Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/95d7dc-0c8b-4941-b9c1-d4710d022336/1/ch6va8ZO6Y45tpp1hNp9kWH9-fs.roa
File:                     ch6va8ZO6Y45tpp1hNp9kWH9-fs.roa (raw, json)
Hash identifier:          /a/ZZS+XnJRyIUWb3gWGugyrU9MSbbItuvo4DVd9DVs=
Subject key identifier:   72:1E:AF:6B:C6:4E:E9:8E:39:B6:9A:75:84:DA:7D:91:61:FD:F9:FB
Certificate issuer:       /CN=606857c43ca1df04cb69a4a0aac8629bdf32756b
Certificate serial:       018CC94E685EB04C12F392390A69BD605968
Authority key identifier: 60:68:57:C4:3C:A1:DF:04:CB:69:A4:A0:AA:C8:62:9B:DF:32:75:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGhXxDyh3wTLaaSgqshim98ydWs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/95d7dc-0c8b-4941-b9c1-d4710d022336/1/ch6va8ZO6Y45tpp1hNp9kWH9-fs.roa
Signing time:             Tue 02 Jan 2024 08:33:28 +0000
ROA not before:           Tue 02 Jan 2024 08:33:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209924
IP address blocks:        193.104.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/95d7dc-0c8b-4941-b9c1-d4710d022336/1/YGhXxDyh3wTLaaSgqshim98ydWs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/95d7dc-0c8b-4941-b9c1-d4710d022336/1/YGhXxDyh3wTLaaSgqshim98ydWs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGhXxDyh3wTLaaSgqshim98ydWs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:68:5e:b0:4c:12:f3:92:39:0a:69:bd:60:59:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606857c43ca1df04cb69a4a0aac8629bdf32756b
        Validity
            Not Before: Jan  2 08:33:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=721eaf6bc64ee98e39b69a7584da7d9161fdf9fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ef:3e:40:04:14:f0:53:ea:31:ca:48:87:e7:
                    68:e3:6c:f2:1e:62:28:0b:b1:a9:f6:af:8a:13:9d:
                    6b:be:dd:32:35:6e:e0:49:5e:ef:a7:21:e4:53:15:
                    c7:1c:1f:31:ea:f7:14:46:13:56:15:11:a9:ac:46:
                    45:bb:b2:35:53:8c:95:0f:1b:13:82:e2:d5:21:c0:
                    af:38:77:3a:df:e6:bc:d7:eb:ce:ef:91:7a:a0:e6:
                    b4:78:86:bd:7b:1b:e8:86:e7:f1:42:a6:46:db:d4:
                    cb:c7:b7:fa:d5:59:3f:13:1f:66:b3:ae:2a:21:f5:
                    df:c2:7b:ff:da:bf:5d:bd:96:81:58:8b:e0:88:0c:
                    4e:d3:99:e3:dc:77:90:a3:c2:fa:d3:28:c5:d7:8b:
                    f3:40:25:69:14:8d:aa:8a:9a:37:92:30:68:50:74:
                    a3:85:ce:da:3e:d9:f4:ca:22:1d:9d:fd:83:fa:00:
                    4c:50:12:c1:65:0e:35:89:f3:d3:e2:2c:2f:82:11:
                    f0:e0:16:d2:a8:e1:e6:98:bd:62:a8:d9:49:d4:2f:
                    fc:a8:b2:d2:ad:57:22:a3:a1:b8:54:5a:40:12:72:
                    98:fe:46:62:5f:c4:88:e7:ca:8e:d9:e4:f4:71:d8:
                    6e:cb:11:d1:7d:03:49:31:10:30:c3:0a:b3:82:56:
                    c6:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:1E:AF:6B:C6:4E:E9:8E:39:B6:9A:75:84:DA:7D:91:61:FD:F9:FB
            X509v3 Authority Key Identifier:
