Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/76a463-0732-497a-948d-2931104c5f7a/1/5gZFkNGiEDw1dAdyaJLRHT2fm8Q.roa
File:                     5gZFkNGiEDw1dAdyaJLRHT2fm8Q.roa (raw, json)
Hash identifier:          ePMNFlKldFL3mqzfGGw2l/sA14ZIYT5Brr94y0P7/JY=
Subject key identifier:   E6:06:45:90:D1:A2:10:3C:35:74:07:72:68:92:D1:1D:3D:9F:9B:C4
Certificate issuer:       /CN=d6a71b4e8694417ebbbcf6268b9c8f963170b1f1
Certificate serial:       018D0C6359CC42A7E79E353A15667156F73F
Authority key identifier: D6:A7:1B:4E:86:94:41:7E:BB:BC:F6:26:8B:9C:8F:96:31:70:B1:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qcbToaUQX67vPYmi5yPljFwsfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/76a463-0732-497a-948d-2931104c5f7a/1/5gZFkNGiEDw1dAdyaJLRHT2fm8Q.roa
Signing time:             Mon 15 Jan 2024 09:10:54 +0000
ROA not before:           Mon 15 Jan 2024 09:10:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34412
IP address blocks:        91.206.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/76a463-0732-497a-948d-2931104c5f7a/1/1qcbToaUQX67vPYmi5yPljFwsfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/76a463-0732-497a-948d-2931104c5f7a/1/1qcbToaUQX67vPYmi5yPljFwsfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qcbToaUQX67vPYmi5yPljFwsfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0c:63:59:cc:42:a7:e7:9e:35:3a:15:66:71:56:f7:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6a71b4e8694417ebbbcf6268b9c8f963170b1f1
        Validity
            Not Before: Jan 15 09:10:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6064590d1a2103c357407726892d11d3d9f9bc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:af:9f:8f:a0:60:c7:d5:28:55:86:bd:1d:6d:
                    1e:71:de:b0:ff:7b:0f:f3:9b:fd:0b:0b:7e:0e:3e:
                    ec:31:fa:47:84:44:d2:83:b7:70:3d:59:32:12:87:
                    3f:c3:49:ea:e0:49:cd:dd:21:4b:14:b2:f2:1b:d8:
                    56:9b:96:d8:59:8b:18:b9:ff:3f:38:d8:2f:c2:2a:
                    7d:b3:ee:86:6e:15:30:f8:7e:4e:cb:a2:d4:fb:7f:
                    b7:91:6b:14:da:88:5d:d1:6a:09:fb:d7:91:62:20:
                    39:9d:f3:0f:69:cf:25:ac:2c:dc:6d:65:b3:55:56:
                    ab:d8:65:b5:3b:67:a2:23:49:9c:a9:22:0d:d2:4e:
                    b3:ff:c1:1d:23:01:07:7e:12:38:ef:b0:05:6e:fe:
                    39:73:a6:f9:0c:f3:8b:35:07:cd:d7:ba:20:be:5f:
                    10:b9:62:dc:6e:1e:71:e8:b9:0b:5b:a6:27:e6:20:
                    50:36:2a:f6:78:30:a1:ce:a5:0e:7c:06:1a:17:c4:
                    1a:a2:5d:ae:a3:6d:cd:71:87:26:14:2e:c0:a1:31:
                    f7:2f:ef:26:25:82:e2:74:c2:b6:cc:d7:07:1b:60:
                    12:56:98:67:e7:79:ed:49:e9:b6:de:89:99:bb:49:
                    ce:0d:39:48:8d:64:19:99:3f:41:43:10:54:9a:37:
                    c6:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:06:45:90:D1:A2:10:3C:35:74:07:72:68:92:D1:1D:3D:9F:9B:C4
            X509v3 Authority Key Identifier:
