Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/v6EUXv9TAt1eZakJ_8jbVUFetkA.roa
File:                     v6EUXv9TAt1eZakJ_8jbVUFetkA.roa (raw, json)
Hash identifier:          FNC2qXXbIEXshAhWLi243F5JQJ085xwtgEoVXSLlYdw=
Subject key identifier:   BF:A1:14:5E:FF:53:02:DD:5E:65:A9:09:FF:C8:DB:55:41:5E:B6:40
Certificate issuer:       /CN=9faf0bf93fc4381fff7e7aa86b4076c033242ffa
Certificate serial:       018F32D19B626D3023682182AEFD2082367F
Authority key identifier: 9F:AF:0B:F9:3F:C4:38:1F:FF:7E:7A:A8:6B:40:76:C0:33:24:2F:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n68L-T_EOB__fnqoa0B2wDMkL_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/v6EUXv9TAt1eZakJ_8jbVUFetkA.roa
Signing time:             Wed 01 May 2024 06:22:28 +0000
ROA not before:           Wed 01 May 2024 06:22:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     263759
IP address blocks:        185.91.206.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/n68L-T_EOB__fnqoa0B2wDMkL_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/n68L-T_EOB__fnqoa0B2wDMkL_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n68L-T_EOB__fnqoa0B2wDMkL_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:32:d1:9b:62:6d:30:23:68:21:82:ae:fd:20:82:36:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9faf0bf93fc4381fff7e7aa86b4076c033242ffa
        Validity
            Not Before: May  1 06:22:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfa1145eff5302dd5e65a909ffc8db55415eb640
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:4e:1d:c9:4d:13:10:8d:a9:b2:e9:63:5a:4a:
                    39:f9:9b:61:79:67:ad:9a:ec:c2:2e:81:b4:e2:25:
                    b4:16:a9:a6:de:f3:e9:a6:38:97:7e:bb:98:e5:17:
                    b4:e3:17:d2:d8:19:67:ce:5d:7b:88:41:72:32:d4:
                    ab:b3:43:bf:6b:6f:9a:44:c9:e2:d3:a2:79:ec:95:
                    ad:b8:2f:b4:1c:75:85:3a:68:e6:d2:5a:47:15:ac:
                    5a:02:86:8b:2c:cd:5c:6f:bc:bb:8c:da:8f:83:98:
                    1a:a6:e9:e3:c2:77:b7:3f:f1:05:c5:a8:be:85:b6:
                    6e:06:1f:99:da:58:2a:64:6f:f1:91:3d:e3:08:e0:
                    46:9f:05:b2:ac:d6:03:b1:ac:13:14:90:83:0d:c7:
                    bf:f0:6f:b9:d4:0d:0e:bc:4f:6c:67:9f:8b:a8:ef:
                    58:eb:5d:7e:68:b7:55:61:f0:0e:b7:e1:32:69:62:
                    44:cf:8e:b0:cf:f6:97:0d:b9:b6:83:b0:e6:21:17:
                    68:d8:cc:50:5c:7d:07:df:e6:4a:62:67:de:86:b4:
                    2b:13:19:0a:12:be:20:77:8b:d7:41:0c:ab:09:d1:
                    0f:12:47:8d:a7:12:80:0d:43:32:47:14:ff:5d:6c:
                    e4:0d:f0:1a:39:d4:00:17:e9:70:c8:d0:b2:98:38:
                    1b:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:A1:14:5E:FF:53:02:DD:5E:65:A9:09:FF:C8:DB:55:41:5E:B6:40
            X509v3 Authority Key Identifier:
                keyid:9F:AF:0B:F9:3F:C4:38:1F:FF:7E:7A:A8:6B:40:76:C0:33:24:2F:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n68L-T_EOB__fnqoa0B2wDMkL_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/v6EUXv9TAt1eZakJ_8jbVUFetkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/n68L-T_EOB__fnqoa0B2wDMkL_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b8:d4:35:40:fd:9c:35:b1:fa:cb:ab:96:dc:a4:3d:eb:67:32:
         90:7d:6d:99:cb:a3:c4:28:03:39:48:d4:b8:71:22:77:2c:b1:
         67:21:0d:40:bb:ad:44:13:23:5d:4d:45:24:ea:a6:dc:18:8a:
         55:61:50:49:1c:d8:03:83:03:ee:4c:23:32:1c:2e:b5:8a:8f:
         25:53:df:bf:e0:db:66:8f:6c:f0:94:47:75:9f:41:0a:44:10:
         ff:35:a6:53:68:82:06:71:6b:95:69:a6:69:07:4d:59:f9:39:
         56:a4:bb:f3:d5:b7:7e:b8:d1:38:02:c1:f5:4d:ec:7a:68:7c:
         97:46:8a:53:e7:8b:30:bc:4d:15:c1:89:74:5c:bf:51:9d:b0:
         68:b4:c5:e0:24:17:49:c3:e3:39:06:fc:78:13:ea:55:69:20:
         0f:5f:eb:c0:78:d5:17:50:fd:34:d2:75:2f:5a:67:eb:a4:6f:
         30:69:a0:db:1c:7d:75:1e:c8:94:d7:53:00:a2:6d:fb:ec:24:
         e7:d1:41:7f:41:01:27:04:4f:d3:b8:35:0c:c2:88:84:8f:b6:
         5c:cb:32:4d:17:62:fa:ba:0a:df:f5:e1:bd:0e:1f:f7:5c:15:
         54:ae:0c:a1:76:2c:8a:fd:83:92:c5:b0:77:27:7a:fb:38:2e:
         e0:e7:9d:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8y0ZtibTAjaCGCrv0ggjZ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYWYwYmY5M2ZjNDM4MWZmZjdlN2FhODZiNDA3NmMwMzMy
NDJmZmEwHhcNMjQwNTAxMDYyMjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmExMTQ1ZWZmNTMwMmRkNWU2NWE5MDlmZmM4ZGI1NTQxNWViNjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApE4dyU0TEI2psuljWko5+ZtheWet
muzCLoG04iW0Fqmm3vPppjiXfruY5Re04xfS2Blnzl17iEFyMtSrs0O/a2+aRMni
06J57JWtuC+0HHWFOmjm0lpHFaxaAoaLLM1cb7y7jNqPg5gapunjwne3P/EFxai+
hbZuBh+Z2lgqZG/xkT3jCOBGnwWyrNYDsawTFJCDDce/8G+51A0OvE9sZ5+LqO9Y
611+aLdVYfAOt+EyaWJEz46wz/aXDbm2g7DmIRdo2MxQXH0H3+ZKYmfehrQrExkK
Er4gd4vXQQyrCdEPEkeNpxKADUMyRxT/XWzkDfAaOdQAF+lwyNCymDgbbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL+hFF7/UwLdXmWpCf/I21VBXrZAMB8GA1UdIwQY
MBaAFJ+vC/k/xDgf/356qGtAdsAzJC/6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjY4TC1UX0VPQl9fZm5xb2EwQjJ3RE1rTF9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9hNGZmMzMtYjI5MC00MzA3LWFmYzgt
ZjUyMGE3ZDcxZWY1LzEvdjZFVVh2OVRBdDFlWmFrSl84amJWVUZldGtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9hNGZmMzMtYjI5MC00MzA3LWFmYzgtZjUyMGE3ZDcxZWY1
LzEvbjY4TC1UX0VPQl9fZm5xb2EwQjJ3RE1rTF9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuVvOMA0G
CSqGSIb3DQEBCwUAA4IBAQC41DVA/Zw1sfrLq5bcpD3rZzKQfW2Zy6PEKAM5SNS4
cSJ3LLFnIQ1Au61EEyNdTUUk6qbcGIpVYVBJHNgDgwPuTCMyHC61io8lU9+/4Ntm
j2zwlEd1n0EKRBD/NaZTaIIGcWuVaaZpB01Z+TlWpLvz1bd+uNE4AsH1Tex6aHyX
RopT54swvE0VwYl0XL9RnbBotMXgJBdJw+M5Bvx4E+pVaSAPX+vAeNUXUP000nUv
WmfrpG8waaDbHH11HsiU11MAom377CTn0UF/QQEnBE/TuDUMwoiEj7ZcyzJNF2L6
ugrf9eG9Dh/3XBVUrgyhdiyK/YOSxbB3J3r7OC7g553p
-----END CERTIFICATE-----