Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/5f5acc-3646-443d-9f7e-27e9beb3294b/1/wfqKJcJOvtFqZvd-UQvA_tb2CGM.roa
File:                     wfqKJcJOvtFqZvd-UQvA_tb2CGM.roa (raw, json)
Hash identifier:          iHvaI6mG1bCGXneLjFdMXYFcegjsQBFSBIWd4cOApSw=
Subject key identifier:   C1:FA:8A:25:C2:4E:BE:D1:6A:66:F7:7E:51:0B:C0:FE:D6:F6:08:63
Certificate issuer:       /CN=67c39d38f468d9c12d8ff50d5b9f9265a1e5a8d0
Certificate serial:       018EF7DFD7927BF0A517E229F907A0C620F3
Authority key identifier: 67:C3:9D:38:F4:68:D9:C1:2D:8F:F5:0D:5B:9F:92:65:A1:E5:A8:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z8OdOPRo2cEtj_UNW5-SZaHlqNA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/5f5acc-3646-443d-9f7e-27e9beb3294b/1/wfqKJcJOvtFqZvd-UQvA_tb2CGM.roa
Signing time:             Fri 19 Apr 2024 19:40:25 +0000
ROA not before:           Fri 19 Apr 2024 19:40:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59622
IP address blocks:        91.207.178.0/24 maxlen: 24
                          91.207.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/5f5acc-3646-443d-9f7e-27e9beb3294b/1/Z8OdOPRo2cEtj_UNW5-SZaHlqNA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/5f5acc-3646-443d-9f7e-27e9beb3294b/1/Z8OdOPRo2cEtj_UNW5-SZaHlqNA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z8OdOPRo2cEtj_UNW5-SZaHlqNA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f7:df:d7:92:7b:f0:a5:17:e2:29:f9:07:a0:c6:20:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67c39d38f468d9c12d8ff50d5b9f9265a1e5a8d0
        Validity
            Not Before: Apr 19 19:40:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1fa8a25c24ebed16a66f77e510bc0fed6f60863
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:13:5a:94:22:b9:eb:a6:57:f0:42:45:1b:ce:
                    02:93:1c:5b:a5:22:81:5b:02:8a:d2:25:e8:22:7c:
                    8b:d6:52:59:46:fb:a1:e3:79:c8:78:53:72:49:aa:
                    80:08:ab:9c:bf:c1:fb:30:54:10:86:ff:09:f1:71:
                    0b:9e:11:d2:bc:1e:08:4b:9d:ea:bd:f4:c1:e6:be:
                    99:be:97:c6:43:4a:cc:5d:64:71:c2:bb:8c:a5:80:
                    b2:a1:73:ef:9d:68:c2:98:e4:0a:83:4e:81:61:3c:
                    bb:9a:83:2f:f0:86:e6:9e:fd:6f:d5:3e:2c:cb:01:
                    37:46:9f:17:dc:58:01:06:7b:ed:fe:a5:04:b0:b0:
                    01:0b:04:5c:85:6c:76:bb:30:2a:b5:c1:93:fb:b0:
                    1c:e6:be:51:a0:af:63:e5:a7:c2:e8:f8:82:71:ac:
                    6f:40:39:0d:34:58:da:54:27:96:41:95:34:dd:a4:
                    46:78:90:e1:38:5b:a5:78:04:ed:20:1e:35:bd:15:
                    7b:ea:d5:1d:4c:5a:b9:3b:10:48:96:63:59:5f:f0:
                    37:62:7b:f3:9d:58:2a:5d:ce:f5:b9:42:50:3f:2f:
                    25:56:49:5a:a8:d7:18:1f:65:a8:48:0a:27:f0:9a:
                    cb:3e:de:ee:23:89:e9:32:42:6c:71:56:9e:07:26:
                    9c:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:FA:8A:25:C2:4E:BE:D1:6A:66:F7:7E:51:0B:C0:FE:D6:F6:08:63
            X509v3 Authority Key Identifier:
                keyid:67:C3:9D:38:F4:68:D9:C1:2D:8F:F5:0D:5B:9F:92:65:A1:E5:A8:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z8OdOPRo2cEtj_UNW5-SZaHlqNA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/5f5acc-3646-443d-9f7e-27e9beb3294b/1/wfqKJcJOvtFqZvd-UQvA_tb2CGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/5f5acc-3646-443d-9f7e-27e9beb3294b/1/Z8OdOPRo2cEtj_UNW5-SZaHlqNA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9d:b9:ff:ff:d6:4c:5b:7e:69:70:ed:db:4c:93:08:47:da:c0:
         b8:6b:cf:fc:e0:5d:2e:7b:d9:34:ae:2d:dd:d5:b3:3f:04:5b:
         8c:00:a1:60:10:17:e7:99:52:e7:2e:7b:a9:3f:36:a5:82:17:
         68:b8:e8:97:c9:e3:48:07:c5:e7:a3:cd:8a:89:b8:ad:19:da:
         8f:1f:de:c7:2e:9f:d5:65:1f:b4:c2:cc:fc:e4:34:a7:6e:f9:
         20:c3:5e:1d:cc:79:5a:f2:02:3f:07:12:48:dc:ec:d9:26:5a:
         d7:6c:75:30:dc:11:e9:c5:38:08:5d:9d:94:90:ee:68:f0:5a:
         d2:56:8d:fb:ce:35:e7:02:e0:7d:78:b4:fa:c1:d7:47:41:45:
         73:bf:69:9f:23:48:f4:20:99:c6:2b:0b:01:98:b7:1b:c2:45:
         21:4f:69:2e:61:a1:27:03:7f:80:29:02:27:94:30:99:f3:93:
         27:c4:73:cf:b1:b2:ce:07:6c:fd:2a:71:5e:53:d0:f7:72:24:
         93:95:58:41:03:c7:15:28:8f:98:51:23:df:0e:58:85:4e:a5:
         74:17:da:f2:f9:8f:0f:27:ec:89:3e:06:1c:7b:69:57:b1:fb:
         b0:34:01:54:20:73:9d:67:b6:20:a3:d9:95:14:2e:f8:83:c1:
         8e:16:82:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7339eSe/ClF+Ip+QegxiDzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YzM5ZDM4ZjQ2OGQ5YzEyZDhmZjUwZDViOWY5MjY1YTFl
NWE4ZDAwHhcNMjQwNDE5MTk0MDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWZhOGEyNWMyNGViZWQxNmE2NmY3N2U1MTBiYzBmZWQ2ZjYwODYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0BNalCK566ZX8EJFG84CkxxbpSKB
WwKK0iXoInyL1lJZRvuh43nIeFNySaqACKucv8H7MFQQhv8J8XELnhHSvB4IS53q
vfTB5r6ZvpfGQ0rMXWRxwruMpYCyoXPvnWjCmOQKg06BYTy7moMv8Ibmnv1v1T4s
ywE3Rp8X3FgBBnvt/qUEsLABCwRchWx2uzAqtcGT+7Ac5r5RoK9j5afC6PiCcaxv
QDkNNFjaVCeWQZU03aRGeJDhOFuleATtIB41vRV76tUdTFq5OxBIlmNZX/A3Ynvz
nVgqXc71uUJQPy8lVklaqNcYH2WoSAon8JrLPt7uI4npMkJscVaeByac9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMH6iiXCTr7Ramb3flELwP7W9ghjMB8GA1UdIwQY
MBaAFGfDnTj0aNnBLY/1DVufkmWh5ajQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjhPZE9QUm8yY0V0al9VTlc1LVNaYUhscU5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81ZjVhY2MtMzY0Ni00NDNkLTlmN2Ut
MjdlOWJlYjMyOTRiLzEvd2ZxS0pjSk92dEZxWnZkLVVRdkFfdGIyQ0dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81ZjVhY2MtMzY0Ni00NDNkLTlmN2UtMjdlOWJlYjMyOTRi
LzEvWjhPZE9QUm8yY0V0al9VTlc1LVNaYUhscU5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8+yMA0G
CSqGSIb3DQEBCwUAA4IBAQCduf//1kxbfmlw7dtMkwhH2sC4a8/84F0ue9k0ri3d
1bM/BFuMAKFgEBfnmVLnLnupPzalghdouOiXyeNIB8Xno82KibitGdqPH97HLp/V
ZR+0wsz85DSnbvkgw14dzHla8gI/BxJI3OzZJlrXbHUw3BHpxTgIXZ2UkO5o8FrS
Vo37zjXnAuB9eLT6wddHQUVzv2mfI0j0IJnGKwsBmLcbwkUhT2kuYaEnA3+AKQIn
lDCZ85MnxHPPsbLOB2z9KnFeU9D3ciSTlVhBA8cVKI+YUSPfDliFTqV0F9ry+Y8P
J+yJPgYce2lXsfuwNAFUIHOdZ7Ygo9mVFC74g8GOFoLP
-----END CERTIFICATE-----