Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/f34254-0e9d-4dc5-a418-1b711aec1fbc/1/i6EJEt7tipQXyAwKdkAg4MfZxC0.roa
File:                     i6EJEt7tipQXyAwKdkAg4MfZxC0.roa (raw, json)
Hash identifier:          Xj/4JnkG4O0QrFE3oWizjcyhYv2XB47iXgLojC3bphs=
Subject key identifier:   8B:A1:09:12:DE:ED:8A:94:17:C8:0C:0A:76:40:20:E0:C7:D9:C4:2D
Certificate issuer:       /CN=86ee1268fe0aadf317ab44fd816d10fe54ddfc0c
Certificate serial:       018E0E4777CC1EA8991AB55C6D0A8E14AEF7
Authority key identifier: 86:EE:12:68:FE:0A:AD:F3:17:AB:44:FD:81:6D:10:FE:54:DD:FC:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hu4SaP4KrfMXq0T9gW0Q_lTd_Aw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/f34254-0e9d-4dc5-a418-1b711aec1fbc/1/i6EJEt7tipQXyAwKdkAg4MfZxC0.roa
Signing time:             Tue 05 Mar 2024 11:02:28 +0000
ROA not before:           Tue 05 Mar 2024 11:02:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44929
IP address blocks:        91.203.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/f34254-0e9d-4dc5-a418-1b711aec1fbc/1/hu4SaP4KrfMXq0T9gW0Q_lTd_Aw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/f34254-0e9d-4dc5-a418-1b711aec1fbc/1/hu4SaP4KrfMXq0T9gW0Q_lTd_Aw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hu4SaP4KrfMXq0T9gW0Q_lTd_Aw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0e:47:77:cc:1e:a8:99:1a:b5:5c:6d:0a:8e:14:ae:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86ee1268fe0aadf317ab44fd816d10fe54ddfc0c
        Validity
            Not Before: Mar  5 11:02:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ba10912deed8a9417c80c0a764020e0c7d9c42d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ae:e6:ca:44:30:14:89:0f:08:37:dc:2d:05:
                    77:0e:45:6e:f1:a8:e3:03:05:f2:d6:bd:86:f4:5b:
                    a6:6e:4b:da:05:fa:90:38:8c:81:f8:c5:1e:83:3a:
                    f9:f0:ac:2f:16:b0:9f:41:29:5c:ca:75:17:33:9d:
                    03:9f:98:98:65:67:d2:99:0e:b1:77:53:a1:45:20:
                    a4:51:76:6d:3f:70:52:41:7e:5f:39:77:79:59:d4:
                    2c:22:77:69:af:f3:5f:72:89:fe:9f:b1:3a:38:3b:
                    aa:43:8b:76:9e:2a:26:f8:48:ca:be:35:a5:6d:ac:
                    f5:03:3a:29:48:26:ad:0a:d8:ad:d4:6a:d4:e3:e6:
                    1e:7d:46:88:32:af:46:d7:b3:23:f6:0c:d1:06:84:
                    a7:3e:16:3c:83:e5:7f:75:b1:23:0d:28:9f:0f:15:
                    d9:8c:70:82:0e:3a:c6:c1:14:35:6f:c9:23:1f:90:
                    8c:01:15:33:f5:6d:7d:0b:7a:2c:ea:7c:cf:b7:97:
                    36:ce:33:e0:ed:a1:ab:47:5b:e8:a2:34:ee:90:f3:
                    f5:bf:c9:53:f4:e6:54:4f:6b:77:15:47:e5:93:9e:
                    0d:4f:f7:5e:49:0f:03:b0:30:bb:f2:58:24:58:fe:
                    3a:12:f6:2c:13:9c:7d:ae:17:18:41:10:58:a5:6d:
                    90:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:A1:09:12:DE:ED:8A:94:17:C8:0C:0A:76:40:20:E0:C7:D9:C4:2D
            X509v3 Authority Key Identifier:
                keyid:86:EE:12:68:FE:0A:AD:F3:17:AB:44:FD:81:6D:10:FE:54:DD:FC:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hu4SaP4KrfMXq0T9gW0Q_lTd_Aw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/f34254-0e9d-4dc5-a418-1b711aec1fbc/1/i6EJEt7tipQXyAwKdkAg4MfZxC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/f34254-0e9d-4dc5-a418-1b711aec1fbc/1/hu4SaP4KrfMXq0T9gW0Q_lTd_Aw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:0f:82:7e:d9:62:b7:e1:86:a6:7f:cf:9b:be:29:7c:f4:f5:
         08:1a:2c:fc:56:18:a0:f1:6a:be:ce:b5:99:26:f9:6f:3a:79:
         03:14:dd:95:af:f4:a9:79:8b:d4:6e:cb:94:f7:e1:c7:3a:70:
         68:43:50:f5:c5:21:79:99:fe:73:bb:93:ad:a3:3e:c9:7a:7d:
         20:ff:4d:8f:73:d4:4a:53:c0:73:ef:b4:5c:fc:38:a2:72:e0:
         82:26:c9:5d:1b:9f:64:15:56:50:6e:6e:11:a9:a2:59:88:ba:
         dd:7a:1b:63:9a:06:93:98:18:51:f1:56:df:d6:3f:32:a7:aa:
         11:8b:28:0c:90:53:32:2b:a8:6f:9c:54:95:17:64:6e:b1:23:
         ca:c8:38:fa:a0:bc:5c:a2:6b:f1:ea:ba:30:d2:dd:ab:d1:4c:
         ce:42:c3:21:7b:cb:cb:d3:c9:7e:9b:42:57:aa:1f:7b:d3:a3:
         c1:97:1e:21:d3:83:db:03:6c:04:39:9b:d8:bd:2a:44:6f:f2:
         bc:a2:a8:6e:cb:fc:ce:e1:28:47:81:c3:d1:78:1a:78:f0:49:
         0a:27:2a:33:14:b9:7c:53:74:ef:a9:7c:e6:19:a7:2f:86:6b:
         64:f2:cb:16:95:3a:fb:d0:50:35:84:52:62:b8:cb:f2:0b:70:
         5a:2e:f0:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4OR3fMHqiZGrVcbQqOFK73MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZWUxMjY4ZmUwYWFkZjMxN2FiNDRmZDgxNmQxMGZlNTRk
ZGZjMGMwHhcNMjQwMzA1MTEwMjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmExMDkxMmRlZWQ4YTk0MTdjODBjMGE3NjQwMjBlMGM3ZDljNDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr67mykQwFIkPCDfcLQV3DkVu8ajj
AwXy1r2G9FumbkvaBfqQOIyB+MUegzr58KwvFrCfQSlcynUXM50Dn5iYZWfSmQ6x
d1OhRSCkUXZtP3BSQX5fOXd5WdQsIndpr/Nfcon+n7E6ODuqQ4t2niom+EjKvjWl
baz1AzopSCatCtit1GrU4+YefUaIMq9G17Mj9gzRBoSnPhY8g+V/dbEjDSifDxXZ
jHCCDjrGwRQ1b8kjH5CMARUz9W19C3os6nzPt5c2zjPg7aGrR1voojTukPP1v8lT
9OZUT2t3FUflk54NT/deSQ8DsDC78lgkWP46EvYsE5x9rhcYQRBYpW2Q2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIuhCRLe7YqUF8gMCnZAIODH2cQtMB8GA1UdIwQY
MBaAFIbuEmj+Cq3zF6tE/YFtEP5U3fwMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHU0U2FQNEtyZk1YcTBUOWdXMFFfbFRkX0F3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9mMzQyNTQtMGU5ZC00ZGM1LWE0MTgt
MWI3MTFhZWMxZmJjLzEvaTZFSkV0N3RpcFFYeUF3S2RrQWc0TWZaeEMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9mMzQyNTQtMGU5ZC00ZGM1LWE0MTgtMWI3MTFhZWMxZmJj
LzEvaHU0U2FQNEtyZk1YcTBUOWdXMFFfbFRkX0F3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8sdMA0G
CSqGSIb3DQEBCwUAA4IBAQAsD4J+2WK34Yamf8+bvil89PUIGiz8Vhig8Wq+zrWZ
JvlvOnkDFN2Vr/SpeYvUbsuU9+HHOnBoQ1D1xSF5mf5zu5Otoz7Jen0g/02Pc9RK
U8Bz77Rc/DiicuCCJsldG59kFVZQbm4RqaJZiLrdehtjmgaTmBhR8Vbf1j8yp6oR
iygMkFMyK6hvnFSVF2RusSPKyDj6oLxcomvx6row0t2r0UzOQsMhe8vL08l+m0JX
qh9706PBlx4h04PbA2wEOZvYvSpEb/K8oqhuy/zO4ShHgcPReBp48EkKJyozFLl8
U3TvqXzmGacvhmtk8ssWlTr70FA1hFJiuMvyC3BaLvDC
-----END CERTIFICATE-----