Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/a80963-3089-4ac4-af4f-3c8717414d80/1/gl6mAGe7kFwuWWmLLKK1sqiFD-0.roa
File:                     gl6mAGe7kFwuWWmLLKK1sqiFD-0.roa (raw, json)
Hash identifier:          JhrJ3ADghDltY8xarAZJrWV6AnaNjiqQ+MaDP78AgKw=
Subject key identifier:   82:5E:A6:00:67:BB:90:5C:2E:59:69:8B:2C:A2:B5:B2:A8:85:0F:ED
Certificate issuer:       /CN=2213007596493802fb93a326731fd3329eae2dac
Certificate serial:       018CC7932EB721FD86E8FFB406B21F84A7A3
Authority key identifier: 22:13:00:75:96:49:38:02:FB:93:A3:26:73:1F:D3:32:9E:AE:2D:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IhMAdZZJOAL7k6Mmcx_TMp6uLaw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/a80963-3089-4ac4-af4f-3c8717414d80/1/gl6mAGe7kFwuWWmLLKK1sqiFD-0.roa
Signing time:             Tue 02 Jan 2024 00:29:20 +0000
ROA not before:           Tue 02 Jan 2024 00:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58186
IP address blocks:        91.192.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/a80963-3089-4ac4-af4f-3c8717414d80/1/IhMAdZZJOAL7k6Mmcx_TMp6uLaw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/a80963-3089-4ac4-af4f-3c8717414d80/1/IhMAdZZJOAL7k6Mmcx_TMp6uLaw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IhMAdZZJOAL7k6Mmcx_TMp6uLaw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:2e:b7:21:fd:86:e8:ff:b4:06:b2:1f:84:a7:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2213007596493802fb93a326731fd3329eae2dac
        Validity
            Not Before: Jan  2 00:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=825ea60067bb905c2e59698b2ca2b5b2a8850fed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ec:0e:52:d2:58:dd:9c:74:ab:88:e3:49:c5:
                    1b:e7:11:68:fe:90:8a:fe:a9:f4:59:39:32:3c:39:
                    93:12:f7:39:e3:30:0b:f6:12:68:c5:8c:0e:d5:d1:
                    9b:af:cd:73:0a:21:49:cd:5b:2a:f4:8c:81:6f:22:
                    e8:c8:df:c5:c0:77:f2:e2:c2:1b:2a:e0:69:a2:9b:
                    95:b9:31:6a:45:c2:c5:9d:b5:f3:13:d4:1d:7c:1c:
                    81:97:97:3f:59:98:3e:bf:a5:b6:42:01:44:29:ba:
                    d2:51:f1:4c:81:75:b4:e7:82:5d:d9:ce:fc:f0:d3:
                    d1:71:6c:fc:59:7a:ae:6f:37:da:52:b9:a2:eb:32:
                    df:5f:02:33:b6:bb:7c:63:74:ad:a5:8d:fb:96:86:
                    be:31:ee:50:e5:02:ca:86:e5:d4:4c:06:d9:1e:53:
                    0b:c7:0c:51:9d:c6:ea:d6:31:a6:be:cd:63:bb:82:
                    95:8c:d3:06:87:98:b7:c9:9a:a7:89:ac:af:4d:d6:
                    84:81:9b:75:8b:a9:86:af:cc:80:15:d3:b3:15:1f:
                    5f:bf:02:af:e4:ad:6d:4e:ae:80:42:29:35:c5:b8:
                    14:a1:a5:07:31:87:22:b6:75:71:69:ae:7f:f6:82:
                    10:8c:96:82:31:52:e1:db:d1:1c:25:0d:a8:17:f9:
                    38:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:5E:A6:00:67:BB:90:5C:2E:59:69:8B:2C:A2:B5:B2:A8:85:0F:ED
            X509v3 Authority Key Identifier:
                keyid:22:13:00:75:96:49:38:02:FB:93:A3:26:73:1F:D3:32:9E:AE:2D:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IhMAdZZJOAL7k6Mmcx_TMp6uLaw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/a80963-3089-4ac4-af4f-3c8717414d80/1/gl6mAGe7kFwuWWmLLKK1sqiFD-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/a80963-3089-4ac4-af4f-3c8717414d80/1/IhMAdZZJOAL7k6Mmcx_TMp6uLaw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.192.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:0b:50:33:34:af:5e:84:62:8b:f5:13:e0:95:0e:f0:d6:e3:
         76:55:98:15:d7:4e:eb:39:af:38:66:21:f2:04:f1:13:77:39:
         51:92:05:fa:c4:21:97:72:8f:e0:93:30:8b:7a:0f:37:7c:51:
         38:cb:5a:cf:38:df:24:2f:d8:d6:8c:7e:96:7e:e8:b2:ab:72:
         41:9d:42:09:ab:e9:f4:53:14:cc:73:9d:bd:75:d1:d7:ef:fa:
         cb:bc:ef:84:92:69:9f:ff:e7:63:21:46:a7:75:18:b7:a9:8b:
         fb:35:68:eb:83:19:bb:b5:7e:a6:84:c7:8f:ed:15:cd:db:27:
         c7:46:7a:0a:e6:18:d5:81:ff:f7:ee:83:1b:9c:14:c5:59:9d:
         38:f3:43:1f:04:38:41:c0:aa:d5:95:e6:3f:2c:5d:89:ed:08:
         c6:a1:b6:d3:a5:7e:b5:1d:0a:e6:91:cc:e0:f2:fc:64:9f:9d:
         57:4d:32:92:60:b0:46:db:22:ce:2f:8a:58:32:80:8c:e1:da:
         ca:e7:e0:6a:c2:7a:21:33:b1:46:0b:a3:a5:fc:31:1c:b8:60:
         d0:1b:8e:a8:ee:d4:04:c7:84:0c:9f:93:ca:5b:ab:6a:b8:38:
         de:fd:f7:02:4e:5a:e7:9d:a6:16:00:9b:51:67:66:0b:cd:09:
         fe:54:06:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHky63If2G6P+0BrIfhKejMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMTMwMDc1OTY0OTM4MDJmYjkzYTMyNjczMWZkMzMyOWVh
ZTJkYWMwHhcNMjQwMTAyMDAyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjVlYTYwMDY3YmI5MDVjMmU1OTY5OGIyY2EyYjViMmE4ODUwZmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+wOUtJY3Zx0q4jjScUb5xFo/pCK
/qn0WTkyPDmTEvc54zAL9hJoxYwO1dGbr81zCiFJzVsq9IyBbyLoyN/FwHfy4sIb
KuBpopuVuTFqRcLFnbXzE9QdfByBl5c/WZg+v6W2QgFEKbrSUfFMgXW054Jd2c78
8NPRcWz8WXqubzfaUrmi6zLfXwIztrt8Y3StpY37loa+Me5Q5QLKhuXUTAbZHlML
xwxRncbq1jGmvs1ju4KVjNMGh5i3yZqniayvTdaEgZt1i6mGr8yAFdOzFR9fvwKv
5K1tTq6AQik1xbgUoaUHMYcitnVxaa5/9oIQjJaCMVLh29EcJQ2oF/k4nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIJepgBnu5BcLllpiyyitbKohQ/tMB8GA1UdIwQY
MBaAFCITAHWWSTgC+5OjJnMf0zKeri2sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWhNQWRaWkpPQUw3azZNbWN4X1RNcDZ1TGF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9hODA5NjMtMzA4OS00YWM0LWFmNGYt
M2M4NzE3NDE0ZDgwLzEvZ2w2bUFHZTdrRnd1V1dtTExLSzFzcWlGRC0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9hODA5NjMtMzA4OS00YWM0LWFmNGYtM2M4NzE3NDE0ZDgw
LzEvSWhNQWRaWkpPQUw3azZNbWN4X1RNcDZ1TGF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8DiMA0G
CSqGSIb3DQEBCwUAA4IBAQCHC1AzNK9ehGKL9RPglQ7w1uN2VZgV107rOa84ZiHy
BPETdzlRkgX6xCGXco/gkzCLeg83fFE4y1rPON8kL9jWjH6Wfuiyq3JBnUIJq+n0
UxTMc529ddHX7/rLvO+Ekmmf/+djIUandRi3qYv7NWjrgxm7tX6mhMeP7RXN2yfH
RnoK5hjVgf/37oMbnBTFWZ0480MfBDhBwKrVleY/LF2J7QjGobbTpX61HQrmkczg
8vxkn51XTTKSYLBG2yLOL4pYMoCM4drK5+BqwnohM7FGC6Ol/DEcuGDQG46o7tQE
x4QMn5PKW6tquDje/fcCTlrnnaYWAJtRZ2YLzQn+VAZn
-----END CERTIFICATE-----