Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/b80000-0609-488f-a34a-2ca626cfed45/1/b29jwASOcX8giqKYja-ndLLxVbs.roa
File:                     b29jwASOcX8giqKYja-ndLLxVbs.roa (raw, json)
Hash identifier:          LbX4Rx8by/KH3kL2uZ7wj6X06ELDVJ80czTwcO0ue6A=
Subject key identifier:   6F:6F:63:C0:04:8E:71:7F:20:8A:A2:98:8D:AF:A7:74:B2:F1:55:BB
Certificate issuer:       /CN=7380c759f558f9c6be88dd226a439d99c9eacf0c
Certificate serial:       018DE8C3E3067794DFB39445CDE8974865D3
Authority key identifier: 73:80:C7:59:F5:58:F9:C6:BE:88:DD:22:6A:43:9D:99:C9:EA:CF:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c4DHWfVY-ca-iN0iakOdmcnqzww.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/b80000-0609-488f-a34a-2ca626cfed45/1/b29jwASOcX8giqKYja-ndLLxVbs.roa
Signing time:             Tue 27 Feb 2024 04:12:48 +0000
ROA not before:           Tue 27 Feb 2024 04:12:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15870
IP address blocks:        91.216.46.0/24 maxlen: 24
                          2001:67c:1b28::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/b80000-0609-488f-a34a-2ca626cfed45/1/c4DHWfVY-ca-iN0iakOdmcnqzww.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/b80000-0609-488f-a34a-2ca626cfed45/1/c4DHWfVY-ca-iN0iakOdmcnqzww.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c4DHWfVY-ca-iN0iakOdmcnqzww.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 19:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e8:c3:e3:06:77:94:df:b3:94:45:cd:e8:97:48:65:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7380c759f558f9c6be88dd226a439d99c9eacf0c
        Validity
            Not Before: Feb 27 04:12:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f6f63c0048e717f208aa2988dafa774b2f155bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:48:bc:63:70:96:f8:f5:cc:da:3a:06:58:d4:
                    69:78:f9:c9:a3:c5:69:a6:b5:94:4d:4b:89:f8:27:
                    59:0a:8a:1e:97:c5:bc:0a:9e:23:1d:81:ab:48:7f:
                    fc:d5:4a:50:e5:cd:b2:44:78:45:b9:0a:37:e5:26:
                    d8:7f:5e:6b:01:f6:ea:bb:8f:5b:20:14:b2:c8:74:
                    a8:32:6e:42:be:e6:c4:db:c1:23:3d:a8:4e:ed:65:
                    30:08:d0:14:fe:a1:01:b2:63:26:a5:76:32:6a:33:
                    fa:f8:b9:c1:2b:3e:4e:2a:be:ba:e6:75:14:54:ca:
                    b9:3e:5f:18:c0:e9:9e:33:7f:fb:91:2f:3b:0d:73:
                    af:7c:44:d5:f0:ca:ed:53:83:23:82:ef:d9:c3:f2:
                    cc:01:45:6e:06:de:d6:52:aa:0a:82:e8:b0:f3:59:
                    44:06:02:95:f6:d1:0c:95:32:c6:a9:c9:4a:81:23:
                    2e:70:ef:f4:5d:cd:85:1d:b1:d4:84:18:95:34:a8:
                    2e:77:0a:1a:c3:60:46:f7:20:44:05:d7:ae:e0:ba:
                    e1:f9:47:ab:a0:83:2a:8a:7b:8b:99:a7:ba:27:57:
                    1d:19:9f:2e:08:f0:53:95:23:8f:29:3f:f6:3e:be:
                    a9:d3:6a:fd:05:e2:4d:f7:4f:df:5a:a2:53:ca:47:
                    d3:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:6F:63:C0:04:8E:71:7F:20:8A:A2:98:8D:AF:A7:74:B2:F1:55:BB
            X509v3 Authority Key Identifier:
                keyid:73:80:C7:59:F5:58:F9:C6:BE:88:DD:22:6A:43:9D:99:C9:EA:CF:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4DHWfVY-ca-iN0iakOdmcnqzww.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/b80000-0609-488f-a34a-2ca626cfed45/1/b29jwASOcX8giqKYja-ndLLxVbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/b80000-0609-488f-a34a-2ca626cfed45/1/c4DHWfVY-ca-iN0iakOdmcnqzww.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.46.0/24
                IPv6:
                  2001:67c:1b28::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:c4:f3:ea:05:9e:f9:e0:ed:47:1b:9a:14:fc:1a:89:72:63:
         5a:33:89:64:1d:8b:e9:02:36:29:27:a1:c1:86:b2:16:89:f6:
         05:60:50:7c:7c:b8:f6:3f:8c:47:4f:9d:c6:58:2c:b0:12:d4:
         ea:f7:cd:2c:99:db:75:7c:88:c8:47:ec:2c:a9:3c:78:c8:b6:
         09:98:14:a8:09:7c:84:08:c7:e6:72:40:d8:47:7d:48:e1:cc:
         b9:ac:37:d3:3a:fb:e0:7a:40:81:68:84:20:69:fa:a8:4b:6b:
         89:d1:21:a5:1f:b8:29:b3:c7:20:70:ec:77:43:ed:36:8a:f7:
         a9:b6:e7:e5:6c:97:6d:73:50:72:c6:13:13:72:82:13:a0:39:
         f4:9d:30:ee:0c:b3:16:1c:d7:eb:5c:fb:5c:75:7c:de:02:30:
         4d:14:5a:06:46:61:2b:46:93:50:79:73:a7:61:27:0c:a0:bb:
         eb:a2:15:48:1a:2b:4f:ca:a7:a5:af:c8:d0:81:e0:df:d2:17:
         ef:39:c1:b2:4b:cf:a2:a2:67:de:cb:e7:49:e1:c1:81:1b:fe:
         5b:b7:5d:ff:55:52:71:af:0c:53:a7:41:fe:c5:f6:94:bb:ac:
         90:78:3c:cc:90:a0:75:8e:e7:de:5a:72:24:93:90:89:ab:22:
         a2:9f:a7:b0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY3ow+MGd5Tfs5RFzeiXSGXTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczODBjNzU5ZjU1OGY5YzZiZTg4ZGQyMjZhNDM5ZDk5Yzll
YWNmMGMwHhcNMjQwMjI3MDQxMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjZmNjNjMDA0OGU3MTdmMjA4YWEyOTg4ZGFmYTc3NGIyZjE1NWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEi8Y3CW+PXM2joGWNRpePnJo8Vp
prWUTUuJ+CdZCooel8W8Cp4jHYGrSH/81UpQ5c2yRHhFuQo35SbYf15rAfbqu49b
IBSyyHSoMm5CvubE28EjPahO7WUwCNAU/qEBsmMmpXYyajP6+LnBKz5OKr665nUU
VMq5Pl8YwOmeM3/7kS87DXOvfETV8MrtU4Mjgu/Zw/LMAUVuBt7WUqoKguiw81lE
BgKV9tEMlTLGqclKgSMucO/0Xc2FHbHUhBiVNKgudwoaw2BG9yBEBdeu4Lrh+Uer
oIMqinuLmae6J1cdGZ8uCPBTlSOPKT/2Pr6p02r9BeJN90/fWqJTykfTtQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFG9vY8AEjnF/IIqimI2vp3Sy8VW7MB8GA1UdIwQY
MBaAFHOAx1n1WPnGvojdImpDnZnJ6s8MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzRESFdmVlktY2EtaU4waWFrT2RtY25xend3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9iODAwMDAtMDYwOS00ODhmLWEzNGEt
MmNhNjI2Y2ZlZDQ1LzEvYjI5andBU09jWDhnaXFLWWphLW5kTEx4VmJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9iODAwMDAtMDYwOS00ODhmLWEzNGEtMmNhNjI2Y2ZlZDQ1
LzEvYzRESFdmVlktY2EtaU4waWFrT2RtY25xend3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9guMA8E
AgACMAkDBwAgAQZ8GygwDQYJKoZIhvcNAQELBQADggEBAAzE8+oFnvng7UcbmhT8
GolyY1oziWQdi+kCNiknocGGshaJ9gVgUHx8uPY/jEdPncZYLLAS1Or3zSyZ23V8
iMhH7CypPHjItgmYFKgJfIQIx+ZyQNhHfUjhzLmsN9M6++B6QIFohCBp+qhLa4nR
IaUfuCmzxyBw7HdD7TaK96m25+Vsl21zUHLGExNyghOgOfSdMO4MsxYc1+tc+1x1
fN4CME0UWgZGYStGk1B5c6dhJwygu+uiFUgaK0/Kp6WvyNCB4N/SF+85wbJLz6Ki
Z97L50nhwYEb/lu3Xf9VUnGvDFOnQf7F9pS7rJB4PMyQoHWO595aciSTkImrIqKf
p7A=
-----END CERTIFICATE-----