Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/b2d274-a951-4397-b99d-c30c7b55c2bc/1/6umkW1A9y9LSEORv2Z0opbjU7xs.roa
File:                     6umkW1A9y9LSEORv2Z0opbjU7xs.roa (raw, json)
Hash identifier:          5k/9mGiAitqCDWhJa8Myrz5BDZB6ExMYiRUgZaieDhI=
Subject key identifier:   EA:E9:A4:5B:50:3D:CB:D2:D2:10:E4:6F:D9:9D:28:A5:B8:D4:EF:1B
Certificate issuer:       /CN=9f9467efa0994f8a31f3343dc300baa4936a82dc
Certificate serial:       018F2FA2C875E83A8AE2A33CB179A071A743
Authority key identifier: 9F:94:67:EF:A0:99:4F:8A:31:F3:34:3D:C3:00:BA:A4:93:6A:82:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n5Rn76CZT4ox8zQ9wwC6pJNqgtw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/b2d274-a951-4397-b99d-c30c7b55c2bc/1/6umkW1A9y9LSEORv2Z0opbjU7xs.roa
Signing time:             Tue 30 Apr 2024 15:32:28 +0000
ROA not before:           Tue 30 Apr 2024 15:32:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62342
IP address blocks:        91.198.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/b2d274-a951-4397-b99d-c30c7b55c2bc/1/n5Rn76CZT4ox8zQ9wwC6pJNqgtw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/b2d274-a951-4397-b99d-c30c7b55c2bc/1/n5Rn76CZT4ox8zQ9wwC6pJNqgtw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n5Rn76CZT4ox8zQ9wwC6pJNqgtw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2f:a2:c8:75:e8:3a:8a:e2:a3:3c:b1:79:a0:71:a7:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f9467efa0994f8a31f3343dc300baa4936a82dc
        Validity
            Not Before: Apr 30 15:32:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eae9a45b503dcbd2d210e46fd99d28a5b8d4ef1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:9f:49:c1:92:ab:30:2c:6d:c2:e2:25:77:b9:
                    b7:27:76:ce:82:46:f9:6d:d2:ca:9c:44:ef:f1:fd:
                    0e:5a:a5:03:56:07:2e:b8:86:b1:66:11:bc:ed:95:
                    1e:b8:12:16:c1:07:15:7f:7f:d5:ac:d0:5e:a0:74:
                    0e:91:08:86:85:8b:b2:f1:4b:e8:9a:0d:36:a5:5a:
                    d1:24:4a:12:5f:53:f0:3c:46:5c:6a:39:d9:06:4b:
                    e7:2a:8a:f4:0e:5c:a9:82:2d:4c:15:1f:ea:d6:d8:
                    53:5f:94:2e:fa:9c:cc:99:82:c3:54:05:91:7d:82:
                    dc:91:93:f6:cb:8c:04:d1:06:01:a8:80:26:ae:e8:
                    6e:ad:88:a4:41:bd:0c:4f:86:e4:b0:ed:2e:2f:3d:
                    13:04:02:f2:71:d0:68:4b:45:85:75:e1:95:6d:17:
                    c2:53:40:72:38:92:55:c1:2f:7b:a5:3e:f6:41:e1:
                    a0:5e:c8:f0:3e:6c:bd:0d:86:f2:5b:ba:07:6a:e4:
                    a1:e4:cd:a9:a5:10:fc:62:53:df:b4:e4:15:63:65:
                    00:ea:e5:9a:60:98:39:ce:4a:bc:b2:a8:02:38:4f:
                    2e:53:5b:2c:f8:3a:ac:0a:aa:33:3c:9c:48:42:24:
                    99:38:40:ff:83:99:74:17:e8:6a:56:9f:f1:2a:e4:
                    fe:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:E9:A4:5B:50:3D:CB:D2:D2:10:E4:6F:D9:9D:28:A5:B8:D4:EF:1B
            X509v3 Authority Key Identifier:
