Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/a5ad50-71fd-418f-a435-803c9b41b8e9/1/r9PoAttJILdtXqqEe0Wf0WVhGuI.roa
File:                     r9PoAttJILdtXqqEe0Wf0WVhGuI.roa (raw, json)
Hash identifier:          3VznGGkcARDV5I430nlBBcSIRWkxcOijThoWBd/ByiE=
Subject key identifier:   AF:D3:E8:02:DB:49:20:B7:6D:5E:AA:84:7B:45:9F:D1:65:61:1A:E2
Certificate issuer:       /CN=c6c7867591200c1f5f9fd0cc3de9954dc139862e
Certificate serial:       018DFFDA893327ACED249AB784A85316E80E
Authority key identifier: C6:C7:86:75:91:20:0C:1F:5F:9F:D0:CC:3D:E9:95:4D:C1:39:86:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xseGdZEgDB9fn9DMPemVTcE5hi4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/a5ad50-71fd-418f-a435-803c9b41b8e9/1/r9PoAttJILdtXqqEe0Wf0WVhGuI.roa
Signing time:             Sat 02 Mar 2024 15:48:48 +0000
ROA not before:           Sat 02 Mar 2024 15:48:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42798
IP address blocks:        91.193.124.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/a5ad50-71fd-418f-a435-803c9b41b8e9/1/xseGdZEgDB9fn9DMPemVTcE5hi4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/a5ad50-71fd-418f-a435-803c9b41b8e9/1/xseGdZEgDB9fn9DMPemVTcE5hi4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xseGdZEgDB9fn9DMPemVTcE5hi4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ff:da:89:33:27:ac:ed:24:9a:b7:84:a8:53:16:e8:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6c7867591200c1f5f9fd0cc3de9954dc139862e
        Validity
            Not Before: Mar  2 15:48:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=afd3e802db4920b76d5eaa847b459fd165611ae2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:7b:4f:7f:11:39:0c:6f:76:cb:44:c5:9e:18:
                    9f:23:99:49:7e:52:7c:bc:b9:53:68:26:d3:04:8f:
                    a6:dc:cf:9c:30:b4:c0:9a:65:70:43:a9:7b:ae:13:
                    66:35:e9:91:0f:d0:a3:11:ed:1e:b0:bf:13:ae:f2:
                    fe:ab:74:f6:20:12:23:34:14:0d:a1:b1:e8:6c:1f:
                    71:98:62:e2:5f:8d:01:00:ca:26:ee:49:bd:f7:61:
                    8e:8a:2a:77:c4:d9:33:a9:e3:b4:6a:25:f3:e0:6b:
                    e4:43:d2:12:b9:9f:cb:c4:a8:f9:24:c5:9a:11:f6:
                    49:86:99:4a:ca:50:7b:6d:7d:d7:2b:42:32:5f:d8:
                    ad:26:ae:a5:5f:31:cf:8e:98:b0:3a:94:73:ec:82:
                    f5:46:d7:f4:52:5e:72:c0:3a:24:06:80:ec:88:32:
                    b1:4d:62:ff:d5:c8:c4:6d:bd:ca:38:e8:b2:f1:e9:
                    00:22:15:40:98:87:b1:c1:32:69:e7:1e:78:e1:fa:
                    7a:44:14:ee:c8:b8:22:13:92:84:fd:4c:f8:1b:50:
                    13:a9:2d:b0:e2:da:81:da:df:7f:b5:64:f7:b4:7d:
                    ab:27:81:c0:ee:40:a4:da:8b:2c:dc:58:48:97:bf:
                    05:1f:8d:ad:ce:7f:1c:56:c0:b7:8f:ba:c0:b5:79:
                    5f:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:D3:E8:02:DB:49:20:B7:6D:5E:AA:84:7B:45:9F:D1:65:61:1A:E2
            X509v3 Authority Key Identifier:
