Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/8f076d-f0e9-42b4-ad5f-7312063ffa7f/1/by1WBGbdrucBaRo0q-_LS8RJXEA.roa
File:                     by1WBGbdrucBaRo0q-_LS8RJXEA.roa (raw, json)
Hash identifier:          e6B7n3eIP0oThxv0Nfr/dMJAuQI2Dj6eyLiNLmlJ2RU=
Subject key identifier:   6F:2D:56:04:66:DD:AE:E7:01:69:1A:34:AB:EF:CB:4B:C4:49:5C:40
Certificate issuer:       /CN=6342600bf1cc9216ae6fe169a1e9d5418ad93a22
Certificate serial:       018CC26D22831E7CBA6F2A9243704AAA5330
Authority key identifier: 63:42:60:0B:F1:CC:92:16:AE:6F:E1:69:A1:E9:D5:41:8A:D9:3A:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y0JgC_HMkhaub-FpoenVQYrZOiI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/8f076d-f0e9-42b4-ad5f-7312063ffa7f/1/by1WBGbdrucBaRo0q-_LS8RJXEA.roa
Signing time:             Mon 01 Jan 2024 00:29:41 +0000
ROA not before:           Mon 01 Jan 2024 00:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44704
IP address blocks:        91.206.100.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/8f076d-f0e9-42b4-ad5f-7312063ffa7f/1/Y0JgC_HMkhaub-FpoenVQYrZOiI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/8f076d-f0e9-42b4-ad5f-7312063ffa7f/1/Y0JgC_HMkhaub-FpoenVQYrZOiI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y0JgC_HMkhaub-FpoenVQYrZOiI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:22:83:1e:7c:ba:6f:2a:92:43:70:4a:aa:53:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6342600bf1cc9216ae6fe169a1e9d5418ad93a22
        Validity
            Not Before: Jan  1 00:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f2d560466ddaee701691a34abefcb4bc4495c40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:2d:4f:81:e0:05:03:1f:17:00:f5:23:57:0c:
                    e7:b9:3a:73:ac:b8:13:cf:58:2d:76:fc:df:ee:6d:
                    ee:19:f3:a1:3c:d7:2f:84:14:6a:c1:f6:de:18:7e:
                    9e:30:f9:93:02:4b:2f:f0:6c:95:77:0a:1f:86:e9:
                    de:59:f5:0b:43:f7:8c:a9:c3:26:42:a4:ba:c9:73:
                    3e:ab:68:96:c7:36:16:db:31:de:81:4f:61:ef:f4:
                    d2:a8:a9:a6:11:e0:f2:c0:47:70:6f:f1:82:b5:79:
                    bb:b6:88:d0:f8:a7:da:0a:27:9e:7a:de:4b:0f:65:
                    99:54:59:d9:1b:14:fd:23:07:31:fe:23:39:70:49:
                    8d:e0:4f:1e:0f:18:64:c6:79:71:78:22:92:35:2f:
                    22:f0:f5:c0:26:5f:bd:9e:7a:b2:9a:35:ba:e4:fc:
                    5c:e3:d4:e2:be:f7:3d:b8:50:21:97:d5:0a:20:57:
                    61:a0:81:29:b1:dc:90:47:4a:8d:67:a6:41:16:97:
                    20:61:48:33:7e:f7:90:3a:82:77:76:e4:16:90:27:
                    11:48:5e:41:c1:fd:da:e0:8b:a2:70:c3:44:40:c5:
                    17:8e:5f:bd:24:89:cb:14:64:42:58:07:55:c5:55:
                    a7:22:9c:7c:34:63:c8:e1:e1:7f:6c:5a:dd:cc:e3:
                    c7:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:2D:56:04:66:DD:AE:E7:01:69:1A:34:AB:EF:CB:4B:C4:49:5C:40
            X509v3 Authority Key Identifier:
                keyid:63:42:60:0B:F1:CC:92:16:AE:6F:E1:69:A1:E9:D5:41:8A:D9:3A:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y0JgC_HMkhaub-FpoenVQYrZOiI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8f076d-f0e9-42b4-ad5f-7312063ffa7f/1/by1WBGbdrucBaRo0q-_LS8RJXEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8f076d-f0e9-42b4-ad5f-7312063ffa7f/1/Y0JgC_HMkhaub-FpoenVQYrZOiI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.100.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7a:f7:09:f7:52:c1:c0:50:b8:5f:87:c6:46:f4:f0:7e:45:3a:
         de:ff:62:cb:e6:89:06:34:10:63:1a:12:71:6a:66:b8:33:e8:
         ec:32:46:6f:88:b5:29:97:fe:e4:6b:e5:3c:26:8e:98:01:f5:
         13:e7:99:7c:bc:fa:f1:2f:d3:aa:31:01:da:b2:63:bb:a9:38:
         78:f0:6a:63:f5:59:e3:c1:2b:48:43:4c:9b:18:c4:ef:22:83:
         2f:2d:73:c5:26:da:a7:1a:79:20:0e:97:87:01:bd:21:3c:d6:
         2f:f5:d7:16:b4:f9:5f:76:8b:d6:cd:58:f7:5e:ba:03:2f:e8:
         c0:6d:fd:f0:83:e0:16:24:9c:30:92:a0:fa:b9:c5:79:d6:1f:
         17:08:d2:ec:c3:41:95:c6:05:90:e1:d9:ed:78:15:49:48:4c:
         5c:00:1b:99:b5:96:7f:86:b2:f7:0b:50:22:bf:48:11:a9:0f:
         d8:68:39:61:2f:41:01:49:cd:89:28:d5:a4:d5:38:4f:98:bf:
         a9:13:ee:ce:de:a4:c6:85:08:63:d4:16:d2:6c:5b:cf:95:9c:
         ff:07:3a:7a:89:2e:44:ac:9a:10:c9:e7:67:dd:cb:1f:2c:6d:
         fa:b2:65:85:19:0d:60:d6:78:f0:90:c0:a4:a5:d1:14:99:64:
         2b:5d:17:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbSKDHny6byqSQ3BKqlMwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNDI2MDBiZjFjYzkyMTZhZTZmZTE2OWExZTlkNTQxOGFk
OTNhMjIwHhcNMjQwMTAxMDAyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjJkNTYwNDY2ZGRhZWU3MDE2OTFhMzRhYmVmY2I0YmM0NDk1YzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAty1PgeAFAx8XAPUjVwznuTpzrLgT
z1gtdvzf7m3uGfOhPNcvhBRqwfbeGH6eMPmTAksv8GyVdwofhuneWfULQ/eMqcMm
QqS6yXM+q2iWxzYW2zHegU9h7/TSqKmmEeDywEdwb/GCtXm7tojQ+KfaCieeet5L
D2WZVFnZGxT9Iwcx/iM5cEmN4E8eDxhkxnlxeCKSNS8i8PXAJl+9nnqymjW65Pxc
49Tivvc9uFAhl9UKIFdhoIEpsdyQR0qNZ6ZBFpcgYUgzfveQOoJ3duQWkCcRSF5B
wf3a4IuicMNEQMUXjl+9JInLFGRCWAdVxVWnIpx8NGPI4eF/bFrdzOPHAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG8tVgRm3a7nAWkaNKvvy0vESVxAMB8GA1UdIwQY
MBaAFGNCYAvxzJIWrm/haaHp1UGK2ToiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTBKZ0NfSE1raGF1Yi1GcG9lblZRWXJaT2lJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC84ZjA3NmQtZjBlOS00MmI0LWFkNWYt
NzMxMjA2M2ZmYTdmLzEvYnkxV0JHYmRydWNCYVJvMHEtX0xTOFJKWEVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC84ZjA3NmQtZjBlOS00MmI0LWFkNWYtNzMxMjA2M2ZmYTdm
LzEvWTBKZ0NfSE1raGF1Yi1GcG9lblZRWXJaT2lJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW85kMA0G
CSqGSIb3DQEBCwUAA4IBAQB69wn3UsHAULhfh8ZG9PB+RTre/2LL5okGNBBjGhJx
ama4M+jsMkZviLUpl/7ka+U8Jo6YAfUT55l8vPrxL9OqMQHasmO7qTh48Gpj9Vnj
wStIQ0ybGMTvIoMvLXPFJtqnGnkgDpeHAb0hPNYv9dcWtPlfdovWzVj3XroDL+jA
bf3wg+AWJJwwkqD6ucV51h8XCNLsw0GVxgWQ4dnteBVJSExcABuZtZZ/hrL3C1Ai
v0gRqQ/YaDlhL0EBSc2JKNWk1ThPmL+pE+7O3qTGhQhj1BbSbFvPlZz/Bzp6iS5E
rJoQyedn3csfLG36smWFGQ1g1njwkMCkpdEUmWQrXRf0
-----END CERTIFICATE-----