Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/101696-83dd-436f-b47c-3e1b8432fc70/1/qOeiv2UGF0sC8089nG9ITAjdPOM.roa
File:                     qOeiv2UGF0sC8089nG9ITAjdPOM.roa (raw, json)
Hash identifier:          bcGWYleGli1rUpuFfMCLgXA40U8KXHVxVLdMDNWbZ9Q=
Subject key identifier:   A8:E7:A2:BF:65:06:17:4B:02:F3:4F:3D:9C:6F:48:4C:08:DD:3C:E3
Certificate issuer:       /CN=bf5599c26755f4a4d4f540e2ffd7b74a39053da3
Certificate serial:       018DCFEBB80DC2925A525D01BEC9C204F3AC
Authority key identifier: BF:55:99:C2:67:55:F4:A4:D4:F5:40:E2:FF:D7:B7:4A:39:05:3D:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v1WZwmdV9KTU9UDi_9e3SjkFPaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/101696-83dd-436f-b47c-3e1b8432fc70/1/qOeiv2UGF0sC8089nG9ITAjdPOM.roa
Signing time:             Thu 22 Feb 2024 08:25:48 +0000
ROA not before:           Thu 22 Feb 2024 08:25:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13030
IP address blocks:        91.199.76.0/24 maxlen: 24
                          2001:67c:470::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/101696-83dd-436f-b47c-3e1b8432fc70/1/v1WZwmdV9KTU9UDi_9e3SjkFPaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/101696-83dd-436f-b47c-3e1b8432fc70/1/v1WZwmdV9KTU9UDi_9e3SjkFPaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v1WZwmdV9KTU9UDi_9e3SjkFPaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:cf:eb:b8:0d:c2:92:5a:52:5d:01:be:c9:c2:04:f3:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf5599c26755f4a4d4f540e2ffd7b74a39053da3
        Validity
            Not Before: Feb 22 08:25:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8e7a2bf6506174b02f34f3d9c6f484c08dd3ce3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:f4:db:c3:60:1a:d8:88:06:8c:7a:ef:46:45:
                    47:05:3c:67:df:5d:97:84:f4:b6:0d:57:aa:38:d1:
                    a8:4d:b1:a6:f2:1f:29:09:e3:96:58:df:f7:30:c1:
                    b4:64:05:b8:d9:89:e1:83:25:32:7c:ae:58:a2:be:
                    88:dd:fa:48:3a:40:d2:66:d0:66:df:2c:d6:f3:60:
                    a5:a1:ab:cc:d0:2b:03:20:0d:0a:ce:33:c3:e1:6f:
                    82:6e:1b:1c:3f:60:87:17:ed:66:cc:99:6d:5c:fe:
                    00:3d:fb:9e:2a:50:a4:16:57:bb:e2:e8:ad:3f:33:
                    29:a1:b2:f5:79:ce:3a:d3:e8:33:09:93:29:c7:6a:
                    78:a5:0a:f7:d1:75:23:eb:ca:04:c0:96:ce:5e:7c:
                    4d:8a:0f:f0:1a:68:00:63:08:0c:69:f1:78:29:7c:
                    9b:00:d1:61:41:c8:9e:6b:e2:d2:31:71:95:dc:6b:
                    84:7c:fe:79:94:7c:e7:e9:33:fe:83:59:66:c1:93:
                    7b:f6:d7:3b:c8:4f:c9:c1:cf:52:3f:a4:aa:0d:44:
                    1b:be:bc:59:e2:08:b3:42:a1:34:74:7f:ca:9d:4d:
                    58:05:5d:91:d5:ba:4e:e6:b9:42:d4:67:85:37:e7:
                    77:51:af:47:4e:10:ec:54:ab:02:4b:7b:a6:16:9b:
                    1d:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:E7:A2:BF:65:06:17:4B:02:F3:4F:3D:9C:6F:48:4C:08:DD:3C:E3
            X509v3 Authority Key Identifier:
                keyid:BF:55:99:C2:67:55:F4:A4:D4:F5:40:E2:FF:D7:B7:4A:39:05:3D:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v1WZwmdV9KTU9UDi_9e3SjkFPaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/101696-83dd-436f-b47c-3e1b8432fc70/1/qOeiv2UGF0sC8089nG9ITAjdPOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/101696-83dd-436f-b47c-3e1b8432fc70/1/v1WZwmdV9KTU9UDi_9e3SjkFPaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.76.0/24
                IPv6:
                  2001:67c:470::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:24:66:e2:5b:53:65:d5:b8:60:b3:39:de:cb:ff:1b:d2:02:
         19:eb:f8:aa:0e:6a:1c:3f:8b:03:5d:25:85:9f:f2:1a:40:ed:
         30:ea:d0:d3:49:6d:65:3e:55:cd:36:99:e6:94:ed:31:45:e5:
         bb:90:eb:60:2f:96:5d:a5:da:e9:29:63:eb:f9:fe:43:d8:de:
         c4:b2:66:d4:b5:08:da:28:19:af:3f:27:df:8c:ec:ac:b3:59:
         38:4c:9b:16:4b:90:4a:9e:c2:3e:3e:15:cf:a1:f5:c5:fd:7a:
         27:fe:1a:e8:95:e0:13:ea:8d:1b:34:a0:d3:66:1c:6d:49:96:
         fc:1f:2d:db:6f:b3:75:ca:f0:2f:f6:5e:21:e0:53:41:0d:bf:
         c2:99:3e:37:d6:c1:7e:7e:bf:3f:83:3e:17:f5:31:54:29:c7:
         10:f7:98:1b:00:8b:e1:c2:ec:d5:33:88:bf:79:e1:f3:e4:e6:
         bb:c5:18:34:88:9f:98:af:a9:07:36:4f:71:81:c9:e8:1d:ba:
         46:28:01:1b:c9:0c:cc:e0:e5:07:7a:e0:13:05:ce:33:47:33:
         c9:36:fc:6d:fc:9a:4b:92:a0:18:23:2a:72:4b:53:66:fa:f4:
         98:58:6e:eb:57:e3:7f:7a:62:86:c0:cf:06:f2:01:ec:2a:e4:
         02:a4:c0:90
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY3P67gNwpJaUl0BvsnCBPOsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNTU5OWMyNjc1NWY0YTRkNGY1NDBlMmZmZDdiNzRhMzkw
NTNkYTMwHhcNMjQwMjIyMDgyNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGU3YTJiZjY1MDYxNzRiMDJmMzRmM2Q5YzZmNDg0YzA4ZGQzY2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvTbw2Aa2IgGjHrvRkVHBTxn312X
hPS2DVeqONGoTbGm8h8pCeOWWN/3MMG0ZAW42YnhgyUyfK5Yor6I3fpIOkDSZtBm
3yzW82CloavM0CsDIA0KzjPD4W+CbhscP2CHF+1mzJltXP4APfueKlCkFle74uit
PzMpobL1ec460+gzCZMpx2p4pQr30XUj68oEwJbOXnxNig/wGmgAYwgMafF4KXyb
ANFhQciea+LSMXGV3GuEfP55lHzn6TP+g1lmwZN79tc7yE/Jwc9SP6SqDUQbvrxZ
4gizQqE0dH/KnU1YBV2R1bpO5rlC1GeFN+d3Ua9HThDsVKsCS3umFpsdYwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKjnor9lBhdLAvNPPZxvSEwI3TzjMB8GA1UdIwQY
MBaAFL9VmcJnVfSk1PVA4v/Xt0o5BT2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjFXWndtZFY5S1RVOVVEaV85ZTNTamtGUGFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS8xMDE2OTYtODNkZC00MzZmLWI0N2Mt
M2UxYjg0MzJmYzcwLzEvcU9laXYyVUdGMHNDODA4OW5HOUlUQWpkUE9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS8xMDE2OTYtODNkZC00MzZmLWI0N2MtM2UxYjg0MzJmYzcw
LzEvdjFXWndtZFY5S1RVOVVEaV85ZTNTamtGUGFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW8dMMA8E
AgACMAkDBwAgAQZ8BHAwDQYJKoZIhvcNAQELBQADggEBAJMkZuJbU2XVuGCzOd7L
/xvSAhnr+KoOahw/iwNdJYWf8hpA7TDq0NNJbWU+Vc02meaU7TFF5buQ62Avll2l
2ukpY+v5/kPY3sSyZtS1CNooGa8/J9+M7KyzWThMmxZLkEqewj4+Fc+h9cX9eif+
GuiV4BPqjRs0oNNmHG1JlvwfLdtvs3XK8C/2XiHgU0ENv8KZPjfWwX5+vz+DPhf1
MVQpxxD3mBsAi+HC7NUziL954fPk5rvFGDSIn5ivqQc2T3GByegdukYoARvJDMzg
5Qd64BMFzjNHM8k2/G38mkuSoBgjKnJLU2b69JhYbutX4396YobAzwbyAewq5AKk
wJA=
-----END CERTIFICATE-----