Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/t46Jprw7IljAC70OUeLkA3ChpvQ.roa
File:                     t46Jprw7IljAC70OUeLkA3ChpvQ.roa (raw, json)
Hash identifier:          kbb6pBmFgDoyWPpCEnIjaJrUJv+rfd3j1OFQPwCpPH0=
Subject key identifier:   B7:8E:89:A6:BC:3B:22:58:C0:0B:BD:0E:51:E2:E4:03:70:A1:A6:F4
Certificate issuer:       /CN=f6090b4db06a4d65935141bac98098127a8b8f5a
Certificate serial:       018CC4936A81810FD4AFFAFF7562B740C37A
Authority key identifier: F6:09:0B:4D:B0:6A:4D:65:93:51:41:BA:C9:80:98:12:7A:8B:8F:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9gkLTbBqTWWTUUG6yYCYEnqLj1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/t46Jprw7IljAC70OUeLkA3ChpvQ.roa
Signing time:             Mon 01 Jan 2024 10:30:44 +0000
ROA not before:           Mon 01 Jan 2024 10:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206804
IP address blocks:        185.90.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/9gkLTbBqTWWTUUG6yYCYEnqLj1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/9gkLTbBqTWWTUUG6yYCYEnqLj1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9gkLTbBqTWWTUUG6yYCYEnqLj1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:02:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6a:81:81:0f:d4:af:fa:ff:75:62:b7:40:c3:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6090b4db06a4d65935141bac98098127a8b8f5a
        Validity
            Not Before: Jan  1 10:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b78e89a6bc3b2258c00bbd0e51e2e40370a1a6f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:e1:cd:79:5d:d3:ef:35:3e:95:b7:5c:2e:f2:
                    a2:c6:68:c2:a8:fa:62:59:ad:4f:88:d4:df:1c:fa:
                    df:42:e3:e0:69:06:7e:e9:2f:e8:33:ed:be:ac:34:
                    d1:3a:13:bc:c8:99:4d:09:a3:e4:1d:4e:b9:3a:11:
                    dc:38:f4:7a:c5:b7:ed:72:97:bd:5f:22:6c:f5:43:
                    e9:fd:4c:6e:3a:99:8a:e3:42:f9:cd:07:a7:6c:72:
                    2f:f3:cd:14:49:7b:bc:b4:e7:d8:cc:a2:44:b1:94:
                    68:b2:74:72:d3:38:ed:56:98:07:e5:15:b2:ab:73:
                    b1:b5:96:77:26:31:08:65:59:58:b3:d7:65:13:de:
                    91:63:71:f7:51:88:40:22:bf:88:06:13:83:8c:5f:
                    73:64:52:3c:ed:f4:4a:98:17:1a:4f:60:f5:1e:d6:
                    ec:f8:86:55:ea:d4:eb:18:78:af:4b:ea:ab:95:35:
                    05:ab:4c:54:16:00:8a:98:b1:38:9d:07:62:13:c1:
                    bc:d8:72:f3:e7:b5:c3:c7:5d:8b:6d:fc:6d:10:37:
                    04:33:a6:19:9e:5b:62:53:90:de:77:26:58:97:8e:
                    d3:2c:87:fe:42:0c:23:9b:ee:e8:a5:0d:e5:7a:be:
                    9a:22:0a:12:0b:be:e1:35:dc:72:ff:f2:60:0b:cf:
                    9d:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:8E:89:A6:BC:3B:22:58:C0:0B:BD:0E:51:E2:E4:03:70:A1:A6:F4
            X509v3 Authority Key Identifier:
                keyid:F6:09:0B:4D:B0:6A:4D:65:93:51:41:BA:C9:80:98:12:7A:8B:8F:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9gkLTbBqTWWTUUG6yYCYEnqLj1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/t46Jprw7IljAC70OUeLkA3ChpvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/9gkLTbBqTWWTUUG6yYCYEnqLj1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.90.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:5a:e1:9c:f5:a4:5a:38:48:68:d1:9f:c4:68:3d:2b:eb:02:
         87:54:ac:de:5f:5c:9f:bd:5f:98:4b:18:a9:ab:50:66:ac:64:
         95:f6:15:39:50:af:9c:8e:3f:4f:4f:38:9c:31:e4:db:0b:71:
         c2:c8:24:6e:f0:d2:c2:42:52:2c:d7:04:be:c7:a6:34:7c:82:
         cf:ce:45:af:22:3b:9b:99:97:45:0d:20:51:1a:9e:36:86:55:
         c2:67:61:4f:67:5a:92:da:db:7a:5f:1f:b0:48:c8:d5:90:e9:
         9d:18:80:ac:ec:10:95:f5:68:b4:7b:92:ab:f5:2a:7c:b8:f1:
         ec:5b:84:e7:29:97:1f:60:ad:03:64:dc:7f:2c:0b:eb:02:34:
         42:fe:d6:0a:a4:f8:80:d6:4a:a8:23:9c:f3:e5:d9:ee:f9:85:
         20:dc:b3:b3:e1:51:24:50:c6:bf:89:cc:56:35:da:23:7f:fb:
         80:0a:c4:7a:90:23:f6:b9:c5:94:36:d8:d8:1e:4e:61:c0:33:
         c0:a9:89:65:69:55:a6:ac:ee:e7:86:bb:b0:55:01:f1:55:85:
         27:3d:00:c1:64:8d:2b:cc:4d:ea:86:ef:0c:ff:1c:75:13:b7:
         7e:d0:ce:63:52:3a:32:81:b1:31:ab:e0:c5:b3:a0:bb:6d:21:
         92:7f:5c:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk2qBgQ/Ur/r/dWK3QMN6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MDkwYjRkYjA2YTRkNjU5MzUxNDFiYWM5ODA5ODEyN2E4
YjhmNWEwHhcNMjQwMTAxMTAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzhlODlhNmJjM2IyMjU4YzAwYmJkMGU1MWUyZTQwMzcwYTFhNmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkeHNeV3T7zU+lbdcLvKixmjCqPpi
Wa1PiNTfHPrfQuPgaQZ+6S/oM+2+rDTROhO8yJlNCaPkHU65OhHcOPR6xbftcpe9
XyJs9UPp/UxuOpmK40L5zQenbHIv880USXu8tOfYzKJEsZRosnRy0zjtVpgH5RWy
q3OxtZZ3JjEIZVlYs9dlE96RY3H3UYhAIr+IBhODjF9zZFI87fRKmBcaT2D1Htbs
+IZV6tTrGHivS+qrlTUFq0xUFgCKmLE4nQdiE8G82HLz57XDx12LbfxtEDcEM6YZ
nltiU5DedyZYl47TLIf+Qgwjm+7opQ3ler6aIgoSC77hNdxy//JgC8+dsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLeOiaa8OyJYwAu9DlHi5ANwoab0MB8GA1UdIwQY
MBaAFPYJC02wak1lk1FBusmAmBJ6i49aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWdrTFRiQnFUV1dUVVVHNnlZQ1lFbnFMajFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yZGM3YWYtMmM4Yy00NTdiLWFlYjAt
NGUxZGMxNTA1MjYwLzEvdDQ2SnBydzdJbGpBQzcwT1VlTGtBM0NocHZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yZGM3YWYtMmM4Yy00NTdiLWFlYjAtNGUxZGMxNTA1MjYw
LzEvOWdrTFRiQnFUV1dUVVVHNnlZQ1lFbnFMajFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVo8MA0G
CSqGSIb3DQEBCwUAA4IBAQAYWuGc9aRaOEho0Z/EaD0r6wKHVKzeX1yfvV+YSxip
q1BmrGSV9hU5UK+cjj9PTzicMeTbC3HCyCRu8NLCQlIs1wS+x6Y0fILPzkWvIjub
mZdFDSBRGp42hlXCZ2FPZ1qS2tt6Xx+wSMjVkOmdGICs7BCV9Wi0e5Kr9Sp8uPHs
W4TnKZcfYK0DZNx/LAvrAjRC/tYKpPiA1kqoI5zz5dnu+YUg3LOz4VEkUMa/icxW
Ndojf/uACsR6kCP2ucWUNtjYHk5hwDPAqYllaVWmrO7nhruwVQHxVYUnPQDBZI0r
zE3qhu8M/xx1E7d+0M5jUjoygbExq+DFs6C7bSGSf1yp
-----END CERTIFICATE-----