Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/y6Rwtx86gdhAceApWSVIyGHe2Vs.roa
File:                     y6Rwtx86gdhAceApWSVIyGHe2Vs.roa (raw, json)
Hash identifier:          veuqizgd4MvSyDHw6G+3HZzUjstsMHA2h1zx4T22lLY=
Subject key identifier:   CB:A4:70:B7:1F:3A:81:D8:40:71:E0:29:59:25:48:C8:61:DE:D9:5B
Certificate issuer:       /CN=361adf57c8dcb7bfd34e9aecd83e36342ec3a3c9
Certificate serial:       019056BD351A3F7BCEA1E1E6DE9AD067A1D2
Authority key identifier: 36:1A:DF:57:C8:DC:B7:BF:D3:4E:9A:EC:D8:3E:36:34:2E:C3:A3:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NhrfV8jct7_TTprs2D42NC7Do8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/y6Rwtx86gdhAceApWSVIyGHe2Vs.roa
Signing time:             Wed 26 Jun 2024 22:49:18 +0000
ROA not before:           Wed 26 Jun 2024 22:49:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        91.239.147.0/24 maxlen: 24
                          2001:67c:1240::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/NhrfV8jct7_TTprs2D42NC7Do8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/NhrfV8jct7_TTprs2D42NC7Do8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NhrfV8jct7_TTprs2D42NC7Do8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:56:bd:35:1a:3f:7b:ce:a1:e1:e6:de:9a:d0:67:a1:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=361adf57c8dcb7bfd34e9aecd83e36342ec3a3c9
        Validity
            Not Before: Jun 26 22:49:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cba470b71f3a81d84071e029592548c861ded95b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:65:52:e4:b7:c8:14:ca:e3:ae:5e:4f:0a:2f:
                    e8:2c:b3:af:7f:f2:64:aa:07:30:87:6a:c7:8a:e0:
                    90:25:0f:18:43:45:1d:09:83:92:eb:83:64:86:9a:
                    f6:f7:47:53:e1:44:70:82:4e:f1:d2:5c:46:49:4b:
                    fb:57:4b:7e:a6:98:1f:7b:0f:0d:ec:a7:b5:05:f8:
                    8d:dc:56:45:cf:fb:9a:82:58:5e:2d:f5:5b:13:7f:
                    f8:84:18:1e:a4:f7:f4:9d:db:6a:3c:13:64:5c:63:
                    52:92:c0:9b:33:bb:51:b0:35:9a:d2:94:5f:d2:62:
                    d9:41:f4:f6:4c:99:ea:86:be:96:67:71:30:be:ab:
                    64:de:98:20:fb:92:25:5a:3e:15:71:d0:e0:4b:64:
                    e1:ba:ea:b8:71:6c:12:a6:83:7d:68:98:e1:a8:42:
                    4e:55:47:d3:7c:3b:69:db:b2:1a:7b:16:eb:af:fa:
                    1c:be:08:7b:4c:36:ab:e8:b7:15:be:26:d4:4a:24:
                    2b:9b:ea:1d:4b:7c:5d:38:c1:cc:d1:7a:48:80:89:
                    7b:48:42:8f:8a:ac:d2:de:fb:01:5d:f1:2e:04:54:
                    bc:d5:a9:58:37:b2:82:8f:8c:b8:43:3a:32:3a:84:
                    ce:0f:f7:7f:a0:05:d6:76:68:1e:34:37:95:f0:ea:
                    c2:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:A4:70:B7:1F:3A:81:D8:40:71:E0:29:59:25:48:C8:61:DE:D9:5B
            X509v3 Authority Key Identifier:
                keyid:36:1A:DF:57:C8:DC:B7:BF:D3:4E:9A:EC:D8:3E:36:34:2E:C3:A3:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NhrfV8jct7_TTprs2D42NC7Do8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/y6Rwtx86gdhAceApWSVIyGHe2Vs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/NhrfV8jct7_TTprs2D42NC7Do8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.147.0/24
                IPv6:
                  2001:67c:1240::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:55:7f:24:bc:c8:6b:23:ac:6a:f2:47:31:87:e9:b1:47:a3:
         27:b1:9d:25:e6:7f:26:b3:65:c4:ee:7c:b9:24:13:e0:8c:b8:
         f2:94:0d:0e:06:38:19:3d:3b:c5:b7:f6:5f:e8:c7:3c:25:39:
         4b:3b:42:cb:aa:27:f1:e9:8d:19:94:bb:2a:fa:55:86:3b:f4:
         9b:fa:96:38:3f:ac:77:c2:93:30:e7:54:07:a0:a4:57:04:b1:
         13:f1:55:6f:ef:fb:b2:c5:cb:f8:ee:d7:0f:7f:b7:65:6c:4e:
         a4:95:f9:d5:e8:7c:3c:fd:03:62:69:60:dc:c4:c8:4a:2d:a6:
         be:24:23:5c:b4:fb:94:b0:f0:61:3a:4c:b1:e8:f7:18:cb:6b:
         3e:3f:f9:12:18:51:72:af:51:10:50:58:94:03:98:a9:2b:d6:
         76:52:18:3d:77:5b:15:f2:0d:fe:c4:81:73:b3:5b:fd:17:66:
         a7:1d:14:2c:e6:57:33:82:2e:61:ef:21:db:a3:ee:0c:b9:b1:
         fa:90:c1:0d:c5:c4:04:28:e1:1b:74:f8:62:9b:a3:02:00:68:
         a6:12:96:a1:80:e9:54:ca:0c:21:a9:3a:91:20:94:87:0f:33:
         bd:dc:1b:11:df:81:dd:38:4d:ab:0b:9b:6f:9f:1a:dc:bb:70:
         16:20:94:87
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZBWvTUaP3vOoeHm3prQZ6HSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MWFkZjU3YzhkY2I3YmZkMzRlOWFlY2Q4M2UzNjM0MmVj
M2EzYzkwHhcNMjQwNjI2MjI0OTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmE0NzBiNzFmM2E4MWQ4NDA3MWUwMjk1OTI1NDhjODYxZGVkOTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWVS5LfIFMrjrl5PCi/oLLOvf/Jk
qgcwh2rHiuCQJQ8YQ0UdCYOS64Nkhpr290dT4URwgk7x0lxGSUv7V0t+ppgfew8N
7Ke1BfiN3FZFz/uaglheLfVbE3/4hBgepPf0ndtqPBNkXGNSksCbM7tRsDWa0pRf
0mLZQfT2TJnqhr6WZ3Ewvqtk3pgg+5IlWj4VcdDgS2Thuuq4cWwSpoN9aJjhqEJO
VUfTfDtp27Iaexbrr/ocvgh7TDar6LcVvibUSiQrm+odS3xdOMHM0XpIgIl7SEKP
iqzS3vsBXfEuBFS81alYN7KCj4y4QzoyOoTOD/d/oAXWdmgeNDeV8OrCnQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMukcLcfOoHYQHHgKVklSMhh3tlbMB8GA1UdIwQY
MBaAFDYa31fI3Le/006a7Ng+NjQuw6PJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmhyZlY4amN0N19UVHByczJENDJOQzdEbzhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9lMGY4YzYtYWFkYy00YzMxLWI5MmIt
MWExODczOGI0NzQxLzEveTZSd3R4ODZnZGhBY2VBcFdTVkl5R0hlMlZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9lMGY4YzYtYWFkYy00YzMxLWI5MmItMWExODczOGI0NzQx
LzEvTmhyZlY4amN0N19UVHByczJENDJOQzdEbzhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW++TMA8E
AgACMAkDBwAgAQZ8EkAwDQYJKoZIhvcNAQELBQADggEBAFVVfyS8yGsjrGryRzGH
6bFHoyexnSXmfyazZcTufLkkE+CMuPKUDQ4GOBk9O8W39l/oxzwlOUs7QsuqJ/Hp
jRmUuyr6VYY79Jv6ljg/rHfCkzDnVAegpFcEsRPxVW/v+7LFy/ju1w9/t2VsTqSV
+dXofDz9A2JpYNzEyEotpr4kI1y0+5Sw8GE6TLHo9xjLaz4/+RIYUXKvURBQWJQD
mKkr1nZSGD13WxXyDf7EgXOzW/0XZqcdFCzmVzOCLmHvIduj7gy5sfqQwQ3FxAQo
4Rt0+GKbowIAaKYSlqGA6VTKDCGpOpEglIcPM73cGxHfgd04TasLm2+fGty7cBYg
lIc=
-----END CERTIFICATE-----