                keyid:60:68:57:C4:3C:A1:DF:04:CB:69:A4:A0:AA:C8:62:9B:DF:32:75:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGhXxDyh3wTLaaSgqshim98ydWs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/95d7dc-0c8b-4941-b9c1-d4710d022336/1/ch6va8ZO6Y45tpp1hNp9kWH9-fs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/95d7dc-0c8b-4941-b9c1-d4710d022336/1/YGhXxDyh3wTLaaSgqshim98ydWs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:10:11:69:33:9e:bd:a7:07:ff:48:d3:a1:ee:81:4b:6f:0a:
         b1:02:1d:6f:b6:97:f9:16:45:8a:ec:a5:44:39:b6:45:eb:b0:
         1a:c0:d5:99:84:8c:64:df:e1:00:4e:3d:8a:6f:48:46:7c:45:
         03:a3:fc:3c:a1:d2:64:02:f3:f4:17:5a:93:e2:f5:0d:07:68:
         e9:10:14:bd:b3:5d:9c:bf:4f:d9:23:8f:f3:69:e7:a1:05:fa:
         ff:35:c1:1a:c8:09:2a:50:e6:bd:a6:c4:30:3b:53:40:36:2f:
         dd:c1:63:54:61:93:dc:18:38:08:1e:ec:92:46:db:cc:aa:d0:
         4e:83:4d:04:ab:b9:d5:29:0a:7d:f7:07:26:73:90:aa:91:6b:
         58:d9:f6:40:8b:11:a9:97:96:2e:06:e6:c8:31:a6:25:1f:af:
         19:26:59:84:f1:b1:60:04:28:12:e3:46:bc:bd:ed:f1:cf:92:
         2e:a1:5e:8e:4d:2e:50:d8:3c:65:b6:af:d6:96:35:6d:87:04:
         38:c1:b1:81:72:48:10:6b:82:db:16:9d:f8:e1:f4:e2:29:bf:
         b1:d8:4a:1f:f8:0d:1c:a3:b5:86:cf:39:82:d7:56:69:94:6c:
         6c:9f:97:4b:cf:e7:9b:f5:0d:f8:17:0a:58:55:f2:2c:10:17:
         96:af:6c:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTmhesEwS85I5Cmm9YFloMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjg1N2M0M2NhMWRmMDRjYjY5YTRhMGFhYzg2MjliZGYz
Mjc1NmIwHhcNMjQwMTAyMDgzMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjFlYWY2YmM2NGVlOThlMzliNjlhNzU4NGRhN2Q5MTYxZmRmOWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+8+QAQU8FPqMcpIh+do42zyHmIo
C7Gp9q+KE51rvt0yNW7gSV7vpyHkUxXHHB8x6vcURhNWFRGprEZFu7I1U4yVDxsT
guLVIcCvOHc63+a81+vO75F6oOa0eIa9exvohufxQqZG29TLx7f61Vk/Ex9ms64q
IfXfwnv/2r9dvZaBWIvgiAxO05nj3HeQo8L60yjF14vzQCVpFI2qipo3kjBoUHSj
hc7aPtn0yiIdnf2D+gBMUBLBZQ41ifPT4iwvghHw4BbSqOHmmL1iqNlJ1C/8qLLS
rVcio6G4VFpAEnKY/kZiX8SI58qO2eT0cdhuyxHRfQNJMRAwwwqzglbGNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHIer2vGTumOObaadYTafZFh/fn7MB8GA1UdIwQY
MBaAFGBoV8Q8od8Ey2mkoKrIYpvfMnVrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdoWHhEeWgzd1RMYWFTZ3FzaGltOTh5ZFdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi85NWQ3ZGMtMGM4Yi00OTQxLWI5YzEt
ZDQ3MTBkMDIyMzM2LzEvY2g2dmE4Wk82WTQ1dHBwMWhOcDlrV0g5LWZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi85NWQ3ZGMtMGM4Yi00OTQxLWI5YzEtZDQ3MTBkMDIyMzM2
LzEvWUdoWHhEeWgzd1RMYWFTZ3FzaGltOTh5ZFdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWhbMA0G
CSqGSIb3DQEBCwUAA4IBAQBuEBFpM569pwf/SNOh7oFLbwqxAh1vtpf5FkWK7KVE
ObZF67AawNWZhIxk3+EATj2Kb0hGfEUDo/w8odJkAvP0F1qT4vUNB2jpEBS9s12c
v0/ZI4/zaeehBfr/NcEayAkqUOa9psQwO1NANi/dwWNUYZPcGDgIHuySRtvMqtBO
g00Eq7nVKQp99wcmc5CqkWtY2fZAixGpl5YuBubIMaYlH68ZJlmE8bFgBCgS40a8
ve3xz5IuoV6OTS5Q2Dxltq/WljVthwQ4wbGBckgQa4LbFp344fTiKb+x2Eof+A0c
o7WGzzmC11ZplGxsn5dLz+eb9Q34FwpYVfIsEBeWr2yj
-----END CERTIFICATE-----