                keyid:C6:C7:86:75:91:20:0C:1F:5F:9F:D0:CC:3D:E9:95:4D:C1:39:86:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xseGdZEgDB9fn9DMPemVTcE5hi4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/a5ad50-71fd-418f-a435-803c9b41b8e9/1/r9PoAttJILdtXqqEe0Wf0WVhGuI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/a5ad50-71fd-418f-a435-803c9b41b8e9/1/xseGdZEgDB9fn9DMPemVTcE5hi4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:6b:4d:73:83:00:99:c5:14:42:7b:b5:9d:71:06:51:52:53:
         a9:02:9f:23:0a:83:4e:a3:3f:00:d7:22:34:0a:98:d2:e1:fe:
         6a:e7:9b:81:76:0f:43:2f:7f:fb:59:0f:5a:7e:ca:5d:a0:f0:
         54:1e:70:e0:5a:40:3e:c7:a6:1e:15:fe:02:4d:3a:25:d9:d2:
         d4:0c:ac:21:27:1e:58:df:f6:20:63:5d:0b:9d:d0:ad:89:b7:
         a1:4c:bd:15:13:96:4a:4b:18:e8:84:03:76:0a:9e:02:11:27:
         93:f8:9d:67:74:ae:a4:96:55:c3:3f:b4:eb:73:28:9d:38:ec:
         f9:a4:88:3f:ca:56:9d:d4:bb:d8:04:12:58:43:56:6f:d1:00:
         b8:7e:93:91:a2:81:81:2f:ed:91:77:78:0b:94:e5:72:06:6a:
         ea:ca:0d:bb:dc:0a:b8:f6:03:0e:af:8b:12:d7:da:b1:3c:3f:
         e1:0a:61:dc:44:c6:29:23:cf:d1:dc:73:1b:d6:9b:56:c8:18:
         59:cf:9d:39:b3:34:ab:58:6e:9f:f6:04:90:29:e1:f2:d2:73:
         9d:35:1b:e6:c9:bd:4a:7f:d8:e9:a8:73:6f:62:06:53:1f:f8:
         29:9b:d1:17:2a:6b:5a:5a:b3:8b:cc:2c:58:18:50:e7:7f:ff:
         5c:33:ff:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3/2okzJ6ztJJq3hKhTFugOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2Yzc4Njc1OTEyMDBjMWY1ZjlmZDBjYzNkZTk5NTRkYzEz
OTg2MmUwHhcNMjQwMzAyMTU0ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmQzZTgwMmRiNDkyMGI3NmQ1ZWFhODQ3YjQ1OWZkMTY1NjExYWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3tPfxE5DG92y0TFnhifI5lJflJ8
vLlTaCbTBI+m3M+cMLTAmmVwQ6l7rhNmNemRD9CjEe0esL8TrvL+q3T2IBIjNBQN
obHobB9xmGLiX40BAMom7km992GOiip3xNkzqeO0aiXz4GvkQ9ISuZ/LxKj5JMWa
EfZJhplKylB7bX3XK0IyX9itJq6lXzHPjpiwOpRz7IL1Rtf0Ul5ywDokBoDsiDKx
TWL/1cjEbb3KOOiy8ekAIhVAmIexwTJp5x544fp6RBTuyLgiE5KE/Uz4G1ATqS2w
4tqB2t9/tWT3tH2rJ4HA7kCk2oss3FhIl78FH42tzn8cVsC3j7rAtXlfRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK/T6ALbSSC3bV6qhHtFn9FlYRriMB8GA1UdIwQY
MBaAFMbHhnWRIAwfX5/QzD3plU3BOYYuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHNlR2RaRWdEQjlmbjlETVBlbVZUY0U1aGk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9hNWFkNTAtNzFmZC00MThmLWE0MzUt
ODAzYzliNDFiOGU5LzEvcjlQb0F0dEpJTGR0WHFxRWUwV2YwV1ZoR3VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9hNWFkNTAtNzFmZC00MThmLWE0MzUtODAzYzliNDFiOGU5
LzEveHNlR2RaRWdEQjlmbjlETVBlbVZUY0U1aGk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8F8MA0G
CSqGSIb3DQEBCwUAA4IBAQBba01zgwCZxRRCe7WdcQZRUlOpAp8jCoNOoz8A1yI0
CpjS4f5q55uBdg9DL3/7WQ9afspdoPBUHnDgWkA+x6YeFf4CTTol2dLUDKwhJx5Y
3/YgY10LndCtibehTL0VE5ZKSxjohAN2Cp4CESeT+J1ndK6kllXDP7TrcyidOOz5
pIg/ylad1LvYBBJYQ1Zv0QC4fpORooGBL+2Rd3gLlOVyBmrqyg273Aq49gMOr4sS
19qxPD/hCmHcRMYpI8/R3HMb1ptWyBhZz505szSrWG6f9gSQKeHy0nOdNRvmyb1K
f9jpqHNvYgZTH/gpm9EXKmtaWrOLzCxYGFDnf/9cM/9h
-----END CERTIFICATE-----