Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/tvayssX4BkVuOTR3Z86IM5an3Tw.roa
File:                     tvayssX4BkVuOTR3Z86IM5an3Tw.roa (raw, json)
Hash identifier:          uc8D3rH13XfEFv2tga+qVGDnFDUb6Ec+6MFs3c3gHgw=
Subject key identifier:   B6:F6:B2:B2:C5:F8:06:45:6E:39:34:77:67:CE:88:33:96:A7:DD:3C
Certificate issuer:       /CN=d894365b28a082834a751a97771b791124524dec
Certificate serial:       018CC86FD281E4922E6141820D7B17292E2F
Authority key identifier: D8:94:36:5B:28:A0:82:83:4A:75:1A:97:77:1B:79:11:24:52:4D:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2JQ2WyiggoNKdRqXdxt5ESRSTew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/tvayssX4BkVuOTR3Z86IM5an3Tw.roa
Signing time:             Tue 02 Jan 2024 04:30:20 +0000
ROA not before:           Tue 02 Jan 2024 04:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19607
IP address blocks:        91.108.160.0/21 maxlen: 21
                          185.31.152.0/22 maxlen: 22
                          159.253.160.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/2JQ2WyiggoNKdRqXdxt5ESRSTew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/2JQ2WyiggoNKdRqXdxt5ESRSTew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2JQ2WyiggoNKdRqXdxt5ESRSTew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 19:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:d2:81:e4:92:2e:61:41:82:0d:7b:17:29:2e:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d894365b28a082834a751a97771b791124524dec
        Validity
            Not Before: Jan  2 04:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6f6b2b2c5f806456e39347767ce883396a7dd3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a8:81:3b:69:ab:e1:24:6c:21:91:fa:dd:46:
                    7a:88:72:1b:88:a1:ee:e4:cf:a6:ca:48:7c:64:06:
                    b8:a3:f0:35:b5:29:a0:23:a5:17:cb:68:74:90:a0:
                    da:e7:55:f9:53:7f:e0:d3:9a:82:96:f3:3b:28:2f:
                    3f:2c:fe:93:ac:3d:2f:c2:46:7c:58:03:08:5a:41:
                    71:6b:45:f2:b5:41:00:68:b2:72:78:88:94:e4:e1:
                    c4:8a:04:72:a6:da:28:86:75:a5:45:a7:ef:e8:e5:
                    3d:a8:0e:47:81:c3:d4:98:7f:d3:04:a8:99:bd:35:
                    f7:f7:0c:75:ae:11:99:ba:64:ca:0f:6e:b9:57:e3:
                    97:9e:4c:6c:3e:ae:bc:d1:20:47:a5:70:f1:00:e5:
                    a0:75:c0:de:fd:67:f6:d4:fa:df:ae:3b:54:9f:e7:
                    dd:47:f6:fb:6f:fb:00:3c:6b:82:48:45:36:95:6e:
                    73:3b:89:5d:f1:02:9e:7c:5e:50:dc:cc:d6:1e:aa:
                    2f:44:ef:c4:5b:37:21:96:42:f4:d0:29:44:60:77:
                    7d:5a:7b:17:64:91:e0:41:4b:22:0c:97:5e:7b:83:
                    11:f9:f2:41:16:0d:e1:03:db:d0:64:fb:4f:0a:00:
                    2f:8d:ca:8b:0a:66:3d:f6:a5:b9:39:d3:b4:c4:85:
                    b7:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:F6:B2:B2:C5:F8:06:45:6E:39:34:77:67:CE:88:33:96:A7:DD:3C
            X509v3 Authority Key Identifier:
