Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/396709-20e1-4f7d-963e-3b5e83f626e3/1/pt6zw4hIVJDWAcxY0bzU-YY9ei4.roa
File:                     pt6zw4hIVJDWAcxY0bzU-YY9ei4.roa (raw, json)
Hash identifier:          aka2cRqPn+Bi5piL1W2OL0T+xEvvg30jbAfTUqiGcGQ=
Subject key identifier:   A6:DE:B3:C3:88:48:54:90:D6:01:CC:58:D1:BC:D4:F9:86:3D:7A:2E
Certificate issuer:       /CN=33710cf81d21777a98d3d999dc1e6eae055f7c3c
Certificate serial:       018CC94AD73DD783C7A4669DCD88A491ACC6
Authority key identifier: 33:71:0C:F8:1D:21:77:7A:98:D3:D9:99:DC:1E:6E:AE:05:5F:7C:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M3EM-B0hd3qY09mZ3B5urgVffDw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/396709-20e1-4f7d-963e-3b5e83f626e3/1/pt6zw4hIVJDWAcxY0bzU-YY9ei4.roa
Signing time:             Tue 02 Jan 2024 08:29:34 +0000
ROA not before:           Tue 02 Jan 2024 08:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47698
IP address blocks:        91.206.174.0/23 maxlen: 23
                          91.208.103.0/24 maxlen: 24
                          2001:67c:394::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/396709-20e1-4f7d-963e-3b5e83f626e3/1/M3EM-B0hd3qY09mZ3B5urgVffDw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/396709-20e1-4f7d-963e-3b5e83f626e3/1/M3EM-B0hd3qY09mZ3B5urgVffDw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M3EM-B0hd3qY09mZ3B5urgVffDw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:d7:3d:d7:83:c7:a4:66:9d:cd:88:a4:91:ac:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33710cf81d21777a98d3d999dc1e6eae055f7c3c
        Validity
            Not Before: Jan  2 08:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6deb3c388485490d601cc58d1bcd4f9863d7a2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:38:ca:49:28:cc:c0:49:eb:92:4b:ee:9c:74:
                    d3:1b:00:10:f8:22:ca:e8:bf:b5:a6:cf:42:38:85:
                    d6:90:1e:67:7f:cb:95:02:3a:50:08:0c:52:7b:fc:
                    51:02:c8:b8:7e:29:d4:1c:f3:c1:44:19:97:62:72:
                    2a:10:fc:07:56:2a:ef:3f:d0:bd:66:3c:f2:73:cb:
                    4d:1d:f6:78:04:b0:5f:a2:aa:49:aa:c4:d7:5f:c3:
                    6b:38:31:c0:70:23:cd:a0:31:87:e7:2e:87:07:3e:
                    da:3f:0f:99:52:bf:5b:30:53:56:f2:37:ae:f1:84:
                    10:fd:b5:73:38:a2:88:98:24:22:bb:77:cc:a7:c7:
                    9c:3e:8c:52:db:fc:5d:06:91:ed:72:24:b4:80:6a:
                    b1:49:57:fe:32:43:3e:27:7a:1e:9d:a8:3f:a0:2d:
                    e9:34:e0:e9:94:67:6b:2e:45:3d:dd:85:b0:c7:3e:
                    45:b1:a5:41:e9:fd:e8:b1:cf:0a:ef:d1:b1:af:cc:
                    34:97:eb:1f:45:df:a0:96:d5:f8:3c:7d:7e:0a:94:
                    d1:ae:cb:4d:43:95:24:5a:e7:ce:4b:fa:62:29:1d:
                    9e:14:c7:b3:66:6a:61:e0:d8:b4:25:8b:71:23:c9:
                    eb:b2:0a:da:4c:88:be:43:be:31:29:eb:49:13:45:
                    1a:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:DE:B3:C3:88:48:54:90:D6:01:CC:58:D1:BC:D4:F9:86:3D:7A:2E
            X509v3 Authority Key Identifier:
                keyid:33:71:0C:F8:1D:21:77:7A:98:D3:D9:99:DC:1E:6E:AE:05:5F:7C:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M3EM-B0hd3qY09mZ3B5urgVffDw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/396709-20e1-4f7d-963e-3b5e83f626e3/1/pt6zw4hIVJDWAcxY0bzU-YY9ei4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/396709-20e1-4f7d-963e-3b5e83f626e3/1/M3EM-B0hd3qY09mZ3B5urgVffDw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.174.0/23
                  91.208.103.0/24
                IPv6:
                  2001:67c:394::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:4b:6d:7b:1a:b5:ae:7c:b4:0e:78:ec:b6:2e:53:df:12:05:
         07:6d:cf:04:bd:43:c6:37:19:cc:d3:27:13:80:7a:6f:7e:67:
         20:bf:36:5b:38:73:f5:90:97:28:3d:c8:b3:23:9b:93:52:35:
         cd:87:92:73:56:28:7e:96:01:a5:5b:e8:5b:1a:a0:74:9e:82:
         3c:0e:33:22:bd:b0:0e:cb:27:9d:1e:26:f1:b5:00:89:a9:c8:
         c2:b7:fe:e8:f1:78:46:27:83:76:d4:49:36:05:cc:19:fc:76:
         10:4d:b8:db:4a:9e:4e:bb:79:31:bb:cc:64:c8:e6:7b:51:7a:
         bd:d0:5b:0d:30:ca:0e:b1:9d:e5:d8:b2:02:40:00:cc:22:f6:
         a3:12:48:a1:48:fe:14:86:c1:e2:6f:cb:cb:3c:78:53:f0:ad:
         5f:66:60:fc:73:2b:0d:75:79:a3:d0:e8:98:da:74:0f:5f:a5:
         9a:31:62:4e:ef:85:fc:3d:19:6e:9d:6b:ff:0e:41:1a:e7:9d:
         ca:b1:c3:37:2d:3f:60:97:4e:cd:f2:04:a6:52:c7:23:97:32:
         d6:52:d5:f2:e6:03:26:e1:bc:58:16:23:e2:70:9e:48:bf:1a:
         db:df:17:89:13:46:6a:e0:5f:59:21:f9:0f:60:fd:63:98:57:
         e9:f3:9d:d1
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzJStc914PHpGadzYikkazGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzNzEwY2Y4MWQyMTc3N2E5OGQzZDk5OWRjMWU2ZWFlMDU1
ZjdjM2MwHhcNMjQwMTAyMDgyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmRlYjNjMzg4NDg1NDkwZDYwMWNjNThkMWJjZDRmOTg2M2Q3YTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjjKSSjMwEnrkkvunHTTGwAQ+CLK
6L+1ps9COIXWkB5nf8uVAjpQCAxSe/xRAsi4finUHPPBRBmXYnIqEPwHVirvP9C9
Zjzyc8tNHfZ4BLBfoqpJqsTXX8NrODHAcCPNoDGH5y6HBz7aPw+ZUr9bMFNW8jeu
8YQQ/bVzOKKImCQiu3fMp8ecPoxS2/xdBpHtciS0gGqxSVf+MkM+J3oenag/oC3p
NODplGdrLkU93YWwxz5FsaVB6f3osc8K79Gxr8w0l+sfRd+gltX4PH1+CpTRrstN
Q5UkWufOS/piKR2eFMezZmph4Ni0JYtxI8nrsgraTIi+Q74xKetJE0UaxwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFKbes8OISFSQ1gHMWNG81PmGPXouMB8GA1UdIwQY
MBaAFDNxDPgdIXd6mNPZmdwebq4FX3w8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTNFTS1CMGhkM3FZMDltWjNCNXVyZ1ZmZkR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8zOTY3MDktMjBlMS00ZjdkLTk2M2Ut
M2I1ZTgzZjYyNmUzLzEvcHQ2enc0aElWSkRXQWN4WTBielUtWVk5ZWk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8zOTY3MDktMjBlMS00ZjdkLTk2M2UtM2I1ZTgzZjYyNmUz
LzEvTTNFTS1CMGhkM3FZMDltWjNCNXVyZ1ZmZkR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQBW86uAwQA
W9BnMA8EAgACMAkDBwAgAQZ8A5QwDQYJKoZIhvcNAQELBQADggEBAJtLbXsata58
tA547LYuU98SBQdtzwS9Q8Y3GczTJxOAem9+ZyC/Nls4c/WQlyg9yLMjm5NSNc2H
knNWKH6WAaVb6FsaoHSegjwOMyK9sA7LJ50eJvG1AImpyMK3/ujxeEYng3bUSTYF
zBn8dhBNuNtKnk67eTG7zGTI5ntRer3QWw0wyg6xneXYsgJAAMwi9qMSSKFI/hSG
weJvy8s8eFPwrV9mYPxzKw11eaPQ6JjadA9fpZoxYk7vhfw9GW6da/8OQRrnncqx
wzctP2CXTs3yBKZSxyOXMtZS1fLmAybhvFgWI+Jwnki/GtvfF4kTRmrgX1kh+Q9g
/WOYV+nzndE=
-----END CERTIFICATE-----