2cv6i+u/vs6OI+pwBvCkjso3OevK
juB5VVjbZ7goG3faQNPBfijk9x3RBL0khME0tD5N4BKcokaKLP27MTKDiQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIh5IjsqFCl6jbulx5NpUmNKQPQtMB8GA1UdIwQY
MBaAFHMVNaLq68aMFleq/PWniMh1HZtiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3hVMW91cnJ4b3dXVjZyODlhZUl5SFVkbTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS85NjIwY2UtNDNmMC00MmJjLWFmNTkt
NDM1YmRhNWJkMDQ4LzEvaUhraU95b1VLWHFOdTZYSGsybFNZMHBBOUMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS85NjIwY2UtNDNmMC00MmJjLWFmNTktNDM1YmRhNWJkMDQ4
LzEvY3hVMW91cnJ4b3dXVjZyODlhZUl5SFVkbTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9olMA8E
AgACMAkDBwAqAu+AAAAwDQYJKoZIhvcNAQELBQADggEBAJW1HiHP/sDJdnCQdQnw
UymqbI4TFwmkHxXp9HNtQgFC6NRS4IxCK3WObCbklzp1eoOfPLj4T+DRYYGypSjE
cNE9jgokGlyidjL1VLp5QslVFEG/wysR5XQ/KmBdAOk7BlfRSvtN5UG/0K7H9jMp
YwHUz0FdcsP2u+nPEV1De9Cn1Cv+NqmAWf+h5XIRlizc32axCIravZQjRkjwp0a9
pnCO4sCsDv69MBRUmtN4xuU6Gtf2Xn0XoS+jWXe7Ll0ezHpI8Rr2fSAuB9EN3V9b
HUU56uplLXgKHlATT1f/MywcGPrOKA/HdUHtdiolF0Hc6noIQPSDuU7dR+utb5RC
htE=
-----END CERTIFICATE-----