Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/2b9d89-ed82-4401-81d9-67d1b2a61bb0/1/oPggvEBSpYSy6vtYrGxOms7XiCs.roa
File:                     oPggvEBSpYSy6vtYrGxOms7XiCs.roa (raw, json)
Hash identifier:          bnk+N3KxAYyA9ArIx7/xCplRBRTHihapZXeMkME8f6E=
Subject key identifier:   A0:F8:20:BC:40:52:A5:84:B2:EA:FB:58:AC:6C:4E:9A:CE:D7:88:2B
Certificate issuer:       /CN=7252c7d5ed8c5a2bc2ad03065d41c3e4b3ac1575
Certificate serial:       018CC26D250E7588D8AE1E1B924C99607D45
Authority key identifier: 72:52:C7:D5:ED:8C:5A:2B:C2:AD:03:06:5D:41:C3:E4:B3:AC:15:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/clLH1e2MWivCrQMGXUHD5LOsFXU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/2b9d89-ed82-4401-81d9-67d1b2a61bb0/1/oPggvEBSpYSy6vtYrGxOms7XiCs.roa
Signing time:             Mon 01 Jan 2024 00:29:41 +0000
ROA not before:           Mon 01 Jan 2024 00:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47919
IP address blocks:        91.208.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/2b9d89-ed82-4401-81d9-67d1b2a61bb0/1/clLH1e2MWivCrQMGXUHD5LOsFXU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/2b9d89-ed82-4401-81d9-67d1b2a61bb0/1/clLH1e2MWivCrQMGXUHD5LOsFXU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/clLH1e2MWivCrQMGXUHD5LOsFXU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:25:0e:75:88:d8:ae:1e:1b:92:4c:99:60:7d:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7252c7d5ed8c5a2bc2ad03065d41c3e4b3ac1575
        Validity
            Not Before: Jan  1 00:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a0f820bc4052a584b2eafb58ac6c4e9aced7882b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:eb:fa:ea:b9:6d:48:e2:24:63:d3:d4:92:fd:
                    14:6e:d2:36:bd:3e:57:df:c1:16:4c:8a:e7:3d:9c:
                    80:a3:ae:26:2a:e4:88:9c:ba:67:1b:c6:d0:8a:1b:
                    79:a1:b7:e8:6f:81:99:d7:de:29:e5:ad:34:49:fe:
                    2d:d2:09:03:f9:e9:ad:6a:23:fa:45:40:41:f1:f8:
                    82:a3:82:f0:24:21:19:e0:50:e2:5c:96:75:66:9a:
                    96:d3:a0:d5:b5:f9:61:d2:ec:16:ba:a1:3e:5e:d2:
                    bb:c4:15:c1:c4:92:9e:3e:76:72:b4:29:be:d8:2b:
                    8f:06:bc:ad:44:5a:a7:b4:73:97:57:5c:81:ad:9c:
                    96:e2:4e:ec:ed:b6:40:1e:e2:60:05:91:a6:57:e5:
                    7e:2f:06:29:f6:ad:16:5d:33:74:35:5f:fb:de:9c:
                    43:95:93:94:f3:ef:95:89:30:23:dc:16:2e:09:78:
                    9e:29:16:cc:47:02:65:f9:ac:c6:e7:06:14:7a:58:
                    b3:a0:fd:96:12:22:c7:07:d1:f4:bf:3d:99:35:72:
                    1e:0f:ff:f6:da:c5:9b:ad:62:44:7c:60:8d:8a:23:
                    b2:3f:f7:96:49:a7:92:fa:df:a9:b4:7a:62:e2:b9:
                    e2:14:1a:18:3d:ad:71:e7:ad:c2:7a:03:07:b5:e0:
                    a2:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:F8:20:BC:40:52:A5:84:B2:EA:FB:58:AC:6C:4E:9A:CE:D7:88:2B
            X509v3 Authority Key Identifier:
                keyid:72:52:C7:D5:ED:8C:5A:2B:C2:AD:03:06:5D:41:C3:E4:B3:AC:15:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/clLH1e2MWivCrQMGXUHD5LOsFXU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2b9d89-ed82-4401-81d9-67d1b2a61bb0/1/oPggvEBSpYSy6vtYrGxOms7XiCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2b9d89-ed82-4401-81d9-67d1b2a61bb0/1/clLH1e2MWivCrQMGXUHD5LOsFXU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:dc:df:4b:f6:49:cf:b1:f0:6d:7e:29:b9:2c:a1:aa:eb:7f:
         b2:34:40:a5:2a:81:9f:2f:df:d7:f4:68:ff:ca:5a:a2:fd:9f:
         17:73:59:b9:67:ff:c3:b8:46:bb:1a:0f:c0:6f:82:e8:ff:9d:
         e2:c5:8b:f9:a7:a8:41:98:2d:56:7e:75:61:0c:df:b2:a1:24:
         b7:28:72:06:cb:bb:e9:b8:8d:e9:cf:7a:86:22:9a:27:99:db:
         7e:8e:d4:af:a3:2a:1e:53:0a:99:60:87:71:ad:04:46:ec:d6:
         6b:c9:34:06:69:59:65:4b:81:46:bf:5f:68:fe:1a:b7:e5:88:
         59:f9:01:51:0f:44:ce:a7:f6:b6:1a:e3:73:c4:a9:07:c2:e8:
         14:87:5e:35:46:de:38:64:a1:68:38:94:2b:b8:32:23:99:89:
         3f:d8:bc:f5:eb:fe:aa:20:23:a5:3c:07:66:f7:c1:ed:9f:35:
         98:a8:06:93:bb:13:56:24:74:94:02:3f:20:a6:fa:52:8c:73:
         58:d0:bc:b3:31:0f:91:04:4f:66:54:a6:b7:5f:bb:e2:7b:21:
         74:d6:6c:36:b3:ab:d1:ad:b2:dd:fb:e5:d0:75:a7:4c:dc:81:
         d5:c0:70:6e:57:43:73:f4:0f:04:2b:72:eb:bb:0f:8c:90:f7:
         6b:d1:5a:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbSUOdYjYrh4bkkyZYH1FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNTJjN2Q1ZWQ4YzVhMmJjMmFkMDMwNjVkNDFjM2U0YjNh
YzE1NzUwHhcNMjQwMTAxMDAyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGY4MjBiYzQwNTJhNTg0YjJlYWZiNThhYzZjNGU5YWNlZDc4ODJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOv66rltSOIkY9PUkv0UbtI2vT5X
38EWTIrnPZyAo64mKuSInLpnG8bQiht5obfob4GZ194p5a00Sf4t0gkD+emtaiP6
RUBB8fiCo4LwJCEZ4FDiXJZ1ZpqW06DVtflh0uwWuqE+XtK7xBXBxJKePnZytCm+
2CuPBrytRFqntHOXV1yBrZyW4k7s7bZAHuJgBZGmV+V+LwYp9q0WXTN0NV/73pxD
lZOU8++ViTAj3BYuCXieKRbMRwJl+azG5wYUelizoP2WEiLHB9H0vz2ZNXIeD//2
2sWbrWJEfGCNiiOyP/eWSaeS+t+ptHpi4rniFBoYPa1x563CegMHteCiZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKD4ILxAUqWEsur7WKxsTprO14grMB8GA1UdIwQY
MBaAFHJSx9XtjForwq0DBl1Bw+SzrBV1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2xMSDFlMk1XaXZDclFNR1hVSEQ1TE9zRlhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8yYjlkODktZWQ4Mi00NDAxLTgxZDkt
NjdkMWIyYTYxYmIwLzEvb1BnZ3ZFQlNwWVN5NnZ0WXJHeE9tczdYaUNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8yYjlkODktZWQ4Mi00NDAxLTgxZDktNjdkMWIyYTYxYmIw
LzEvY2xMSDFlMk1XaXZDclFNR1hVSEQ1TE9zRlhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9DGMA0G
CSqGSIb3DQEBCwUAA4IBAQBq3N9L9knPsfBtfim5LKGq63+yNEClKoGfL9/X9Gj/
ylqi/Z8Xc1m5Z//DuEa7Gg/Ab4Lo/53ixYv5p6hBmC1WfnVhDN+yoSS3KHIGy7vp
uI3pz3qGIponmdt+jtSvoyoeUwqZYIdxrQRG7NZryTQGaVllS4FGv19o/hq35YhZ
+QFRD0TOp/a2GuNzxKkHwugUh141Rt44ZKFoOJQruDIjmYk/2Lz16/6qICOlPAdm
98HtnzWYqAaTuxNWJHSUAj8gpvpSjHNY0LyzMQ+RBE9mVKa3X7vieyF01mw2s6vR
rbLd++XQdadM3IHVwHBuV0Nz9A8EK3Lruw+MkPdr0Vpw
-----END CERTIFICATE-----