Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/336ddd-3833-4bb0-8668-9af7d2b59a4c/1/quCiRLn6_JW46LvJsiDuroDOMbQ.roa
File:                     quCiRLn6_JW46LvJsiDuroDOMbQ.roa (raw, json)
Hash identifier:          bIFNic8dNxcjG8Ehq/bN29meNbwC3i1DfNbdgYWHR8s=
Subject key identifier:   AA:E0:A2:44:B9:FA:FC:95:B8:E8:BB:C9:B2:20:EE:AE:80:CE:31:B4
Certificate issuer:       /CN=6e94cdea9365612adf7611144668254b388fa612
Certificate serial:       018CC86F37A67273659E24EFB5889C6ED667
Authority key identifier: 6E:94:CD:EA:93:65:61:2A:DF:76:11:14:46:68:25:4B:38:8F:A6:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bpTN6pNlYSrfdhEURmglSziPphI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/336ddd-3833-4bb0-8668-9af7d2b59a4c/1/quCiRLn6_JW46LvJsiDuroDOMbQ.roa
Signing time:             Tue 02 Jan 2024 04:29:41 +0000
ROA not before:           Tue 02 Jan 2024 04:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29075
IP address blocks:        91.217.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/336ddd-3833-4bb0-8668-9af7d2b59a4c/1/bpTN6pNlYSrfdhEURmglSziPphI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/336ddd-3833-4bb0-8668-9af7d2b59a4c/1/bpTN6pNlYSrfdhEURmglSziPphI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bpTN6pNlYSrfdhEURmglSziPphI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:37:a6:72:73:65:9e:24:ef:b5:88:9c:6e:d6:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e94cdea9365612adf7611144668254b388fa612
        Validity
            Not Before: Jan  2 04:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aae0a244b9fafc95b8e8bbc9b220eeae80ce31b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:cd:ab:7f:c7:c1:ce:08:93:ba:09:00:18:17:
                    12:67:80:d6:ce:ac:28:ed:33:55:73:12:10:73:31:
                    b9:b9:e5:2d:17:55:63:2a:f0:35:74:03:9a:3a:1e:
                    4e:66:1f:4c:56:5a:6d:51:ca:71:ca:a3:e9:dc:91:
                    59:d2:e1:47:69:1a:72:c5:4c:b9:eb:c1:a3:e5:c6:
                    cb:9f:80:d2:f9:7a:43:95:ea:d5:cf:73:5e:db:2a:
                    62:64:32:6d:aa:6b:f9:6f:89:88:dc:cb:47:4d:ac:
                    22:a9:38:b3:23:6f:4c:45:97:82:ca:66:72:34:bd:
                    33:18:ca:f5:f2:22:15:b0:3e:61:82:4a:2c:2b:c4:
                    b6:b3:c5:0f:6a:a9:b0:a8:7e:3f:ea:d9:64:d9:fb:
                    d0:cf:23:96:74:f8:08:03:fb:3d:30:06:f1:bf:17:
                    f8:bc:ff:35:8e:1f:9e:02:2a:fa:c6:51:6d:a5:1f:
                    f2:02:c9:11:6f:f8:8d:c6:01:48:b0:c7:33:3f:6a:
                    ec:b8:95:8d:44:f9:4e:02:a9:06:07:8b:a5:69:49:
                    64:44:8e:1e:7e:92:80:6c:51:39:e9:20:6b:a3:1e:
                    7f:f8:c9:2a:31:1e:57:94:01:9b:6b:0a:0f:d8:88:
                    ca:f4:1e:4a:79:51:1d:f5:0a:a2:68:9b:fc:be:29:
                    4e:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:E0:A2:44:B9:FA:FC:95:B8:E8:BB:C9:B2:20:EE:AE:80:CE:31:B4
            X509v3 Authority Key Identifier:
                keyid:6E:94:CD:EA:93:65:61:2A:DF:76:11:14:46:68:25:4B:38:8F:A6:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bpTN6pNlYSrfdhEURmglSziPphI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/336ddd-3833-4bb0-8668-9af7d2b59a4c/1/quCiRLn6_JW46LvJsiDuroDOMbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/336ddd-3833-4bb0-8668-9af7d2b59a4c/1/bpTN6pNlYSrfdhEURmglSziPphI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:df:77:1c:a8:06:4d:15:c6:ae:65:2f:d7:d1:da:45:41:d3:
         af:f1:81:6a:41:94:3c:c2:2c:9e:8f:13:41:79:c1:94:ee:61:
         7c:b8:cc:1e:f9:5a:49:37:df:1d:dc:d0:16:40:8d:f5:b2:54:
         d6:a2:6f:a9:08:27:5e:54:d7:27:8d:86:e8:a6:0f:27:1b:bd:
         f8:7f:58:f7:a8:e0:cc:eb:17:04:6e:1f:53:d6:c5:3a:55:19:
         8d:fb:52:aa:c2:dc:61:51:4b:ac:43:7a:62:87:fa:bb:ed:1c:
         a8:70:f2:ef:3d:de:a8:a8:52:89:b7:c6:0a:17:24:66:17:20:
         e0:81:70:30:6e:11:8d:76:64:9b:4c:e2:73:a9:a2:48:75:bc:
         39:b4:53:26:a6:38:c7:ec:9b:87:6f:47:3c:99:16:c8:ee:7a:
         4f:65:69:e5:14:c4:5b:71:82:3f:7f:35:bb:9b:86:f1:5e:54:
         c6:a1:6c:0e:74:95:3b:e0:85:d6:16:9a:0b:43:ef:7f:1c:92:
         16:db:d8:6e:5c:ca:37:fe:38:3d:2e:10:5e:c9:bb:91:39:2b:
         eb:72:83:ad:36:ab:2f:6f:07:b7:cd:6f:bf:94:d7:05:41:89:
         ea:23:51:a7:51:d9:c4:99:a1:67:a1:95:e9:f9:1f:c6:86:16:
         d4:3d:60:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbzemcnNlniTvtYicbtZnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlOTRjZGVhOTM2NTYxMmFkZjc2MTExNDQ2NjgyNTRiMzg4
ZmE2MTIwHhcNMjQwMTAyMDQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWUwYTI0NGI5ZmFmYzk1YjhlOGJiYzliMjIwZWVhZTgwY2UzMWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvs2rf8fBzgiTugkAGBcSZ4DWzqwo
7TNVcxIQczG5ueUtF1VjKvA1dAOaOh5OZh9MVlptUcpxyqPp3JFZ0uFHaRpyxUy5
68Gj5cbLn4DS+XpDlerVz3Ne2ypiZDJtqmv5b4mI3MtHTawiqTizI29MRZeCymZy
NL0zGMr18iIVsD5hgkosK8S2s8UPaqmwqH4/6tlk2fvQzyOWdPgIA/s9MAbxvxf4
vP81jh+eAir6xlFtpR/yAskRb/iNxgFIsMczP2rsuJWNRPlOAqkGB4ulaUlkRI4e
fpKAbFE56SBrox5/+MkqMR5XlAGbawoP2IjK9B5KeVEd9QqiaJv8vilO+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKrgokS5+vyVuOi7ybIg7q6AzjG0MB8GA1UdIwQY
MBaAFG6UzeqTZWEq33YRFEZoJUs4j6YSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnBUTjZwTmxZU3JmZGhFVVJtZ2xTemlQcGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8zMzZkZGQtMzgzMy00YmIwLTg2Njgt
OWFmN2QyYjU5YTRjLzEvcXVDaVJMbjZfSlc0Nkx2SnNpRHVyb0RPTWJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8zMzZkZGQtMzgzMy00YmIwLTg2NjgtOWFmN2QyYjU5YTRj
LzEvYnBUTjZwTmxZU3JmZGhFVVJtZ2xTemlQcGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9nqMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ33ccqAZNFcauZS/X0dpFQdOv8YFqQZQ8wiyejxNB
ecGU7mF8uMwe+VpJN98d3NAWQI31slTWom+pCCdeVNcnjYbopg8nG734f1j3qODM
6xcEbh9T1sU6VRmN+1KqwtxhUUusQ3pih/q77RyocPLvPd6oqFKJt8YKFyRmFyDg
gXAwbhGNdmSbTOJzqaJIdbw5tFMmpjjH7JuHb0c8mRbI7npPZWnlFMRbcYI/fzW7
m4bxXlTGoWwOdJU74IXWFpoLQ+9/HJIW29huXMo3/jg9LhBeybuROSvrcoOtNqsv
bwe3zW+/lNcFQYnqI1GnUdnEmaFnoZXp+R/GhhbUPWB1
-----END CERTIFICATE-----