Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/0VZRQ6w90MJkUAnhqh-gRgwkVX0.roa
File:                     0VZRQ6w90MJkUAnhqh-gRgwkVX0.roa (raw, json)
Hash identifier:          i6TuoopvegONXjpz+dE+l46cxQvKFWizY9+ia6erFZ0=
Subject key identifier:   D1:56:51:43:AC:3D:D0:C2:64:50:09:E1:AA:1F:A0:46:0C:24:55:7D
Certificate issuer:       /CN=bc56db796def0dbdb4c78f2445abecc1570a6fd9
Certificate serial:       018CC3B701A0D089AEA25BC9646FA353888E
Authority key identifier: BC:56:DB:79:6D:EF:0D:BD:B4:C7:8F:24:45:AB:EC:C1:57:0A:6F:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vFbbeW3vDb20x48kRavswVcKb9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/0VZRQ6w90MJkUAnhqh-gRgwkVX0.roa
Signing time:             Mon 01 Jan 2024 06:29:59 +0000
ROA not before:           Mon 01 Jan 2024 06:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2854
IP address blocks:        91.199.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/vFbbeW3vDb20x48kRavswVcKb9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/vFbbeW3vDb20x48kRavswVcKb9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vFbbeW3vDb20x48kRavswVcKb9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:49:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:01:a0:d0:89:ae:a2:5b:c9:64:6f:a3:53:88:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc56db796def0dbdb4c78f2445abecc1570a6fd9
        Validity
            Not Before: Jan  1 06:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1565143ac3dd0c2645009e1aa1fa0460c24557d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:53:b3:5b:ce:34:2a:ca:67:d1:35:08:ec:e8:
                    82:92:85:3b:b6:59:23:b7:50:82:35:b9:69:0a:01:
                    08:9f:0d:76:98:22:ad:1b:56:11:a7:0c:09:c2:79:
                    14:d6:dd:55:7d:b1:85:d0:66:fb:0d:10:cc:63:79:
                    a0:db:ba:6d:e0:9d:e3:6e:c7:fd:a3:7e:09:2d:fd:
                    d2:c5:ad:f6:8c:f8:e2:96:cb:1f:4b:29:6b:31:1f:
                    64:b3:9a:18:8a:06:41:c8:29:f1:7a:c7:80:d0:98:
                    af:2c:e6:60:d4:31:ce:1e:07:02:77:90:27:40:68:
                    06:cb:7c:79:69:02:55:d4:11:54:f1:49:fe:6c:a6:
                    50:0d:68:d9:b0:cc:05:78:7f:1c:1b:46:79:f5:2c:
                    ae:90:7a:a5:9a:51:bb:d9:39:76:54:fe:df:13:22:
                    22:e3:99:3c:f1:5e:8c:8d:4f:cb:a6:68:0e:f7:aa:
                    e2:49:c5:b4:0a:6c:43:13:8f:58:61:72:a2:04:f8:
                    1e:2e:de:59:b5:c1:36:8e:9f:85:2a:c1:23:81:59:
                    f7:df:11:af:27:3d:b1:1a:c6:fa:87:f1:20:c2:fa:
                    25:08:10:fa:ff:fb:ce:f0:0b:e9:2a:ed:b9:a8:51:
                    e8:cc:59:7a:53:e1:22:83:40:68:6c:d1:0a:9f:e0:
                    df:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:56:51:43:AC:3D:D0:C2:64:50:09:E1:AA:1F:A0:46:0C:24:55:7D
            X509v3 Authority Key Identifier:
                keyid:BC:56:DB:79:6D:EF:0D:BD:B4:C7:8F:24:45:AB:EC:C1:57:0A:6F:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vFbbeW3vDb20x48kRavswVcKb9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/0VZRQ6w90MJkUAnhqh-gRgwkVX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/vFbbeW3vDb20x48kRavswVcKb9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:e8:66:9f:c6:eb:f0:e7:46:80:fc:db:39:68:90:5d:a6:db:
         34:f9:9f:c5:7a:9c:d0:5a:79:33:98:a7:3a:36:39:bd:ea:68:
         0a:a9:78:d4:cc:99:15:ce:95:38:4d:4a:ef:65:6a:b1:19:c6:
         e7:19:17:ce:dd:f5:ed:48:55:72:34:b6:7c:5c:96:eb:bf:11:
         c6:92:30:7f:01:d6:6b:47:bf:fa:ed:71:de:ee:f9:fb:dc:2f:
         af:50:4b:fb:42:99:83:69:9c:7e:4d:f2:ee:08:82:cb:35:09:
         48:a7:12:ca:c8:b1:61:e7:31:44:e5:f9:fe:5b:89:3f:69:cd:
         79:f3:0a:99:7c:ac:f7:d6:8d:6c:9f:be:b6:ad:76:a3:9f:8a:
         c6:a4:47:f6:9f:e5:14:fd:e8:9f:96:ab:26:64:ff:e4:53:66:
         74:b0:e9:09:50:21:11:76:08:c8:aa:cd:4a:b8:9a:4e:6c:e1:
         41:5d:59:74:f6:7e:c2:24:90:16:c5:88:6b:d6:76:b2:9a:f8:
         bc:e9:9d:6b:95:b9:a0:14:c3:21:c7:22:7b:c8:68:7e:11:d2:
         4f:55:d2:5a:b6:18:a4:57:e0:67:e2:f3:19:a0:38:68:1c:7d:
         cb:a0:73:23:ca:c3:2f:71:93:63:ed:3f:33:e8:83:0d:55:bc:
         ca:07:b5:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtwGg0ImuolvJZG+jU4iOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNTZkYjc5NmRlZjBkYmRiNGM3OGYyNDQ1YWJlY2MxNTcw
YTZmZDkwHhcNMjQwMTAxMDYyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTU2NTE0M2FjM2RkMGMyNjQ1MDA5ZTFhYTFmYTA0NjBjMjQ1NTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1OzW840Kspn0TUI7OiCkoU7tlkj
t1CCNblpCgEInw12mCKtG1YRpwwJwnkU1t1VfbGF0Gb7DRDMY3mg27pt4J3jbsf9
o34JLf3Sxa32jPjilssfSylrMR9ks5oYigZByCnxeseA0JivLOZg1DHOHgcCd5An
QGgGy3x5aQJV1BFU8Un+bKZQDWjZsMwFeH8cG0Z59SyukHqlmlG72Tl2VP7fEyIi
45k88V6MjU/LpmgO96riScW0CmxDE49YYXKiBPgeLt5ZtcE2jp+FKsEjgVn33xGv
Jz2xGsb6h/EgwvolCBD6//vO8AvpKu25qFHozFl6U+Eig0BobNEKn+DflwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNFWUUOsPdDCZFAJ4aofoEYMJFV9MB8GA1UdIwQY
MBaAFLxW23lt7w29tMePJEWr7MFXCm/ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkZiYmVXM3ZEYjIweDQ4a1JhdnN3VmNLYjlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC84YjliZDktM2Y2Mi00ZTMwLTgwODUt
MWVjNzIxZmEyYTMwLzEvMFZaUlE2dzkwTUprVUFuaHFoLWdSZ3drVlgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC84YjliZDktM2Y2Mi00ZTMwLTgwODUtMWVjNzIxZmEyYTMw
LzEvdkZiYmVXM3ZEYjIweDQ4a1JhdnN3VmNLYjlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8cQMA0G
CSqGSIb3DQEBCwUAA4IBAQAL6Gafxuvw50aA/Ns5aJBdpts0+Z/FepzQWnkzmKc6
Njm96mgKqXjUzJkVzpU4TUrvZWqxGcbnGRfO3fXtSFVyNLZ8XJbrvxHGkjB/AdZr
R7/67XHe7vn73C+vUEv7QpmDaZx+TfLuCILLNQlIpxLKyLFh5zFE5fn+W4k/ac15
8wqZfKz31o1sn762rXajn4rGpEf2n+UU/eiflqsmZP/kU2Z0sOkJUCERdgjIqs1K
uJpObOFBXVl09n7CJJAWxYhr1naymvi86Z1rlbmgFMMhxyJ7yGh+EdJPVdJathik
V+Bn4vMZoDhoHH3LoHMjysMvcZNj7T8z6IMNVbzKB7XL
-----END CERTIFICATE-----