Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/iTnSx5SCJVTKMBIWtFJv1a3VmRA.roa
File:                     iTnSx5SCJVTKMBIWtFJv1a3VmRA.roa (raw, json)
Hash identifier:          dEiPlf4ZT/cC35QPNnNVjCKo1ZZQ29hXDpkjhPfWe5A=
Subject key identifier:   89:39:D2:C7:94:82:25:54:CA:30:12:16:B4:52:6F:D5:AD:D5:99:10
Certificate issuer:       /CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Certificate serial:       018DEF25305040B1D1367DFDFAF9767C7E45
Authority key identifier: 0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/iTnSx5SCJVTKMBIWtFJv1a3VmRA.roa
Signing time:             Wed 28 Feb 2024 09:56:48 +0000
ROA not before:           Wed 28 Feb 2024 09:56:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197968
IP address blocks:        91.147.108.0/24 maxlen: 24
                          91.147.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 23:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ef:25:30:50:40:b1:d1:36:7d:fd:fa:f9:76:7c:7e:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
        Validity
            Not Before: Feb 28 09:56:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8939d2c794822554ca301216b4526fd5add59910
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b2:1c:2b:50:a0:08:87:44:95:56:19:02:a9:
                    a4:2e:2f:f4:6e:30:bf:db:bb:d1:9b:21:b1:ed:d9:
                    fd:4a:cb:a8:6d:74:b0:99:f0:6a:ed:71:4e:6a:69:
                    ae:09:ac:ff:4e:c6:30:38:a2:2a:7f:46:5f:41:a3:
                    dd:68:80:fd:4c:e6:bd:f5:a1:93:53:3b:6f:9e:2f:
                    d8:40:fb:96:93:a5:41:7e:cc:7a:35:4f:66:aa:56:
                    ff:30:d0:7f:52:92:56:29:2f:c1:78:8e:ec:21:12:
                    07:e5:bc:bf:b9:11:28:3b:c5:26:e2:34:1a:b4:d1:
                    e5:1a:5e:bf:90:30:49:b4:f4:dd:f3:21:0e:3d:a2:
                    6f:af:7c:d8:f8:d9:7c:77:1c:78:10:f6:96:52:ac:
                    37:36:c0:69:53:e4:48:d4:24:52:df:09:f1:da:c9:
                    16:a8:d1:9d:12:98:6b:5f:0d:56:fb:b6:db:db:10:
                    a5:b2:9d:d5:f4:df:ad:b1:6c:dc:86:05:8c:a9:e9:
                    d5:53:19:6d:57:61:3c:75:33:5c:fd:b5:57:a9:82:
                    df:21:34:1d:88:96:93:16:32:7e:c2:a2:ef:e5:e5:
                    e8:92:30:ef:92:0d:5d:e0:e8:b0:98:6a:1b:39:53:
                    e3:38:e6:57:61:44:ae:14:8e:3e:58:bc:8e:3f:3f:
                    96:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:39:D2:C7:94:82:25:54:CA:30:12:16:B4:52:6F:D5:AD:D5:99:10
            X509v3 Authority Key Identifier:
                keyid:0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/iTnSx5SCJVTKMBIWtFJv1a3VmRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.147.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a9:10:83:b6:5f:92:9a:d2:59:af:ee:a8:12:da:f8:c2:8c:df:
         2e:c7:2a:15:40:14:1d:4e:6e:48:ad:cb:9d:71:f4:a9:25:d7:
         b1:b4:bc:3f:33:ef:ff:34:9d:27:81:ec:42:dc:02:4b:74:07:
         0b:f4:7d:38:02:aa:d1:86:22:0a:ba:9a:fc:29:e7:e7:64:7b:
         7c:2d:fe:66:76:7c:82:87:32:16:ea:27:10:2c:5c:5c:27:19:
         3e:ca:55:db:94:be:41:e9:4e:53:03:92:76:33:95:b1:79:27:
         b7:d6:cb:42:76:53:56:6b:eb:42:46:6b:91:9f:5d:3f:78:ec:
         cb:c9:32:e7:60:c2:2b:c6:b7:dd:81:69:12:f4:c7:cd:0b:5f:
         5a:1a:ac:89:31:83:6c:39:45:85:fd:43:83:86:3e:a9:55:8f:
         17:30:10:48:a8:b2:b1:d0:74:46:70:ff:dd:45:32:3a:91:e0:
         4c:c1:2a:0e:75:98:41:21:c4:c1:e1:88:8d:97:66:ea:88:76:
         a1:3f:04:ec:a5:bb:b3:aa:b8:e3:46:f3:55:24:df:c7:e5:d6:
         46:8a:c2:b5:2a:41:dc:f0:9f:c3:86:69:de:27:77:6c:16:ed:
         93:ca:5b:20:a8:1f:82:51:74:42:99:98:6b:6d:f1:51:f0:ba:
         5c:b1:be:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3vJTBQQLHRNn39+vl2fH5FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNzMyNzgwNWRmMjBmYjVjMWQ2ZjRlODkwNzQ3NDNjYWVi
MjRhZjcwHhcNMjQwMjI4MDk1NjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTM5ZDJjNzk0ODIyNTU0Y2EzMDEyMTZiNDUyNmZkNWFkZDU5OTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLIcK1CgCIdElVYZAqmkLi/0bjC/
27vRmyGx7dn9SsuobXSwmfBq7XFOammuCaz/TsYwOKIqf0ZfQaPdaID9TOa99aGT
Uztvni/YQPuWk6VBfsx6NU9mqlb/MNB/UpJWKS/BeI7sIRIH5by/uREoO8Um4jQa
tNHlGl6/kDBJtPTd8yEOPaJvr3zY+Nl8dxx4EPaWUqw3NsBpU+RI1CRS3wnx2skW
qNGdEphrXw1W+7bb2xClsp3V9N+tsWzchgWMqenVUxltV2E8dTNc/bVXqYLfITQd
iJaTFjJ+wqLv5eXokjDvkg1d4OiwmGobOVPjOOZXYUSuFI4+WLyOPz+WjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIk50seUgiVUyjASFrRSb9Wt1ZkQMB8GA1UdIwQY
MBaAFApzJ4Bd8g+1wdb06JB0dDyuskr3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEt
MTBiYjQ1NzlkNTI4LzEvaVRuU3g1U0NKVlRLTUJJV3RGSnYxYTNWbVJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEtMTBiYjQ1NzlkNTI4
LzEvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW5NsMA0G
CSqGSIb3DQEBCwUAA4IBAQCpEIO2X5Ka0lmv7qgS2vjCjN8uxyoVQBQdTm5Ircud
cfSpJdextLw/M+//NJ0ngexC3AJLdAcL9H04AqrRhiIKupr8KefnZHt8Lf5mdnyC
hzIW6icQLFxcJxk+ylXblL5B6U5TA5J2M5WxeSe31stCdlNWa+tCRmuRn10/eOzL
yTLnYMIrxrfdgWkS9MfNC19aGqyJMYNsOUWF/UODhj6pVY8XMBBIqLKx0HRGcP/d
RTI6keBMwSoOdZhBIcTB4YiNl2bqiHahPwTspbuzqrjjRvNVJN/H5dZGisK1KkHc
8J/DhmneJ3dsFu2TylsgqB+CUXRCmZhrbfFR8Lpcsb7Z
-----END CERTIFICATE-----