Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/5f5acc-3646-443d-9f7e-27e9beb3294b/1/GSIjiG7l2t5b3b0MV9Kwkma-VuE.roa
File:                     GSIjiG7l2t5b3b0MV9Kwkma-VuE.roa (raw, json)
Hash identifier:          b2pOuTkgtoPwL9LXOehykxlaCvBsuZXo5khQvHaA7V0=
Subject key identifier:   19:22:23:88:6E:E5:DA:DE:5B:DD:BD:0C:57:D2:B0:92:66:BE:56:E1
Certificate issuer:       /CN=67c39d38f468d9c12d8ff50d5b9f9265a1e5a8d0
Certificate serial:       018EF7DC2EBD1FEAEE7706BC9766C57A0B95
Authority key identifier: 67:C3:9D:38:F4:68:D9:C1:2D:8F:F5:0D:5B:9F:92:65:A1:E5:A8:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z8OdOPRo2cEtj_UNW5-SZaHlqNA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/5f5acc-3646-443d-9f7e-27e9beb3294b/1/GSIjiG7l2t5b3b0MV9Kwkma-VuE.roa
Signing time:             Fri 19 Apr 2024 19:36:25 +0000
ROA not before:           Fri 19 Apr 2024 19:36:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41872
IP address blocks:        91.207.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/5f5acc-3646-443d-9f7e-27e9beb3294b/1/Z8OdOPRo2cEtj_UNW5-SZaHlqNA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/5f5acc-3646-443d-9f7e-27e9beb3294b/1/Z8OdOPRo2cEtj_UNW5-SZaHlqNA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z8OdOPRo2cEtj_UNW5-SZaHlqNA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f7:dc:2e:bd:1f:ea:ee:77:06:bc:97:66:c5:7a:0b:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67c39d38f468d9c12d8ff50d5b9f9265a1e5a8d0
        Validity
            Not Before: Apr 19 19:36:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=192223886ee5dade5bddbd0c57d2b09266be56e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:7c:07:42:72:01:55:5e:55:0a:7c:6d:f2:29:
                    1e:bf:9e:e6:2d:f1:b2:31:50:4f:ce:b4:ce:0e:e7:
                    ec:11:c6:4c:aa:22:35:96:84:92:89:9c:c4:ca:92:
                    50:bc:6e:c8:ef:29:b8:e1:57:3e:e1:2c:a5:a9:d4:
                    da:72:0c:02:fd:05:78:90:8e:9a:05:57:d3:72:85:
                    df:a7:13:ae:32:2a:99:46:f5:c6:0c:de:c2:0a:de:
                    d7:e1:cd:ae:cc:c1:97:54:88:a1:64:8a:dd:56:eb:
                    f6:8c:6a:e6:c9:83:31:50:be:0b:7b:03:dc:84:78:
                    82:fc:a8:85:82:2a:59:2d:18:b5:de:3a:73:5e:94:
                    64:7e:56:8d:41:7c:d7:44:ab:ac:7c:c8:07:4c:75:
                    b7:e8:12:fe:f4:82:f7:79:d4:9a:f4:77:c2:f5:c1:
                    12:04:92:0f:25:9c:3d:4d:51:00:76:24:d7:d8:46:
                    d0:a7:c6:43:87:80:48:23:9a:b6:15:0e:49:be:76:
                    70:84:d5:1f:08:10:5a:4e:45:a2:f0:81:2f:d0:c3:
                    e9:f2:ea:8d:2e:38:0b:7e:19:1c:30:6a:bf:29:5c:
                    1e:84:1e:de:0a:db:6d:52:95:a6:a6:32:0c:30:a3:
                    64:96:19:30:ad:2f:e8:51:ce:41:f4:1b:c1:15:0d:
                    2c:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:22:23:88:6E:E5:DA:DE:5B:DD:BD:0C:57:D2:B0:92:66:BE:56:E1
            X509v3 Authority Key Identifier:
                keyid:67:C3:9D:38:F4:68:D9:C1:2D:8F:F5:0D:5B:9F:92:65:A1:E5:A8:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z8OdOPRo2cEtj_UNW5-SZaHlqNA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/5f5acc-3646-443d-9f7e-27e9beb3294b/1/GSIjiG7l2t5b3b0MV9Kwkma-VuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/5f5acc-3646-443d-9f7e-27e9beb3294b/1/Z8OdOPRo2cEtj_UNW5-SZaHlqNA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:c4:22:d4:9b:11:bf:ca:10:34:e5:e4:d6:7a:69:9a:38:e9:
         98:aa:01:ac:61:61:17:c9:43:09:28:f8:13:1e:96:83:c4:a9:
         01:fa:b0:a6:72:bc:79:3c:9d:76:7e:3f:51:71:00:08:56:84:
         0b:46:2f:5c:0d:d9:f7:93:ee:33:9b:a2:c6:33:d8:ef:96:88:
         65:df:18:cf:0a:1c:d6:62:d1:84:99:d2:8f:b4:10:c2:9e:31:
         25:d4:14:39:41:74:d1:a1:d3:a3:11:7a:7b:3d:be:5f:5d:4d:
         04:ab:08:a4:80:fe:9c:3a:3b:38:98:cb:cf:60:aa:65:41:5b:
         0c:46:2e:09:27:4f:3b:c3:00:43:08:6b:3b:c6:5b:3d:3c:89:
         54:ba:73:25:ea:80:1a:fd:9f:af:80:e2:fb:42:2a:38:d4:21:
         2d:86:23:d1:81:32:9f:1e:24:f2:6b:74:2f:94:9f:ad:3b:87:
         70:6d:93:84:8a:6e:0f:b7:15:20:96:88:68:06:4e:0f:5f:c2:
         24:b3:c9:53:5a:9b:8c:09:00:12:df:be:27:27:d8:89:aa:8a:
         71:94:d2:72:5f:5f:e1:53:c3:9e:65:9f:98:45:81:56:d9:77:
         ff:12:f3:76:54:bf:9b:5a:3d:6a:9e:ca:5a:3f:c2:df:6b:89:
         c0:7b:96:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY733C69H+rudwa8l2bFeguVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YzM5ZDM4ZjQ2OGQ5YzEyZDhmZjUwZDViOWY5MjY1YTFl
NWE4ZDAwHhcNMjQwNDE5MTkzNjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTIyMjM4ODZlZTVkYWRlNWJkZGJkMGM1N2QyYjA5MjY2YmU1NmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHwHQnIBVV5VCnxt8ikev57mLfGy
MVBPzrTODufsEcZMqiI1loSSiZzEypJQvG7I7ym44Vc+4SylqdTacgwC/QV4kI6a
BVfTcoXfpxOuMiqZRvXGDN7CCt7X4c2uzMGXVIihZIrdVuv2jGrmyYMxUL4LewPc
hHiC/KiFgipZLRi13jpzXpRkflaNQXzXRKusfMgHTHW36BL+9IL3edSa9HfC9cES
BJIPJZw9TVEAdiTX2EbQp8ZDh4BII5q2FQ5JvnZwhNUfCBBaTkWi8IEv0MPp8uqN
LjgLfhkcMGq/KVwehB7eCtttUpWmpjIMMKNklhkwrS/oUc5B9BvBFQ0sEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBkiI4hu5dreW929DFfSsJJmvlbhMB8GA1UdIwQY
MBaAFGfDnTj0aNnBLY/1DVufkmWh5ajQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjhPZE9QUm8yY0V0al9VTlc1LVNaYUhscU5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81ZjVhY2MtMzY0Ni00NDNkLTlmN2Ut
MjdlOWJlYjMyOTRiLzEvR1NJamlHN2wydDViM2IwTVY5S3drbWEtVnVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81ZjVhY2MtMzY0Ni00NDNkLTlmN2UtMjdlOWJlYjMyOTRi
LzEvWjhPZE9QUm8yY0V0al9VTlc1LVNaYUhscU5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8+kMA0G
CSqGSIb3DQEBCwUAA4IBAQA6xCLUmxG/yhA05eTWemmaOOmYqgGsYWEXyUMJKPgT
HpaDxKkB+rCmcrx5PJ12fj9RcQAIVoQLRi9cDdn3k+4zm6LGM9jvlohl3xjPChzW
YtGEmdKPtBDCnjEl1BQ5QXTRodOjEXp7Pb5fXU0EqwikgP6cOjs4mMvPYKplQVsM
Ri4JJ087wwBDCGs7xls9PIlUunMl6oAa/Z+vgOL7Qio41CEthiPRgTKfHiTya3Qv
lJ+tO4dwbZOEim4PtxUglohoBk4PX8Iks8lTWpuMCQAS374nJ9iJqopxlNJyX1/h
U8OeZZ+YRYFW2Xf/EvN2VL+bWj1qnspaP8Lfa4nAe5Z0
-----END CERTIFICATE-----