Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/267ead-f26a-4b12-9abb-f1d6597aba7e/1/c8BLxRwyhNHXKOZVC0aQH4d4IYY.roa
File:                     c8BLxRwyhNHXKOZVC0aQH4d4IYY.roa (raw, json)
Hash identifier:          jazhxGuZxgPfFQ9flUW0RIJQ5NUtZGOz9mXRaoj/1lw=
Subject key identifier:   73:C0:4B:C5:1C:32:84:D1:D7:28:E6:55:0B:46:90:1F:87:78:21:86
Certificate issuer:       /CN=31083abd7f9799631a9bbda8a34f442301fc6e6f
Certificate serial:       018CC5DBF18A83CAAD37F73AC4BAC6C9CA01
Authority key identifier: 31:08:3A:BD:7F:97:99:63:1A:9B:BD:A8:A3:4F:44:23:01:FC:6E:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MQg6vX-XmWMam72oo09EIwH8bm8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/267ead-f26a-4b12-9abb-f1d6597aba7e/1/c8BLxRwyhNHXKOZVC0aQH4d4IYY.roa
Signing time:             Mon 01 Jan 2024 16:29:34 +0000
ROA not before:           Mon 01 Jan 2024 16:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209235
IP address blocks:        91.244.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/267ead-f26a-4b12-9abb-f1d6597aba7e/1/MQg6vX-XmWMam72oo09EIwH8bm8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/267ead-f26a-4b12-9abb-f1d6597aba7e/1/MQg6vX-XmWMam72oo09EIwH8bm8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MQg6vX-XmWMam72oo09EIwH8bm8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:f1:8a:83:ca:ad:37:f7:3a:c4:ba:c6:c9:ca:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31083abd7f9799631a9bbda8a34f442301fc6e6f
        Validity
            Not Before: Jan  1 16:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73c04bc51c3284d1d728e6550b46901f87782186
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:01:a3:55:03:1f:53:32:5d:53:56:25:9d:70:
                    99:5e:de:14:8a:bc:31:0f:4a:e3:91:44:3b:1f:ff:
                    86:5d:ec:0f:1c:90:5c:a6:79:ab:d4:95:42:7c:a6:
                    b0:0c:55:09:6d:7e:c2:3a:57:28:eb:64:8b:55:de:
                    8b:b1:47:5d:2b:f0:29:86:83:37:27:ae:f4:ed:bc:
                    b3:56:d0:38:6e:90:35:6d:0a:e2:cb:43:21:33:2e:
                    66:a4:d6:66:66:7b:87:d4:38:f4:9f:ab:9c:90:69:
                    3f:9c:24:bd:ec:8b:53:6d:7a:16:bf:83:6d:6e:5a:
                    fa:bb:9c:8c:10:28:e1:09:45:da:91:e3:15:e5:fe:
                    33:7c:87:3f:71:ce:c1:c6:4d:44:c9:4a:08:b0:ee:
                    4c:7b:31:0a:a7:f1:6f:03:25:f2:43:f0:de:0f:ac:
                    ed:8a:8c:b0:23:8a:64:ab:0a:14:15:ea:5d:fb:86:
                    db:e7:1b:22:ed:62:7b:d3:6b:8b:65:fc:1b:98:78:
                    2b:03:22:30:40:28:35:98:12:32:be:c6:f5:ce:5c:
                    4a:7e:6b:ee:6e:fd:31:5a:ef:49:48:ee:27:da:7a:
                    b4:d9:17:56:86:de:61:3e:0b:e5:e4:e0:82:40:eb:
                    cf:4f:19:a2:0b:0b:f1:97:b3:b6:12:f3:ad:b1:36:
                    1f:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:C0:4B:C5:1C:32:84:D1:D7:28:E6:55:0B:46:90:1F:87:78:21:86
            X509v3 Authority Key Identifier:
