Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS6894.roa
File:                     AS6894.roa (raw, json)
Hash identifier:          HWB8UMWBh8Ue5sm2uWnNr0xneYwRuKeECFqoWtcNsK0=
Subject key identifier:   6E:17:51:54:63:A0:88:66:37:B9:6C:39:4A:7E:BE:1B:23:75:BF:4B
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       2FFC2100AEEC9F72B40C730077FA3D2D56DD7429
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS6894.roa
Signing time:             Mon 28 Oct 2024 12:43:25 +0000
ROA not before:           Mon 28 Oct 2024 12:38:25 +0000
ROA not after:            Mon 27 Oct 2025 12:43:25 +0000
asID:                     6894
IP address blocks:        91.206.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:fc:21:00:ae:ec:9f:72:b4:0c:73:00:77:fa:3d:2d:56:dd:74:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Oct 28 12:38:25 2024 GMT
            Not After : Oct 27 12:43:25 2025 GMT
        Subject: CN=6E17515463A0886637B96C394A7EBE1B2375BF4B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:e7:4c:64:df:df:47:36:4c:c4:5c:88:7c:ab:
                    37:c2:d8:8c:32:da:25:1a:9e:e6:1b:80:cc:5c:be:
                    0e:15:f4:d5:1c:2a:fb:b2:0b:9a:0d:dc:fb:45:6e:
                    5f:f5:14:4c:02:ca:a2:97:38:06:88:e5:eb:1f:f8:
                    28:be:8c:ce:26:55:98:fa:e2:5d:f5:4e:a3:f5:41:
                    3a:53:0c:18:41:d0:4c:6c:3f:51:17:8e:05:8d:d8:
                    85:c2:43:d9:f3:51:71:7c:70:b8:b2:fe:53:69:9f:
                    b3:9c:bf:53:77:1b:6f:46:46:51:11:55:bf:3a:8e:
                    67:22:45:52:41:3c:d3:2d:58:8f:14:3b:85:85:df:
                    81:9b:fc:01:0c:a0:19:e8:04:b4:50:f6:5e:34:a7:
                    b5:9a:47:f2:11:95:0c:57:82:63:24:4f:5a:c5:f0:
                    5e:48:80:98:4e:70:87:83:dd:23:9f:f6:59:f3:cd:
                    99:53:3a:bd:93:08:56:37:27:34:03:e0:c9:ae:8c:
                    ad:52:8e:0b:c0:0d:58:f2:fd:5f:d0:6e:cb:b9:06:
                    b8:91:2e:eb:9f:64:a1:74:83:ab:9a:b1:00:05:8b:
                    94:69:3c:b9:7e:7b:f6:b7:a4:86:e8:25:e2:ae:c9:
                    10:78:76:dd:d2:42:92:a2:7d:3f:c9:d7:cd:5d:ae:
                    b1:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:17:51:54:63:A0:88:66:37:B9:6C:39:4A:7E:BE:1B:23:75:BF:4B
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS6894.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:29:cc:5f:00:58:89:b3:bf:cc:ab:8c:76:3a:19:82:96:ed:
         a1:25:fd:0c:cf:e6:3d:d6:5c:04:17:b7:3d:bf:b0:be:2f:87:
         14:b4:0c:79:c3:a9:96:41:d9:22:01:4d:f1:bc:4f:d1:73:b9:
         5c:81:cf:e7:be:e7:14:70:e4:d4:3c:c6:7b:ef:31:5e:40:5d:
         7b:3a:a0:d7:c4:ef:a6:31:2f:55:c3:14:6c:63:36:13:29:a0:
         7c:75:c6:ed:9d:f7:eb:26:76:85:1c:9c:75:2c:a8:f5:a9:9c:
         c2:6a:ff:ba:ad:0b:5c:68:79:b5:59:8e:d1:5a:4c:d3:4b:fb:
         68:f1:20:b4:8e:4f:68:ec:90:33:74:cd:a3:ae:2b:84:4d:d4:
         40:73:6f:8d:7e:8a:71:af:b6:55:1f:c7:49:0a:12:56:38:c2:
         83:0f:a5:60:92:02:84:70:72:35:c8:d2:9e:e0:ee:25:34:32:
         ee:6c:79:43:1d:0c:99:81:b9:f0:37:c8:6d:58:16:d9:9d:f8:
         0f:3a:5d:b5:28:5a:00:4d:6e:dc:5b:61:4f:20:90:f6:93:a8:
         e3:26:80:c6:4d:2e:65:c2:ff:ef:02:6b:b0:dc:64:20:35:1c:
         38:28:c9:3e:79:23:8f:85:59:aa:74:8b:28:9b:4d:e5:7d:7b:
         b2:58:83:24
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUL/whAK7sn3K0DHMAd/o9LVbddCkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDEwMjgxMjM4MjVaFw0yNTEwMjcxMjQzMjVaMDMxMTAvBgNV
BAMTKDZFMTc1MTU0NjNBMDg4NjYzN0I5NkMzOTRBN0VCRTFCMjM3NUJGNEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCG50xk399HNkzEXIh8qzfC2Iwy
2iUanuYbgMxcvg4V9NUcKvuyC5oN3PtFbl/1FEwCyqKXOAaI5esf+Ci+jM4mVZj6
4l31TqP1QTpTDBhB0ExsP1EXjgWN2IXCQ9nzUXF8cLiy/lNpn7Ocv1N3G29GRlER
Vb86jmciRVJBPNMtWI8UO4WF34Gb/AEMoBnoBLRQ9l40p7WaR/IRlQxXgmMkT1rF
8F5IgJhOcIeD3SOf9lnzzZlTOr2TCFY3JzQD4MmujK1SjgvADVjy/V/Qbsu5BriR
LuufZKF0g6uasQAFi5RpPLl+e/a3pIboJeKuyRB4dt3SQpKifT/J181drrFbAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUbhdRVGOgiGY3uWw5Sn6+GyN1v0swHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNjg5NC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvOAjAN
BgkqhkiG9w0BAQsFAAOCAQEAAinMXwBYibO/zKuMdjoZgpbtoSX9DM/mPdZcBBe3
Pb+wvi+HFLQMecOplkHZIgFN8bxP0XO5XIHP577nFHDk1DzGe+8xXkBdezqg18Tv
pjEvVcMUbGM2EymgfHXG7Z336yZ2hRycdSyo9amcwmr/uq0LXGh5tVmO0VpM00v7
aPEgtI5PaOyQM3TNo64rhE3UQHNvjX6Kca+2VR/HSQoSVjjCgw+lYJIChHByNcjS
nuDuJTQy7mx5Qx0MmYG58DfIbVgW2Z34DzpdtShaAE1u3FthTyCQ9pOo4yaAxk0u
ZcL/7wJrsNxkIDUcOCjJPnkjj4VZqnSLKJtN5X17sliDJA==
-----END CERTIFICATE-----