Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/f67dczilP7aXV1HDf273UWjmcpM.roa
File:                     f67dczilP7aXV1HDf273UWjmcpM.roa (raw, json)
Hash identifier:          tnMPR3WWoNRsJAq1Lm6C+1dlgURYC6WEdMlxxX5dW9c=
Subject key identifier:   7F:AE:DD:73:38:A5:3F:B6:97:57:51:C3:7F:6E:F7:51:68:E6:72:93
Certificate issuer:       /CN=6161470d39be4ba2dd5df8fa47b16396278e670a
Certificate serial:       018CC34940238224D182384BB0A51B88DF43
Authority key identifier: 61:61:47:0D:39:BE:4B:A2:DD:5D:F8:FA:47:B1:63:96:27:8E:67:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YWFHDTm-S6LdXfj6R7FjlieOZwo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/f67dczilP7aXV1HDf273UWjmcpM.roa
Signing time:             Mon 01 Jan 2024 04:30:06 +0000
ROA not before:           Mon 01 Jan 2024 04:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210756
IP address blocks:        91.202.245.0/24 maxlen: 24
                          91.202.246.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/YWFHDTm-S6LdXfj6R7FjlieOZwo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/YWFHDTm-S6LdXfj6R7FjlieOZwo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YWFHDTm-S6LdXfj6R7FjlieOZwo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:40:23:82:24:d1:82:38:4b:b0:a5:1b:88:df:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6161470d39be4ba2dd5df8fa47b16396278e670a
        Validity
            Not Before: Jan  1 04:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7faedd7338a53fb6975751c37f6ef75168e67293
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:47:a5:37:20:22:5a:b7:5d:bc:7a:f5:2d:ae:
                    02:d6:31:ac:c6:bd:5b:0f:fb:c6:1d:04:25:a8:9a:
                    9d:e5:06:64:97:fb:f1:2c:99:02:a0:73:d8:32:4e:
                    d8:ad:6f:58:e6:ce:49:ab:56:92:68:b1:1a:1d:be:
                    de:b6:0a:32:81:57:d4:e3:15:f8:f9:b2:18:de:b1:
                    58:5e:48:11:a8:b6:8e:40:33:de:b7:4f:a1:13:5b:
                    15:58:2b:2f:8f:ae:80:46:d6:a7:97:07:51:aa:6f:
                    3f:2b:2b:33:8b:30:5e:57:e0:9a:fc:91:b0:d5:b2:
                    ac:4b:46:69:c1:fc:06:de:61:9d:80:71:4e:66:38:
                    50:b4:12:0b:7a:9a:78:ef:b5:c2:9b:e1:ec:8d:67:
                    27:d8:50:1f:99:9a:54:13:f4:1b:cf:61:54:4f:c0:
                    47:75:e1:13:f7:ff:a2:3a:9b:0b:6d:e1:be:9d:a0:
                    f5:c1:b4:d2:0e:a8:b7:8a:ff:2c:51:c1:85:14:98:
                    97:34:c3:03:c6:ae:93:cb:ba:79:d0:bd:0e:87:05:
                    cd:96:1a:53:09:21:9a:90:1a:a6:3c:c1:b8:6c:05:
                    7c:d0:53:be:05:a6:fa:19:c5:9c:a6:1e:a8:25:27:
                    72:da:05:b4:9c:21:e6:d8:45:bb:ff:85:71:32:9c:
                    a9:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:AE:DD:73:38:A5:3F:B6:97:57:51:C3:7F:6E:F7:51:68:E6:72:93
            X509v3 Authority Key Identifier:
                keyid:61:61:47:0D:39:BE:4B:A2:DD:5D:F8:FA:47:B1:63:96:27:8E:67:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YWFHDTm-S6LdXfj6R7FjlieOZwo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/f67dczilP7aXV1HDf273UWjmcpM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/YWFHDTm-S6LdXfj6R7FjlieOZwo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.202.245.0-91.202.247.255

    Signature Algorithm: sha256WithRSAEncryption
         00:a2:f7:54:b6:1f:6b:81:de:6a:e3:f3:07:5c:bb:bd:f3:75:
         80:71:34:42:a1:b8:ed:f7:41:77:32:16:5f:77:79:57:fc:f0:
         43:77:ad:69:08:c8:d7:b6:c3:32:f6:a3:d5:3c:d5:ce:02:37:
         58:44:dc:6f:8f:81:c8:83:4d:da:35:c7:9a:91:e9:9c:6c:8b:
         66:c6:3d:3c:93:fb:d3:6d:c9:f0:7a:87:80:37:d9:4b:d0:60:
         2b:68:a3:af:2a:d6:f3:c7:5a:10:df:b7:67:d7:1e:2a:29:df:
         ef:aa:3d:47:a5:93:84:ac:6e:cb:31:ee:a6:5c:eb:ee:56:3c:
         89:9b:51:c7:4b:3a:45:43:fc:f6:53:08:66:ba:c7:14:9f:83:
         19:c3:66:db:81:00:ec:74:97:3f:2e:86:0e:be:6b:84:ff:a2:
         7c:4c:70:f4:12:cb:48:87:cd:cf:1d:5a:fd:75:23:17:bb:4a:
         e5:17:21:a8:e2:a3:a4:61:ae:da:e8:c1:f1:a0:18:f9:7e:29:
         f7:46:a6:49:61:96:3f:85:4c:40:89:54:4b:21:ad:a0:5f:f9:
         36:6f:17:3f:11:d0:6a:75:be:5e:65:79:92:aa:19:a8:72:dc:
         ba:6c:68:f1:d5:43:96:4a:a2:7a:f8:bf:23:b6:bb:e5:e4:7e:
         22:d8:75:10
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDSUAjgiTRgjhLsKUbiN9DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxNjE0NzBkMzliZTRiYTJkZDVkZjhmYTQ3YjE2Mzk2Mjc4
ZTY3MGEwHhcNMjQwMTAxMDQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmFlZGQ3MzM4YTUzZmI2OTc1NzUxYzM3ZjZlZjc1MTY4ZTY3MjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUelNyAiWrddvHr1La4C1jGsxr1b
D/vGHQQlqJqd5QZkl/vxLJkCoHPYMk7YrW9Y5s5Jq1aSaLEaHb7etgoygVfU4xX4
+bIY3rFYXkgRqLaOQDPet0+hE1sVWCsvj66ARtanlwdRqm8/KyszizBeV+Ca/JGw
1bKsS0ZpwfwG3mGdgHFOZjhQtBILepp477XCm+HsjWcn2FAfmZpUE/Qbz2FUT8BH
deET9/+iOpsLbeG+naD1wbTSDqi3iv8sUcGFFJiXNMMDxq6Ty7p50L0OhwXNlhpT
CSGakBqmPMG4bAV80FO+Bab6GcWcph6oJSdy2gW0nCHm2EW7/4VxMpyphwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFH+u3XM4pT+2l1dRw39u91Fo5nKTMB8GA1UdIwQY
MBaAFGFhRw05vkui3V34+kexY5YnjmcKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVdGSERUbS1TNkxkWGZqNlI3RmpsaWVPWndvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9lNTE4NTYtZTUyZS00YjI0LThjOTkt
YzI0MGJmYzljYmMxLzEvZjY3ZGN6aWxQN2FYVjFIRGYyNzNVV2ptY3BNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9lNTE4NTYtZTUyZS00YjI0LThjOTktYzI0MGJmYzljYmMx
LzEvWVdGSERUbS1TNkxkWGZqNlI3RmpsaWVPWndvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABbyvUD
BANbyvAwDQYJKoZIhvcNAQELBQADggEBAACi91S2H2uB3mrj8wdcu73zdYBxNEKh
uO33QXcyFl93eVf88EN3rWkIyNe2wzL2o9U81c4CN1hE3G+PgciDTdo1x5qR6Zxs
i2bGPTyT+9NtyfB6h4A32UvQYCtoo68q1vPHWhDft2fXHiop3++qPUelk4Ssbssx
7qZc6+5WPImbUcdLOkVD/PZTCGa6xxSfgxnDZtuBAOx0lz8uhg6+a4T/onxMcPQS
y0iHzc8dWv11Ixe7SuUXIajio6RhrtrowfGgGPl+KfdGpklhlj+FTECJVEshraBf
+TZvFz8R0Gp1vl5leZKqGahy3LpsaPHVQ5ZKonr4vyO2u+XkfiLYdRA=
-----END CERTIFICATE-----