                keyid:31:08:3A:BD:7F:97:99:63:1A:9B:BD:A8:A3:4F:44:23:01:FC:6E:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MQg6vX-XmWMam72oo09EIwH8bm8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/267ead-f26a-4b12-9abb-f1d6597aba7e/1/c8BLxRwyhNHXKOZVC0aQH4d4IYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/267ead-f26a-4b12-9abb-f1d6597aba7e/1/MQg6vX-XmWMam72oo09EIwH8bm8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.244.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:6f:46:d9:d5:dd:b1:aa:ee:92:d5:25:e4:8d:54:e6:c1:ca:
         52:5b:40:77:25:88:d5:14:ef:2e:e0:88:0f:43:bc:12:c6:e4:
         74:6b:11:9f:4f:c3:76:9e:84:cc:04:85:cf:85:fb:3d:b2:7f:
         81:59:4a:ae:e3:72:d0:59:9b:bc:32:3f:b3:e0:2c:31:78:37:
         08:b9:43:58:5f:f8:b7:b5:c9:9f:5d:c5:1b:c7:18:bd:ab:6e:
         ac:bf:d7:ae:36:17:73:30:aa:ed:37:38:0a:75:22:2e:8f:1e:
         7e:29:2f:c2:29:95:44:c7:4e:20:93:69:a6:06:2b:c5:ae:d9:
         34:10:d0:f0:d8:61:72:63:45:28:40:17:3b:d1:79:11:e4:11:
         5c:68:df:c3:90:c4:4b:81:58:b8:95:32:64:58:1a:46:07:27:
         fd:87:6d:4b:99:37:9b:60:c2:2d:f3:38:8d:59:74:1e:a1:3d:
         35:ac:67:b7:99:68:90:b3:60:4d:b9:53:40:47:b9:42:4a:f6:
         f5:a7:ab:e2:89:8a:7c:99:3a:98:1f:42:71:9b:99:9f:a9:56:
         aa:b4:02:54:78:32:d4:aa:74:c1:e9:31:07:08:13:82:dd:be:
         e4:0c:0d:6f:5d:7f:5c:99:60:4f:db:b4:1f:5f:79:43:fd:82:
         ee:f4:8d:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/GKg8qtN/c6xLrGycoBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMDgzYWJkN2Y5Nzk5NjMxYTliYmRhOGEzNGY0NDIzMDFm
YzZlNmYwHhcNMjQwMTAxMTYyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2MwNGJjNTFjMzI4NGQxZDcyOGU2NTUwYjQ2OTAxZjg3NzgyMTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQGjVQMfUzJdU1YlnXCZXt4Uirwx
D0rjkUQ7H/+GXewPHJBcpnmr1JVCfKawDFUJbX7COlco62SLVd6LsUddK/AphoM3
J6707byzVtA4bpA1bQriy0MhMy5mpNZmZnuH1Dj0n6uckGk/nCS97ItTbXoWv4Nt
blr6u5yMECjhCUXakeMV5f4zfIc/cc7Bxk1EyUoIsO5MezEKp/FvAyXyQ/DeD6zt
ioywI4pkqwoUFepd+4bb5xsi7WJ702uLZfwbmHgrAyIwQCg1mBIyvsb1zlxKfmvu
bv0xWu9JSO4n2nq02RdWht5hPgvl5OCCQOvPTxmiCwvxl7O2EvOtsTYfRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHPAS8UcMoTR1yjmVQtGkB+HeCGGMB8GA1UdIwQY
MBaAFDEIOr1/l5ljGpu9qKNPRCMB/G5vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVFnNnZYLVhtV01hbTcyb28wOUVJd0g4Ym04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS8yNjdlYWQtZjI2YS00YjEyLTlhYmIt
ZjFkNjU5N2FiYTdlLzEvYzhCTHhSd3loTkhYS09aVkMwYVFINGQ0SVlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS8yNjdlYWQtZjI2YS00YjEyLTlhYmItZjFkNjU5N2FiYTdl
LzEvTVFnNnZYLVhtV01hbTcyb28wOUVJd0g4Ym04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/T2MA0G
CSqGSIb3DQEBCwUAA4IBAQB/b0bZ1d2xqu6S1SXkjVTmwcpSW0B3JYjVFO8u4IgP
Q7wSxuR0axGfT8N2noTMBIXPhfs9sn+BWUqu43LQWZu8Mj+z4CwxeDcIuUNYX/i3
tcmfXcUbxxi9q26sv9euNhdzMKrtNzgKdSIujx5+KS/CKZVEx04gk2mmBivFrtk0
ENDw2GFyY0UoQBc70XkR5BFcaN/DkMRLgVi4lTJkWBpGByf9h21LmTebYMIt8ziN
WXQeoT01rGe3mWiQs2BNuVNAR7lCSvb1p6viiYp8mTqYH0Jxm5mfqVaqtAJUeDLU
qnTB6TEHCBOC3b7kDA1vXX9cmWBP27QfX3lD/YLu9I0R
-----END CERTIFICATE-----