Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/dc9c6a-550a-4ee1-b4fc-543776f7c92e/1/6aj2R7bmASdUTCciJYqczQkmhuQ.roa
File:                     6aj2R7bmASdUTCciJYqczQkmhuQ.roa (raw, json)
Hash identifier:          iQEK4lZpStFx+1II/cSDyJcG/VEeWRKBaMNHmYG12zo=
Subject key identifier:   E9:A8:F6:47:B6:E6:01:27:54:4C:27:22:25:8A:9C:CD:09:26:86:E4
Certificate issuer:       /CN=8b1db644ea0e2749dd6ed022aecd12194bcb96f2
Certificate serial:       018CC86F581F58AD1BBF945F2C31861D43EF
Authority key identifier: 8B:1D:B6:44:EA:0E:27:49:DD:6E:D0:22:AE:CD:12:19:4B:CB:96:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ix22ROoOJ0ndbtAirs0SGUvLlvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/dc9c6a-550a-4ee1-b4fc-543776f7c92e/1/6aj2R7bmASdUTCciJYqczQkmhuQ.roa
Signing time:             Tue 02 Jan 2024 04:29:49 +0000
ROA not before:           Tue 02 Jan 2024 04:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47545
IP address blocks:        91.208.22.0/24 maxlen: 24
                          2001:67c:2114::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/dc9c6a-550a-4ee1-b4fc-543776f7c92e/1/ix22ROoOJ0ndbtAirs0SGUvLlvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/dc9c6a-550a-4ee1-b4fc-543776f7c92e/1/ix22ROoOJ0ndbtAirs0SGUvLlvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ix22ROoOJ0ndbtAirs0SGUvLlvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:58:1f:58:ad:1b:bf:94:5f:2c:31:86:1d:43:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b1db644ea0e2749dd6ed022aecd12194bcb96f2
        Validity
            Not Before: Jan  2 04:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9a8f647b6e60127544c2722258a9ccd092686e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:45:21:b0:2a:f2:7b:6b:fa:0f:dd:c5:cd:e2:
                    84:70:f8:0f:91:14:48:89:49:93:e6:33:7b:7a:cd:
                    c7:cd:9f:56:7e:45:de:c0:9d:07:bb:79:f6:81:1a:
                    15:16:fe:62:9d:4d:af:0d:e3:0f:a4:8b:e9:b3:c3:
                    ec:38:42:e2:b9:46:cb:6b:b2:3a:32:57:02:00:1d:
                    94:b8:ff:f1:2c:e1:33:2b:b9:da:b1:63:39:23:ec:
                    83:7d:aa:f9:6d:49:34:3e:9c:35:ba:e9:44:ff:63:
                    8c:98:ea:2c:8c:07:38:1d:ce:ec:98:1d:39:f6:b9:
                    b8:fd:98:9d:5c:a6:c4:2b:f0:f6:7d:c2:cf:83:75:
                    31:4f:54:3f:a4:e4:a0:3f:2a:d2:6a:5d:f0:dd:68:
                    81:79:ac:61:91:b7:c6:8f:c4:06:39:06:4f:ed:43:
                    ad:eb:f1:5a:0b:82:55:95:b4:9c:b2:0d:28:35:c2:
                    21:7f:10:a3:e8:39:ad:72:8e:03:0e:b6:2e:3f:4c:
                    a7:28:38:af:f6:1d:4c:d3:96:eb:1e:c6:e9:7f:9a:
                    a5:e4:37:e7:59:74:aa:5c:1d:32:fb:0a:aa:fb:34:
                    26:b7:4b:49:95:2a:f6:6f:69:ef:74:2e:af:37:60:
                    51:c4:81:df:38:2c:2e:13:db:ca:1d:84:1d:f1:ba:
                    b6:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:A8:F6:47:B6:E6:01:27:54:4C:27:22:25:8A:9C:CD:09:26:86:E4
            X509v3 Authority Key Identifier:
                keyid:8B:1D:B6:44:EA:0E:27:49:DD:6E:D0:22:AE:CD:12:19:4B:CB:96:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ix22ROoOJ0ndbtAirs0SGUvLlvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/dc9c6a-550a-4ee1-b4fc-543776f7c92e/1/6aj2R7bmASdUTCciJYqczQkmhuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/dc9c6a-550a-4ee1-b4fc-543776f7c92e/1/ix22ROoOJ0ndbtAirs0SGUvLlvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.22.0/24
                IPv6:
                  2001:67c:2114::/48

    Signature Algorithm: sha256WithRSAEncryption
         23:82:d4:d6:79:d6:4f:fc:d0:f9:9d:63:a6:71:df:d4:b7:7d:
         00:54:b9:15:aa:b8:48:bd:58:a2:e1:44:83:88:c0:3c:03:cd:
         fc:e3:21:87:fa:e6:e3:61:40:16:9e:97:f5:47:72:0f:6f:7e:
         e6:6d:b9:1c:55:77:62:3c:29:48:c0:94:a6:de:c9:79:be:49:
         08:5d:e0:c6:5d:c1:9c:84:18:04:87:1b:42:05:f7:ef:32:50:
         eb:d8:9f:d3:96:a4:a4:9c:4a:eb:10:21:b3:6d:29:ae:5c:cf:
         0b:45:65:c6:4d:3e:74:03:e2:89:77:c0:b1:7a:9e:b6:af:cd:
         f6:30:43:3f:d9:99:f2:3b:3b:cd:fe:96:f4:e1:8f:1e:19:5e:
         09:74:83:fe:67:35:5f:70:79:44:82:a8:db:77:6b:83:89:af:
         3b:bb:ff:7f:10:6b:bc:c7:53:a2:b6:cc:95:bf:98:8b:ca:0e:
         6b:86:11:fd:08:a7:17:a0:c3:0a:f0:cf:b1:55:0c:fa:b7:74:
         00:49:82:be:d1:4d:3a:d3:92:51:a2:ab:7b:7e:5b:59:2f:45:
         8e:14:77:29:6f:ac:5a:5f:8c:de:a1:e2:34:5a:79:4e:2b:ee:
         66:9a:fd:70:cb:0a:22:88:fd:f7:42:30:0f:e1:53:d0:67:3b:
         28:0d:85:84
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIb1gfWK0bv5RfLDGGHUPvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMWRiNjQ0ZWEwZTI3NDlkZDZlZDAyMmFlY2QxMjE5NGJj
Yjk2ZjIwHhcNMjQwMTAyMDQyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWE4ZjY0N2I2ZTYwMTI3NTQ0YzI3MjIyNThhOWNjZDA5MjY4NmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEUhsCrye2v6D93FzeKEcPgPkRRI
iUmT5jN7es3HzZ9WfkXewJ0Hu3n2gRoVFv5inU2vDeMPpIvps8PsOELiuUbLa7I6
MlcCAB2UuP/xLOEzK7nasWM5I+yDfar5bUk0Ppw1uulE/2OMmOosjAc4Hc7smB05
9rm4/ZidXKbEK/D2fcLPg3UxT1Q/pOSgPyrSal3w3WiBeaxhkbfGj8QGOQZP7UOt
6/FaC4JVlbScsg0oNcIhfxCj6Dmtco4DDrYuP0ynKDiv9h1M05brHsbpf5ql5Dfn
WXSqXB0y+wqq+zQmt0tJlSr2b2nvdC6vN2BRxIHfOCwuE9vKHYQd8bq2JwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOmo9ke25gEnVEwnIiWKnM0JJobkMB8GA1UdIwQY
MBaAFIsdtkTqDidJ3W7QIq7NEhlLy5byMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXgyMlJPb09KMG5kYnRBaXJzMFNHVXZMbHZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9kYzljNmEtNTUwYS00ZWUxLWI0ZmMt
NTQzNzc2ZjdjOTJlLzEvNmFqMlI3Ym1BU2RVVENjaUpZcWN6UWttaHVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9kYzljNmEtNTUwYS00ZWUxLWI0ZmMtNTQzNzc2ZjdjOTJl
LzEvaXgyMlJPb09KMG5kYnRBaXJzMFNHVXZMbHZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9AWMA8E
AgACMAkDBwAgAQZ8IRQwDQYJKoZIhvcNAQELBQADggEBACOC1NZ51k/80PmdY6Zx
39S3fQBUuRWquEi9WKLhRIOIwDwDzfzjIYf65uNhQBael/VHcg9vfuZtuRxVd2I8
KUjAlKbeyXm+SQhd4MZdwZyEGASHG0IF9+8yUOvYn9OWpKScSusQIbNtKa5czwtF
ZcZNPnQD4ol3wLF6nravzfYwQz/ZmfI7O83+lvThjx4ZXgl0g/5nNV9weUSCqNt3
a4OJrzu7/38Qa7zHU6K2zJW/mIvKDmuGEf0Ipxegwwrwz7FVDPq3dABJgr7RTTrT
klGiq3t+W1kvRY4UdylvrFpfjN6h4jRaeU4r7maa/XDLCiKI/fdCMA/hU9BnOygN
hYQ=
-----END CERTIFICATE-----