Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/f06e79-ed2b-43d5-b4c1-abdf906c5ade/1/rwt3BB4fwxAa4zydpIuxcs36FlA.roa
File:                     rwt3BB4fwxAa4zydpIuxcs36FlA.roa (raw, json)
Hash identifier:          D9VgfkkD1/wqVir9zjuk/VgBNliC5rLa52WPBIqt3/I=
Subject key identifier:   AF:0B:77:04:1E:1F:C3:10:1A:E3:3C:9D:A4:8B:B1:72:CD:FA:16:50
Certificate issuer:       /CN=a951e638a2cb95c68bbc54a2728605b27f570681
Certificate serial:       018CC8DD3ADE5106FB58FDF64E4F5C9AE9BD
Authority key identifier: A9:51:E6:38:A2:CB:95:C6:8B:BC:54:A2:72:86:05:B2:7F:57:06:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qVHmOKLLlcaLvFSicoYFsn9XBoE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/f06e79-ed2b-43d5-b4c1-abdf906c5ade/1/rwt3BB4fwxAa4zydpIuxcs36FlA.roa
Signing time:             Tue 02 Jan 2024 06:29:50 +0000
ROA not before:           Tue 02 Jan 2024 06:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51885
IP address blocks:        91.223.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/f06e79-ed2b-43d5-b4c1-abdf906c5ade/1/qVHmOKLLlcaLvFSicoYFsn9XBoE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/f06e79-ed2b-43d5-b4c1-abdf906c5ade/1/qVHmOKLLlcaLvFSicoYFsn9XBoE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qVHmOKLLlcaLvFSicoYFsn9XBoE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:3a:de:51:06:fb:58:fd:f6:4e:4f:5c:9a:e9:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a951e638a2cb95c68bbc54a2728605b27f570681
        Validity
            Not Before: Jan  2 06:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af0b77041e1fc3101ae33c9da48bb172cdfa1650
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:38:45:1e:3b:b7:87:4d:1e:8e:d3:1a:5d:28:
                    38:02:35:97:15:cf:91:0b:2b:72:f6:f7:bc:64:7f:
                    03:44:80:ff:36:fa:8f:88:5d:5c:dc:17:97:d0:64:
                    5a:65:3d:6e:a0:0b:2d:7a:2e:6b:11:f7:1d:06:0e:
                    7a:b9:70:83:bc:c0:07:fa:f0:22:c8:65:9c:79:ca:
                    e7:b8:d6:ee:c5:da:90:30:77:af:8f:59:bd:62:d6:
                    c9:8a:88:4f:54:5e:6e:9f:cc:3e:fd:2a:e8:4d:9a:
                    07:3c:d6:e7:5a:ee:56:a9:b1:b3:8a:47:80:22:6c:
                    4f:85:7f:1e:9c:4e:05:40:09:ef:6b:99:6c:9d:c3:
                    5f:0d:8b:d9:e0:a7:31:dc:17:f5:dd:5d:32:a4:90:
                    ad:d0:42:cc:cf:bd:0f:03:76:13:fe:18:b6:d0:0e:
                    b8:54:e1:7d:8b:e2:38:e8:68:ee:4e:38:81:5e:b0:
                    3a:9f:07:ad:31:9f:46:8a:11:7e:14:57:b3:df:aa:
                    f4:fd:4b:06:e0:d2:a5:ba:c6:8d:36:52:fa:39:45:
                    23:57:69:ce:79:5c:45:32:b2:c3:e8:94:55:40:ee:
                    df:b7:0d:9f:58:58:98:5e:aa:23:33:f5:a4:90:de:
                    f3:e7:de:9f:f7:a9:c6:76:aa:29:a1:d8:7e:fd:8f:
                    43:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:0B:77:04:1E:1F:C3:10:1A:E3:3C:9D:A4:8B:B1:72:CD:FA:16:50
            X509v3 Authority Key Identifier:
