Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/3a094c-ff8e-4b44-81f0-94c7601aefda/1/xyaXxuY3ZO1uZcO5GAS4zcDOSRk.roa
File:                     xyaXxuY3ZO1uZcO5GAS4zcDOSRk.roa (raw, json)
Hash identifier:          nOAMPNQZnV4DF2lVAkMXjtZpyS/xfymUINln3DiQNF0=
Subject key identifier:   C7:26:97:C6:E6:37:64:ED:6E:65:C3:B9:18:04:B8:CD:C0:CE:49:19
Certificate issuer:       /CN=19139575c401283fff536137b0e83e5415fe18d0
Certificate serial:       018CC348E47A399390E200995CBE0AB01FF4
Authority key identifier: 19:13:95:75:C4:01:28:3F:FF:53:61:37:B0:E8:3E:54:15:FE:18:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GROVdcQBKD__U2E3sOg-VBX-GNA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/3a094c-ff8e-4b44-81f0-94c7601aefda/1/xyaXxuY3ZO1uZcO5GAS4zcDOSRk.roa
Signing time:             Mon 01 Jan 2024 04:29:43 +0000
ROA not before:           Mon 01 Jan 2024 04:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44201
IP address blocks:        91.209.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/3a094c-ff8e-4b44-81f0-94c7601aefda/1/GROVdcQBKD__U2E3sOg-VBX-GNA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/3a094c-ff8e-4b44-81f0-94c7601aefda/1/GROVdcQBKD__U2E3sOg-VBX-GNA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GROVdcQBKD__U2E3sOg-VBX-GNA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e4:7a:39:93:90:e2:00:99:5c:be:0a:b0:1f:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19139575c401283fff536137b0e83e5415fe18d0
        Validity
            Not Before: Jan  1 04:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c72697c6e63764ed6e65c3b91804b8cdc0ce4919
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:c3:85:df:f7:1d:2c:00:5e:79:af:80:54:aa:
                    80:3c:4b:e6:d5:1a:44:12:f3:e5:f8:fb:0c:69:44:
                    ee:82:eb:b1:01:e2:1b:6a:94:64:37:de:fb:30:52:
                    2b:2c:95:08:6e:2b:ce:32:18:b2:5b:4f:3a:e8:d0:
                    9b:9f:16:59:da:24:5b:4d:44:b7:e9:8a:be:ce:e2:
                    b4:54:dd:d9:ab:6a:73:6a:9f:c3:15:91:4e:49:8a:
                    00:4f:a5:eb:1b:f3:33:d6:48:5a:f0:09:47:6e:7d:
                    83:a2:8e:8c:45:e2:83:91:f2:45:ab:8c:fc:b1:95:
                    7e:82:6d:e9:5b:75:3e:dc:e6:fd:5b:e7:3f:33:21:
                    84:16:cb:c3:dd:63:bb:0b:46:58:98:a9:7a:73:e5:
                    d1:bb:0c:bf:66:53:81:91:0c:94:5c:c1:3c:79:93:
                    75:ea:e6:e8:d8:a6:07:a3:88:be:05:e0:a3:e7:db:
                    6f:2d:37:03:52:ec:c5:db:dd:b2:df:0d:ee:1d:3b:
                    29:e5:c4:94:e3:c1:1f:df:b7:49:71:cc:0e:58:cf:
                    1b:a5:6d:9a:65:65:86:d0:37:e7:94:ba:b6:3c:dc:
                    20:27:a2:c5:44:8b:e7:bc:8b:80:f0:69:43:fb:40:
                    a0:0b:36:81:36:71:ea:c4:a1:48:cf:ed:64:47:8a:
                    cd:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:26:97:C6:E6:37:64:ED:6E:65:C3:B9:18:04:B8:CD:C0:CE:49:19
            X509v3 Authority Key Identifier:
                keyid:19:13:95:75:C4:01:28:3F:FF:53:61:37:B0:E8:3E:54:15:FE:18:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GROVdcQBKD__U2E3sOg-VBX-GNA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/3a094c-ff8e-4b44-81f0-94c7601aefda/1/xyaXxuY3ZO1uZcO5GAS4zcDOSRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/3a094c-ff8e-4b44-81f0-94c7601aefda/1/GROVdcQBKD__U2E3sOg-VBX-GNA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:f5:ac:30:a9:d3:b7:8e:32:a9:40:32:ab:23:40:f1:42:32:
         c2:8b:db:fe:8e:43:f5:8b:a6:53:56:e5:8f:88:79:fe:b3:44:
         19:ba:13:e3:9e:86:ff:53:3c:31:aa:ed:46:59:1c:77:1c:52:
         7a:60:04:4a:f2:d8:0c:5a:1e:f5:2a:ab:be:ed:06:83:83:54:
         93:d1:62:c3:d4:1d:75:98:82:09:a1:ba:d7:ad:19:38:fa:d8:
         b2:3f:39:b6:2a:a7:97:81:6f:ee:18:64:e4:18:03:b3:08:d2:
         15:29:46:56:42:f4:5a:f8:e3:01:a7:9f:5d:f9:46:bb:7e:17:
         d9:c2:75:b5:2a:1f:88:0d:96:b2:1d:36:7a:b9:5a:f6:96:9f:
         91:22:3d:5a:26:72:d8:50:30:1c:b7:6e:ca:c9:16:a8:4f:1d:
         91:3a:84:20:5b:26:0e:cc:ed:63:68:f2:ec:85:e5:e8:fd:a9:
         0c:a9:dd:09:c9:9c:4b:68:b3:ab:69:90:e1:2d:ff:58:76:25:
         d6:fa:9e:ff:91:a6:e0:fd:70:5c:6f:91:b2:42:8e:40:4d:a5:
         68:7c:b6:55:af:67:22:b4:f8:3b:c0:29:a2:c9:2c:b2:46:d5:
         7b:35:72:02:ad:bb:6a:f5:87:b6:69:2b:c1:ec:ba:fc:4e:ba:
         a8:d3:8d:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOR6OZOQ4gCZXL4KsB/0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5MTM5NTc1YzQwMTI4M2ZmZjUzNjEzN2IwZTgzZTU0MTVm
ZTE4ZDAwHhcNMjQwMTAxMDQyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzI2OTdjNmU2Mzc2NGVkNmU2NWMzYjkxODA0YjhjZGMwY2U0OTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2cOF3/cdLABeea+AVKqAPEvm1RpE
EvPl+PsMaUTuguuxAeIbapRkN977MFIrLJUIbivOMhiyW0866NCbnxZZ2iRbTUS3
6Yq+zuK0VN3Zq2pzap/DFZFOSYoAT6XrG/Mz1kha8AlHbn2Doo6MReKDkfJFq4z8
sZV+gm3pW3U+3Ob9W+c/MyGEFsvD3WO7C0ZYmKl6c+XRuwy/ZlOBkQyUXME8eZN1
6ubo2KYHo4i+BeCj59tvLTcDUuzF292y3w3uHTsp5cSU48Ef37dJccwOWM8bpW2a
ZWWG0DfnlLq2PNwgJ6LFRIvnvIuA8GlD+0CgCzaBNnHqxKFIz+1kR4rNuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMcml8bmN2TtbmXDuRgEuM3AzkkZMB8GA1UdIwQY
MBaAFBkTlXXEASg//1NhN7DoPlQV/hjQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1JPVmRjUUJLRF9fVTJFM3NPZy1WQlgtR05BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi8zYTA5NGMtZmY4ZS00YjQ0LTgxZjAt
OTRjNzYwMWFlZmRhLzEveHlhWHh1WTNaTzF1WmNPNUdBUzR6Y0RPU1JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi8zYTA5NGMtZmY4ZS00YjQ0LTgxZjAtOTRjNzYwMWFlZmRh
LzEvR1JPVmRjUUJLRF9fVTJFM3NPZy1WQlgtR05BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9GSMA0G
CSqGSIb3DQEBCwUAA4IBAQB79awwqdO3jjKpQDKrI0DxQjLCi9v+jkP1i6ZTVuWP
iHn+s0QZuhPjnob/Uzwxqu1GWRx3HFJ6YARK8tgMWh71Kqu+7QaDg1ST0WLD1B11
mIIJobrXrRk4+tiyPzm2KqeXgW/uGGTkGAOzCNIVKUZWQvRa+OMBp59d+Ua7fhfZ
wnW1Kh+IDZayHTZ6uVr2lp+RIj1aJnLYUDAct27KyRaoTx2ROoQgWyYOzO1jaPLs
heXo/akMqd0JyZxLaLOraZDhLf9YdiXW+p7/kabg/XBcb5GyQo5ATaVofLZVr2ci
tPg7wCmiySyyRtV7NXICrbtq9Ye2aSvB7Lr8Trqo041s
-----END CERTIFICATE-----