                keyid:D6:A7:1B:4E:86:94:41:7E:BB:BC:F6:26:8B:9C:8F:96:31:70:B1:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qcbToaUQX67vPYmi5yPljFwsfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/76a463-0732-497a-948d-2931104c5f7a/1/5gZFkNGiEDw1dAdyaJLRHT2fm8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/76a463-0732-497a-948d-2931104c5f7a/1/1qcbToaUQX67vPYmi5yPljFwsfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:a4:eb:7b:9b:f6:c7:c9:ee:77:99:ca:68:14:ef:0e:a9:52:
         16:e0:f5:62:a5:5f:3b:5c:32:95:f4:97:97:fc:94:39:89:94:
         94:bc:26:60:e8:76:e3:5a:42:fb:3e:cd:c2:31:c7:7c:40:8b:
         17:4a:ae:3b:94:25:0d:96:4d:57:17:7b:e0:7a:bf:51:db:db:
         7e:a4:2b:bb:48:34:13:df:5c:9d:3c:3e:54:6e:61:32:fe:c4:
         f3:97:68:fa:6f:a9:4b:2e:f7:dd:52:ca:16:ce:2b:85:f1:24:
         56:33:2c:ca:86:ce:a9:b0:3f:e2:37:ee:51:e4:03:19:18:8f:
         f7:ef:46:e9:61:02:57:13:06:20:62:f4:dd:4f:3f:67:32:59:
         68:dd:ca:cb:a8:dc:93:78:70:d7:3d:a0:5b:6e:e2:f6:f5:7d:
         46:72:d8:ac:4d:71:e9:90:8c:99:84:0c:c9:c6:b3:6b:e8:6a:
         11:35:8d:35:ac:35:e0:3c:c6:33:0c:04:0f:3d:f2:8d:9c:41:
         97:62:b2:36:e6:02:15:2d:c1:69:e8:0e:b2:93:b4:af:5b:e7:
         95:1a:dc:47:41:2c:7c:66:74:c7:5c:4c:82:0e:74:28:80:ec:
         c4:f4:a8:87:2c:64:c5:0c:84:e4:f7:57:e4:0e:db:ef:90:59:
         7d:6a:0d:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0MY1nMQqfnnjU6FWZxVvc/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YTcxYjRlODY5NDQxN2ViYmJjZjYyNjhiOWM4Zjk2MzE3
MGIxZjEwHhcNMjQwMTE1MDkxMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjA2NDU5MGQxYTIxMDNjMzU3NDA3NzI2ODkyZDExZDNkOWY5YmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhK+fj6Bgx9UoVYa9HW0ecd6w/3sP
85v9Cwt+Dj7sMfpHhETSg7dwPVkyEoc/w0nq4EnN3SFLFLLyG9hWm5bYWYsYuf8/
ONgvwip9s+6GbhUw+H5Oy6LU+3+3kWsU2ohd0WoJ+9eRYiA5nfMPac8lrCzcbWWz
VVar2GW1O2eiI0mcqSIN0k6z/8EdIwEHfhI477AFbv45c6b5DPOLNQfN17ogvl8Q
uWLcbh5x6LkLW6Yn5iBQNir2eDChzqUOfAYaF8Qaol2uo23NcYcmFC7AoTH3L+8m
JYLidMK2zNcHG2ASVphn53ntSem23omZu0nODTlIjWQZmT9BQxBUmjfGswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOYGRZDRohA8NXQHcmiS0R09n5vEMB8GA1UdIwQY
MBaAFNanG06GlEF+u7z2Joucj5YxcLHxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFjYlRvYVVRWDY3dlBZbWk1eVBsakZ3c2ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy83NmE0NjMtMDczMi00OTdhLTk0OGQt
MjkzMTEwNGM1ZjdhLzEvNWdaRmtOR2lFRHcxZEFkeWFKTFJIVDJmbThRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy83NmE0NjMtMDczMi00OTdhLTk0OGQtMjkzMTEwNGM1Zjdh
LzEvMXFjYlRvYVVRWDY3dlBZbWk1eVBsakZ3c2ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW86xMA0G
CSqGSIb3DQEBCwUAA4IBAQDKpOt7m/bHye53mcpoFO8OqVIW4PVipV87XDKV9JeX
/JQ5iZSUvCZg6HbjWkL7Ps3CMcd8QIsXSq47lCUNlk1XF3vger9R29t+pCu7SDQT
31ydPD5UbmEy/sTzl2j6b6lLLvfdUsoWziuF8SRWMyzKhs6psD/iN+5R5AMZGI/3
70bpYQJXEwYgYvTdTz9nMllo3crLqNyTeHDXPaBbbuL29X1GctisTXHpkIyZhAzJ
xrNr6GoRNY01rDXgPMYzDAQPPfKNnEGXYrI25gIVLcFp6A6yk7SvW+eVGtxHQSx8
ZnTHXEyCDnQogOzE9KiHLGTFDITk91fkDtvvkFl9ag1B
-----END CERTIFICATE-----