Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/e6d062-8f77-497d-b181-2510dac32496/1/mmYRY9oGgN8EWZJgDkcGwgUJ8LE.roa
File:                     mmYRY9oGgN8EWZJgDkcGwgUJ8LE.roa (raw, json)
Hash identifier:          YLYi5rS9AUGsh0SpjvVOUGWVPYuQglMkRSYjWCWQZ/A=
Subject key identifier:   9A:66:11:63:DA:06:80:DF:04:59:92:60:0E:47:06:C2:05:09:F0:B1
Certificate issuer:       /CN=2f6dbc6ae0b58a11731f219eda022471d1e11edb
Certificate serial:       01904EC3D27C2994C46F860C977D8F26E582
Authority key identifier: 2F:6D:BC:6A:E0:B5:8A:11:73:1F:21:9E:DA:02:24:71:D1:E1:1E:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L228auC1ihFzHyGe2gIkcdHhHts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/e6d062-8f77-497d-b181-2510dac32496/1/mmYRY9oGgN8EWZJgDkcGwgUJ8LE.roa
Signing time:             Tue 25 Jun 2024 09:39:34 +0000
ROA not before:           Tue 25 Jun 2024 09:39:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201933
IP address blocks:        91.193.116.0/22 maxlen: 22
                          2a06:40c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/e6d062-8f77-497d-b181-2510dac32496/1/L228auC1ihFzHyGe2gIkcdHhHts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/e6d062-8f77-497d-b181-2510dac32496/1/L228auC1ihFzHyGe2gIkcdHhHts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L228auC1ihFzHyGe2gIkcdHhHts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 21:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4e:c3:d2:7c:29:94:c4:6f:86:0c:97:7d:8f:26:e5:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f6dbc6ae0b58a11731f219eda022471d1e11edb
        Validity
            Not Before: Jun 25 09:39:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a661163da0680df045992600e4706c20509f0b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:2c:da:5d:07:51:e8:3a:ad:21:07:83:36:3c:
                    49:36:c9:3a:2d:17:03:31:68:d0:9d:cc:0e:86:cf:
                    07:15:91:51:2c:75:72:ab:4f:6f:d2:3b:de:84:dc:
                    40:99:27:49:a3:b2:f6:da:10:f6:fb:05:37:c6:85:
                    11:60:1c:1d:f4:f4:51:f5:00:30:24:08:74:21:40:
                    3a:9b:21:81:50:19:6a:be:2a:61:65:51:28:ff:7f:
                    6e:15:7d:8e:4a:40:b3:7a:3e:8d:96:62:d7:7c:c0:
                    14:75:68:f9:09:47:55:12:ed:e9:2c:45:e3:65:c4:
                    84:9d:b7:82:79:87:74:53:ed:9b:27:a7:1b:16:2e:
                    c7:85:c4:73:f1:bc:d1:b4:10:07:fc:b8:f2:f0:4f:
                    6c:17:fb:60:ac:15:71:2c:4b:de:f7:39:07:b9:af:
                    ad:0d:91:0f:7f:84:f9:47:b6:8e:3c:40:4d:12:81:
                    f7:84:db:23:38:90:1b:1e:d9:71:69:4d:1c:f7:ef:
                    c3:c9:d2:80:11:ff:32:a2:70:ae:d6:28:14:7f:69:
                    9d:a7:49:f4:c2:f6:51:03:c0:fb:92:7d:d2:a8:76:
                    0d:46:e8:3d:0f:71:53:34:a3:9a:01:26:a4:7d:d5:
                    95:40:58:90:4e:cd:d0:a0:88:79:46:64:fc:e2:b8:
                    ae:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:66:11:63:DA:06:80:DF:04:59:92:60:0E:47:06:C2:05:09:F0:B1
            X509v3 Authority Key Identifier:
                keyid:2F:6D:BC:6A:E0:B5:8A:11:73:1F:21:9E:DA:02:24:71:D1:E1:1E:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L228auC1ihFzHyGe2gIkcdHhHts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/e6d062-8f77-497d-b181-2510dac32496/1/mmYRY9oGgN8EWZJgDkcGwgUJ8LE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/e6d062-8f77-497d-b181-2510dac32496/1/L228auC1ihFzHyGe2gIkcdHhHts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.116.0/22
                IPv6:
                  2a06:40c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         ac:38:cc:3f:2b:5b:05:9d:5e:cd:51:cb:cf:c0:ad:76:9c:7f:
         4f:a4:df:c7:1e:6a:d0:52:0d:ea:63:bd:08:cb:bf:45:ad:54:
         47:51:55:e2:3d:c3:4b:a4:6e:98:82:10:70:74:ca:2a:b0:53:
         c7:84:8a:59:8f:4e:da:cc:e6:49:62:e0:64:e8:98:06:65:08:
         b5:6c:b5:f0:24:c9:4e:5c:ff:7d:5e:fb:80:a7:5d:db:53:9b:
         88:59:f2:a0:e1:b1:1e:79:dd:cb:e7:66:54:29:15:70:88:cd:
         58:0d:ba:76:2d:5b:bc:e3:b5:f0:a6:6f:39:c1:9e:3a:22:3d:
         1d:25:a0:dd:6f:3f:df:d4:28:e3:d7:a2:2b:7a:86:80:e3:eb:
         46:7f:c7:46:dc:96:93:49:9a:d3:44:7d:1b:d8:ee:e7:7a:0a:
         93:5d:a9:11:70:b3:8a:f1:16:3d:69:d2:77:ba:98:0c:d2:5b:
         73:6b:6f:9c:5c:33:35:ab:1b:84:a1:43:b8:d3:a9:34:22:06:
         76:96:68:65:1e:10:6a:ee:d9:13:f8:ca:7f:95:c8:64:55:72:
         3c:41:a1:d8:6b:de:57:00:44:7e:c0:70:ac:53:c8:c4:33:cb:
         b6:99:42:c6:3d:94:04:3b:4d:6a:84:9d:f3:d4:e1:c4:f2:eb:
         9b:60:76:04
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZBOw9J8KZTEb4YMl32PJuWCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmNmRiYzZhZTBiNThhMTE3MzFmMjE5ZWRhMDIyNDcxZDFl
MTFlZGIwHhcNMjQwNjI1MDkzOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTY2MTE2M2RhMDY4MGRmMDQ1OTkyNjAwZTQ3MDZjMjA1MDlmMGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApizaXQdR6DqtIQeDNjxJNsk6LRcD
MWjQncwOhs8HFZFRLHVyq09v0jvehNxAmSdJo7L22hD2+wU3xoURYBwd9PRR9QAw
JAh0IUA6myGBUBlqviphZVEo/39uFX2OSkCzej6NlmLXfMAUdWj5CUdVEu3pLEXj
ZcSEnbeCeYd0U+2bJ6cbFi7HhcRz8bzRtBAH/Ljy8E9sF/tgrBVxLEve9zkHua+t
DZEPf4T5R7aOPEBNEoH3hNsjOJAbHtlxaU0c9+/DydKAEf8yonCu1igUf2mdp0n0
wvZRA8D7kn3SqHYNRug9D3FTNKOaASakfdWVQFiQTs3QoIh5RmT84riuUQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJpmEWPaBoDfBFmSYA5HBsIFCfCxMB8GA1UdIwQY
MBaAFC9tvGrgtYoRcx8hntoCJHHR4R7bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDIyOGF1QzFpaEZ6SHlHZTJnSWtjZEhoSHRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9lNmQwNjItOGY3Ny00OTdkLWIxODEt
MjUxMGRhYzMyNDk2LzEvbW1ZUlk5b0dnTjhFV1pKZ0RrY0d3Z1VKOExFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9lNmQwNjItOGY3Ny00OTdkLWIxODEtMjUxMGRhYzMyNDk2
LzEvTDIyOGF1QzFpaEZ6SHlHZTJnSWtjZEhoSHRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCW8F0MA0E
AgACMAcDBQMqBkDAMA0GCSqGSIb3DQEBCwUAA4IBAQCsOMw/K1sFnV7NUcvPwK12
nH9PpN/HHmrQUg3qY70Iy79FrVRHUVXiPcNLpG6YghBwdMoqsFPHhIpZj07azOZJ
YuBk6JgGZQi1bLXwJMlOXP99XvuAp13bU5uIWfKg4bEeed3L52ZUKRVwiM1YDbp2
LVu847Xwpm85wZ46Ij0dJaDdbz/f1Cjj16IreoaA4+tGf8dG3JaTSZrTRH0b2O7n
egqTXakRcLOK8RY9adJ3upgM0ltza2+cXDM1qxuEoUO406k0IgZ2lmhlHhBq7tkT
+Mp/lchkVXI8QaHYa95XAER+wHCsU8jEM8u2mULGPZQEO01qhJ3z1OHE8uubYHYE
-----END CERTIFICATE-----