                keyid:A9:51:E6:38:A2:CB:95:C6:8B:BC:54:A2:72:86:05:B2:7F:57:06:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qVHmOKLLlcaLvFSicoYFsn9XBoE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/f06e79-ed2b-43d5-b4c1-abdf906c5ade/1/rwt3BB4fwxAa4zydpIuxcs36FlA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/f06e79-ed2b-43d5-b4c1-abdf906c5ade/1/qVHmOKLLlcaLvFSicoYFsn9XBoE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:8d:da:91:8c:77:c7:ac:54:95:e9:46:7b:e4:af:d8:54:f6:
         f0:02:d5:cf:79:b6:7d:61:f4:ed:d6:87:ee:6f:aa:46:c1:71:
         04:5c:12:03:cb:13:f3:93:ea:63:e4:83:02:c1:55:43:30:ee:
         64:92:b9:a7:42:1d:a6:9f:f7:80:2c:d4:9b:e1:85:24:80:fd:
         27:cf:0b:08:6b:95:43:5a:e5:5f:fa:3c:e9:4d:6f:30:e0:14:
         82:47:57:35:d1:f4:ec:6d:17:a0:a4:4d:96:05:00:2d:1d:ba:
         75:aa:1a:7c:d7:8b:c4:fb:ce:f7:18:05:d7:7e:ee:a6:a9:26:
         fe:e7:f8:d1:38:0a:7b:70:a9:3a:0b:42:c4:de:58:c8:31:dd:
         f4:0d:73:32:7a:0d:63:47:a8:ae:d5:70:94:85:37:cc:98:2c:
         3c:a2:a3:fe:37:97:8e:3e:6c:00:e2:a4:43:4e:cf:c1:a7:c2:
         19:07:60:c1:a8:2b:3b:15:1e:3e:5f:a9:6e:8d:bb:0d:14:10:
         63:54:09:7a:dc:62:21:b3:04:4b:77:1c:4f:19:7b:30:46:bb:
         5e:d9:3c:ac:33:c8:a5:3c:f5:c8:d2:9a:8a:3a:42:f9:04:7e:
         75:d5:e0:b5:26:1f:ff:2d:c0:e9:1a:54:cb:04:dc:13:d9:25:
         41:8e:26:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3TreUQb7WP32Tk9cmum9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5NTFlNjM4YTJjYjk1YzY4YmJjNTRhMjcyODYwNWIyN2Y1
NzA2ODEwHhcNMjQwMTAyMDYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjBiNzcwNDFlMWZjMzEwMWFlMzNjOWRhNDhiYjE3MmNkZmExNjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhThFHju3h00ejtMaXSg4AjWXFc+R
Cyty9ve8ZH8DRID/NvqPiF1c3BeX0GRaZT1uoAstei5rEfcdBg56uXCDvMAH+vAi
yGWcecrnuNbuxdqQMHevj1m9YtbJiohPVF5un8w+/SroTZoHPNbnWu5WqbGzikeA
ImxPhX8enE4FQAnva5lsncNfDYvZ4Kcx3Bf13V0ypJCt0ELMz70PA3YT/hi20A64
VOF9i+I46GjuTjiBXrA6nwetMZ9GihF+FFez36r0/UsG4NKlusaNNlL6OUUjV2nO
eVxFMrLD6JRVQO7ftw2fWFiYXqojM/WkkN7z596f96nGdqopodh+/Y9DOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK8LdwQeH8MQGuM8naSLsXLN+hZQMB8GA1UdIwQY
MBaAFKlR5jiiy5XGi7xUonKGBbJ/VwaBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVZIbU9LTExsY2FMdkZTaWNvWUZzbjlYQm9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9mMDZlNzktZWQyYi00M2Q1LWI0YzEt
YWJkZjkwNmM1YWRlLzEvcnd0M0JCNGZ3eEFhNHp5ZHBJdXhjczM2RmxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9mMDZlNzktZWQyYi00M2Q1LWI0YzEtYWJkZjkwNmM1YWRl
LzEvcVZIbU9LTExsY2FMdkZTaWNvWUZzbjlYQm9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9+cMA0G
CSqGSIb3DQEBCwUAA4IBAQBSjdqRjHfHrFSV6UZ75K/YVPbwAtXPebZ9YfTt1ofu
b6pGwXEEXBIDyxPzk+pj5IMCwVVDMO5kkrmnQh2mn/eALNSb4YUkgP0nzwsIa5VD
WuVf+jzpTW8w4BSCR1c10fTsbRegpE2WBQAtHbp1qhp814vE+873GAXXfu6mqSb+
5/jROAp7cKk6C0LE3ljIMd30DXMyeg1jR6iu1XCUhTfMmCw8oqP+N5eOPmwA4qRD
Ts/Bp8IZB2DBqCs7FR4+X6lujbsNFBBjVAl63GIhswRLdxxPGXswRrte2TysM8il
PPXI0pqKOkL5BH511eC1Jh//LcDpGlTLBNwT2SVBjiYF
-----END CERTIFICATE-----