Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/100c81-56f5-4db6-a66a-b1043b635a1e/1/0gh8bAabW9O1VVGGlZkd3NPBbq4.roa
File:                     0gh8bAabW9O1VVGGlZkd3NPBbq4.roa (raw, json)
Hash identifier:          kzTZe+V+rjaIXF6QxgbYAJ7Ie3vSIYF+ifvPtd8gc7c=
Subject key identifier:   D2:08:7C:6C:06:9B:5B:D3:B5:55:51:86:95:99:1D:DC:D3:C1:6E:AE
Certificate issuer:       /CN=d462f9b1c0f6fa9ca531764e26d3aed211bfed81
Certificate serial:       018CC726E13C586EF0382AEC69942D54A580
Authority key identifier: D4:62:F9:B1:C0:F6:FA:9C:A5:31:76:4E:26:D3:AE:D2:11:BF:ED:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1GL5scD2-pylMXZOJtOu0hG_7YE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/100c81-56f5-4db6-a66a-b1043b635a1e/1/0gh8bAabW9O1VVGGlZkd3NPBbq4.roa
Signing time:             Mon 01 Jan 2024 22:31:03 +0000
ROA not before:           Mon 01 Jan 2024 22:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198882
IP address blocks:        91.240.35.0/24 maxlen: 24
                          2001:67c:29d0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/100c81-56f5-4db6-a66a-b1043b635a1e/1/1GL5scD2-pylMXZOJtOu0hG_7YE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/100c81-56f5-4db6-a66a-b1043b635a1e/1/1GL5scD2-pylMXZOJtOu0hG_7YE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1GL5scD2-pylMXZOJtOu0hG_7YE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 07:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:e1:3c:58:6e:f0:38:2a:ec:69:94:2d:54:a5:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d462f9b1c0f6fa9ca531764e26d3aed211bfed81
        Validity
            Not Before: Jan  1 22:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2087c6c069b5bd3b555518695991ddcd3c16eae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f1:b1:b0:6a:0d:db:ef:ca:2b:d9:c0:14:5d:
                    90:2b:22:2e:d2:80:72:6c:e1:ce:d8:4f:78:31:5e:
                    6c:e2:b0:94:b5:ef:6d:b9:1f:fe:a2:63:40:d8:6c:
                    17:23:e5:6d:05:87:b1:56:c2:34:43:02:21:23:8c:
                    5d:49:ee:03:7b:58:87:87:75:bb:9d:b0:47:5b:98:
                    90:ee:ca:db:28:b1:aa:92:a8:34:9b:03:77:73:02:
                    57:6d:5f:7b:09:48:00:12:8a:b2:3c:a1:a3:88:ff:
                    38:72:58:15:aa:32:5a:d0:3b:c9:e6:6d:53:cf:26:
                    65:20:d3:40:cb:07:1d:2d:4c:71:86:8a:49:61:44:
                    3a:65:71:f4:e7:dd:56:60:04:04:5d:55:73:98:ee:
                    96:47:db:f7:4e:23:86:82:0c:35:26:3a:e3:31:ac:
                    71:fb:cf:63:1b:bd:b3:bd:0a:10:4d:c7:22:f7:db:
                    95:72:ea:a1:d3:f1:8f:2d:a0:68:ca:7f:ed:7b:50:
                    80:10:89:33:f9:c2:98:10:ed:a2:a1:a1:9d:4e:56:
                    6d:2e:86:dc:c1:9c:b4:18:32:9d:80:a9:76:65:68:
                    84:24:5d:3e:dd:f4:ae:ec:39:2f:82:d9:9b:38:16:
                    ed:b1:4e:e8:02:3f:09:53:b0:3e:2f:b4:dc:7a:f4:
                    8b:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:08:7C:6C:06:9B:5B:D3:B5:55:51:86:95:99:1D:DC:D3:C1:6E:AE
            X509v3 Authority Key Identifier:
                keyid:D4:62:F9:B1:C0:F6:FA:9C:A5:31:76:4E:26:D3:AE:D2:11:BF:ED:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1GL5scD2-pylMXZOJtOu0hG_7YE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/100c81-56f5-4db6-a66a-b1043b635a1e/1/0gh8bAabW9O1VVGGlZkd3NPBbq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/100c81-56f5-4db6-a66a-b1043b635a1e/1/1GL5scD2-pylMXZOJtOu0hG_7YE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.35.0/24
                IPv6:
                  2001:67c:29d0::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:15:36:c4:a5:45:4d:c1:0c:0e:f6:a2:f7:fc:d3:4f:79:3f:
         8b:db:37:bf:7b:7a:95:6c:cb:82:73:61:e0:95:8a:fa:74:eb:
         dd:2f:f2:47:44:4d:08:85:b1:8f:f2:65:91:02:8a:9c:f5:8b:
         94:f1:3b:92:03:bf:67:d7:0c:ab:69:b0:6b:fc:d8:40:61:be:
         88:d4:3d:0e:03:8d:73:d6:be:7c:e4:64:b2:8e:31:60:86:b7:
         04:9e:57:36:63:36:8e:bd:84:5b:35:8a:80:60:15:82:ed:f9:
         89:6f:62:54:f3:e9:73:4d:1b:36:48:51:f9:41:3e:9a:fb:b8:
         b1:42:d7:13:99:68:cd:6e:52:cd:79:dc:e4:92:48:2c:6f:31:
         a0:7e:e1:09:15:df:16:3e:53:db:9b:af:68:de:68:cc:d4:60:
         df:90:df:67:f5:ed:30:dd:66:8a:63:f9:90:b5:00:03:e2:25:
         3a:7b:8d:11:ac:66:86:cb:7b:8e:0e:ce:37:4d:d3:c4:14:c4:
         e8:82:41:38:67:b8:6c:ea:54:2e:6a:e1:d7:f8:7f:bd:2e:51:
         b9:b8:a3:5b:02:5a:38:0e:ed:8d:ce:ae:d6:ed:b6:f2:a6:85:
         6b:02:2c:36:d4:90:be:7f:70:16:35:1a:77:a3:18:eb:8a:75:
         47:be:b9:a0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHJuE8WG7wOCrsaZQtVKWAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NjJmOWIxYzBmNmZhOWNhNTMxNzY0ZTI2ZDNhZWQyMTFi
ZmVkODEwHhcNMjQwMTAxMjIzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjA4N2M2YzA2OWI1YmQzYjU1NTUxODY5NTk5MWRkY2QzYzE2ZWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/GxsGoN2+/KK9nAFF2QKyIu0oBy
bOHO2E94MV5s4rCUte9tuR/+omNA2GwXI+VtBYexVsI0QwIhI4xdSe4De1iHh3W7
nbBHW5iQ7srbKLGqkqg0mwN3cwJXbV97CUgAEoqyPKGjiP84clgVqjJa0DvJ5m1T
zyZlINNAywcdLUxxhopJYUQ6ZXH0591WYAQEXVVzmO6WR9v3TiOGggw1JjrjMaxx
+89jG72zvQoQTcci99uVcuqh0/GPLaBoyn/te1CAEIkz+cKYEO2ioaGdTlZtLobc
wZy0GDKdgKl2ZWiEJF0+3fSu7DkvgtmbOBbtsU7oAj8JU7A+L7TcevSLrQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNIIfGwGm1vTtVVRhpWZHdzTwW6uMB8GA1UdIwQY
MBaAFNRi+bHA9vqcpTF2TibTrtIRv+2BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUdMNXNjRDItcHlsTVhaT0p0T3UwaEdfN1lFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8xMDBjODEtNTZmNS00ZGI2LWE2NmEt
YjEwNDNiNjM1YTFlLzEvMGdoOGJBYWJXOU8xVlZHR2xaa2QzTlBCYnE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8xMDBjODEtNTZmNS00ZGI2LWE2NmEtYjEwNDNiNjM1YTFl
LzEvMUdMNXNjRDItcHlsTVhaT0p0T3UwaEdfN1lFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW/AjMA8E
AgACMAkDBwAgAQZ8KdAwDQYJKoZIhvcNAQELBQADggEBAGAVNsSlRU3BDA72ovf8
0095P4vbN797epVsy4JzYeCVivp0690v8kdETQiFsY/yZZECipz1i5TxO5IDv2fX
DKtpsGv82EBhvojUPQ4DjXPWvnzkZLKOMWCGtwSeVzZjNo69hFs1ioBgFYLt+Ylv
YlTz6XNNGzZIUflBPpr7uLFC1xOZaM1uUs153OSSSCxvMaB+4QkV3xY+U9ubr2je
aMzUYN+Q32f17TDdZopj+ZC1AAPiJTp7jRGsZobLe44OzjdN08QUxOiCQThnuGzq
VC5q4df4f70uUbm4o1sCWjgO7Y3OrtbttvKmhWsCLDbUkL5/cBY1GnejGOuKdUe+
uaA=
-----END CERTIFICATE-----