Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/f0767c-b019-463c-a0b1-8d4bfd0aace8/1/Yg6hoMCdKCjKCR5psal6ONvLZWw.roa
File:                     Yg6hoMCdKCjKCR5psal6ONvLZWw.roa (raw, json)
Hash identifier:          ALI6DUJ8dZ3VQ4CqB4Y1QxqyVWJrovNSShrsx5mXSdo=
Subject key identifier:   62:0E:A1:A0:C0:9D:28:28:CA:09:1E:69:B1:A9:7A:38:DB:CB:65:6C
Certificate issuer:       /CN=925cecefe522817405d26fc92bb5104ac90cfdc5
Certificate serial:       018CC5DC1CCEE09EAE60C74B07880FAFF6A4
Authority key identifier: 92:5C:EC:EF:E5:22:81:74:05:D2:6F:C9:2B:B5:10:4A:C9:0C:FD:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/klzs7-UigXQF0m_JK7UQSskM_cU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/f0767c-b019-463c-a0b1-8d4bfd0aace8/1/Yg6hoMCdKCjKCR5psal6ONvLZWw.roa
Signing time:             Mon 01 Jan 2024 16:29:46 +0000
ROA not before:           Mon 01 Jan 2024 16:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58307
IP address blocks:        91.227.61.0/24 maxlen: 24
                          91.229.210.0/24 maxlen: 24
                          2001:7f8:6b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/f0767c-b019-463c-a0b1-8d4bfd0aace8/1/klzs7-UigXQF0m_JK7UQSskM_cU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/f0767c-b019-463c-a0b1-8d4bfd0aace8/1/klzs7-UigXQF0m_JK7UQSskM_cU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/klzs7-UigXQF0m_JK7UQSskM_cU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:1c:ce:e0:9e:ae:60:c7:4b:07:88:0f:af:f6:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=925cecefe522817405d26fc92bb5104ac90cfdc5
        Validity
            Not Before: Jan  1 16:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=620ea1a0c09d2828ca091e69b1a97a38dbcb656c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:30:58:28:d7:6c:a4:cc:f6:5c:3a:6e:ff:de:
                    ee:4a:63:82:e5:d2:81:c5:66:7a:05:5e:0d:6a:e7:
                    a9:ab:fd:9f:c6:c3:e7:5a:1f:9d:a2:7b:97:ec:2f:
                    54:18:62:60:18:18:78:c7:c0:ce:7d:bc:e9:5d:41:
                    fa:f9:31:43:39:cd:42:1e:3c:3b:1b:3d:25:88:60:
                    33:3f:b5:4c:28:52:c0:43:13:30:0b:06:19:6b:f2:
                    7c:0e:da:99:d7:67:da:59:9c:d0:b1:66:81:8e:f8:
                    00:f1:65:a8:aa:cc:4c:55:c3:7a:83:79:8b:cd:eb:
                    c7:1e:7b:9c:28:46:3b:dc:6d:5a:76:27:65:d3:72:
                    59:b0:aa:07:38:a5:d7:eb:fe:c4:cc:00:67:99:ce:
                    bb:aa:ee:ed:39:4a:71:fc:89:19:89:28:b8:28:e3:
                    20:bf:75:d8:01:03:81:3e:4f:ce:44:51:c9:84:26:
                    fc:3a:20:3b:bb:d4:a3:f0:08:56:8a:54:09:16:1f:
                    0a:91:f4:d8:ac:66:30:d3:e2:0b:3d:c3:33:0a:57:
                    ad:ba:16:aa:64:63:a3:c5:f2:2b:78:50:55:36:ec:
                    75:dc:7b:bd:18:f7:54:c7:7c:c8:09:10:98:f6:6e:
                    af:48:b7:0c:cd:af:90:52:02:d4:be:65:a3:e9:ae:
                    48:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:0E:A1:A0:C0:9D:28:28:CA:09:1E:69:B1:A9:7A:38:DB:CB:65:6C
            X509v3 Authority Key Identifier:
