Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/kc4jJt_fobSHtmf7c-gupYQENqg.roa
File:                     kc4jJt_fobSHtmf7c-gupYQENqg.roa (raw, json)
Hash identifier:          YnF2h9vWgA4q808kGKhmcywhnlhNZ7n/piMB5zrYbho=
Subject key identifier:   91:CE:23:26:DF:DF:A1:B4:87:B6:67:FB:73:E8:2E:A5:84:04:36:A8
Certificate issuer:       /CN=c2919334ad2ad53616c34fece96ce29230f86349
Certificate serial:       018E76AB0C5F8ED5A58D26C78633920CED20
Authority key identifier: C2:91:93:34:AD:2A:D5:36:16:C3:4F:EC:E9:6C:E2:92:30:F8:63:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wpGTNK0q1TYWw0_s6WzikjD4Y0k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/kc4jJt_fobSHtmf7c-gupYQENqg.roa
Signing time:             Mon 25 Mar 2024 17:31:45 +0000
ROA not before:           Mon 25 Mar 2024 17:31:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15083
IP address blocks:        91.201.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/wpGTNK0q1TYWw0_s6WzikjD4Y0k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/wpGTNK0q1TYWw0_s6WzikjD4Y0k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wpGTNK0q1TYWw0_s6WzikjD4Y0k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:76:ab:0c:5f:8e:d5:a5:8d:26:c7:86:33:92:0c:ed:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2919334ad2ad53616c34fece96ce29230f86349
        Validity
            Not Before: Mar 25 17:31:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91ce2326dfdfa1b487b667fb73e82ea5840436a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:bc:03:d9:70:4f:77:07:72:89:e2:d6:58:53:
                    41:66:7f:fc:60:f7:b6:6a:f2:3f:ac:85:49:17:69:
                    fe:25:fd:11:22:f9:39:17:fe:36:7a:50:6b:05:59:
                    b5:7e:15:30:48:af:03:69:c0:cc:56:a2:6f:21:48:
                    db:95:e3:5d:e5:0c:73:ee:38:3b:3c:a9:7a:77:e0:
                    08:8b:97:06:17:d4:12:c1:83:57:a8:91:ec:17:ec:
                    92:13:27:71:35:f5:31:40:80:f3:5a:0d:25:eb:ca:
                    38:1e:0a:d2:33:74:57:b2:89:2f:e4:24:cf:be:3a:
                    a4:6b:95:0d:d2:c4:6b:e5:ba:9c:ad:63:6c:0c:1e:
                    73:fd:d2:c1:03:7f:a0:98:70:5a:f8:ba:66:66:e9:
                    ee:f5:ec:00:bc:5b:e7:1d:4f:c9:b0:a5:d8:87:21:
                    96:78:13:a8:93:ad:e1:7d:ed:d0:f0:c3:8e:17:49:
                    c9:f6:e5:cc:49:64:48:0a:f5:49:f6:f1:1a:35:0f:
                    c3:70:8a:f5:b9:42:30:01:47:26:33:c5:cc:ea:94:
                    80:93:c4:7a:1c:3c:9b:83:38:86:c7:d9:cd:86:a8:
                    47:c4:8d:d1:0d:15:79:ac:c7:b7:03:4c:1d:c4:17:
                    73:7d:b9:39:7f:f8:61:70:f8:5d:8e:de:fd:05:6d:
                    58:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:CE:23:26:DF:DF:A1:B4:87:B6:67:FB:73:E8:2E:A5:84:04:36:A8
            X509v3 Authority Key Identifier:
                keyid:C2:91:93:34:AD:2A:D5:36:16:C3:4F:EC:E9:6C:E2:92:30:F8:63:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wpGTNK0q1TYWw0_s6WzikjD4Y0k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/kc4jJt_fobSHtmf7c-gupYQENqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/wpGTNK0q1TYWw0_s6WzikjD4Y0k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:de:e1:7a:ba:ef:5d:e0:ca:ac:dd:dd:d4:a5:9c:be:65:43:
         3e:43:8d:46:90:19:13:7e:32:91:f9:a8:a3:de:8f:d1:e9:fa:
         a2:81:ed:27:45:bf:bf:7e:d3:4d:47:2b:22:2a:f5:ce:90:9b:
         f4:36:8f:7d:d7:cf:7f:c3:c3:41:18:53:00:4f:4a:2a:f4:6c:
         e4:05:48:31:e2:23:b6:f2:4e:1b:69:4b:f6:a4:d3:95:f9:65:
         dd:65:75:e6:a5:71:39:a6:de:1c:f8:fc:7c:b4:61:59:46:1a:
         d1:50:71:d2:7e:dd:9c:70:93:ac:b2:64:78:c1:32:64:15:93:
         4c:28:38:2e:49:97:88:1f:88:17:2c:eb:e6:b0:64:5a:ea:cc:
         33:c0:c4:f5:c6:7d:59:e4:74:69:ab:78:fe:cb:20:89:f0:f8:
         b8:51:a3:d7:ff:28:05:77:03:d6:77:d3:10:14:b9:4a:28:3a:
         84:62:8b:bf:4e:8b:0a:01:6d:11:ec:1b:98:2e:0d:cb:aa:42:
         07:0b:b1:e5:ef:d6:e5:11:01:ca:9f:e4:7f:47:b8:02:ca:de:
         1e:cc:bd:df:c0:d8:0e:58:72:41:05:0d:7c:69:0e:39:1d:36:
         47:06:90:01:92:b4:69:8c:c6:7c:40:bb:f9:79:ea:62:52:e0:
         19:5c:d1:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY52qwxfjtWljSbHhjOSDO0gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyOTE5MzM0YWQyYWQ1MzYxNmMzNGZlY2U5NmNlMjkyMzBm
ODYzNDkwHhcNMjQwMzI1MTczMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWNlMjMyNmRmZGZhMWI0ODdiNjY3ZmI3M2U4MmVhNTg0MDQzNmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7wD2XBPdwdyieLWWFNBZn/8YPe2
avI/rIVJF2n+Jf0RIvk5F/42elBrBVm1fhUwSK8DacDMVqJvIUjbleNd5Qxz7jg7
PKl6d+AIi5cGF9QSwYNXqJHsF+ySEydxNfUxQIDzWg0l68o4HgrSM3RXsokv5CTP
vjqka5UN0sRr5bqcrWNsDB5z/dLBA3+gmHBa+LpmZunu9ewAvFvnHU/JsKXYhyGW
eBOok63hfe3Q8MOOF0nJ9uXMSWRICvVJ9vEaNQ/DcIr1uUIwAUcmM8XM6pSAk8R6
HDybgziGx9nNhqhHxI3RDRV5rMe3A0wdxBdzfbk5f/hhcPhdjt79BW1YLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJHOIybf36G0h7Zn+3PoLqWEBDaoMB8GA1UdIwQY
MBaAFMKRkzStKtU2FsNP7Ols4pIw+GNJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3BHVE5LMHExVFlXdzBfczZXemlrakQ0WTBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi84OTRiZGMtMjhhNi00YzM2LWJhNDIt
MTY1MzE4OGQ4MTI2LzEva2M0akp0X2ZvYlNIdG1mN2MtZ3VwWVFFTnFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi84OTRiZGMtMjhhNi00YzM2LWJhNDItMTY1MzE4OGQ4MTI2
LzEvd3BHVE5LMHExVFlXdzBfczZXemlrakQ0WTBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8lXMA0G
CSqGSIb3DQEBCwUAA4IBAQAS3uF6uu9d4Mqs3d3UpZy+ZUM+Q41GkBkTfjKR+aij
3o/R6fqige0nRb+/ftNNRysiKvXOkJv0No99189/w8NBGFMAT0oq9GzkBUgx4iO2
8k4baUv2pNOV+WXdZXXmpXE5pt4c+Px8tGFZRhrRUHHSft2ccJOssmR4wTJkFZNM
KDguSZeIH4gXLOvmsGRa6swzwMT1xn1Z5HRpq3j+yyCJ8Pi4UaPX/ygFdwPWd9MQ
FLlKKDqEYou/TosKAW0R7BuYLg3LqkIHC7Hl79blEQHKn+R/R7gCyt4ezL3fwNgO
WHJBBQ18aQ45HTZHBpABkrRpjMZ8QLv5eepiUuAZXNEW
-----END CERTIFICATE-----