Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/6c3d9f-8a4f-4a6c-8579-e92ece4d3cb3/1/Hyf2QSODUhF5brvT5vUSCmjGSR8.roa
File:                     Hyf2QSODUhF5brvT5vUSCmjGSR8.roa (raw, json)
Hash identifier:          Xhg6QxPijm2cZXAYOs5tnvTJhy/Kx5NSIe2wlWks8QY=
Subject key identifier:   1F:27:F6:41:23:83:52:11:79:6E:BB:D3:E6:F5:12:0A:68:C6:49:1F
Certificate issuer:       /CN=21a00080cd2cb1bb073903b32b25ad660a366486
Certificate serial:       018D188E3E385041D309AB7C5C2339D8B19F
Authority key identifier: 21:A0:00:80:CD:2C:B1:BB:07:39:03:B3:2B:25:AD:66:0A:36:64:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IaAAgM0ssbsHOQOzKyWtZgo2ZIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/6c3d9f-8a4f-4a6c-8579-e92ece4d3cb3/1/Hyf2QSODUhF5brvT5vUSCmjGSR8.roa
Signing time:             Wed 17 Jan 2024 17:53:11 +0000
ROA not before:           Wed 17 Jan 2024 17:53:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51167
IP address blocks:        91.239.43.0/24 maxlen: 24
                          195.191.65.0/24 maxlen: 24
                          213.109.76.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/6c3d9f-8a4f-4a6c-8579-e92ece4d3cb3/1/IaAAgM0ssbsHOQOzKyWtZgo2ZIY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/6c3d9f-8a4f-4a6c-8579-e92ece4d3cb3/1/IaAAgM0ssbsHOQOzKyWtZgo2ZIY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IaAAgM0ssbsHOQOzKyWtZgo2ZIY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:18:8e:3e:38:50:41:d3:09:ab:7c:5c:23:39:d8:b1:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21a00080cd2cb1bb073903b32b25ad660a366486
        Validity
            Not Before: Jan 17 17:53:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f27f64123835211796ebbd3e6f5120a68c6491f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:fd:84:a7:29:8e:4a:86:70:c6:43:90:8f:7b:
                    b8:3d:dc:f8:cb:fa:fc:99:5b:00:c8:13:b1:1f:f9:
                    38:15:bd:ec:e7:98:d5:ea:ef:d4:4c:76:ef:5d:e9:
                    37:4b:78:86:6b:0c:da:85:c4:e3:8f:70:45:4b:fc:
                    a9:be:cd:d2:17:b2:be:76:c0:3c:0b:62:87:dc:79:
                    74:8c:6f:39:6c:41:1b:4a:9e:da:58:cf:40:b0:4a:
                    44:3d:c9:2f:c7:1a:81:25:a3:17:ee:b0:0b:c6:e2:
                    18:c9:05:81:33:e9:7f:7e:41:15:fd:dc:16:1a:b0:
                    4f:eb:8b:8d:8d:8e:43:7f:e1:fd:50:4b:f1:61:4e:
                    09:b0:43:0d:cd:62:ae:24:88:ae:d3:05:23:e1:43:
                    4b:5a:04:57:f4:0a:5e:3c:62:a3:b5:c1:6a:2d:12:
                    ef:4a:07:34:9a:43:7b:6e:cd:df:a1:5a:7d:bf:f0:
                    ee:17:2a:9f:d1:85:09:da:f6:24:71:6d:7f:ba:5f:
                    58:8e:83:c8:95:e2:82:36:2e:90:7b:e9:94:b6:d2:
                    c7:7e:8d:25:ee:97:b7:df:dd:7f:eb:a5:31:f4:f3:
                    88:7c:b5:66:c6:6b:f2:e7:c6:90:27:24:5f:80:96:
                    f0:16:9e:41:ce:84:34:38:67:d2:50:26:ed:29:28:
                    01:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:27:F6:41:23:83:52:11:79:6E:BB:D3:E6:F5:12:0A:68:C6:49:1F
            X509v3 Authority Key Identifier:
                keyid:21:A0:00:80:CD:2C:B1:BB:07:39:03:B3:2B:25:AD:66:0A:36:64:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IaAAgM0ssbsHOQOzKyWtZgo2ZIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/6c3d9f-8a4f-4a6c-8579-e92ece4d3cb3/1/Hyf2QSODUhF5brvT5vUSCmjGSR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/6c3d9f-8a4f-4a6c-8579-e92ece4d3cb3/1/IaAAgM0ssbsHOQOzKyWtZgo2ZIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.43.0/24
                  195.191.65.0/24
                  213.109.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7a:e8:92:ae:a4:df:68:4e:80:61:bd:0b:53:4c:9f:c8:55:9e:
         58:a4:97:5b:88:5d:85:35:f6:62:fb:6f:14:29:91:cb:62:66:
         0d:df:00:37:74:13:df:52:22:67:7f:b0:c1:89:0a:76:a6:14:
         48:04:d0:f0:2d:7d:31:2f:dd:6a:91:33:2a:88:45:4a:5a:76:
         cb:a3:45:a0:84:6e:3a:7a:7f:b8:67:13:1d:4d:3b:ee:74:2e:
         1c:bd:e3:aa:42:d1:a4:f0:d0:ca:47:c4:50:9c:71:25:66:83:
         bb:d8:21:0f:5c:b6:cd:9d:3c:7c:57:ce:e7:03:a4:84:38:24:
         a6:d2:d3:f6:18:dd:25:b0:7c:a5:95:8c:91:6c:8d:d3:ba:a2:
         32:75:b9:22:bb:01:2e:6b:03:b0:3f:65:56:a1:c8:bb:e2:e9:
         55:44:bc:8f:cf:33:01:3b:36:ae:bd:ae:03:a5:66:c9:2e:f3:
         d8:26:f7:c4:ff:f9:75:3a:b6:ae:a0:85:4f:8b:b0:c3:06:7b:
         bc:51:fc:76:d2:40:fd:df:0f:6d:e3:f6:9c:dc:51:6e:d9:3e:
         37:5d:9f:f7:93:2a:c6:80:84:f3:bd:54:f4:85:83:f5:df:65:
         ec:11:75:0a:5e:7e:20:2a:b5:83:cf:e9:16:44:99:95:a5:3e:
         cb:db:9e:99
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY0Yjj44UEHTCat8XCM52LGfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYTAwMDgwY2QyY2IxYmIwNzM5MDNiMzJiMjVhZDY2MGEz
NjY0ODYwHhcNMjQwMTE3MTc1MzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjI3ZjY0MTIzODM1MjExNzk2ZWJiZDNlNmY1MTIwYTY4YzY0OTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/2EpymOSoZwxkOQj3u4Pdz4y/r8
mVsAyBOxH/k4Fb3s55jV6u/UTHbvXek3S3iGawzahcTjj3BFS/ypvs3SF7K+dsA8
C2KH3Hl0jG85bEEbSp7aWM9AsEpEPckvxxqBJaMX7rALxuIYyQWBM+l/fkEV/dwW
GrBP64uNjY5Df+H9UEvxYU4JsEMNzWKuJIiu0wUj4UNLWgRX9ApePGKjtcFqLRLv
Sgc0mkN7bs3foVp9v/DuFyqf0YUJ2vYkcW1/ul9YjoPIleKCNi6Qe+mUttLHfo0l
7pe3391/66Ux9POIfLVmxmvy58aQJyRfgJbwFp5BzoQ0OGfSUCbtKSgBgQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFB8n9kEjg1IReW670+b1EgpoxkkfMB8GA1UdIwQY
MBaAFCGgAIDNLLG7BzkDsyslrWYKNmSGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWFBQWdNMHNzYnNIT1FPekt5V3RaZ28yWklZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy82YzNkOWYtOGE0Zi00YTZjLTg1Nzkt
ZTkyZWNlNGQzY2IzLzEvSHlmMlFTT0RVaEY1YnJ2VDV2VVNDbWpHU1I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy82YzNkOWYtOGE0Zi00YTZjLTg1NzktZTkyZWNlNGQzY2Iz
LzEvSWFBQWdNMHNzYnNIT1FPekt5V3RaZ28yWklZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW+8rAwQA
w79BAwQB1W1MMA0GCSqGSIb3DQEBCwUAA4IBAQB66JKupN9oToBhvQtTTJ/IVZ5Y
pJdbiF2FNfZi+28UKZHLYmYN3wA3dBPfUiJnf7DBiQp2phRIBNDwLX0xL91qkTMq
iEVKWnbLo0WghG46en+4ZxMdTTvudC4cveOqQtGk8NDKR8RQnHElZoO72CEPXLbN
nTx8V87nA6SEOCSm0tP2GN0lsHyllYyRbI3TuqIydbkiuwEuawOwP2VWoci74ulV
RLyPzzMBOzauva4DpWbJLvPYJvfE//l1OrauoIVPi7DDBnu8Ufx20kD93w9t4/ac
3FFu2T43XZ/3kyrGgITzvVT0hYP132XsEXUKXn4gKrWDz+kWRJmVpT7L256Z
-----END CERTIFICATE-----