Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/3f424e-262c-4077-8849-7418ac110c83/1/hGU3cTQfIKQ8TLaBZwMYiephGmI.roa
File:                     hGU3cTQfIKQ8TLaBZwMYiephGmI.roa (raw, json)
Hash identifier:          9hKYiIu7j7IYPCm/G4xPaw3TKV5XvEg0MxE3C89wM/I=
Subject key identifier:   84:65:37:71:34:1F:20:A4:3C:4C:B6:81:67:03:18:89:EA:61:1A:62
Certificate issuer:       /CN=5e8e581537e7aa66783c3403822a1181a3168d08
Certificate serial:       018CC5DC4B50E3EF18AF35E989DE43EDF5DC
Authority key identifier: 5E:8E:58:15:37:E7:AA:66:78:3C:34:03:82:2A:11:81:A3:16:8D:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xo5YFTfnqmZ4PDQDgioRgaMWjQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/3f424e-262c-4077-8849-7418ac110c83/1/hGU3cTQfIKQ8TLaBZwMYiephGmI.roa
Signing time:             Mon 01 Jan 2024 16:29:57 +0000
ROA not before:           Mon 01 Jan 2024 16:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197929
IP address blocks:        91.230.6.0/23 maxlen: 24
                          94.158.24.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/3f424e-262c-4077-8849-7418ac110c83/1/Xo5YFTfnqmZ4PDQDgioRgaMWjQg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/3f424e-262c-4077-8849-7418ac110c83/1/Xo5YFTfnqmZ4PDQDgioRgaMWjQg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xo5YFTfnqmZ4PDQDgioRgaMWjQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:4b:50:e3:ef:18:af:35:e9:89:de:43:ed:f5:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e8e581537e7aa66783c3403822a1181a3168d08
        Validity
            Not Before: Jan  1 16:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84653771341f20a43c4cb68167031889ea611a62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:89:9d:ce:ae:e7:42:d2:c0:7e:41:cc:02:64:
                    58:fd:09:f3:a8:d5:df:49:c3:a6:36:55:9b:3d:d1:
                    6c:2f:80:90:b0:ae:3c:00:cd:90:cd:3a:17:88:03:
                    55:3c:0a:b9:3b:20:9a:6f:88:95:7c:8c:0f:21:8c:
                    0a:68:c2:16:ea:9e:f9:e1:83:01:de:c6:0d:ca:8c:
                    4a:2b:97:46:34:a8:e6:76:c7:b7:fb:a6:8e:3c:b0:
                    be:bd:66:5e:7d:e5:e1:47:c0:d1:d6:01:f0:9b:d2:
                    90:b0:30:99:e2:68:70:ab:aa:2e:35:bc:e2:7c:f1:
                    a6:ea:76:19:b0:71:3c:3b:d6:4f:10:21:c9:54:f4:
                    8a:8e:42:42:4a:fb:53:13:48:71:27:19:13:5f:01:
                    d0:88:01:41:a2:09:c0:ec:e6:97:7a:0d:43:da:76:
                    c7:5b:a3:e4:bf:23:df:cf:11:f6:7a:1e:4a:9a:74:
                    d3:c0:64:02:3f:e0:9d:0c:08:f7:c1:67:b1:9a:d1:
                    9d:e6:b2:5b:d4:08:be:8f:de:da:55:31:0d:99:f0:
                    a9:52:4a:6b:74:5d:1c:15:02:ec:52:b6:a6:f5:00:
                    77:ca:31:35:62:da:84:33:f0:f0:31:83:69:8a:29:
                    d3:7e:5e:ba:f7:63:d2:03:6e:0e:f2:60:08:54:4f:
                    04:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:65:37:71:34:1F:20:A4:3C:4C:B6:81:67:03:18:89:EA:61:1A:62
            X509v3 Authority Key Identifier:
