Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/e11b53-1cd6-4747-9232-f19b4e7b27cb/1/gc6tyuD9na-jtm82_8a6ibtdeuY.roa
File:                     gc6tyuD9na-jtm82_8a6ibtdeuY.roa (raw, json)
Hash identifier:          /ubLPvozII99NDtyT4pQcOTtexf3r4oV1gV6RBwKpps=
Subject key identifier:   81:CE:AD:CA:E0:FD:9D:AF:A3:B6:6F:36:FF:C6:BA:89:BB:5D:7A:E6
Certificate issuer:       /CN=ee89d17b39a7684a6954b97b8b0fbac7d48954ca
Certificate serial:       018CC3B6DC39246A312E99CDA751156A6E43
Authority key identifier: EE:89:D1:7B:39:A7:68:4A:69:54:B9:7B:8B:0F:BA:C7:D4:89:54:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7onRezmnaEppVLl7iw-6x9SJVMo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/e11b53-1cd6-4747-9232-f19b4e7b27cb/1/gc6tyuD9na-jtm82_8a6ibtdeuY.roa
Signing time:             Mon 01 Jan 2024 06:29:50 +0000
ROA not before:           Mon 01 Jan 2024 06:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50954
IP address blocks:        91.216.58.0/24 maxlen: 24
                          185.236.56.0/22 maxlen: 22
                          2a0d:9d00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/e11b53-1cd6-4747-9232-f19b4e7b27cb/1/7onRezmnaEppVLl7iw-6x9SJVMo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/e11b53-1cd6-4747-9232-f19b4e7b27cb/1/7onRezmnaEppVLl7iw-6x9SJVMo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7onRezmnaEppVLl7iw-6x9SJVMo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:dc:39:24:6a:31:2e:99:cd:a7:51:15:6a:6e:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee89d17b39a7684a6954b97b8b0fbac7d48954ca
        Validity
            Not Before: Jan  1 06:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81ceadcae0fd9dafa3b66f36ffc6ba89bb5d7ae6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:1d:39:6a:d6:7e:0d:df:03:13:7d:a3:58:d0:
                    e5:14:11:90:bf:f3:37:e2:a8:d1:8a:50:1f:9f:64:
                    64:d6:2f:ff:ac:50:d4:34:19:38:82:33:09:ef:06:
                    2a:6c:b1:cc:f5:d0:4e:9f:47:8a:30:7f:a8:c7:8a:
                    46:0c:c6:03:9e:5a:12:8e:ef:f2:23:72:1a:d1:c8:
                    c9:3b:f1:6d:cb:e8:80:c9:bf:31:26:0b:f2:32:9b:
                    40:00:ce:49:90:b7:c8:ba:23:40:bf:f0:4b:60:71:
                    51:20:ba:de:02:27:00:5a:b9:9b:d9:65:fd:30:3c:
                    21:0c:11:27:09:9a:81:98:3a:0c:01:80:19:ea:91:
                    cd:fb:0e:68:88:17:e6:2e:cc:c8:09:dc:b8:a1:c9:
                    9b:32:e6:92:73:90:1c:4a:1b:cd:2a:ff:c6:62:b1:
                    5a:1e:c7:37:32:31:77:30:01:66:1a:e1:4c:e0:64:
                    58:a5:4f:d8:91:66:f3:d7:d6:ad:99:a7:c8:80:3b:
                    a0:9f:86:48:27:78:67:6b:b1:31:f1:c1:8a:cf:e1:
                    56:6e:1c:39:4c:74:11:08:4a:55:a0:d3:98:b3:f3:
                    c3:36:a6:a7:e2:92:ed:c0:8b:07:fd:df:cf:d7:43:
                    fa:4d:03:29:c4:a5:45:5b:b2:ea:9d:bf:d1:20:28:
                    d4:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:CE:AD:CA:E0:FD:9D:AF:A3:B6:6F:36:FF:C6:BA:89:BB:5D:7A:E6
            X509v3 Authority Key Identifier:
                keyid:EE:89:D1:7B:39:A7:68:4A:69:54:B9:7B:8B:0F:BA:C7:D4:89:54:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7onRezmnaEppVLl7iw-6x9SJVMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/e11b53-1cd6-4747-9232-f19b4e7b27cb/1/gc6tyuD9na-jtm82_8a6ibtdeuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/e11b53-1cd6-4747-9232-f19b4e7b27cb/1/7onRezmnaEppVLl7iw-6x9SJVMo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.58.0/24
                  185.236.56.0/22
                IPv6:
                  2a0d:9d00::/29

    Signature Algorithm: sha256WithRSAEncryption
         3f:ee:9c:1a:6d:eb:7f:23:83:34:26:8e:b9:30:fd:88:88:af:
         11:ca:b5:0b:53:f1:3d:df:52:e6:21:8e:de:10:bc:c5:49:a5:
         00:8f:00:15:ed:da:a8:a5:38:6c:ef:4d:46:5f:0f:b2:72:23:
         c0:d9:d2:04:6c:0d:00:a8:a6:9d:5e:db:0a:2d:fb:c6:75:df:
         f8:ce:28:9b:08:fd:f4:5c:40:f2:2e:0e:74:d0:cb:14:5b:74:
         f8:69:b0:ae:ac:9a:86:96:57:a1:5e:6f:a2:49:a9:37:b2:3f:
         26:c0:9d:c1:53:89:04:50:db:74:f5:b8:1a:57:96:68:e3:0d:
         e7:ae:c9:66:d9:1c:fa:c8:51:c5:a2:3b:6f:0b:e1:55:df:1e:
         f3:39:20:05:4c:38:0b:af:51:a9:72:52:37:6a:09:e7:f3:e0:
         31:14:5f:a9:cd:2f:36:0c:a2:87:29:97:68:a5:ee:86:09:06:
         f9:98:b2:b2:75:2f:95:19:93:c7:43:73:e4:fb:0e:d5:62:e6:
         3d:72:0d:d5:3e:0c:42:20:17:ca:8b:3b:3f:2c:54:9c:b4:55:
         34:42:d5:c5:2c:41:33:1e:86:63:6e:26:e2:60:a0:5e:09:d4:
         de:ea:a6:a8:2c:b4:ae:18:df:1c:ef:fd:9b:5b:5e:2a:ae:c0:
         fb:e5:8d:d9
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDttw5JGoxLpnNp1EVam5DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlODlkMTdiMzlhNzY4NGE2OTU0Yjk3YjhiMGZiYWM3ZDQ4
OTU0Y2EwHhcNMjQwMTAxMDYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWNlYWRjYWUwZmQ5ZGFmYTNiNjZmMzZmZmM2YmE4OWJiNWQ3YWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgB05atZ+Dd8DE32jWNDlFBGQv/M3
4qjRilAfn2Rk1i//rFDUNBk4gjMJ7wYqbLHM9dBOn0eKMH+ox4pGDMYDnloSju/y
I3Ia0cjJO/Fty+iAyb8xJgvyMptAAM5JkLfIuiNAv/BLYHFRILreAicAWrmb2WX9
MDwhDBEnCZqBmDoMAYAZ6pHN+w5oiBfmLszICdy4ocmbMuaSc5AcShvNKv/GYrFa
Hsc3MjF3MAFmGuFM4GRYpU/YkWbz19atmafIgDugn4ZIJ3hna7Ex8cGKz+FWbhw5
THQRCEpVoNOYs/PDNqan4pLtwIsH/d/P10P6TQMpxKVFW7Lqnb/RICjUpQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIHOrcrg/Z2vo7ZvNv/Guom7XXrmMB8GA1UdIwQY
MBaAFO6J0Xs5p2hKaVS5e4sPusfUiVTKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN29uUmV6bW5hRXBwVkxsN2l3LTZ4OVNKVk1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9lMTFiNTMtMWNkNi00NzQ3LTkyMzIt
ZjE5YjRlN2IyN2NiLzEvZ2M2dHl1RDluYS1qdG04Ml84YTZpYnRkZXVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9lMTFiNTMtMWNkNi00NzQ3LTkyMzItZjE5YjRlN2IyN2Ni
LzEvN29uUmV6bW5hRXBwVkxsN2l3LTZ4OVNKVk1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW9g6AwQC
uew4MA0EAgACMAcDBQMqDZ0AMA0GCSqGSIb3DQEBCwUAA4IBAQA/7pwabet/I4M0
Jo65MP2IiK8RyrULU/E931LmIY7eELzFSaUAjwAV7dqopThs701GXw+yciPA2dIE
bA0AqKadXtsKLfvGdd/4ziibCP30XEDyLg500MsUW3T4abCurJqGllehXm+iSak3
sj8mwJ3BU4kEUNt09bgaV5Zo4w3nrslm2Rz6yFHFojtvC+FV3x7zOSAFTDgLr1Gp
clI3agnn8+AxFF+pzS82DKKHKZdope6GCQb5mLKydS+VGZPHQ3Pk+w7VYuY9cg3V
PgxCIBfKizs/LFSctFU0QtXFLEEzHoZjbibiYKBeCdTe6qaoLLSuGN8c7/2bW14q
rsD75Y3Z
-----END CERTIFICATE-----