                keyid:D8:94:36:5B:28:A0:82:83:4A:75:1A:97:77:1B:79:11:24:52:4D:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2JQ2WyiggoNKdRqXdxt5ESRSTew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/tvayssX4BkVuOTR3Z86IM5an3Tw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/2JQ2WyiggoNKdRqXdxt5ESRSTew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.160.0/21
                  159.253.160.0/21
                  185.31.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:22:ee:5a:04:b4:a0:95:dc:c4:2e:92:d0:52:d1:76:cb:d1:
         ec:a9:1e:b1:96:ea:b7:cd:df:34:12:59:99:8a:32:86:03:fb:
         11:47:56:7a:cb:77:75:dd:de:6e:99:66:5b:32:11:3b:04:ef:
         da:e0:31:33:82:57:6d:1e:67:57:6f:35:04:c2:e6:82:1b:41:
         fd:53:e2:c3:7d:04:c0:65:c5:0b:51:37:fe:c9:e1:21:fe:15:
         0d:c8:07:50:a3:6c:b8:4d:3c:75:09:2f:cc:9f:eb:42:d5:25:
         93:e5:7d:d5:2b:cd:fe:2c:15:9f:74:7e:bd:aa:1a:0b:f6:75:
         80:b2:cf:b5:81:5e:1a:6e:e8:ad:df:44:a9:90:55:3f:48:b7:
         57:a1:bd:37:8c:f8:2e:00:61:fc:89:a1:7c:19:a6:0b:ad:75:
         c7:e1:ea:95:1d:da:3f:a9:29:7b:1b:46:a1:99:60:89:50:ac:
         4b:a0:1d:30:0e:66:e4:a4:fb:65:f8:cf:5e:c5:d4:09:41:95:
         f0:06:2a:86:e2:19:0c:b7:09:b1:48:15:15:6b:6f:44:ad:2d:
         4e:b8:7c:f9:03:b5:ec:66:29:a5:31:f0:e9:ab:2b:0d:e3:ce:
         be:a3:13:6f:c1:1e:ab:d8:27:8e:81:b2:e6:20:34:98:27:e7:
         02:3e:cd:44
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIb9KB5JIuYUGCDXsXKS4vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4OTQzNjViMjhhMDgyODM0YTc1MWE5Nzc3MWI3OTExMjQ1
MjRkZWMwHhcNMjQwMTAyMDQzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmY2YjJiMmM1ZjgwNjQ1NmUzOTM0Nzc2N2NlODgzMzk2YTdkZDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6iBO2mr4SRsIZH63UZ6iHIbiKHu
5M+mykh8ZAa4o/A1tSmgI6UXy2h0kKDa51X5U3/g05qClvM7KC8/LP6TrD0vwkZ8
WAMIWkFxa0XytUEAaLJyeIiU5OHEigRyptoohnWlRafv6OU9qA5HgcPUmH/TBKiZ
vTX39wx1rhGZumTKD265V+OXnkxsPq680SBHpXDxAOWgdcDe/Wf21PrfrjtUn+fd
R/b7b/sAPGuCSEU2lW5zO4ld8QKefF5Q3MzWHqovRO/EWzchlkL00ClEYHd9WnsX
ZJHgQUsiDJdee4MR+fJBFg3hA9vQZPtPCgAvjcqLCmY99qW5OdO0xIW3mQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLb2srLF+AZFbjk0d2fOiDOWp908MB8GA1UdIwQY
MBaAFNiUNlsooIKDSnUal3cbeREkUk3sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkpRMld5aWdnb05LZFJxWGR4dDVFU1JTVGV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9hNjA3ZjQtMTVkYy00ZGI1LTk2MDEt
MjE0NjE3OWQ4ZTJiLzEvdHZheXNzWDRCa1Z1T1RSM1o4NklNNWFuM1R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9hNjA3ZjQtMTVkYy00ZGI1LTk2MDEtMjE0NjE3OWQ4ZTJi
LzEvMkpRMld5aWdnb05LZFJxWGR4dDVFU1JTVGV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDW2ygAwQD
n/2gAwQCuR+YMA0GCSqGSIb3DQEBCwUAA4IBAQAxIu5aBLSgldzELpLQUtF2y9Hs
qR6xluq3zd80ElmZijKGA/sRR1Z6y3d13d5umWZbMhE7BO/a4DEzgldtHmdXbzUE
wuaCG0H9U+LDfQTAZcULUTf+yeEh/hUNyAdQo2y4TTx1CS/Mn+tC1SWT5X3VK83+
LBWfdH69qhoL9nWAss+1gV4abuit30SpkFU/SLdXob03jPguAGH8iaF8GaYLrXXH
4eqVHdo/qSl7G0ahmWCJUKxLoB0wDmbkpPtl+M9exdQJQZXwBiqG4hkMtwmxSBUV
a29ErS1OuHz5A7XsZimlMfDpqysN486+oxNvwR6r2CeOgbLmIDSYJ+cCPs1E
-----END CERTIFICATE-----