                keyid:92:5C:EC:EF:E5:22:81:74:05:D2:6F:C9:2B:B5:10:4A:C9:0C:FD:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/klzs7-UigXQF0m_JK7UQSskM_cU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/f0767c-b019-463c-a0b1-8d4bfd0aace8/1/Yg6hoMCdKCjKCR5psal6ONvLZWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/f0767c-b019-463c-a0b1-8d4bfd0aace8/1/klzs7-UigXQF0m_JK7UQSskM_cU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.61.0/24
                  91.229.210.0/24
                IPv6:
                  2001:7f8:6b::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:36:3a:2c:0a:9f:72:e4:93:3b:ed:af:90:ec:ea:16:2f:71:
         c0:30:df:45:87:ad:4d:2f:e5:18:5a:97:7c:89:29:d5:4f:ed:
         4b:22:16:52:16:d9:4d:99:ce:c8:e8:2c:73:4f:82:cb:e8:d9:
         cd:a5:46:09:da:cc:07:6b:55:e9:1e:1c:6d:95:94:26:27:b1:
         16:7a:90:29:70:0f:2d:0b:bb:7a:70:7d:42:68:2f:fb:19:5d:
         41:72:1d:b7:ed:e1:ea:67:59:6e:16:ad:58:36:c3:36:de:6b:
         da:80:32:9f:b1:2e:85:4e:62:33:ec:4c:c0:25:5a:81:88:f5:
         e3:74:bd:5e:ec:10:47:21:a2:36:b9:b8:c4:31:c8:0e:85:5e:
         cd:2b:ad:bc:23:11:f7:63:9a:fe:ed:f0:ba:a3:11:dd:45:61:
         4d:33:ba:ba:c8:7d:43:2a:92:84:fe:46:18:2e:3a:c4:95:5e:
         04:32:07:14:36:ec:54:93:2b:4c:ef:c3:e3:7c:5b:c7:5e:11:
         69:93:27:9b:b6:b5:4d:ba:43:69:c7:3f:9a:dd:c2:2c:7e:18:
         50:66:38:c6:bb:96:32:e0:10:66:4b:61:27:7a:34:0a:03:92:
         4c:b3:cf:ac:66:25:0a:44:70:80:4e:a5:9e:e8:a7:c3:ac:0e:
         2a:c1:e1:db
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzF3BzO4J6uYMdLB4gPr/akMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNWNlY2VmZTUyMjgxNzQwNWQyNmZjOTJiYjUxMDRhYzkw
Y2ZkYzUwHhcNMjQwMTAxMTYyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjBlYTFhMGMwOWQyODI4Y2EwOTFlNjliMWE5N2EzOGRiY2I2NTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjBYKNdspMz2XDpu/97uSmOC5dKB
xWZ6BV4Nauepq/2fxsPnWh+donuX7C9UGGJgGBh4x8DOfbzpXUH6+TFDOc1CHjw7
Gz0liGAzP7VMKFLAQxMwCwYZa/J8DtqZ12faWZzQsWaBjvgA8WWoqsxMVcN6g3mL
zevHHnucKEY73G1adidl03JZsKoHOKXX6/7EzABnmc67qu7tOUpx/IkZiSi4KOMg
v3XYAQOBPk/ORFHJhCb8OiA7u9Sj8AhWilQJFh8KkfTYrGYw0+ILPcMzCletuhaq
ZGOjxfIreFBVNux13Hu9GPdUx3zICRCY9m6vSLcMza+QUgLUvmWj6a5ISwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFGIOoaDAnSgoygkeabGpejjby2VsMB8GA1UdIwQY
MBaAFJJc7O/lIoF0BdJvySu1EErJDP3FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2x6czctVWlnWFFGMG1fSks3VVFTc2tNX2NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mMDc2N2MtYjAxOS00NjNjLWEwYjEt
OGQ0YmZkMGFhY2U4LzEvWWc2aG9NQ2RLQ2pLQ1I1cHNhbDZPTnZMWld3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mMDc2N2MtYjAxOS00NjNjLWEwYjEtOGQ0YmZkMGFhY2U4
LzEva2x6czctVWlnWFFGMG1fSks3VVFTc2tNX2NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAW+M9AwQA
W+XSMA8EAgACMAkDBwAgAQf4AGswDQYJKoZIhvcNAQELBQADggEBADA2OiwKn3Lk
kzvtr5Ds6hYvccAw30WHrU0v5Rhal3yJKdVP7UsiFlIW2U2ZzsjoLHNPgsvo2c2l
RgnazAdrVekeHG2VlCYnsRZ6kClwDy0Lu3pwfUJoL/sZXUFyHbft4epnWW4WrVg2
wzbea9qAMp+xLoVOYjPsTMAlWoGI9eN0vV7sEEchoja5uMQxyA6FXs0rrbwjEfdj
mv7t8LqjEd1FYU0zurrIfUMqkoT+RhguOsSVXgQyBxQ27FSTK0zvw+N8W8deEWmT
J5u2tU26Q2nHP5rdwix+GFBmOMa7ljLgEGZLYSd6NAoDkkyzz6xmJQpEcIBOpZ7o
p8OsDirB4ds=
-----END CERTIFICATE-----