Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/TNpJFcY1a9essM0E8uEmEG3Ah3k.roa
File:                     TNpJFcY1a9essM0E8uEmEG3Ah3k.roa (raw, json)
Hash identifier:          Sjr7cOrhCbMu6VIAYSrCx6BZ8oiMs04l03R9Ham2G5w=
Subject key identifier:   4C:DA:49:15:C6:35:6B:D7:AC:B0:CD:04:F2:E1:26:10:6D:C0:87:79
Certificate issuer:       /CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
Certificate serial:       018CCA29CA78E4B4A094F5A53371FAEB65C6
Authority key identifier: 27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/TNpJFcY1a9essM0E8uEmEG3Ah3k.roa
Signing time:             Tue 02 Jan 2024 12:33:05 +0000
ROA not before:           Tue 02 Jan 2024 12:33:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        91.102.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 13:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:ca:78:e4:b4:a0:94:f5:a5:33:71:fa:eb:65:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
        Validity
            Not Before: Jan  2 12:33:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4cda4915c6356bd7acb0cd04f2e126106dc08779
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b7:3e:9d:37:0b:a9:da:59:32:f7:46:c1:0c:
                    8f:19:6c:85:3b:d5:5d:3f:2a:82:2a:0e:45:6a:fb:
                    be:4e:79:8b:b0:b5:8e:17:7b:d5:a8:c7:a3:0e:72:
                    37:d6:30:81:b6:bf:dc:12:53:f5:a0:31:cf:f0:f1:
                    65:a9:9c:d3:05:9a:10:80:b5:e3:98:bb:51:16:6c:
                    41:27:d6:c2:d2:5f:7b:72:b1:41:51:b9:85:f3:55:
                    98:43:a5:fa:c3:09:79:53:2c:af:b2:f1:64:ab:81:
                    cc:8c:bc:9e:c3:70:07:d2:f9:7d:f6:e8:af:80:fa:
                    1e:2a:78:48:c4:29:aa:5c:3b:13:53:5a:f9:b4:97:
                    82:8b:d3:77:f1:b4:6c:27:2d:29:c4:14:23:da:d2:
                    27:c8:67:e7:fa:87:59:1e:f5:41:fa:59:50:1a:f8:
                    da:a1:3f:fc:ec:e5:d4:1a:48:1e:1c:45:44:5b:05:
                    85:ee:bf:52:88:8a:1f:fc:1b:e8:bb:ba:ec:f2:36:
                    d1:4f:61:ab:79:3d:db:89:73:65:a6:8f:7f:8c:5a:
                    49:d9:b9:44:b0:e9:e2:98:9f:be:3c:68:f3:38:0d:
                    43:1d:16:8b:b6:99:4e:38:48:fc:b0:1f:ac:6a:81:
                    e3:94:cf:41:3b:44:a7:cd:81:b9:87:27:38:18:e2:
                    5c:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:DA:49:15:C6:35:6B:D7:AC:B0:CD:04:F2:E1:26:10:6D:C0:87:79
            X509v3 Authority Key Identifier:
                keyid:27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/TNpJFcY1a9essM0E8uEmEG3Ah3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:27:40:e2:0f:8e:54:c7:16:04:c9:60:02:92:d0:1e:d5:14:
         87:e3:ff:8e:f0:bb:ee:6b:61:3e:e1:fe:f1:53:56:85:d5:10:
         de:3d:8b:b9:32:6d:a7:91:2d:48:9c:23:c4:54:2d:40:83:40:
         01:61:74:16:41:c4:89:df:5f:7b:76:66:5d:c9:2e:3f:4f:65:
         f7:cf:53:26:ec:25:41:bf:66:a0:d9:13:ae:f9:23:e5:ac:3f:
         07:43:d8:24:a7:a5:87:ca:7a:cf:49:33:49:5e:f2:de:cc:07:
         74:58:bf:bc:1d:3c:a4:18:9b:33:70:cc:90:d8:7f:05:3e:89:
         77:2d:8b:36:c2:13:f9:5c:7e:f3:fa:ef:aa:79:c9:a7:14:45:
         ab:ce:10:f2:e6:d6:ef:ca:49:ae:af:73:2d:67:ba:93:71:6c:
         04:96:0f:66:3c:1a:c6:f5:e6:f3:f7:92:a1:83:04:92:78:b4:
         41:c1:59:28:93:b5:c6:c0:b8:e3:29:19:60:62:85:cd:f3:39:
         63:63:21:3e:55:d6:a0:34:b1:3b:a4:79:55:91:60:a4:9a:82:
         9d:8f:97:c6:f1:45:ad:1c:9a:09:f5:0c:0f:db:a9:ce:b7:dd:
         66:6c:16:88:d0:eb:31:8f:9d:d4:ba:f6:b8:13:fc:c2:c8:33:
         57:ce:89:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKcp45LSglPWlM3H662XGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YzhiNDI3YzMxMzU5OGE5MmU4ZDhlYzYwZTI5NTBkYTM5
ZmMyYzkwHhcNMjQwMTAyMTIzMzA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2RhNDkxNWM2MzU2YmQ3YWNiMGNkMDRmMmUxMjYxMDZkYzA4Nzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrc+nTcLqdpZMvdGwQyPGWyFO9Vd
PyqCKg5Favu+TnmLsLWOF3vVqMejDnI31jCBtr/cElP1oDHP8PFlqZzTBZoQgLXj
mLtRFmxBJ9bC0l97crFBUbmF81WYQ6X6wwl5UyyvsvFkq4HMjLyew3AH0vl99uiv
gPoeKnhIxCmqXDsTU1r5tJeCi9N38bRsJy0pxBQj2tInyGfn+odZHvVB+llQGvja
oT/87OXUGkgeHEVEWwWF7r9SiIof/Bvou7rs8jbRT2GreT3biXNlpo9/jFpJ2blE
sOnimJ++PGjzOA1DHRaLtplOOEj8sB+saoHjlM9BO0SnzYG5hyc4GOJc5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEzaSRXGNWvXrLDNBPLhJhBtwId5MB8GA1UdIwQY
MBaAFCfItCfDE1mKkujY7GDilQ2jn8LJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzct
MWM2ZWU0NGUxMWFkLzEvVE5wSkZjWTFhOWVzc00wRTh1RW1FRzNBaDNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzctMWM2ZWU0NGUxMWFk
LzEvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2akMA0G
CSqGSIb3DQEBCwUAA4IBAQA1J0DiD45UxxYEyWACktAe1RSH4/+O8Lvua2E+4f7x
U1aF1RDePYu5Mm2nkS1InCPEVC1Ag0ABYXQWQcSJ3197dmZdyS4/T2X3z1Mm7CVB
v2ag2ROu+SPlrD8HQ9gkp6WHynrPSTNJXvLezAd0WL+8HTykGJszcMyQ2H8FPol3
LYs2whP5XH7z+u+qecmnFEWrzhDy5tbvykmur3MtZ7qTcWwElg9mPBrG9ebz95Kh
gwSSeLRBwVkok7XGwLjjKRlgYoXN8zljYyE+VdagNLE7pHlVkWCkmoKdj5fG8UWt
HJoJ9QwP26nOt91mbBaI0Osxj53Uuva4E/zCyDNXzokm
-----END CERTIFICATE-----