Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/5b55b7-44b6-4f64-9b5a-9e0a5a2f61b8/1/gaphe0g9TRAmDjBGsKo3O-0fmvI.roa
File:                     gaphe0g9TRAmDjBGsKo3O-0fmvI.roa (raw, json)
Hash identifier:          k2038kpc9mVCA6v+MAKuM2AqrFaWJ990DWpmtGfdV2Q=
Subject key identifier:   81:AA:61:7B:48:3D:4D:10:26:0E:30:46:B0:AA:37:3B:ED:1F:9A:F2
Certificate issuer:       /CN=0df10c8a580543f92d19fd5f8f564beeaa48ca1e
Certificate serial:       0190028DEFAB5CFAD7F25BF449A8FC289605
Authority key identifier: 0D:F1:0C:8A:58:05:43:F9:2D:19:FD:5F:8F:56:4B:EE:AA:48:CA:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DfEMilgFQ_ktGf1fj1ZL7qpIyh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/5b55b7-44b6-4f64-9b5a-9e0a5a2f61b8/1/gaphe0g9TRAmDjBGsKo3O-0fmvI.roa
Signing time:             Mon 10 Jun 2024 14:29:34 +0000
ROA not before:           Mon 10 Jun 2024 14:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208788
IP address blocks:        91.210.212.0/22 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/5b55b7-44b6-4f64-9b5a-9e0a5a2f61b8/1/DfEMilgFQ_ktGf1fj1ZL7qpIyh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/5b55b7-44b6-4f64-9b5a-9e0a5a2f61b8/1/DfEMilgFQ_ktGf1fj1ZL7qpIyh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DfEMilgFQ_ktGf1fj1ZL7qpIyh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:02:8d:ef:ab:5c:fa:d7:f2:5b:f4:49:a8:fc:28:96:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0df10c8a580543f92d19fd5f8f564beeaa48ca1e
        Validity
            Not Before: Jun 10 14:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81aa617b483d4d10260e3046b0aa373bed1f9af2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:89:67:8a:49:5a:e4:ed:74:49:08:b2:77:84:
                    c7:1c:ed:12:0f:4d:b6:a9:a7:8f:ae:62:4b:c4:f5:
                    63:44:88:0e:81:dd:7a:b1:20:47:71:62:14:9a:35:
                    8e:f3:da:6e:d8:1d:9d:af:62:c0:0b:dc:e3:6b:29:
                    67:d2:f0:37:bb:de:c3:95:cb:5c:78:b6:25:7c:70:
                    97:9f:e5:4d:a5:ae:37:ff:95:43:21:0f:8a:e7:ae:
                    93:41:25:2f:84:16:13:fa:ec:d1:53:2c:c6:45:5c:
                    b2:62:fd:d9:45:bf:b0:9d:a5:73:76:ec:39:a6:00:
                    2a:fb:7e:2d:f6:b2:31:4a:e7:8d:e2:3e:a2:d5:e2:
                    bf:c2:6d:37:08:53:9b:6b:69:50:61:5f:69:ab:6f:
                    28:ca:94:31:d8:57:4f:88:ed:f8:ee:5f:56:b9:2c:
                    d1:c8:06:26:11:79:21:02:e0:6b:b2:29:65:df:89:
                    7f:25:df:98:ef:92:ba:7a:3e:6d:65:8a:73:34:ad:
                    47:52:83:75:22:8a:3d:a2:e7:c2:30:96:fd:90:f8:
                    ff:d9:f3:ab:dc:1b:28:83:6c:17:94:d6:96:14:22:
                    6b:bf:71:eb:7c:80:0d:37:ae:9a:28:c5:1a:f6:36:
                    eb:8d:f2:5b:56:28:02:46:db:74:3c:d5:63:55:dd:
                    4d:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:AA:61:7B:48:3D:4D:10:26:0E:30:46:B0:AA:37:3B:ED:1F:9A:F2
            X509v3 Authority Key Identifier:
                keyid:0D:F1:0C:8A:58:05:43:F9:2D:19:FD:5F:8F:56:4B:EE:AA:48:CA:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DfEMilgFQ_ktGf1fj1ZL7qpIyh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/5b55b7-44b6-4f64-9b5a-9e0a5a2f61b8/1/gaphe0g9TRAmDjBGsKo3O-0fmvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/5b55b7-44b6-4f64-9b5a-9e0a5a2f61b8/1/DfEMilgFQ_ktGf1fj1ZL7qpIyh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:70:60:2f:1d:e4:5d:d4:33:93:0f:c3:dd:32:e1:11:f7:1b:
         e0:07:2d:0f:d8:ff:24:5c:e9:bd:cc:31:a6:d1:d0:f9:1e:6a:
         e1:46:19:d1:75:1e:ac:bb:42:2a:a1:b7:46:89:ab:e1:c4:e9:
         b1:c5:6d:c1:ba:4c:96:4c:06:91:65:28:8f:40:78:5c:20:c3:
         8e:49:08:ff:86:2a:29:d4:a3:86:dc:e0:db:c5:bb:e6:02:1d:
         85:33:bb:85:1d:43:d2:fe:26:c8:45:5a:b6:68:4d:57:91:19:
         4c:04:ed:93:a1:37:ea:84:0b:d6:72:73:22:ed:d6:c2:77:3f:
         c9:78:5b:d9:89:73:d0:59:2f:63:bb:45:d6:0c:08:75:b4:44:
         78:25:40:43:b2:e3:fa:83:ee:db:cb:d9:28:bf:a4:9f:79:76:
         7c:2d:9a:27:33:4d:03:ec:cb:5a:60:27:50:de:1d:53:04:6e:
         01:5f:8e:fd:7f:5d:65:6a:bf:e7:40:34:50:e7:79:b3:cf:23:
         64:41:f9:72:fb:bc:47:ac:7f:86:43:04:ea:06:b6:fd:f2:a8:
         7a:a3:f5:b8:72:89:da:f4:9c:3f:5f:b5:53:04:fe:b5:d3:04:
         aa:17:db:42:b9:95:9f:fb:33:ed:16:27:be:4d:58:8f:7c:c1:
         09:1e:54:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZACje+rXPrX8lv0Saj8KJYFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkZjEwYzhhNTgwNTQzZjkyZDE5ZmQ1ZjhmNTY0YmVlYWE0
OGNhMWUwHhcNMjQwNjEwMTQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWFhNjE3YjQ4M2Q0ZDEwMjYwZTMwNDZiMGFhMzczYmVkMWY5YWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzIlnikla5O10SQiyd4THHO0SD022
qaePrmJLxPVjRIgOgd16sSBHcWIUmjWO89pu2B2dr2LAC9zjayln0vA3u97Dlctc
eLYlfHCXn+VNpa43/5VDIQ+K566TQSUvhBYT+uzRUyzGRVyyYv3ZRb+wnaVzduw5
pgAq+34t9rIxSueN4j6i1eK/wm03CFOba2lQYV9pq28oypQx2FdPiO347l9WuSzR
yAYmEXkhAuBrsill34l/Jd+Y75K6ej5tZYpzNK1HUoN1Ioo9oufCMJb9kPj/2fOr
3Bsog2wXlNaWFCJrv3HrfIANN66aKMUa9jbrjfJbVigCRtt0PNVjVd1NOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIGqYXtIPU0QJg4wRrCqNzvtH5ryMB8GA1UdIwQY
MBaAFA3xDIpYBUP5LRn9X49WS+6qSMoeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGZFTWlsZ0ZRX2t0R2YxZmoxWkw3cXBJeWg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS81YjU1YjctNDRiNi00ZjY0LTliNWEt
OWUwYTVhMmY2MWI4LzEvZ2FwaGUwZzlUUkFtRGpCR3NLbzNPLTBmbXZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS81YjU1YjctNDRiNi00ZjY0LTliNWEtOWUwYTVhMmY2MWI4
LzEvRGZFTWlsZ0ZRX2t0R2YxZmoxWkw3cXBJeWg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9LUMA0G
CSqGSIb3DQEBCwUAA4IBAQCTcGAvHeRd1DOTD8PdMuER9xvgBy0P2P8kXOm9zDGm
0dD5HmrhRhnRdR6su0IqobdGiavhxOmxxW3BukyWTAaRZSiPQHhcIMOOSQj/hiop
1KOG3ODbxbvmAh2FM7uFHUPS/ibIRVq2aE1XkRlMBO2ToTfqhAvWcnMi7dbCdz/J
eFvZiXPQWS9ju0XWDAh1tER4JUBDsuP6g+7by9kov6SfeXZ8LZonM00D7MtaYCdQ
3h1TBG4BX479f11lar/nQDRQ53mzzyNkQfly+7xHrH+GQwTqBrb98qh6o/W4cona
9Jw/X7VTBP610wSqF9tCuZWf+zPtFie+TViPfMEJHlRS
-----END CERTIFICATE-----