Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/6efac4-d75a-425d-9157-aee6eb28514d/1/D_YEYCt1EEX1he1JAJ_kYUjSJrs.roa
File:                     D_YEYCt1EEX1he1JAJ_kYUjSJrs.roa (raw, json)
Hash identifier:          TE3JtfdxV/jAITq0FsNm35pWz9GGQN6PrPJVOdRAfqI=
Subject key identifier:   0F:F6:04:60:2B:75:10:45:F5:85:ED:49:00:9F:E4:61:48:D2:26:BB
Certificate issuer:       /CN=576b22f2790597484bf96915a83543c194b3fd1e
Certificate serial:       018E236735186586CA7DBFD2A7EC9928A6BC
Authority key identifier: 57:6B:22:F2:79:05:97:48:4B:F9:69:15:A8:35:43:C1:94:B3:FD:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V2si8nkFl0hL-WkVqDVDwZSz_R4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/6efac4-d75a-425d-9157-aee6eb28514d/1/D_YEYCt1EEX1he1JAJ_kYUjSJrs.roa
Signing time:             Sat 09 Mar 2024 13:29:10 +0000
ROA not before:           Sat 09 Mar 2024 13:29:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6206
IP address blocks:        91.229.60.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/6efac4-d75a-425d-9157-aee6eb28514d/1/V2si8nkFl0hL-WkVqDVDwZSz_R4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/6efac4-d75a-425d-9157-aee6eb28514d/1/V2si8nkFl0hL-WkVqDVDwZSz_R4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V2si8nkFl0hL-WkVqDVDwZSz_R4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 13:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:23:67:35:18:65:86:ca:7d:bf:d2:a7:ec:99:28:a6:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=576b22f2790597484bf96915a83543c194b3fd1e
        Validity
            Not Before: Mar  9 13:29:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ff604602b751045f585ed49009fe46148d226bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:de:26:20:bb:28:db:2e:d1:93:56:9c:b1:13:
                    75:5c:b3:fe:4d:7c:77:b8:75:34:4b:4d:01:c3:e5:
                    62:78:59:bd:b7:cd:5e:28:61:08:b3:c9:1a:62:b9:
                    a8:e9:82:10:07:06:81:31:7f:61:1d:16:58:6a:8c:
                    be:c9:71:eb:38:1e:a8:42:9b:83:27:d6:02:e1:c3:
                    89:aa:78:09:ed:9f:41:50:50:b1:b4:d8:57:e9:06:
                    60:e8:ee:81:24:1e:50:3f:b1:65:44:49:94:38:ad:
                    c7:25:11:99:f9:2a:c2:04:91:3f:3e:41:6a:3d:ac:
                    be:d1:2b:69:9b:4a:ce:0d:6b:6b:3f:c5:c4:22:b7:
                    83:91:2f:d1:6f:18:8f:00:1e:b4:d7:6d:bb:9b:96:
                    83:3c:d1:94:69:73:4c:4e:45:06:f5:1c:6d:a5:d1:
                    3a:61:99:f9:52:28:ed:ed:b3:c1:94:5b:9b:c6:0d:
                    fd:df:7c:b8:f4:14:4f:7c:17:00:e2:22:7e:3e:98:
                    1c:97:08:96:f5:bd:d1:79:52:bd:96:e2:1f:ad:85:
                    14:ac:54:c2:77:29:a6:94:c4:6a:cf:a9:e1:11:62:
                    27:2c:3c:1b:e4:ad:fc:75:6a:65:71:7d:e9:bb:a0:
                    ed:f7:b4:d2:98:1e:b2:ab:ff:59:00:a0:9e:5b:98:
                    04:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:F6:04:60:2B:75:10:45:F5:85:ED:49:00:9F:E4:61:48:D2:26:BB
            X509v3 Authority Key Identifier:
