Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/a3e46f-7e5a-4663-bd63-dc0966669609/1/y6YfvyghKYS9wkzpFCRb0jD0T0c.roa
File:                     y6YfvyghKYS9wkzpFCRb0jD0T0c.roa (raw, json)
Hash identifier:          dVLNE38ZUig5AnOto1YGHm1iyc5G+NBi2yiyltM3blk=
Subject key identifier:   CB:A6:1F:BF:28:21:29:84:BD:C2:4C:E9:14:24:5B:D2:30:F4:4F:47
Certificate issuer:       /CN=9ea1425225410c93211d08758fcdaf0f7aa1ccaa
Certificate serial:       018E2EBDF721FB8348A1CC130B38498AA75E
Authority key identifier: 9E:A1:42:52:25:41:0C:93:21:1D:08:75:8F:CD:AF:0F:7A:A1:CC:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nqFCUiVBDJMhHQh1j82vD3qhzKo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/a3e46f-7e5a-4663-bd63-dc0966669609/1/y6YfvyghKYS9wkzpFCRb0jD0T0c.roa
Signing time:             Mon 11 Mar 2024 18:19:45 +0000
ROA not before:           Mon 11 Mar 2024 18:19:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208091
IP address blocks:        91.247.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/a3e46f-7e5a-4663-bd63-dc0966669609/1/nqFCUiVBDJMhHQh1j82vD3qhzKo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/a3e46f-7e5a-4663-bd63-dc0966669609/1/nqFCUiVBDJMhHQh1j82vD3qhzKo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nqFCUiVBDJMhHQh1j82vD3qhzKo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2e:bd:f7:21:fb:83:48:a1:cc:13:0b:38:49:8a:a7:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ea1425225410c93211d08758fcdaf0f7aa1ccaa
        Validity
            Not Before: Mar 11 18:19:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cba61fbf28212984bdc24ce914245bd230f44f47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d9:26:20:4b:50:13:a8:9b:52:4d:5f:95:c4:
                    28:95:51:79:43:8b:a6:7f:fd:42:d3:67:28:40:f6:
                    f1:de:66:b6:5c:fe:e5:3f:59:06:c2:2b:59:0c:8c:
                    7d:76:42:f0:39:e7:34:0e:4e:3a:24:28:c6:a8:98:
                    45:7d:ed:9e:09:45:9e:b7:11:7e:a4:48:f7:b1:51:
                    10:74:a3:47:12:1f:15:b8:f7:d7:d8:81:3d:c9:12:
                    93:b7:ef:c6:7a:f7:67:27:51:91:ce:6b:62:73:7d:
                    31:94:67:61:93:df:41:20:e8:3e:26:b4:96:ed:cf:
                    17:16:3a:34:c1:f0:11:12:7b:89:af:fb:5d:36:67:
                    88:6b:b6:fd:cb:c6:0c:c2:fc:8e:c7:aa:aa:cb:63:
                    4f:6d:c3:96:34:23:f8:ea:29:8d:cd:30:c4:02:c7:
                    9a:2b:e8:56:6d:4c:6b:46:14:ab:53:1b:02:ef:e7:
                    4f:30:82:63:de:d4:ac:98:31:50:f6:fc:31:19:f6:
                    8e:63:ff:d7:45:c8:d7:c5:29:f9:62:ac:8b:c9:60:
                    7a:49:4b:12:bd:f5:ac:07:d9:2b:23:15:43:24:63:
                    be:23:b7:21:a7:96:59:0a:e5:a7:96:9c:9b:3d:23:
                    36:b8:c3:cc:32:d5:be:88:d6:dd:1d:b3:31:94:3f:
                    68:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:A6:1F:BF:28:21:29:84:BD:C2:4C:E9:14:24:5B:D2:30:F4:4F:47
            X509v3 Authority Key Identifier:
                keyid:9E:A1:42:52:25:41:0C:93:21:1D:08:75:8F:CD:AF:0F:7A:A1:CC:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nqFCUiVBDJMhHQh1j82vD3qhzKo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/a3e46f-7e5a-4663-bd63-dc0966669609/1/y6YfvyghKYS9wkzpFCRb0jD0T0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/a3e46f-7e5a-4663-bd63-dc0966669609/1/nqFCUiVBDJMhHQh1j82vD3qhzKo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.247.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:b5:2f:5d:65:37:b8:51:a7:6a:1d:fe:1e:62:72:0e:91:46:
         99:57:eb:31:e9:36:3d:c2:48:1d:91:66:d2:aa:20:80:9c:45:
         2f:2d:2c:ff:0e:c7:d0:f4:c0:f2:18:67:17:58:7e:ef:4c:14:
         16:b4:f4:44:4d:44:90:23:3f:f0:80:42:5d:4f:7d:7c:80:64:
         8a:43:5c:fc:83:61:d9:28:5c:47:1f:b7:e3:ed:1e:42:d4:f5:
         37:5f:90:d3:f5:8b:95:06:e9:8a:67:37:f3:28:9e:7c:17:5a:
         64:55:4a:aa:97:22:ed:ae:ef:78:b3:a0:e9:5d:b5:68:37:37:
         4e:ac:3a:2e:3d:76:bb:ba:10:b4:ec:90:4d:98:4e:8c:ec:ec:
         4d:0a:97:15:1f:3d:a1:cd:0a:24:11:b0:8b:cc:90:c8:e3:d9:
         a2:a1:39:45:7d:49:e6:6e:3f:3d:55:4b:68:51:0f:dd:89:5d:
         e1:87:24:67:78:bb:11:f3:d8:0b:37:a2:fa:53:74:1c:56:34:
         52:bf:45:46:71:93:bc:1f:d4:c3:a7:8c:04:65:8e:3a:2e:00:
         1d:71:dc:bd:f7:24:b4:20:97:b4:b8:2a:06:80:94:55:20:fa:
         99:3e:da:29:ab:a8:b6:8d:13:1a:3f:02:f1:65:67:41:28:9f:
         0e:ba:44:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4uvfch+4NIocwTCzhJiqdeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllYTE0MjUyMjU0MTBjOTMyMTFkMDg3NThmY2RhZjBmN2Fh
MWNjYWEwHhcNMjQwMzExMTgxOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmE2MWZiZjI4MjEyOTg0YmRjMjRjZTkxNDI0NWJkMjMwZjQ0ZjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNkmIEtQE6ibUk1flcQolVF5Q4um
f/1C02coQPbx3ma2XP7lP1kGwitZDIx9dkLwOec0Dk46JCjGqJhFfe2eCUWetxF+
pEj3sVEQdKNHEh8VuPfX2IE9yRKTt+/GevdnJ1GRzmtic30xlGdhk99BIOg+JrSW
7c8XFjo0wfAREnuJr/tdNmeIa7b9y8YMwvyOx6qqy2NPbcOWNCP46imNzTDEAsea
K+hWbUxrRhSrUxsC7+dPMIJj3tSsmDFQ9vwxGfaOY//XRcjXxSn5YqyLyWB6SUsS
vfWsB9krIxVDJGO+I7chp5ZZCuWnlpybPSM2uMPMMtW+iNbdHbMxlD9o+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMumH78oISmEvcJM6RQkW9Iw9E9HMB8GA1UdIwQY
MBaAFJ6hQlIlQQyTIR0IdY/Nrw96ocyqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnFGQ1VpVkJESk1oSFFoMWo4MnZEM3FoektvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9hM2U0NmYtN2U1YS00NjYzLWJkNjMt
ZGMwOTY2NjY5NjA5LzEveTZZZnZ5Z2hLWVM5d2t6cEZDUmIwakQwVDBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9hM2U0NmYtN2U1YS00NjYzLWJkNjMtZGMwOTY2NjY5NjA5
LzEvbnFGQ1VpVkJESk1oSFFoMWo4MnZEM3FoektvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/cmMA0G
CSqGSIb3DQEBCwUAA4IBAQCEtS9dZTe4UadqHf4eYnIOkUaZV+sx6TY9wkgdkWbS
qiCAnEUvLSz/DsfQ9MDyGGcXWH7vTBQWtPRETUSQIz/wgEJdT318gGSKQ1z8g2HZ
KFxHH7fj7R5C1PU3X5DT9YuVBumKZzfzKJ58F1pkVUqqlyLtru94s6DpXbVoNzdO
rDouPXa7uhC07JBNmE6M7OxNCpcVHz2hzQokEbCLzJDI49mioTlFfUnmbj89VUto
UQ/diV3hhyRneLsR89gLN6L6U3QcVjRSv0VGcZO8H9TDp4wEZY46LgAdcdy99yS0
IJe0uCoGgJRVIPqZPtopq6i2jRMaPwLxZWdBKJ8OukQw
-----END CERTIFICATE-----