                keyid:9F:94:67:EF:A0:99:4F:8A:31:F3:34:3D:C3:00:BA:A4:93:6A:82:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n5Rn76CZT4ox8zQ9wwC6pJNqgtw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b2d274-a951-4397-b99d-c30c7b55c2bc/1/6umkW1A9y9LSEORv2Z0opbjU7xs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b2d274-a951-4397-b99d-c30c7b55c2bc/1/n5Rn76CZT4ox8zQ9wwC6pJNqgtw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:19:b3:24:b4:b6:f7:b3:db:26:a8:82:d8:a9:ca:4e:26:37:
         da:2f:75:7d:1e:5d:16:2c:7a:06:0c:e7:dc:aa:42:94:4a:95:
         00:a7:cb:84:ec:a2:60:ce:5d:a7:a5:3f:11:91:cc:a1:b4:b5:
         2a:19:82:77:52:ff:6a:34:6e:1b:cb:1d:d5:5c:31:e0:36:6f:
         23:85:c2:b3:a3:da:48:53:d6:7d:16:4c:02:4e:14:3f:57:3c:
         8a:6a:80:70:32:e1:49:0e:2e:8b:9c:ba:bf:19:e5:2c:c1:e3:
         49:42:40:e1:2e:b5:c3:95:46:14:25:b7:33:34:05:26:87:a0:
         5d:16:ad:0c:0f:81:ab:c0:a5:5b:db:7b:b8:c0:c0:75:04:a5:
         d8:a1:a2:8b:b4:bb:c4:fb:1b:a6:65:43:a5:56:e8:ca:a3:eb:
         69:ec:3a:f5:63:40:7c:8e:50:62:c7:db:68:33:85:dc:3c:20:
         c2:60:2e:6a:27:04:36:32:f5:62:92:eb:fb:22:40:9f:da:d1:
         91:c8:ac:dc:38:09:ce:bc:00:d7:89:e1:d9:17:88:66:c8:8b:
         ba:ba:e9:ae:fc:5f:4f:7a:27:3c:fe:bf:92:0e:ac:2e:81:c2:
         ee:7e:f0:44:cf:c4:0d:31:90:65:df:a3:ec:1a:66:ca:aa:7b:
         f1:5d:dd:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8vosh16DqK4qM8sXmgcadDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmOTQ2N2VmYTA5OTRmOGEzMWYzMzQzZGMzMDBiYWE0OTM2
YTgyZGMwHhcNMjQwNDMwMTUzMjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWU5YTQ1YjUwM2RjYmQyZDIxMGU0NmZkOTlkMjhhNWI4ZDRlZjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJ9JwZKrMCxtwuIld7m3J3bOgkb5
bdLKnETv8f0OWqUDVgcuuIaxZhG87ZUeuBIWwQcVf3/VrNBeoHQOkQiGhYuy8Uvo
mg02pVrRJEoSX1PwPEZcajnZBkvnKor0Dlypgi1MFR/q1thTX5Qu+pzMmYLDVAWR
fYLckZP2y4wE0QYBqIAmruhurYikQb0MT4bksO0uLz0TBALycdBoS0WFdeGVbRfC
U0ByOJJVwS97pT72QeGgXsjwPmy9DYbyW7oHauSh5M2ppRD8YlPftOQVY2UA6uWa
YJg5zkq8sqgCOE8uU1ss+DqsCqozPJxIQiSZOED/g5l0F+hqVp/xKuT+VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOrppFtQPcvS0hDkb9mdKKW41O8bMB8GA1UdIwQY
MBaAFJ+UZ++gmU+KMfM0PcMAuqSTaoLcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjVSbjc2Q1pUNG94OHpROXd3QzZwSk5xZ3R3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9iMmQyNzQtYTk1MS00Mzk3LWI5OWQt
YzMwYzdiNTVjMmJjLzEvNnVta1cxQTl5OUxTRU9SdjJaMG9wYmpVN3hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9iMmQyNzQtYTk1MS00Mzk3LWI5OWQtYzMwYzdiNTVjMmJj
LzEvbjVSbjc2Q1pUNG94OHpROXd3QzZwSk5xZ3R3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8aiMA0G
CSqGSIb3DQEBCwUAA4IBAQBpGbMktLb3s9smqILYqcpOJjfaL3V9Hl0WLHoGDOfc
qkKUSpUAp8uE7KJgzl2npT8RkcyhtLUqGYJ3Uv9qNG4byx3VXDHgNm8jhcKzo9pI
U9Z9FkwCThQ/VzyKaoBwMuFJDi6LnLq/GeUsweNJQkDhLrXDlUYUJbczNAUmh6Bd
Fq0MD4GrwKVb23u4wMB1BKXYoaKLtLvE+xumZUOlVujKo+tp7Dr1Y0B8jlBix9to
M4XcPCDCYC5qJwQ2MvVikuv7IkCf2tGRyKzcOAnOvADXieHZF4hmyIu6uumu/F9P
eic8/r+SDqwugcLufvBEz8QNMZBl36PsGmbKqnvxXd1f
-----END CERTIFICATE-----