                keyid:5E:8E:58:15:37:E7:AA:66:78:3C:34:03:82:2A:11:81:A3:16:8D:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xo5YFTfnqmZ4PDQDgioRgaMWjQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/3f424e-262c-4077-8849-7418ac110c83/1/hGU3cTQfIKQ8TLaBZwMYiephGmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/3f424e-262c-4077-8849-7418ac110c83/1/Xo5YFTfnqmZ4PDQDgioRgaMWjQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.6.0/23
                  94.158.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:4a:f9:6c:c6:da:e4:06:87:c1:bf:34:cd:28:1f:be:77:ca:
         2c:28:06:47:b0:04:8d:55:32:11:f6:26:57:1a:55:6e:a6:8e:
         ed:50:7a:cc:4f:c7:f9:36:c9:dd:67:d4:2c:a7:f0:13:a2:b8:
         f5:3e:fc:98:3f:25:81:98:50:b6:b8:58:f2:59:a7:95:2f:89:
         47:b9:c3:d7:c5:c9:8f:e0:db:41:91:6c:1a:fd:c9:1b:52:41:
         57:bd:52:fe:9b:3f:22:bb:b2:f2:71:fd:64:47:3c:14:a8:92:
         13:16:00:18:a0:11:bc:73:4b:30:26:29:7a:91:9a:ab:a7:a5:
         01:bc:9f:38:1b:04:ce:a7:b3:a6:c7:fd:c2:b3:21:db:0c:bf:
         9a:5b:72:ad:79:c8:9e:3d:1f:72:40:96:88:86:a9:17:44:8a:
         7c:b3:50:c7:f5:80:7e:d9:9f:9b:5d:e3:d4:86:b5:98:45:c7:
         0e:9c:e1:66:51:95:44:b8:a3:1a:0a:6b:40:1b:d7:7a:1e:9d:
         75:4c:a9:db:11:b8:c2:82:42:d1:b2:f2:c3:cf:a3:f9:ef:5e:
         1e:0d:7e:ab:93:45:8a:03:c8:71:16:f3:41:b0:bd:96:c7:0f:
         af:81:f0:4e:91:43:c0:f2:63:3a:05:18:93:c0:dd:f7:50:d0:
         23:e0:1c:81
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3EtQ4+8YrzXpid5D7fXcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlOGU1ODE1MzdlN2FhNjY3ODNjMzQwMzgyMmExMTgxYTMx
NjhkMDgwHhcNMjQwMTAxMTYyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDY1Mzc3MTM0MWYyMGE0M2M0Y2I2ODE2NzAzMTg4OWVhNjExYTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqomdzq7nQtLAfkHMAmRY/QnzqNXf
ScOmNlWbPdFsL4CQsK48AM2QzToXiANVPAq5OyCab4iVfIwPIYwKaMIW6p754YMB
3sYNyoxKK5dGNKjmdse3+6aOPLC+vWZefeXhR8DR1gHwm9KQsDCZ4mhwq6ouNbzi
fPGm6nYZsHE8O9ZPECHJVPSKjkJCSvtTE0hxJxkTXwHQiAFBognA7OaXeg1D2nbH
W6PkvyPfzxH2eh5KmnTTwGQCP+CdDAj3wWexmtGd5rJb1Ai+j97aVTENmfCpUkpr
dF0cFQLsUram9QB3yjE1YtqEM/DwMYNpiinTfl6692PSA24O8mAIVE8EfwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIRlN3E0HyCkPEy2gWcDGInqYRpiMB8GA1UdIwQY
MBaAFF6OWBU356pmeDw0A4IqEYGjFo0IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG81WUZUZm5xbVo0UERRRGdpb1JnYU1XalFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi8zZjQyNGUtMjYyYy00MDc3LTg4NDkt
NzQxOGFjMTEwYzgzLzEvaEdVM2NUUWZJS1E4VExhQlp3TVlpZXBoR21JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi8zZjQyNGUtMjYyYy00MDc3LTg4NDktNzQxOGFjMTEwYzgz
LzEvWG81WUZUZm5xbVo0UERRRGdpb1JnYU1XalFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+YGAwQC
Xp4YMA0GCSqGSIb3DQEBCwUAA4IBAQADSvlsxtrkBofBvzTNKB++d8osKAZHsASN
VTIR9iZXGlVupo7tUHrMT8f5NsndZ9Qsp/ATorj1PvyYPyWBmFC2uFjyWaeVL4lH
ucPXxcmP4NtBkWwa/ckbUkFXvVL+mz8iu7Lycf1kRzwUqJITFgAYoBG8c0swJil6
kZqrp6UBvJ84GwTOp7Omx/3CsyHbDL+aW3KteciePR9yQJaIhqkXRIp8s1DH9YB+
2Z+bXePUhrWYRccOnOFmUZVEuKMaCmtAG9d6Hp11TKnbEbjCgkLRsvLDz6P5714e
DX6rk0WKA8hxFvNBsL2Wxw+vgfBOkUPA8mM6BRiTwN33UNAj4ByB
-----END CERTIFICATE-----