Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/9b4b96-2bdd-4bf5-a022-ee7896e5cc95/1/_UuX_Ize67uv6hm3cpD7Znpn75Y.roa
File:                     _UuX_Ize67uv6hm3cpD7Znpn75Y.roa (raw, json)
Hash identifier:          GwLOvZW9hDd3C91XgY84JoWU1rTPfsE4qit5bHzxQbY=
Subject key identifier:   FD:4B:97:FC:8C:DE:EB:BB:AF:EA:19:B7:72:90:FB:66:7A:67:EF:96
Certificate issuer:       /CN=273a88c578166988506e13642adb12f631e0a3c2
Certificate serial:       018CC3493D2167335F92281D2AB8B3182EFA
Authority key identifier: 27:3A:88:C5:78:16:69:88:50:6E:13:64:2A:DB:12:F6:31:E0:A3:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JzqIxXgWaYhQbhNkKtsS9jHgo8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/9b4b96-2bdd-4bf5-a022-ee7896e5cc95/1/_UuX_Ize67uv6hm3cpD7Znpn75Y.roa
Signing time:             Mon 01 Jan 2024 04:30:06 +0000
ROA not before:           Mon 01 Jan 2024 04:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        91.234.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/9b4b96-2bdd-4bf5-a022-ee7896e5cc95/1/JzqIxXgWaYhQbhNkKtsS9jHgo8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/9b4b96-2bdd-4bf5-a022-ee7896e5cc95/1/JzqIxXgWaYhQbhNkKtsS9jHgo8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JzqIxXgWaYhQbhNkKtsS9jHgo8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:3d:21:67:33:5f:92:28:1d:2a:b8:b3:18:2e:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=273a88c578166988506e13642adb12f631e0a3c2
        Validity
            Not Before: Jan  1 04:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd4b97fc8cdeebbbafea19b77290fb667a67ef96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d5:b8:ed:00:ee:d9:05:84:4e:ea:e4:b5:be:
                    35:7e:f7:22:09:5c:bb:24:7f:80:4a:71:ab:71:61:
                    d4:5a:80:17:92:89:4b:38:c9:91:81:72:da:24:01:
                    f2:83:43:6d:16:ac:0d:61:fb:39:c9:37:49:d8:05:
                    23:47:d6:a0:f6:57:09:cf:39:5a:51:40:86:9a:d4:
                    f7:5e:bf:6d:74:4d:ef:0b:cb:8c:a9:3b:5b:00:c7:
                    8f:d1:59:e7:fd:10:02:ea:22:65:85:f6:d7:f0:96:
                    58:eb:d0:bf:27:8a:62:ff:ca:ab:32:ee:56:85:25:
                    af:1a:04:e7:1b:00:d9:e0:69:75:29:03:35:b6:aa:
                    3f:69:ca:38:b8:82:9f:2e:86:5a:5c:cd:2a:74:84:
                    74:83:24:84:6d:b3:76:00:e6:da:2e:cd:6e:86:15:
                    8c:75:57:87:64:5c:8a:c0:08:52:a1:99:b6:aa:16:
                    bb:40:cd:96:66:32:1a:9f:bc:97:99:ac:ae:a2:65:
                    1f:1b:94:d2:f8:5c:a7:54:76:e6:46:08:09:79:fa:
                    54:96:ce:e3:01:6c:98:89:f3:40:10:31:1e:3a:9c:
                    b5:f2:7e:34:a3:d1:86:f6:f3:ff:5a:7b:bd:d9:a3:
                    23:74:05:06:56:49:04:4e:fc:fe:0c:4e:67:26:e8:
                    59:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:4B:97:FC:8C:DE:EB:BB:AF:EA:19:B7:72:90:FB:66:7A:67:EF:96
            X509v3 Authority Key Identifier:
                keyid:27:3A:88:C5:78:16:69:88:50:6E:13:64:2A:DB:12:F6:31:E0:A3:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JzqIxXgWaYhQbhNkKtsS9jHgo8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/9b4b96-2bdd-4bf5-a022-ee7896e5cc95/1/_UuX_Ize67uv6hm3cpD7Znpn75Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/9b4b96-2bdd-4bf5-a022-ee7896e5cc95/1/JzqIxXgWaYhQbhNkKtsS9jHgo8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:fd:1c:7b:c5:c4:04:a9:f0:c7:bd:7a:75:a7:5a:08:c8:98:
         0e:47:42:8e:72:43:e5:f5:8c:b0:8b:0d:5d:4d:70:67:5b:cb:
         12:11:1a:67:57:ec:ac:be:81:ff:e1:63:f2:83:1a:21:96:68:
         e0:dc:e8:c1:49:aa:08:8c:66:6c:f6:a6:0f:09:05:2e:41:d9:
         42:46:09:04:9b:56:09:d8:4a:78:3f:66:2c:fe:4e:18:ce:3f:
         9f:f3:dc:2d:0b:f2:85:e5:e8:e7:02:5f:5c:53:90:57:ec:d5:
         cd:9f:f9:8f:db:3f:97:9b:3d:67:96:59:0e:a0:ee:4c:cb:4c:
         5a:94:81:2d:48:84:c8:f5:b0:b4:b5:e6:9b:09:99:e3:ce:57:
         92:21:f1:6c:96:1c:f1:5c:de:e9:c0:0e:b8:36:1c:d4:09:1f:
         7a:4d:27:15:5d:85:fd:7f:a3:f3:3d:f7:0d:06:1c:b6:15:d0:
         fc:e6:ce:ff:b3:a0:6a:19:17:ca:5d:f7:1b:e3:23:5e:6a:6f:
         29:c3:74:1d:62:13:18:8d:88:61:12:d0:4f:50:e7:b5:90:53:
         63:72:31:6d:0b:84:c7:89:5d:16:bd:4e:a5:f2:e8:5c:70:26:
         77:0e:9c:08:4f:df:1e:b1:3b:9f:c6:88:b7:d5:3f:ea:cb:fc:
         df:fa:36:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDST0hZzNfkigdKrizGC76MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3M2E4OGM1NzgxNjY5ODg1MDZlMTM2NDJhZGIxMmY2MzFl
MGEzYzIwHhcNMjQwMTAxMDQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDRiOTdmYzhjZGVlYmJiYWZlYTE5Yjc3MjkwZmI2NjdhNjdlZjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdW47QDu2QWETurktb41fvciCVy7
JH+ASnGrcWHUWoAXkolLOMmRgXLaJAHyg0NtFqwNYfs5yTdJ2AUjR9ag9lcJzzla
UUCGmtT3Xr9tdE3vC8uMqTtbAMeP0Vnn/RAC6iJlhfbX8JZY69C/J4pi/8qrMu5W
hSWvGgTnGwDZ4Gl1KQM1tqo/aco4uIKfLoZaXM0qdIR0gySEbbN2AObaLs1uhhWM
dVeHZFyKwAhSoZm2qha7QM2WZjIan7yXmayuomUfG5TS+FynVHbmRggJefpUls7j
AWyYifNAEDEeOpy18n40o9GG9vP/Wnu92aMjdAUGVkkETvz+DE5nJuhZJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP1Ll/yM3uu7r+oZt3KQ+2Z6Z++WMB8GA1UdIwQY
MBaAFCc6iMV4FmmIUG4TZCrbEvYx4KPCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnpxSXhYZ1dhWWhRYmhOa0t0c1M5akhnbzhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC85YjRiOTYtMmJkZC00YmY1LWEwMjIt
ZWU3ODk2ZTVjYzk1LzEvX1V1WF9JemU2N3V2NmhtM2NwRDdabnBuNzVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC85YjRiOTYtMmJkZC00YmY1LWEwMjItZWU3ODk2ZTVjYzk1
LzEvSnpxSXhYZ1dhWWhRYmhOa0t0c1M5akhnbzhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+rKMA0G
CSqGSIb3DQEBCwUAA4IBAQB1/Rx7xcQEqfDHvXp1p1oIyJgOR0KOckPl9Yywiw1d
TXBnW8sSERpnV+ysvoH/4WPygxohlmjg3OjBSaoIjGZs9qYPCQUuQdlCRgkEm1YJ
2Ep4P2Ys/k4Yzj+f89wtC/KF5ejnAl9cU5BX7NXNn/mP2z+Xmz1nllkOoO5My0xa
lIEtSITI9bC0teabCZnjzleSIfFslhzxXN7pwA64NhzUCR96TScVXYX9f6PzPfcN
Bhy2FdD85s7/s6BqGRfKXfcb4yNeam8pw3QdYhMYjYhhEtBPUOe1kFNjcjFtC4TH
iV0WvU6l8uhccCZ3DpwIT98esTufxoi31T/qy/zf+jbQ
-----END CERTIFICATE-----