Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/496d56-86ff-48be-bde3-271fde2dc655/1/d6RUmJcXzCFmlWB4n4V7JW-1cEg.roa
File:                     d6RUmJcXzCFmlWB4n4V7JW-1cEg.roa (raw, json)
Hash identifier:          3aUajsHSIzJi3GUGe+HmwWRn0X0oUkvzWB/MNCc07Rw=
Subject key identifier:   77:A4:54:98:97:17:CC:21:66:95:60:78:9F:85:7B:25:6F:B5:70:48
Certificate issuer:       /CN=75790c7ecf24d28be2e13fe069118cee27d58002
Certificate serial:       018CCA2AB4640FDC1E36CE1DBC6D669B6340
Authority key identifier: 75:79:0C:7E:CF:24:D2:8B:E2:E1:3F:E0:69:11:8C:EE:27:D5:80:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dXkMfs8k0ovi4T_gaRGM7ifVgAI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/496d56-86ff-48be-bde3-271fde2dc655/1/d6RUmJcXzCFmlWB4n4V7JW-1cEg.roa
Signing time:             Tue 02 Jan 2024 12:34:05 +0000
ROA not before:           Tue 02 Jan 2024 12:34:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60909
IP address blocks:        93.114.216.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/496d56-86ff-48be-bde3-271fde2dc655/1/dXkMfs8k0ovi4T_gaRGM7ifVgAI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/496d56-86ff-48be-bde3-271fde2dc655/1/dXkMfs8k0ovi4T_gaRGM7ifVgAI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dXkMfs8k0ovi4T_gaRGM7ifVgAI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jul 2024 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:b4:64:0f:dc:1e:36:ce:1d:bc:6d:66:9b:63:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75790c7ecf24d28be2e13fe069118cee27d58002
        Validity
            Not Before: Jan  2 12:34:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77a454989717cc21669560789f857b256fb57048
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:c1:5b:6b:fd:86:0a:e9:e9:38:3f:18:e8:7d:
                    a8:0a:3c:ba:3d:cd:dd:9b:5a:28:1d:28:c8:38:d9:
                    d0:16:87:ea:89:0a:56:e2:78:91:41:46:87:34:c5:
                    d8:ba:54:cc:5c:03:2b:05:8d:8c:8a:c7:81:7d:22:
                    c0:0e:c2:16:ed:0a:d2:a5:9e:a1:ef:5b:e6:31:97:
                    8f:0e:ad:4e:65:0f:15:8b:75:bf:10:3a:ca:34:32:
                    5e:b2:02:29:bb:83:7a:21:09:79:ac:f8:4e:d9:4d:
                    d2:7c:d2:ea:68:05:3f:9b:ab:e4:2a:4f:89:9c:fb:
                    e0:ec:7c:2e:39:2b:91:72:8b:62:4e:f2:45:3e:98:
                    25:f7:bc:04:5f:24:6c:b5:b6:9d:f1:e1:a4:6c:23:
                    52:fb:b5:ec:39:5f:73:d4:53:58:f0:1c:2f:b9:ab:
                    6b:83:83:a2:ff:50:40:44:a4:7f:6a:08:f4:8a:8e:
                    3b:71:87:20:41:cd:8a:b6:d7:c6:94:10:80:d4:55:
                    43:86:6e:40:33:01:48:aa:3a:bd:af:0d:ca:d1:0c:
                    7f:cb:da:66:3d:14:20:5a:b4:fe:06:27:c2:d2:32:
                    73:16:89:6e:fc:76:77:97:87:8d:e7:eb:71:84:1c:
                    d0:98:c6:9c:d7:1e:1f:ea:db:10:27:ca:d3:63:87:
                    65:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:A4:54:98:97:17:CC:21:66:95:60:78:9F:85:7B:25:6F:B5:70:48
            X509v3 Authority Key Identifier:
                keyid:75:79:0C:7E:CF:24:D2:8B:E2:E1:3F:E0:69:11:8C:EE:27:D5:80:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXkMfs8k0ovi4T_gaRGM7ifVgAI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/496d56-86ff-48be-bde3-271fde2dc655/1/d6RUmJcXzCFmlWB4n4V7JW-1cEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/496d56-86ff-48be-bde3-271fde2dc655/1/dXkMfs8k0ovi4T_gaRGM7ifVgAI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.114.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:ba:0b:14:d1:cd:c4:26:33:cf:74:7e:de:e8:2b:05:dd:ea:
         59:75:e0:ae:d8:3b:55:8c:d8:64:20:71:e3:b0:f7:76:e5:5e:
         8a:bd:e6:d5:65:70:08:93:fe:e1:bb:b5:dc:54:9e:c1:61:81:
         db:27:84:ff:ff:55:c1:5c:24:4b:9c:8f:23:54:53:47:60:ac:
         b0:95:4f:fd:d2:71:cc:3f:aa:a5:a6:53:a2:e0:28:92:56:60:
         f8:c0:21:56:08:9f:73:26:14:c3:bc:fe:36:9d:ea:69:1f:66:
         46:59:3e:d0:f6:f3:ed:47:d7:da:5a:9b:5d:29:4e:1a:44:fd:
         ae:fe:4d:fb:0d:99:fd:a7:86:be:b3:3d:c7:d8:09:c8:bc:69:
         6a:61:9d:d2:f1:2d:27:74:d9:09:96:5d:04:9d:76:af:36:d3:
         5f:30:a0:f5:4d:f2:d9:6f:9c:29:6c:6a:ad:32:3c:9b:18:5a:
         d5:55:73:92:50:61:80:b9:8f:7d:24:5c:02:bb:52:ce:2d:e8:
         29:4f:6e:63:13:8c:23:89:9a:b6:54:28:dc:5d:9d:02:fd:0a:
         52:2b:97:07:3a:d1:9b:a7:e4:b9:e9:e1:6d:f4:9c:da:27:dd:
         cf:53:69:25:57:bb:8b:cf:92:49:ae:90:3b:6e:26:8f:3e:20:
         c4:f1:9b:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKrRkD9weNs4dvG1mm2NAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1NzkwYzdlY2YyNGQyOGJlMmUxM2ZlMDY5MTE4Y2VlMjdk
NTgwMDIwHhcNMjQwMTAyMTIzNDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2E0NTQ5ODk3MTdjYzIxNjY5NTYwNzg5Zjg1N2IyNTZmYjU3MDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkMFba/2GCunpOD8Y6H2oCjy6Pc3d
m1ooHSjIONnQFofqiQpW4niRQUaHNMXYulTMXAMrBY2MiseBfSLADsIW7QrSpZ6h
71vmMZePDq1OZQ8Vi3W/EDrKNDJesgIpu4N6IQl5rPhO2U3SfNLqaAU/m6vkKk+J
nPvg7HwuOSuRcotiTvJFPpgl97wEXyRstbad8eGkbCNS+7XsOV9z1FNY8Bwvuatr
g4Oi/1BARKR/agj0io47cYcgQc2KttfGlBCA1FVDhm5AMwFIqjq9rw3K0Qx/y9pm
PRQgWrT+BifC0jJzFolu/HZ3l4eN5+txhBzQmMac1x4f6tsQJ8rTY4dlEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHekVJiXF8whZpVgeJ+FeyVvtXBIMB8GA1UdIwQY
MBaAFHV5DH7PJNKL4uE/4GkRjO4n1YACMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFhrTWZzOGswb3ZpNFRfZ2FSR003aWZWZ0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi80OTZkNTYtODZmZi00OGJlLWJkZTMt
MjcxZmRlMmRjNjU1LzEvZDZSVW1KY1h6Q0ZtbFdCNG40VjdKVy0xY0VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi80OTZkNTYtODZmZi00OGJlLWJkZTMtMjcxZmRlMmRjNjU1
LzEvZFhrTWZzOGswb3ZpNFRfZ2FSR003aWZWZ0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXXLYMA0G
CSqGSIb3DQEBCwUAA4IBAQBzugsU0c3EJjPPdH7e6CsF3epZdeCu2DtVjNhkIHHj
sPd25V6KvebVZXAIk/7hu7XcVJ7BYYHbJ4T//1XBXCRLnI8jVFNHYKywlU/90nHM
P6qlplOi4CiSVmD4wCFWCJ9zJhTDvP42neppH2ZGWT7Q9vPtR9faWptdKU4aRP2u
/k37DZn9p4a+sz3H2AnIvGlqYZ3S8S0ndNkJll0EnXavNtNfMKD1TfLZb5wpbGqt
MjybGFrVVXOSUGGAuY99JFwCu1LOLegpT25jE4wjiZq2VCjcXZ0C/QpSK5cHOtGb
p+S56eFt9JzaJ93PU2klV7uLz5JJrpA7biaPPiDE8Zt+
-----END CERTIFICATE-----