Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/q97xMk03s3GGQMnGO_gjwFtJJ24.roa
File:                     q97xMk03s3GGQMnGO_gjwFtJJ24.roa (raw, json)
Hash identifier:          NaQGN3Kk0mompSg0hbcvFGqXuxZcO/7l01XoaaoC4sA=
Subject key identifier:   AB:DE:F1:32:4D:37:B3:71:86:40:C9:C6:3B:F8:23:C0:5B:49:27:6E
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018F0A69ADDEDA2042051B949E63624588D4
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/q97xMk03s3GGQMnGO_gjwFtJJ24.roa
Signing time:             Tue 23 Apr 2024 10:04:08 +0000
ROA not before:           Tue 23 Apr 2024 10:04:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     265627
IP address blocks:        91.109.162.0/24 maxlen: 24
                          217.76.242.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0a:69:ad:de:da:20:42:05:1b:94:9e:63:62:45:88:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Apr 23 10:04:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abdef1324d37b3718640c9c63bf823c05b49276e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:72:bd:a6:82:80:6f:99:4e:a2:ec:54:b1:dc:
                    98:ea:c1:b7:f9:ec:c3:16:36:6e:17:db:65:f6:6e:
                    de:a7:c5:db:83:39:8d:c3:14:a6:04:00:26:75:c2:
                    18:9c:4c:b3:31:b5:c1:0e:ba:41:19:a1:3f:76:04:
                    48:6b:0a:31:9f:66:b8:f6:ae:69:f0:66:b1:3a:04:
                    30:3c:61:ab:12:4a:dc:3d:9c:30:4c:a5:94:f2:5a:
                    7a:06:25:c8:e4:3f:9c:92:49:01:48:59:3e:79:fc:
                    d2:b8:bc:15:3d:2e:c5:2a:7f:e2:bf:b8:fd:23:b6:
                    c0:5e:2c:15:08:20:de:85:84:15:be:c2:02:11:cc:
                    90:1d:1f:dc:05:3e:e3:47:8f:7f:9b:4a:47:f4:6d:
                    df:d9:04:c2:24:d3:82:20:c3:fe:a8:93:d0:cc:9b:
                    9f:4c:66:a0:77:05:b4:7a:d8:12:0f:52:1b:61:c8:
                    df:ac:2c:db:38:04:4a:c8:2b:ce:85:ab:25:0b:0d:
                    f4:11:23:70:ff:d7:c3:ab:70:9c:f9:42:c1:17:e1:
                    8a:73:02:cd:01:a4:e6:52:27:9d:a2:fa:1d:4e:78:
                    6c:bd:5b:3b:b7:9d:2e:48:a7:65:ef:a8:a5:65:9c:
                    c8:42:e4:47:45:d0:ab:8a:d3:b2:80:31:76:68:7f:
                    5b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:DE:F1:32:4D:37:B3:71:86:40:C9:C6:3B:F8:23:C0:5B:49:27:6E
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/q97xMk03s3GGQMnGO_gjwFtJJ24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.109.162.0/24
                  217.76.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b3:ae:82:8e:26:e8:6c:e5:29:9e:6d:c5:bc:5b:19:fa:50:70:
         6d:3c:0e:5a:1d:f6:38:8c:11:ae:60:50:a4:38:17:f9:a9:1e:
         ed:f6:46:c2:60:8e:27:b7:15:e2:cf:12:c5:a8:ef:93:5f:be:
         95:3f:19:a2:70:60:a7:e2:12:da:99:02:f3:97:67:9b:3a:6f:
         dc:59:d6:cd:9b:45:7c:38:d6:b7:cf:06:fa:64:4d:28:0f:a0:
         fa:88:36:9e:ac:34:55:8e:12:20:15:f6:f9:d9:9f:d9:db:08:
         ea:76:86:57:f7:84:1b:7b:62:d3:c8:65:bc:e3:eb:d3:1b:c2:
         ec:24:85:2b:4d:f3:32:ea:35:4f:34:a8:57:08:c7:f0:dc:9e:
         bb:86:94:2c:a0:7b:5a:8a:75:51:18:77:c9:e7:14:8a:26:a5:
         0f:2f:b0:e5:ed:15:3c:3a:83:48:4e:14:0b:5d:53:88:c3:d2:
         c1:d4:2c:3d:fe:c2:31:10:e8:65:35:48:cb:6e:a9:b0:6c:ab:
         a5:bc:44:cd:74:22:81:19:5b:50:ab:c4:44:a3:45:3a:54:9f:
         f5:0f:5c:6a:d2:87:8a:5b:f4:d3:ec:b3:11:c5:1a:d0:4a:b9:
         73:81:9f:4a:83:a5:91:29:09:5e:89:25:51:50:dd:b3:ef:24:
         64:ff:8c:8c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8Kaa3e2iBCBRuUnmNiRYjUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwNDIzMTAwNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmRlZjEzMjRkMzdiMzcxODY0MGM5YzYzYmY4MjNjMDViNDkyNzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXK9poKAb5lOouxUsdyY6sG3+ezD
FjZuF9tl9m7ep8XbgzmNwxSmBAAmdcIYnEyzMbXBDrpBGaE/dgRIawoxn2a49q5p
8GaxOgQwPGGrEkrcPZwwTKWU8lp6BiXI5D+ckkkBSFk+efzSuLwVPS7FKn/iv7j9
I7bAXiwVCCDehYQVvsICEcyQHR/cBT7jR49/m0pH9G3f2QTCJNOCIMP+qJPQzJuf
TGagdwW0etgSD1IbYcjfrCzbOARKyCvOhaslCw30ESNw/9fDq3Cc+ULBF+GKcwLN
AaTmUiedovodTnhsvVs7t50uSKdl76ilZZzIQuRHRdCritOygDF2aH9b0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKve8TJNN7NxhkDJxjv4I8BbSSduMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvcTk3eE1rMDNzM0dHUU1uR09fZ2p3RnRKSjI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW22iAwQB
2UzyMA0GCSqGSIb3DQEBCwUAA4IBAQCzroKOJuhs5SmebcW8Wxn6UHBtPA5aHfY4
jBGuYFCkOBf5qR7t9kbCYI4ntxXizxLFqO+TX76VPxmicGCn4hLamQLzl2ebOm/c
WdbNm0V8ONa3zwb6ZE0oD6D6iDaerDRVjhIgFfb52Z/Z2wjqdoZX94Qbe2LTyGW8
4+vTG8LsJIUrTfMy6jVPNKhXCMfw3J67hpQsoHtainVRGHfJ5xSKJqUPL7Dl7RU8
OoNIThQLXVOIw9LB1Cw9/sIxEOhlNUjLbqmwbKulvETNdCKBGVtQq8REo0U6VJ/1
D1xq0oeKW/TT7LMRxRrQSrlzgZ9Kg6WRKQleiSVRUN2z7yRk/4yM
-----END CERTIFICATE-----