Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/dd3dd1-09b5-4aa2-aec0-9fb1ce4d720b/1/bp4v3JPxpmc4jJzj0hWU3UbTZBs.roa
File:                     bp4v3JPxpmc4jJzj0hWU3UbTZBs.roa (raw, json)
Hash identifier:          oFNbrfYinGIF1BJ4GCfR9HRPGxWonSqHVuDhfDKE57g=
Subject key identifier:   6E:9E:2F:DC:93:F1:A6:67:38:8C:9C:E3:D2:15:94:DD:46:D3:64:1B
Certificate issuer:       /CN=54584a219f6f5066d848ed2ab964da8966d40a2a
Certificate serial:       018CC4934A491F43EB3F66D8271389850E8A
Authority key identifier: 54:58:4A:21:9F:6F:50:66:D8:48:ED:2A:B9:64:DA:89:66:D4:0A:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VFhKIZ9vUGbYSO0quWTaiWbUCio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/dd3dd1-09b5-4aa2-aec0-9fb1ce4d720b/1/bp4v3JPxpmc4jJzj0hWU3UbTZBs.roa
Signing time:             Mon 01 Jan 2024 10:30:36 +0000
ROA not before:           Mon 01 Jan 2024 10:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49420
IP address blocks:        91.231.221.0/24 maxlen: 24
                          91.212.242.0/24 maxlen: 24
                          2001:67c:24c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/dd3dd1-09b5-4aa2-aec0-9fb1ce4d720b/1/VFhKIZ9vUGbYSO0quWTaiWbUCio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/dd3dd1-09b5-4aa2-aec0-9fb1ce4d720b/1/VFhKIZ9vUGbYSO0quWTaiWbUCio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VFhKIZ9vUGbYSO0quWTaiWbUCio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:4a:49:1f:43:eb:3f:66:d8:27:13:89:85:0e:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54584a219f6f5066d848ed2ab964da8966d40a2a
        Validity
            Not Before: Jan  1 10:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e9e2fdc93f1a667388c9ce3d21594dd46d3641b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:aa:c0:b6:20:f7:1d:07:ae:ff:35:c9:7f:2e:
                    20:97:f4:3c:65:2b:7c:b3:f1:e1:75:87:c8:8d:1d:
                    2e:ce:2b:b3:c3:7a:4b:82:fc:d6:a5:62:75:a1:84:
                    a3:aa:cc:1e:69:5a:6c:61:97:85:19:fa:55:3c:5b:
                    8a:21:b5:c0:b6:96:27:f9:62:4b:aa:ff:ed:43:1a:
                    fc:27:55:97:78:f1:3f:f5:fc:38:ea:cc:e6:bc:5a:
                    73:fd:a8:7f:2a:89:21:4e:ce:9c:f1:ab:e6:5a:ba:
                    d1:f7:a7:76:d3:97:2e:63:af:02:fc:4c:91:a7:b0:
                    49:fb:e2:99:fb:a2:ae:86:9f:df:b7:b1:a8:b0:a5:
                    a4:f0:5b:97:74:af:21:a7:d1:ee:35:9a:76:0a:57:
                    0a:85:1c:3f:0e:c8:d9:9e:68:93:03:a8:59:fa:9b:
                    e3:09:53:35:b1:90:0e:51:be:b5:66:f6:83:1a:ff:
                    12:02:1f:41:3e:83:bb:b9:75:8a:86:10:9b:07:65:
                    1e:4c:f9:66:9f:6e:ec:f0:2a:b7:13:09:e5:ea:88:
                    49:54:43:60:d9:0b:2d:be:7f:d7:7f:81:75:2d:99:
                    36:4c:5e:3c:fa:da:04:29:c1:cc:e5:8f:3e:94:9e:
                    9a:6e:b9:a2:8e:39:8f:ec:5e:ab:60:bb:ea:b9:3b:
                    76:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:9E:2F:DC:93:F1:A6:67:38:8C:9C:E3:D2:15:94:DD:46:D3:64:1B
            X509v3 Authority Key Identifier:
                keyid:54:58:4A:21:9F:6F:50:66:D8:48:ED:2A:B9:64:DA:89:66:D4:0A:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VFhKIZ9vUGbYSO0quWTaiWbUCio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/dd3dd1-09b5-4aa2-aec0-9fb1ce4d720b/1/bp4v3JPxpmc4jJzj0hWU3UbTZBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/dd3dd1-09b5-4aa2-aec0-9fb1ce4d720b/1/VFhKIZ9vUGbYSO0quWTaiWbUCio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.242.0/24
                  91.231.221.0/24
                IPv6:
                  2001:67c:24c::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:3c:6e:93:64:63:fe:69:69:17:a5:57:27:7f:78:55:c4:17:
         e6:fe:28:f2:02:7f:9d:5d:10:e5:71:98:6c:e1:bf:2a:5b:6a:
         ec:2e:f4:d2:db:be:a3:ee:4c:76:6f:1b:96:04:e8:7f:88:4d:
         9d:8c:21:29:14:a0:41:cb:5b:1c:35:38:cd:28:3a:51:cd:3d:
         48:27:fe:7c:9c:5f:54:29:5f:6b:23:fc:bc:ed:c1:d3:06:1a:
         e1:b0:49:60:54:4d:ec:a7:34:b1:9b:d8:37:e9:a8:ef:4e:e4:
         3e:61:78:f0:d7:37:23:00:0d:7b:d3:a7:a4:84:bc:34:54:07:
         73:59:ae:73:ac:9e:a0:aa:90:4f:c5:0c:a1:f1:ba:44:4f:b0:
         60:ab:ba:0c:5a:4c:a5:f8:0d:ee:df:b5:b7:d4:5f:fb:91:d0:
         4d:23:1f:9f:8e:9d:29:b7:d7:6f:85:98:53:6e:f9:01:7a:6b:
         b3:04:1b:50:b4:23:d7:bc:04:bd:8a:32:a0:61:f9:d6:62:f5:
         45:88:94:17:1c:84:b1:63:18:1d:a0:08:85:68:19:99:3c:8d:
         d9:ec:b8:2b:fe:d0:73:ea:c7:07:d8:02:4a:1b:97:71:0b:6f:
         2f:ae:21:4b:d0:79:25:ff:72:ff:9f:f7:55:e6:99:83:fd:3a:
         fb:c9:df:cf
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzEk0pJH0PrP2bYJxOJhQ6KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NTg0YTIxOWY2ZjUwNjZkODQ4ZWQyYWI5NjRkYTg5NjZk
NDBhMmEwHhcNMjQwMTAxMTAzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTllMmZkYzkzZjFhNjY3Mzg4YzljZTNkMjE1OTRkZDQ2ZDM2NDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKrAtiD3HQeu/zXJfy4gl/Q8ZSt8
s/HhdYfIjR0uziuzw3pLgvzWpWJ1oYSjqsweaVpsYZeFGfpVPFuKIbXAtpYn+WJL
qv/tQxr8J1WXePE/9fw46szmvFpz/ah/KokhTs6c8avmWrrR96d205cuY68C/EyR
p7BJ++KZ+6Kuhp/ft7GosKWk8FuXdK8hp9HuNZp2ClcKhRw/DsjZnmiTA6hZ+pvj
CVM1sZAOUb61ZvaDGv8SAh9BPoO7uXWKhhCbB2UeTPlmn27s8Cq3Ewnl6ohJVENg
2Qstvn/Xf4F1LZk2TF48+toEKcHM5Y8+lJ6abrmijjmP7F6rYLvquTt2VwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFG6eL9yT8aZnOIyc49IVlN1G02QbMB8GA1UdIwQY
MBaAFFRYSiGfb1Bm2EjtKrlk2olm1AoqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkZoS0laOXZVR2JZU08wcXVXVGFpV2JVQ2lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9kZDNkZDEtMDliNS00YWEyLWFlYzAt
OWZiMWNlNGQ3MjBiLzEvYnA0djNKUHhwbWM0akp6ajBoV1UzVWJUWkJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9kZDNkZDEtMDliNS00YWEyLWFlYzAtOWZiMWNlNGQ3MjBi
LzEvVkZoS0laOXZVR2JZU08wcXVXVGFpV2JVQ2lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAW9TyAwQA
W+fdMA8EAgACMAkDBwAgAQZ8AkwwDQYJKoZIhvcNAQELBQADggEBAB88bpNkY/5p
aRelVyd/eFXEF+b+KPICf51dEOVxmGzhvypbauwu9NLbvqPuTHZvG5YE6H+ITZ2M
ISkUoEHLWxw1OM0oOlHNPUgn/nycX1QpX2sj/LztwdMGGuGwSWBUTeynNLGb2Dfp
qO9O5D5hePDXNyMADXvTp6SEvDRUB3NZrnOsnqCqkE/FDKHxukRPsGCrugxaTKX4
De7ftbfUX/uR0E0jH5+OnSm312+FmFNu+QF6a7MEG1C0I9e8BL2KMqBh+dZi9UWI
lBcchLFjGB2gCIVoGZk8jdnsuCv+0HPqxwfYAkobl3ELby+uIUvQeSX/cv+f91Xm
mYP9OvvJ388=
-----END CERTIFICATE-----