Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/a91rg2Gneuu_XD4CafRiMTaeRbI.roa
File:                     a91rg2Gneuu_XD4CafRiMTaeRbI.roa (raw, json)
Hash identifier:          FUtW/ckKHaBfewfBbpOWoktnLMdk0INeuEhZ1j87Bh0=
Subject key identifier:   6B:DD:6B:83:61:A7:7A:EB:BF:5C:3E:02:69:F4:62:31:36:9E:45:B2
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B68EC3F2944453B45BDF4DC668CD7
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/a91rg2Gneuu_XD4CafRiMTaeRbI.roa
Signing time:             Tue 02 Jan 2024 12:34:51 +0000
ROA not before:           Tue 02 Jan 2024 12:34:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213018
IP address blocks:        2.57.253.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:68:ec:3f:29:44:45:3b:45:bd:f4:dc:66:8c:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6bdd6b8361a77aebbf5c3e0269f46231369e45b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:64:6e:eb:77:66:ae:7d:4b:71:c4:59:57:63:
                    a2:ce:eb:90:9a:b4:e7:4a:79:33:32:cc:61:6f:93:
                    2f:ae:dd:b4:f2:b4:69:8f:64:48:cd:cc:4c:24:b8:
                    20:fb:68:23:0a:d1:37:89:30:56:db:b7:db:25:c6:
                    b7:25:8d:91:c4:5e:96:fc:f6:9d:49:a2:23:b9:f4:
                    f8:cd:ba:a4:fa:8e:5c:b0:b7:f5:5b:fd:4b:23:c5:
                    b1:e2:1e:a5:d2:12:33:86:e9:82:d2:63:b9:9b:d1:
                    b8:88:26:ba:5e:78:89:fd:fb:dd:c2:28:83:94:fd:
                    7c:71:06:49:02:f0:11:f9:2b:eb:78:80:8a:cf:e2:
                    c3:ea:21:9e:c0:30:69:a2:bc:c3:11:99:d6:4b:af:
                    50:a4:2e:62:85:77:1a:ab:e8:dd:b2:0f:b6:cf:81:
                    96:05:31:90:a5:bb:36:17:6d:8c:c7:8e:e4:ab:b6:
                    a7:d6:68:d5:e6:15:61:25:cc:f5:1d:2e:a2:a4:96:
                    84:ff:05:22:12:65:db:c8:59:d5:bd:c0:59:85:10:
                    8b:44:56:ac:cd:2a:ef:98:03:31:a5:b7:c6:0a:67:
                    76:e4:96:6a:7f:1f:60:0b:64:0f:6d:a8:bf:b9:52:
                    b5:84:a2:ff:fb:a7:e0:40:d8:aa:b4:2d:6b:bd:4a:
                    3a:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:DD:6B:83:61:A7:7A:EB:BF:5C:3E:02:69:F4:62:31:36:9E:45:B2
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/a91rg2Gneuu_XD4CafRiMTaeRbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:27:78:11:17:4e:5b:46:a1:0b:18:44:9c:43:57:74:c6:80:
         0d:9c:d2:4b:70:64:e2:a7:72:2f:6d:89:13:fd:4c:56:ff:02:
         07:7c:df:9d:f6:ae:c1:05:33:a4:4b:84:cd:66:4f:68:1f:79:
         9b:24:ae:5b:05:d5:c9:8c:6f:d0:fd:b3:c4:f1:d9:96:35:68:
         07:b8:4b:b0:8e:6c:2b:1e:a8:d1:19:e8:a6:eb:f8:01:c4:7c:
         93:b8:c2:27:0d:93:37:7a:1e:f3:cc:d9:8a:5b:d2:c7:cf:83:
         a8:f0:96:41:12:b2:51:82:c6:e1:86:da:c6:4d:3a:f9:d1:c2:
         d4:99:1a:93:5c:72:80:5f:0c:c1:88:d2:fb:51:78:67:c0:ff:
         a5:d4:92:e3:29:eb:62:c3:56:30:18:67:6f:68:74:4e:f1:d3:
         88:e2:54:1b:b8:88:28:2a:4f:c2:69:ab:9f:1f:a0:e8:00:a1:
         ef:97:ad:d4:51:d1:07:d5:48:d6:bb:21:6f:d2:4f:4c:75:d3:
         b5:5b:dc:0d:74:7a:a8:81:5f:78:fd:93:ef:99:b1:b9:13:63:
         cf:3a:12:06:47:9b:48:65:4e:72:1e:d3:9e:22:76:42:00:0b:
         2c:64:33:66:18:28:cc:8d:39:f3:d3:4d:07:30:83:3e:fa:e6:
         5a:55:36:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK2jsPylERTtFvfTcZozXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmRkNmI4MzYxYTc3YWViYmY1YzNlMDI2OWY0NjIzMTM2OWU0NWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWRu63dmrn1LccRZV2OizuuQmrTn
SnkzMsxhb5Mvrt208rRpj2RIzcxMJLgg+2gjCtE3iTBW27fbJca3JY2RxF6W/Pad
SaIjufT4zbqk+o5csLf1W/1LI8Wx4h6l0hIzhumC0mO5m9G4iCa6XniJ/fvdwiiD
lP18cQZJAvAR+SvreICKz+LD6iGewDBporzDEZnWS69QpC5ihXcaq+jdsg+2z4GW
BTGQpbs2F22Mx47kq7an1mjV5hVhJcz1HS6ipJaE/wUiEmXbyFnVvcBZhRCLRFas
zSrvmAMxpbfGCmd25JZqfx9gC2QPbai/uVK1hKL/+6fgQNiqtC1rvUo6XwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGvda4Nhp3rrv1w+Amn0YjE2nkWyMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvYTkxcmcyR25ldXVfWEQ0Q2FmUmlNVGFlUmJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjn9MA0G
CSqGSIb3DQEBCwUAA4IBAQByJ3gRF05bRqELGEScQ1d0xoANnNJLcGTip3IvbYkT
/UxW/wIHfN+d9q7BBTOkS4TNZk9oH3mbJK5bBdXJjG/Q/bPE8dmWNWgHuEuwjmwr
HqjRGeim6/gBxHyTuMInDZM3eh7zzNmKW9LHz4Oo8JZBErJRgsbhhtrGTTr50cLU
mRqTXHKAXwzBiNL7UXhnwP+l1JLjKetiw1YwGGdvaHRO8dOI4lQbuIgoKk/Caauf
H6DoAKHvl63UUdEH1UjWuyFv0k9MddO1W9wNdHqogV94/ZPvmbG5E2PPOhIGR5tI
ZU5yHtOeInZCAAssZDNmGCjMjTnz000HMIM++uZaVTaZ
-----END CERTIFICATE-----