Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/87f973-ea6e-47df-b1b0-df3138b434c8/1/xtR6W7mC3WW3eyee85HtiuDx77M.roa
File:                     xtR6W7mC3WW3eyee85HtiuDx77M.roa (raw, json)
Hash identifier:          4XZoqHMGs7CPvobzpJc98g+xmplusYSGbCHx5rsJt5o=
Subject key identifier:   C6:D4:7A:5B:B9:82:DD:65:B7:7B:27:9E:F3:91:ED:8A:E0:F1:EF:B3
Certificate issuer:       /CN=d1c81c62d3942033d0a74044b0c5a4f113e43df3
Certificate serial:       018CC6B8092C74167C3220D2E100F170A093
Authority key identifier: D1:C8:1C:62:D3:94:20:33:D0:A7:40:44:B0:C5:A4:F1:13:E4:3D:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0cgcYtOUIDPQp0BEsMWk8RPkPfM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/87f973-ea6e-47df-b1b0-df3138b434c8/1/xtR6W7mC3WW3eyee85HtiuDx77M.roa
Signing time:             Mon 01 Jan 2024 20:29:58 +0000
ROA not before:           Mon 01 Jan 2024 20:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58194
IP address blocks:        91.239.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/87f973-ea6e-47df-b1b0-df3138b434c8/1/0cgcYtOUIDPQp0BEsMWk8RPkPfM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/87f973-ea6e-47df-b1b0-df3138b434c8/1/0cgcYtOUIDPQp0BEsMWk8RPkPfM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0cgcYtOUIDPQp0BEsMWk8RPkPfM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:02:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:09:2c:74:16:7c:32:20:d2:e1:00:f1:70:a0:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1c81c62d3942033d0a74044b0c5a4f113e43df3
        Validity
            Not Before: Jan  1 20:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6d47a5bb982dd65b77b279ef391ed8ae0f1efb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:f9:c1:f0:8f:d0:f7:d8:ae:22:02:2a:bc:a1:
                    e0:88:1e:0b:79:21:e8:0d:7e:05:2a:28:ba:ce:a3:
                    1e:ef:96:bc:0e:85:5f:76:94:a5:ea:79:11:c1:6a:
                    1e:a1:9a:f7:3b:59:94:dc:ca:21:91:40:30:10:f6:
                    16:4b:1e:d0:dd:e3:c5:bd:89:a3:19:ca:b9:55:89:
                    b6:d8:97:08:40:27:a0:80:f9:c8:d9:de:48:c8:7d:
                    c4:b9:14:80:a7:d3:70:82:da:7b:d5:0a:98:ff:2c:
                    1c:3d:d8:77:0a:e9:7b:6c:5f:46:c4:54:33:50:21:
                    98:ae:ee:5f:e4:0f:8b:b2:f7:dc:7c:86:a1:4c:56:
                    f6:41:5d:f3:54:c0:83:75:b3:bc:e8:7a:c7:5f:80:
                    71:06:70:61:69:36:fe:04:c0:91:13:ed:9a:fd:74:
                    79:f1:b6:07:05:37:f1:cc:b4:d6:44:16:48:49:93:
                    3d:7e:2d:34:0c:f2:06:fe:8b:95:32:d4:28:b9:ce:
                    0e:a6:c5:38:d2:35:cf:16:12:83:ad:25:ef:2e:4e:
                    14:8f:06:e5:1b:a4:33:8d:c3:2e:fb:8b:45:90:41:
                    89:4e:ed:6f:ce:f2:f3:9f:38:2b:af:67:0e:4d:88:
                    3a:b5:17:8d:f4:1f:5a:52:69:95:b9:5c:30:b6:a2:
                    67:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:D4:7A:5B:B9:82:DD:65:B7:7B:27:9E:F3:91:ED:8A:E0:F1:EF:B3
            X509v3 Authority Key Identifier:
                keyid:D1:C8:1C:62:D3:94:20:33:D0:A7:40:44:B0:C5:A4:F1:13:E4:3D:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0cgcYtOUIDPQp0BEsMWk8RPkPfM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/87f973-ea6e-47df-b1b0-df3138b434c8/1/xtR6W7mC3WW3eyee85HtiuDx77M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/87f973-ea6e-47df-b1b0-df3138b434c8/1/0cgcYtOUIDPQp0BEsMWk8RPkPfM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:67:96:f5:ab:18:c9:78:89:97:d3:02:27:7a:a0:61:65:c1:
         e0:67:ab:73:05:92:ab:8c:63:d2:a2:da:7f:24:20:01:89:1b:
         40:6d:32:2c:7c:d0:88:05:5b:ba:8e:f2:d7:f2:de:d8:00:58:
         37:32:f8:10:aa:b9:06:65:7e:b1:65:57:ef:8c:e2:d4:69:07:
         e4:2f:63:62:6c:50:85:8d:73:04:53:32:92:21:28:de:31:8a:
         44:04:f4:d9:4d:ad:0d:f5:0c:80:00:2d:f6:0e:11:56:5d:b3:
         55:6e:21:7e:f2:29:96:68:03:12:57:f2:71:d3:f3:2b:ae:0a:
         5e:6d:a9:2c:bc:dd:86:21:91:85:f9:2b:8d:be:58:4d:2d:4a:
         a7:01:96:90:2d:36:0f:43:70:a7:b2:68:b2:3d:7d:49:33:d5:
         e8:0d:2d:a6:31:55:64:2b:06:0a:bc:69:e0:94:f4:9b:f5:82:
         16:e6:b6:e6:ce:e9:d7:47:a7:c6:fc:96:9f:90:d6:d2:4d:a5:
         a0:2b:68:83:4a:82:98:b1:39:96:ba:a5:e4:44:77:c4:fa:49:
         46:58:56:89:6e:2e:e3:f4:bd:1c:38:3c:66:21:e0:db:b1:47:
         2a:6c:7a:a5:60:63:56:75:2d:e5:59:9d:95:22:4d:26:ed:ba:
         9c:87:26:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuAksdBZ8MiDS4QDxcKCTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxYzgxYzYyZDM5NDIwMzNkMGE3NDA0NGIwYzVhNGYxMTNl
NDNkZjMwHhcNMjQwMTAxMjAyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmQ0N2E1YmI5ODJkZDY1Yjc3YjI3OWVmMzkxZWQ4YWUwZjFlZmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvnB8I/Q99iuIgIqvKHgiB4LeSHo
DX4FKii6zqMe75a8DoVfdpSl6nkRwWoeoZr3O1mU3MohkUAwEPYWSx7Q3ePFvYmj
Gcq5VYm22JcIQCeggPnI2d5IyH3EuRSAp9Nwgtp71QqY/ywcPdh3Cul7bF9GxFQz
UCGYru5f5A+LsvfcfIahTFb2QV3zVMCDdbO86HrHX4BxBnBhaTb+BMCRE+2a/XR5
8bYHBTfxzLTWRBZISZM9fi00DPIG/ouVMtQouc4OpsU40jXPFhKDrSXvLk4Ujwbl
G6QzjcMu+4tFkEGJTu1vzvLznzgrr2cOTYg6tReN9B9aUmmVuVwwtqJnlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMbUelu5gt1lt3snnvOR7Yrg8e+zMB8GA1UdIwQY
MBaAFNHIHGLTlCAz0KdARLDFpPET5D3zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGNnY1l0T1VJRFBRcDBCRXNNV2s4UlBrUGZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi84N2Y5NzMtZWE2ZS00N2RmLWIxYjAt
ZGYzMTM4YjQzNGM4LzEveHRSNlc3bUMzV1czZXllZTg1SHRpdUR4NzdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi84N2Y5NzMtZWE2ZS00N2RmLWIxYjAtZGYzMTM4YjQzNGM4
LzEvMGNnY1l0T1VJRFBRcDBCRXNNV2s4UlBrUGZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW++wMA0G
CSqGSIb3DQEBCwUAA4IBAQCoZ5b1qxjJeImX0wIneqBhZcHgZ6tzBZKrjGPSotp/
JCABiRtAbTIsfNCIBVu6jvLX8t7YAFg3MvgQqrkGZX6xZVfvjOLUaQfkL2NibFCF
jXMEUzKSISjeMYpEBPTZTa0N9QyAAC32DhFWXbNVbiF+8imWaAMSV/Jx0/Mrrgpe
baksvN2GIZGF+SuNvlhNLUqnAZaQLTYPQ3CnsmiyPX1JM9XoDS2mMVVkKwYKvGng
lPSb9YIW5rbmzunXR6fG/JafkNbSTaWgK2iDSoKYsTmWuqXkRHfE+klGWFaJbi7j
9L0cODxmIeDbsUcqbHqlYGNWdS3lWZ2VIk0m7bqchyY9
-----END CERTIFICATE-----