Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/e0ef59-08b8-4d6d-8738-5cec36ff8e73/1/Qg8Tzr_fvKGYuc_q80TmtSCi5RA.roa
File:                     Qg8Tzr_fvKGYuc_q80TmtSCi5RA.roa (raw, json)
Hash identifier:          WBHmpDKDHUuGFC1AgBeYPgTEjx9h7jfPmy+1S9X8qaw=
Subject key identifier:   42:0F:13:CE:BF:DF:BC:A1:98:B9:CF:EA:F3:44:E6:B5:20:A2:E5:10
Certificate issuer:       /CN=b919e96122f283815c1a56fecc349447a2889cd9
Certificate serial:       018CC26D2E1B109F83D6103F15AEA25FD4D9
Authority key identifier: B9:19:E9:61:22:F2:83:81:5C:1A:56:FE:CC:34:94:47:A2:88:9C:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uRnpYSLyg4FcGlb-zDSUR6KInNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/e0ef59-08b8-4d6d-8738-5cec36ff8e73/1/Qg8Tzr_fvKGYuc_q80TmtSCi5RA.roa
Signing time:             Mon 01 Jan 2024 00:29:44 +0000
ROA not before:           Mon 01 Jan 2024 00:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30948
IP address blocks:        91.229.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/e0ef59-08b8-4d6d-8738-5cec36ff8e73/1/uRnpYSLyg4FcGlb-zDSUR6KInNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/e0ef59-08b8-4d6d-8738-5cec36ff8e73/1/uRnpYSLyg4FcGlb-zDSUR6KInNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uRnpYSLyg4FcGlb-zDSUR6KInNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2e:1b:10:9f:83:d6:10:3f:15:ae:a2:5f:d4:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b919e96122f283815c1a56fecc349447a2889cd9
        Validity
            Not Before: Jan  1 00:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=420f13cebfdfbca198b9cfeaf344e6b520a2e510
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:31:a7:ba:d1:e8:73:ed:31:84:db:4d:c7:80:
                    df:10:d3:82:fb:0d:bd:ca:8b:f2:00:02:21:3d:74:
                    61:22:35:0c:cd:8e:20:ee:89:a8:3a:aa:6e:0a:d3:
                    98:d6:57:eb:7f:a7:e0:ae:8a:b2:15:33:8c:8f:5d:
                    1e:07:17:fe:cb:6f:a2:68:f9:02:9f:43:9b:6c:a0:
                    68:62:ac:08:b8:9c:4c:1a:c4:76:55:74:8e:f4:80:
                    2f:65:bd:c1:54:a9:09:33:9c:1f:3a:b9:66:a3:90:
                    d2:3d:63:5e:9e:4f:7d:d1:2b:52:07:49:ca:fe:32:
                    2f:12:b9:95:8d:0d:97:bb:9d:38:7c:21:5f:13:cd:
                    97:f3:30:ba:f7:ea:bc:0e:a0:91:0a:8d:dc:bf:a9:
                    ef:e1:f2:b8:87:0e:40:22:46:41:81:ed:57:20:c0:
                    d6:c1:3e:33:7e:40:ce:07:88:8a:b6:c4:ed:a1:19:
                    46:ba:67:e8:dd:dc:62:93:ce:70:69:cc:16:20:13:
                    56:f9:9c:de:04:9d:b7:0b:f2:33:a9:3e:96:4e:e7:
                    2e:71:28:43:8b:e3:c2:90:d9:00:15:c4:3f:10:a6:
                    a4:67:59:38:dd:d5:55:0f:c9:96:a7:11:51:9f:88:
                    ed:14:c7:1e:71:b5:20:f4:c9:4b:f6:e6:79:d7:6f:
                    88:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:0F:13:CE:BF:DF:BC:A1:98:B9:CF:EA:F3:44:E6:B5:20:A2:E5:10
            X509v3 Authority Key Identifier:
                keyid:B9:19:E9:61:22:F2:83:81:5C:1A:56:FE:CC:34:94:47:A2:88:9C:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uRnpYSLyg4FcGlb-zDSUR6KInNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/e0ef59-08b8-4d6d-8738-5cec36ff8e73/1/Qg8Tzr_fvKGYuc_q80TmtSCi5RA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/e0ef59-08b8-4d6d-8738-5cec36ff8e73/1/uRnpYSLyg4FcGlb-zDSUR6KInNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:5a:c1:90:03:b6:9d:40:fa:b1:bb:9c:cb:0f:c6:e4:95:19:
         b1:b6:6b:31:9b:42:85:93:cc:71:b2:f9:78:ed:57:17:b4:9f:
         9d:17:5b:39:54:ca:19:0e:14:70:c7:88:a5:00:4a:30:90:fd:
         26:7a:60:02:7b:25:09:88:b0:80:47:93:be:b7:8d:ef:98:57:
         1f:12:f4:ec:79:2a:43:a9:22:e9:71:c7:39:0c:e5:b6:df:9d:
         f5:60:25:8f:60:92:87:23:cd:25:a0:30:d6:06:ca:be:13:13:
         c1:99:c1:f7:5e:d2:13:d6:e7:8e:2e:0e:af:da:d1:ba:b1:38:
         2e:31:be:89:89:c2:2f:cf:6d:f5:f9:e0:f2:ae:8e:83:35:ec:
         65:ab:84:ca:40:d5:4f:b6:47:00:da:a4:13:8c:65:1f:e5:96:
         e9:14:5c:67:17:7c:54:74:53:35:66:c0:ab:36:21:a9:49:1d:
         73:eb:26:b2:61:d1:1b:f8:45:92:f9:5a:05:b0:f0:0a:c3:dd:
         84:0f:b3:48:cc:69:b3:25:2e:c7:56:0a:2d:38:13:c7:75:c2:
         e8:98:73:9d:8e:ff:5e:c5:99:b4:d2:e5:35:ee:36:bd:6d:31:
         bf:78:50:b9:44:88:c3:3f:a2:82:87:53:72:5b:6c:d4:ce:a6:
         a0:b3:45:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbS4bEJ+D1hA/Fa6iX9TZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MTllOTYxMjJmMjgzODE1YzFhNTZmZWNjMzQ5NDQ3YTI4
ODljZDkwHhcNMjQwMTAxMDAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjBmMTNjZWJmZGZiY2ExOThiOWNmZWFmMzQ0ZTZiNTIwYTJlNTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAizGnutHoc+0xhNtNx4DfENOC+w29
yovyAAIhPXRhIjUMzY4g7omoOqpuCtOY1lfrf6fgroqyFTOMj10eBxf+y2+iaPkC
n0ObbKBoYqwIuJxMGsR2VXSO9IAvZb3BVKkJM5wfOrlmo5DSPWNenk990StSB0nK
/jIvErmVjQ2Xu504fCFfE82X8zC69+q8DqCRCo3cv6nv4fK4hw5AIkZBge1XIMDW
wT4zfkDOB4iKtsTtoRlGumfo3dxik85wacwWIBNW+ZzeBJ23C/IzqT6WTucucShD
i+PCkNkAFcQ/EKakZ1k43dVVD8mWpxFRn4jtFMcecbUg9MlL9uZ512+IJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEIPE86/37yhmLnP6vNE5rUgouUQMB8GA1UdIwQY
MBaAFLkZ6WEi8oOBXBpW/sw0lEeiiJzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJucFlTTHlnNEZjR2xiLXpEU1VSNktJbk5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9lMGVmNTktMDhiOC00ZDZkLTg3Mzgt
NWNlYzM2ZmY4ZTczLzEvUWc4VHpyX2Z2S0dZdWNfcTgwVG10U0NpNVJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9lMGVmNTktMDhiOC00ZDZkLTg3MzgtNWNlYzM2ZmY4ZTcz
LzEvdVJucFlTTHlnNEZjR2xiLXpEU1VSNktJbk5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+UHMA0G
CSqGSIb3DQEBCwUAA4IBAQCsWsGQA7adQPqxu5zLD8bklRmxtmsxm0KFk8xxsvl4
7VcXtJ+dF1s5VMoZDhRwx4ilAEowkP0memACeyUJiLCAR5O+t43vmFcfEvTseSpD
qSLpccc5DOW23531YCWPYJKHI80loDDWBsq+ExPBmcH3XtIT1ueOLg6v2tG6sTgu
Mb6JicIvz231+eDyro6DNexlq4TKQNVPtkcA2qQTjGUf5ZbpFFxnF3xUdFM1ZsCr
NiGpSR1z6yayYdEb+EWS+VoFsPAKw92ED7NIzGmzJS7HVgotOBPHdcLomHOdjv9e
xZm00uU17ja9bTG/eFC5RIjDP6KCh1NyW2zUzqags0Vl
-----END CERTIFICATE-----