Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/0582ff-7189-4c3c-a45f-b493a9df4f8f/1/6SmgyyQ2vILVmJ5MyNGseyMZmGQ.roa
File:                     6SmgyyQ2vILVmJ5MyNGseyMZmGQ.roa (raw, json)
Hash identifier:          8qyJT+9GnCviTTypk9c0s/agi8Suzs6DkRef+vJgnCQ=
Subject key identifier:   E9:29:A0:CB:24:36:BC:82:D5:98:9E:4C:C8:D1:AC:7B:23:19:98:64
Certificate issuer:       /CN=c782735aa98d4645d041093a7662a12379503a31
Certificate serial:       018CC795620E385A3066080A89ECAD96B13E
Authority key identifier: C7:82:73:5A:A9:8D:46:45:D0:41:09:3A:76:62:A1:23:79:50:3A:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x4JzWqmNRkXQQQk6dmKhI3lQOjE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/0582ff-7189-4c3c-a45f-b493a9df4f8f/1/6SmgyyQ2vILVmJ5MyNGseyMZmGQ.roa
Signing time:             Tue 02 Jan 2024 00:31:45 +0000
ROA not before:           Tue 02 Jan 2024 00:31:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197263
IP address blocks:        91.225.80.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/0582ff-7189-4c3c-a45f-b493a9df4f8f/1/x4JzWqmNRkXQQQk6dmKhI3lQOjE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/0582ff-7189-4c3c-a45f-b493a9df4f8f/1/x4JzWqmNRkXQQQk6dmKhI3lQOjE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x4JzWqmNRkXQQQk6dmKhI3lQOjE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:62:0e:38:5a:30:66:08:0a:89:ec:ad:96:b1:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c782735aa98d4645d041093a7662a12379503a31
        Validity
            Not Before: Jan  2 00:31:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e929a0cb2436bc82d5989e4cc8d1ac7b23199864
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ad:02:a4:1f:60:5c:9b:ff:05:0f:37:51:6e:
                    8e:e8:38:56:bf:5a:e3:ad:ce:c3:76:8a:ef:a6:33:
                    86:a1:9a:ad:64:7d:76:d0:1c:f8:bb:d6:5c:8f:de:
                    f4:7a:be:ec:9b:4a:9d:f6:c6:3b:75:dd:bb:33:81:
                    14:db:39:a9:c3:d8:fc:0f:fc:68:81:75:ac:7b:8a:
                    d3:53:94:4c:87:58:07:96:66:e5:54:d2:23:c4:ed:
                    59:2d:8f:d8:94:75:5f:81:a6:eb:79:ee:ad:dd:38:
                    52:f5:c8:23:7a:03:83:e2:34:8e:c9:1b:00:21:70:
                    7b:1a:4c:91:f9:08:65:06:f2:43:ac:51:f8:e3:31:
                    88:10:ab:77:7d:01:c9:5a:02:44:3c:2f:51:a6:82:
                    72:fa:64:8f:fa:d1:73:f5:54:38:df:a8:78:db:65:
                    f8:e3:28:0c:e1:29:c1:73:b6:cb:e8:ad:21:4e:61:
                    80:30:2b:8c:f7:68:6e:6f:9f:7c:1c:ad:29:ea:44:
                    ee:72:83:f6:b1:d3:ee:be:7a:15:d2:ea:b2:00:77:
                    08:0e:05:a9:aa:de:53:bb:5d:b0:79:04:04:c5:62:
                    8a:b8:6e:4b:39:07:48:50:95:56:73:6a:23:92:3f:
                    f6:90:a9:a9:36:95:a1:ee:5b:c3:df:aa:3f:dd:6c:
                    66:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:29:A0:CB:24:36:BC:82:D5:98:9E:4C:C8:D1:AC:7B:23:19:98:64
            X509v3 Authority Key Identifier:
                keyid:C7:82:73:5A:A9:8D:46:45:D0:41:09:3A:76:62:A1:23:79:50:3A:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x4JzWqmNRkXQQQk6dmKhI3lQOjE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/0582ff-7189-4c3c-a45f-b493a9df4f8f/1/6SmgyyQ2vILVmJ5MyNGseyMZmGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/0582ff-7189-4c3c-a45f-b493a9df4f8f/1/x4JzWqmNRkXQQQk6dmKhI3lQOjE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.225.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:be:1a:bb:72:91:b7:a3:61:5f:ac:be:be:fd:6e:10:58:3d:
         38:75:e7:d2:36:26:d0:e2:ca:9e:e7:c6:d8:16:5f:5d:ee:db:
         91:da:24:04:44:49:e6:ec:91:72:bb:63:de:74:a7:65:75:e5:
         c3:7a:96:7a:48:b0:1e:8e:63:75:b5:48:25:5a:b6:61:71:70:
         5f:6d:0d:99:35:b9:aa:61:fb:37:6f:11:2f:7d:b3:72:ff:a8:
         b0:20:ed:5b:4c:17:18:f0:3a:5d:af:ed:be:23:ea:01:6f:5e:
         79:ae:92:d4:d3:08:81:6f:19:7f:44:c1:5c:38:e5:07:7f:31:
         0c:31:01:de:11:ae:1d:f8:2c:98:e5:32:ad:97:16:8e:3f:8f:
         cd:6f:46:73:61:6b:e1:01:e3:54:d4:df:24:42:0b:5a:e0:82:
         ad:31:27:32:79:5d:e9:cf:f0:b8:8f:b0:ef:aa:c3:8a:28:df:
         80:27:92:ba:9e:55:0a:f7:e0:79:73:f1:9d:02:0c:47:a9:b7:
         35:6c:54:15:3f:c7:a5:1d:de:89:f0:3f:24:e3:34:39:d3:2b:
         5a:2e:6b:0f:43:77:ce:3b:14:c1:57:e3:35:96:95:93:d2:a9:
         35:43:ea:0e:46:9a:c3:bb:c1:c4:c1:84:61:7d:b4:f7:bf:9d:
         d0:98:d9:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlWIOOFowZggKieytlrE+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3ODI3MzVhYTk4ZDQ2NDVkMDQxMDkzYTc2NjJhMTIzNzk1
MDNhMzEwHhcNMjQwMTAyMDAzMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTI5YTBjYjI0MzZiYzgyZDU5ODllNGNjOGQxYWM3YjIzMTk5ODY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAya0CpB9gXJv/BQ83UW6O6DhWv1rj
rc7DdorvpjOGoZqtZH120Bz4u9Zcj970er7sm0qd9sY7dd27M4EU2zmpw9j8D/xo
gXWse4rTU5RMh1gHlmblVNIjxO1ZLY/YlHVfgabree6t3ThS9cgjegOD4jSOyRsA
IXB7GkyR+QhlBvJDrFH44zGIEKt3fQHJWgJEPC9RpoJy+mSP+tFz9VQ436h422X4
4ygM4SnBc7bL6K0hTmGAMCuM92hub598HK0p6kTucoP2sdPuvnoV0uqyAHcIDgWp
qt5Tu12weQQExWKKuG5LOQdIUJVWc2ojkj/2kKmpNpWh7lvD36o/3Wxm+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOkpoMskNryC1ZieTMjRrHsjGZhkMB8GA1UdIwQY
MBaAFMeCc1qpjUZF0EEJOnZioSN5UDoxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDRKeldxbU5Sa1hRUVFrNmRtS2hJM2xRT2pFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wNTgyZmYtNzE4OS00YzNjLWE0NWYt
YjQ5M2E5ZGY0ZjhmLzEvNlNtZ3l5UTJ2SUxWbUo1TXlOR3NleU1abUdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wNTgyZmYtNzE4OS00YzNjLWE0NWYtYjQ5M2E5ZGY0Zjhm
LzEveDRKeldxbU5Sa1hRUVFrNmRtS2hJM2xRT2pFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+FQMA0G
CSqGSIb3DQEBCwUAA4IBAQBhvhq7cpG3o2FfrL6+/W4QWD04defSNibQ4sqe58bY
Fl9d7tuR2iQEREnm7JFyu2PedKdldeXDepZ6SLAejmN1tUglWrZhcXBfbQ2ZNbmq
Yfs3bxEvfbNy/6iwIO1bTBcY8Dpdr+2+I+oBb155rpLU0wiBbxl/RMFcOOUHfzEM
MQHeEa4d+CyY5TKtlxaOP4/Nb0ZzYWvhAeNU1N8kQgta4IKtMScyeV3pz/C4j7Dv
qsOKKN+AJ5K6nlUK9+B5c/GdAgxHqbc1bFQVP8elHd6J8D8k4zQ50ytaLmsPQ3fO
OxTBV+M1lpWT0qk1Q+oORprDu8HEwYRhfbT3v53QmNkv
-----END CERTIFICATE-----