Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/TN6LpiihCO64KxynZ4NJVxHitLo.roa
File:                     TN6LpiihCO64KxynZ4NJVxHitLo.roa (raw, json)
Hash identifier:          TJInYyfp8S670Dstl+vsNAwRS4AIYMlpg65MwpPI+S0=
Subject key identifier:   4C:DE:8B:A6:28:A1:08:EE:B8:2B:1C:A7:67:83:49:57:11:E2:B4:BA
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018FF19CFABFE36F3167839CE0287B66D36A
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/TN6LpiihCO64KxynZ4NJVxHitLo.roa
Signing time:             Fri 07 Jun 2024 07:32:27 +0000
ROA not before:           Fri 07 Jun 2024 07:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        91.186.200.0/23 maxlen: 24
                          91.186.202.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f1:9c:fa:bf:e3:6f:31:67:83:9c:e0:28:7b:66:d3:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jun  7 07:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4cde8ba628a108eeb82b1ca76783495711e2b4ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:74:54:d6:c7:56:8f:94:24:bd:29:6c:ce:12:
                    fa:ca:77:60:0d:34:28:81:e7:43:72:c2:da:88:da:
                    65:9c:85:d1:c3:33:21:a2:4e:a9:62:82:ee:be:ea:
                    e2:7d:80:cb:57:c5:b4:89:f8:98:15:75:c5:86:ed:
                    dd:1e:ba:64:4d:ac:10:7c:f1:d4:63:1a:5d:7b:7f:
                    d9:13:2f:67:6e:dc:5b:5a:1f:2c:b4:6f:81:76:2a:
                    c4:67:88:55:b6:27:d7:2b:80:5f:06:39:26:2f:da:
                    44:49:82:e2:bf:8d:03:bb:3b:cf:c4:7c:fe:50:b6:
                    3a:94:4e:c5:8e:93:e4:31:ba:e4:37:09:c9:c5:ca:
                    e6:14:c5:ee:ec:91:f1:a7:7d:01:d8:cb:45:06:4e:
                    8b:dd:52:82:78:9a:8e:2a:8e:b3:41:39:21:11:04:
                    dd:60:b5:08:f3:47:10:3b:7f:fc:bf:77:b4:38:72:
                    03:87:3b:3b:fc:24:a3:22:05:25:f0:15:5e:b6:c6:
                    50:46:d0:45:58:15:18:30:aa:94:04:3d:8d:e1:ea:
                    e6:bc:e4:c9:90:9f:56:cb:70:40:6b:8d:fd:6c:e9:
                    e6:67:10:ad:e4:65:4e:68:2f:f8:ff:74:6f:9d:01:
                    44:bc:49:f3:c1:61:b0:5b:92:ca:b1:95:53:26:71:
                    7d:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:DE:8B:A6:28:A1:08:EE:B8:2B:1C:A7:67:83:49:57:11:E2:B4:BA
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/TN6LpiihCO64KxynZ4NJVxHitLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.186.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:e9:40:07:55:80:e8:b7:d5:2d:25:38:50:a4:36:a5:ef:1c:
         1a:e8:85:ec:65:ff:c1:aa:ea:c5:47:24:c6:ab:00:6e:cd:df:
         42:02:c0:02:49:68:21:6d:69:92:77:fa:41:2e:e3:77:76:b5:
         5f:2a:56:d9:71:f8:36:1c:96:79:f8:30:a9:23:b6:bd:f3:ce:
         e6:5f:72:fd:38:ac:df:04:3b:9b:8f:dd:df:96:c4:3c:c2:eb:
         8b:73:23:5c:a7:32:a9:93:61:96:a0:c0:a1:a4:78:6a:7e:7c:
         58:0d:03:5a:a9:a7:9a:ef:99:54:85:cc:1f:14:11:b1:4d:b6:
         25:8a:96:00:50:11:6c:63:ea:4d:22:f2:9e:c2:69:ec:e7:7e:
         b7:b7:65:aa:bd:6a:21:0f:f5:a8:56:0c:13:a6:73:6b:1f:da:
         6b:dd:59:2d:3b:9e:e9:5e:e4:37:5a:27:90:47:52:88:b2:66:
         ac:cb:83:bc:16:48:43:03:0c:0b:83:73:2e:04:38:a1:96:2f:
         69:38:97:79:26:45:b8:8f:d2:4d:32:e6:69:7e:fe:17:cd:92:
         27:fa:2f:91:2d:92:c0:6c:de:bf:60:6e:78:39:b8:75:d2:b4:
         66:72:06:74:9e:0f:c0:ec:a1:58:6b:77:22:ef:2d:ab:f3:b4:
         26:ca:e8:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/xnPq/428xZ4Oc4Ch7ZtNqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwNjA3MDczMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2RlOGJhNjI4YTEwOGVlYjgyYjFjYTc2NzgzNDk1NzExZTJiNGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3RU1sdWj5QkvSlszhL6yndgDTQo
gedDcsLaiNplnIXRwzMhok6pYoLuvurifYDLV8W0ifiYFXXFhu3dHrpkTawQfPHU
Yxpde3/ZEy9nbtxbWh8stG+BdirEZ4hVtifXK4BfBjkmL9pESYLiv40DuzvPxHz+
ULY6lE7FjpPkMbrkNwnJxcrmFMXu7JHxp30B2MtFBk6L3VKCeJqOKo6zQTkhEQTd
YLUI80cQO3/8v3e0OHIDhzs7/CSjIgUl8BVetsZQRtBFWBUYMKqUBD2N4ermvOTJ
kJ9Wy3BAa439bOnmZxCt5GVOaC/4/3RvnQFEvEnzwWGwW5LKsZVTJnF9UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEzei6YooQjuuCscp2eDSVcR4rS6MB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvVE42THBpaWhDTzY0S3h5blo0TkpWeEhpdExvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW7rIMA0G
CSqGSIb3DQEBCwUAA4IBAQBg6UAHVYDot9UtJThQpDal7xwa6IXsZf/BqurFRyTG
qwBuzd9CAsACSWghbWmSd/pBLuN3drVfKlbZcfg2HJZ5+DCpI7a9887mX3L9OKzf
BDubj93flsQ8wuuLcyNcpzKpk2GWoMChpHhqfnxYDQNaqaea75lUhcwfFBGxTbYl
ipYAUBFsY+pNIvKewmns5363t2WqvWohD/WoVgwTpnNrH9pr3VktO57pXuQ3WieQ
R1KIsmasy4O8FkhDAwwLg3MuBDihli9pOJd5JkW4j9JNMuZpfv4XzZIn+i+RLZLA
bN6/YG54Obh10rRmcgZ0ng/A7KFYa3ci7y2r87QmyuiB
-----END CERTIFICATE-----