Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/411877-b51a-464a-ad9e-104b14f5b0f8/1/b0yTpEtLxPZvcX4biEkXe6Rlizc.roa
File:                     b0yTpEtLxPZvcX4biEkXe6Rlizc.roa (raw, json)
Hash identifier:          YxpIuprQNLRkmxd7DRVNLPxSoNe9LGeaGN55+4ClLFc=
Subject key identifier:   6F:4C:93:A4:4B:4B:C4:F6:6F:71:7E:1B:88:49:17:7B:A4:65:8B:37
Certificate issuer:       /CN=3d65564a8954d6ae952f8a1f7af6c1cfba78094a
Certificate serial:       018CC3B6EA96B608C1E665BF576C97D08D73
Authority key identifier: 3D:65:56:4A:89:54:D6:AE:95:2F:8A:1F:7A:F6:C1:CF:BA:78:09:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PWVWSolU1q6VL4ofevbBz7p4CUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/411877-b51a-464a-ad9e-104b14f5b0f8/1/b0yTpEtLxPZvcX4biEkXe6Rlizc.roa
Signing time:             Mon 01 Jan 2024 06:29:53 +0000
ROA not before:           Mon 01 Jan 2024 06:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49964
IP address blocks:        91.216.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/411877-b51a-464a-ad9e-104b14f5b0f8/1/PWVWSolU1q6VL4ofevbBz7p4CUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/411877-b51a-464a-ad9e-104b14f5b0f8/1/PWVWSolU1q6VL4ofevbBz7p4CUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PWVWSolU1q6VL4ofevbBz7p4CUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:ea:96:b6:08:c1:e6:65:bf:57:6c:97:d0:8d:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d65564a8954d6ae952f8a1f7af6c1cfba78094a
        Validity
            Not Before: Jan  1 06:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f4c93a44b4bc4f66f717e1b8849177ba4658b37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:2b:25:f7:93:f2:88:94:2a:69:6b:11:54:61:
                    5e:a4:da:5d:e3:25:c4:e4:bd:fc:89:92:12:cb:4a:
                    fc:3d:70:98:7d:6a:c1:8b:14:d8:64:39:ce:9f:7e:
                    db:5f:04:f1:9e:46:b6:33:af:5d:7d:a1:94:7a:49:
                    9b:b1:ae:4b:ca:47:82:fa:97:cb:ef:d1:41:8d:34:
                    bd:c6:23:c0:1a:68:5b:a6:cf:93:ed:f2:59:fd:cc:
                    d7:0a:0a:c4:b9:da:ca:63:61:61:9b:33:9b:11:6e:
                    4e:ae:cb:db:42:9e:a5:7b:de:03:69:db:a9:7e:90:
                    40:1d:70:75:5c:a9:95:d5:0c:58:c4:27:aa:c9:ef:
                    8e:ce:f3:e4:e4:ab:d6:d3:c6:3e:b9:5a:f0:e3:06:
                    60:8d:62:28:9c:3f:8c:65:e9:93:93:dd:0e:4a:b5:
                    c0:e6:09:36:ee:b0:d6:78:cb:63:2b:ac:74:d3:d3:
                    57:2a:c2:51:83:1c:89:f6:25:26:e7:18:f4:70:ce:
                    8d:9b:9e:ae:37:71:28:6c:b2:dd:58:3e:8b:f3:f1:
                    5e:c0:12:19:a6:ea:2c:b4:97:11:4e:17:46:03:df:
                    fd:1f:68:a8:2d:2c:66:1a:7c:10:4a:2e:66:e9:1c:
                    2c:1b:bd:7e:58:26:53:41:44:dd:8a:b7:de:e3:d0:
                    be:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:4C:93:A4:4B:4B:C4:F6:6F:71:7E:1B:88:49:17:7B:A4:65:8B:37
            X509v3 Authority Key Identifier:
                keyid:3D:65:56:4A:89:54:D6:AE:95:2F:8A:1F:7A:F6:C1:CF:BA:78:09:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PWVWSolU1q6VL4ofevbBz7p4CUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/411877-b51a-464a-ad9e-104b14f5b0f8/1/b0yTpEtLxPZvcX4biEkXe6Rlizc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/411877-b51a-464a-ad9e-104b14f5b0f8/1/PWVWSolU1q6VL4ofevbBz7p4CUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:6f:32:44:24:6d:26:dd:5f:08:f1:86:41:43:42:8b:08:88:
         fa:cb:33:d9:ba:72:1f:5b:fa:0b:08:68:82:30:3b:5b:67:c2:
         6d:26:d1:30:3f:63:cf:5e:43:c5:60:c9:c4:09:25:4f:a3:40:
         b0:98:ad:9b:3f:0b:19:5f:4c:58:3d:ff:a2:5d:c9:da:49:c1:
         d9:d0:ae:92:ec:66:7e:9a:ff:30:a9:ec:cc:ff:b2:27:89:cc:
         02:ee:9f:65:17:ac:c2:25:c1:e5:bc:6b:55:cf:f5:9b:f4:a2:
         59:5c:73:c3:52:60:66:f8:14:3a:02:dc:a4:f1:bc:0c:f5:55:
         88:49:1f:e9:f7:90:0b:60:15:9b:bc:fe:d8:c2:5f:97:d0:ed:
         ea:9f:0b:5f:b7:2d:09:ca:58:5e:91:e2:df:e1:65:f1:c5:36:
         2d:73:18:9f:08:13:7e:15:0e:11:1f:b9:7a:96:5e:08:01:8f:
         a8:54:b3:2a:53:d9:69:96:94:89:32:ae:15:36:13:71:04:63:
         da:1e:2a:e5:ef:b7:20:b4:e4:fd:6c:a6:6b:1f:43:4c:5b:de:
         bd:a4:bc:32:99:53:ce:f5:94:b2:9a:01:5b:2e:7c:f8:8d:72:
         22:78:dc:ed:10:1e:88:ad:86:5b:02:ea:c4:2e:64:1c:7c:97:
         6b:7e:aa:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtuqWtgjB5mW/V2yX0I1zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkNjU1NjRhODk1NGQ2YWU5NTJmOGExZjdhZjZjMWNmYmE3
ODA5NGEwHhcNMjQwMTAxMDYyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjRjOTNhNDRiNGJjNGY2NmY3MTdlMWI4ODQ5MTc3YmE0NjU4YjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwysl95PyiJQqaWsRVGFepNpd4yXE
5L38iZISy0r8PXCYfWrBixTYZDnOn37bXwTxnka2M69dfaGUekmbsa5LykeC+pfL
79FBjTS9xiPAGmhbps+T7fJZ/czXCgrEudrKY2FhmzObEW5OrsvbQp6le94Dadup
fpBAHXB1XKmV1QxYxCeqye+OzvPk5KvW08Y+uVrw4wZgjWIonD+MZemTk90OSrXA
5gk27rDWeMtjK6x009NXKsJRgxyJ9iUm5xj0cM6Nm56uN3EobLLdWD6L8/FewBIZ
puostJcRThdGA9/9H2ioLSxmGnwQSi5m6RwsG71+WCZTQUTdirfe49C+SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG9Mk6RLS8T2b3F+G4hJF3ukZYs3MB8GA1UdIwQY
MBaAFD1lVkqJVNaulS+KH3r2wc+6eAlKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFdWV1NvbFUxcTZWTDRvZmV2YkJ6N3A0Q1VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC80MTE4NzctYjUxYS00NjRhLWFkOWUt
MTA0YjE0ZjViMGY4LzEvYjB5VHBFdEx4UFp2Y1g0YmlFa1hlNlJsaXpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC80MTE4NzctYjUxYS00NjRhLWFkOWUtMTA0YjE0ZjViMGY4
LzEvUFdWV1NvbFUxcTZWTDRvZmV2YkJ6N3A0Q1VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9iRMA0G
CSqGSIb3DQEBCwUAA4IBAQBubzJEJG0m3V8I8YZBQ0KLCIj6yzPZunIfW/oLCGiC
MDtbZ8JtJtEwP2PPXkPFYMnECSVPo0CwmK2bPwsZX0xYPf+iXcnaScHZ0K6S7GZ+
mv8wqezM/7InicwC7p9lF6zCJcHlvGtVz/Wb9KJZXHPDUmBm+BQ6Atyk8bwM9VWI
SR/p95ALYBWbvP7Ywl+X0O3qnwtfty0JylhekeLf4WXxxTYtcxifCBN+FQ4RH7l6
ll4IAY+oVLMqU9lplpSJMq4VNhNxBGPaHirl77cgtOT9bKZrH0NMW969pLwymVPO
9ZSymgFbLnz4jXIieNztEB6IrYZbAurELmQcfJdrfqp/
-----END CERTIFICATE-----