                keyid:57:6B:22:F2:79:05:97:48:4B:F9:69:15:A8:35:43:C1:94:B3:FD:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V2si8nkFl0hL-WkVqDVDwZSz_R4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/6efac4-d75a-425d-9157-aee6eb28514d/1/D_YEYCt1EEX1he1JAJ_kYUjSJrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/6efac4-d75a-425d-9157-aee6eb28514d/1/V2si8nkFl0hL-WkVqDVDwZSz_R4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:e5:9e:fc:a8:e2:c6:b8:ae:0c:4f:0b:f5:18:7f:51:e7:31:
         58:8a:52:0b:28:98:4b:05:88:9d:a8:c7:38:81:80:ba:8d:95:
         5d:ba:61:9f:3c:2e:95:fc:4a:3c:6d:84:9b:5c:76:a8:59:f3:
         0a:dd:4f:7e:9e:55:b7:0a:fa:88:0f:fb:78:f0:91:40:88:94:
         22:ee:9b:2d:45:eb:23:66:1b:c1:79:8d:99:60:3c:14:bb:f1:
         35:0a:b9:61:95:da:90:22:44:79:22:92:34:5c:c3:cb:c0:ac:
         87:e4:8f:9f:60:72:2b:6f:6c:e5:cc:f2:6e:cc:b1:8f:be:16:
         d7:d3:fb:1b:13:31:2c:ea:2c:a7:36:12:1f:22:ae:67:74:b6:
         b0:70:c9:ff:7a:e4:3c:ba:77:0d:f5:f4:8f:df:4e:8a:1e:6a:
         7f:98:09:78:e6:db:d4:0a:88:cc:4e:1e:d9:b2:96:3e:9b:1a:
         8d:a7:66:47:8f:d9:fe:b5:77:8e:cb:00:64:2d:a3:58:06:fc:
         c7:a3:94:f9:3e:47:f6:53:62:35:1a:d4:f2:b4:9a:77:34:6e:
         7b:4f:70:19:d4:85:f5:78:04:2d:a1:38:ae:9e:0c:78:6c:6b:
         a4:8b:80:ef:50:0b:e3:c7:ef:81:57:cf:74:33:a9:ad:a3:16:
         5e:b3:e0:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4jZzUYZYbKfb/Sp+yZKKa8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NmIyMmYyNzkwNTk3NDg0YmY5NjkxNWE4MzU0M2MxOTRi
M2ZkMWUwHhcNMjQwMzA5MTMyOTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmY2MDQ2MDJiNzUxMDQ1ZjU4NWVkNDkwMDlmZTQ2MTQ4ZDIyNmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq94mILso2y7Rk1acsRN1XLP+TXx3
uHU0S00Bw+VieFm9t81eKGEIs8kaYrmo6YIQBwaBMX9hHRZYaoy+yXHrOB6oQpuD
J9YC4cOJqngJ7Z9BUFCxtNhX6QZg6O6BJB5QP7FlREmUOK3HJRGZ+SrCBJE/PkFq
Pay+0Stpm0rODWtrP8XEIreDkS/RbxiPAB601227m5aDPNGUaXNMTkUG9RxtpdE6
YZn5Uijt7bPBlFubxg3933y49BRPfBcA4iJ+PpgclwiW9b3ReVK9luIfrYUUrFTC
dymmlMRqz6nhEWInLDwb5K38dWplcX3pu6Dt97TSmB6yq/9ZAKCeW5gEGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA/2BGArdRBF9YXtSQCf5GFI0ia7MB8GA1UdIwQY
MBaAFFdrIvJ5BZdIS/lpFag1Q8GUs/0eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjJzaThua0ZsMGhMLVdrVnFEVkR3WlN6X1I0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS82ZWZhYzQtZDc1YS00MjVkLTkxNTct
YWVlNmViMjg1MTRkLzEvRF9ZRVlDdDFFRVgxaGUxSkFKX2tZVWpTSnJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS82ZWZhYzQtZDc1YS00MjVkLTkxNTctYWVlNmViMjg1MTRk
LzEvVjJzaThua0ZsMGhMLVdrVnFEVkR3WlN6X1I0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+U8MA0G
CSqGSIb3DQEBCwUAA4IBAQBM5Z78qOLGuK4MTwv1GH9R5zFYilILKJhLBYidqMc4
gYC6jZVdumGfPC6V/Eo8bYSbXHaoWfMK3U9+nlW3CvqID/t48JFAiJQi7pstResj
ZhvBeY2ZYDwUu/E1CrlhldqQIkR5IpI0XMPLwKyH5I+fYHIrb2zlzPJuzLGPvhbX
0/sbEzEs6iynNhIfIq5ndLawcMn/euQ8uncN9fSP306KHmp/mAl45tvUCojMTh7Z
spY+mxqNp2ZHj9n+tXeOywBkLaNYBvzHo5T5Pkf2U2I1GtTytJp3NG57T3AZ1IX1
eAQtoTiungx4bGuki4DvUAvjx++BV890M6mtoxZes+De
-----END CERTIFICATE-----