Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/RbVJZmzhkhOYnKwg1xWSfZ3FU5U.roa
File:                     RbVJZmzhkhOYnKwg1xWSfZ3FU5U.roa (raw, json)
Hash identifier:          6MJpj2K6XOQh1MOVXsT2WOy0Yrxk9l4zVX/OfpkZaOw=
Subject key identifier:   45:B5:49:66:6C:E1:92:13:98:9C:AC:20:D7:15:92:7D:9D:C5:53:95
Certificate issuer:       /CN=6278a768c910badcd5c4aef7c172a9f061547e8c
Certificate serial:       018CC8DF7918842C1BF928972F83526C72CE
Authority key identifier: 62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/RbVJZmzhkhOYnKwg1xWSfZ3FU5U.roa
Signing time:             Tue 02 Jan 2024 06:32:17 +0000
ROA not before:           Tue 02 Jan 2024 06:32:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56452
IP address blocks:        91.223.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:79:18:84:2c:1b:f9:28:97:2f:83:52:6c:72:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6278a768c910badcd5c4aef7c172a9f061547e8c
        Validity
            Not Before: Jan  2 06:32:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45b549666ce19213989cac20d715927d9dc55395
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:36:65:35:cf:b3:29:41:61:6d:2e:9f:f9:a1:
                    05:b6:78:9e:69:e5:9e:7c:ae:29:0f:00:42:c3:2c:
                    f4:73:17:60:b2:7e:b3:0d:b6:66:26:de:87:5a:03:
                    0d:bb:64:cf:ed:dd:0b:96:af:f3:84:8f:90:71:b4:
                    d7:17:72:2d:ab:23:01:15:94:01:68:e5:0c:32:b6:
                    1d:e5:db:78:c2:c0:95:8b:26:8e:df:68:36:87:c8:
                    91:20:9f:f2:ca:80:ce:5f:f9:89:9a:dd:65:5c:f7:
                    4d:4f:0b:c4:0c:58:db:82:14:64:d5:aa:9d:4b:da:
                    34:ca:5d:f1:37:de:62:e4:fc:19:a3:fb:b2:a1:77:
                    57:0c:cb:40:00:4e:a1:e1:51:76:eb:00:1c:21:d5:
                    6a:81:78:7c:92:29:f0:6a:c4:11:75:1a:f0:e9:71:
                    af:84:32:e2:7f:6d:d3:c3:11:f3:2e:5d:7b:9d:ba:
                    2f:84:e0:97:a8:44:1e:0c:79:ee:55:4f:46:87:5b:
                    1a:a9:f2:64:39:0c:63:a3:16:79:86:2e:89:de:33:
                    aa:bb:4c:80:1f:3d:6c:9b:0d:81:8a:53:66:5a:73:
                    f5:93:2e:04:2e:f9:1c:b5:6a:ad:05:40:ec:95:71:
                    c2:39:ad:7f:3d:7f:19:76:94:87:a9:47:ab:9e:bf:
                    9d:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:B5:49:66:6C:E1:92:13:98:9C:AC:20:D7:15:92:7D:9D:C5:53:95
            X509v3 Authority Key Identifier:
                keyid:62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/RbVJZmzhkhOYnKwg1xWSfZ3FU5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:de:a4:0a:35:da:56:8a:29:f1:db:dd:2d:04:d8:fa:81:81:
         f1:aa:0a:dd:53:4e:1c:da:52:c5:62:aa:f1:1d:11:76:25:8f:
         0d:76:04:bd:2b:da:70:81:e3:0d:4d:51:30:06:fc:41:4c:f5:
         f5:c2:75:41:fc:b1:7c:e1:1a:e5:c4:a1:45:6a:dd:aa:f0:e2:
         03:82:c7:3a:a3:d5:5c:6c:13:8d:50:41:f9:3f:95:d6:8f:7b:
         3a:da:03:a9:cb:67:9b:e2:15:b4:f1:f4:87:ea:4d:f7:d9:c7:
         08:38:b7:ca:f5:91:ce:48:c2:61:ea:ca:a9:37:bd:db:9a:03:
         6a:09:ad:d4:62:33:5e:19:6e:a0:6c:00:5e:f6:dc:42:11:71:
         b0:d8:9f:7f:6c:20:21:8d:e7:75:83:b6:92:33:0b:14:64:f2:
         03:a9:3b:25:ac:7a:3c:c0:5c:79:27:d8:73:3d:f1:f0:a0:ea:
         16:7e:d1:aa:fd:9d:a8:53:b8:d4:2b:9d:9f:51:78:39:0d:a8:
         09:c6:d1:39:6a:e0:d4:30:ba:f3:dd:cc:6f:db:0d:f4:a2:5b:
         ad:d7:4b:db:32:82:a7:e1:53:8a:16:b2:18:46:db:37:dd:5e:
         43:55:ac:7c:c1:2c:79:c0:1d:fc:b5:ba:a1:50:a1:0b:2f:60:
         f2:e7:1d:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI33kYhCwb+SiXL4NSbHLOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzhhNzY4YzkxMGJhZGNkNWM0YWVmN2MxNzJhOWYwNjE1
NDdlOGMwHhcNMjQwMTAyMDYzMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWI1NDk2NjZjZTE5MjEzOTg5Y2FjMjBkNzE1OTI3ZDlkYzU1Mzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDZlNc+zKUFhbS6f+aEFtnieaeWe
fK4pDwBCwyz0cxdgsn6zDbZmJt6HWgMNu2TP7d0Llq/zhI+QcbTXF3ItqyMBFZQB
aOUMMrYd5dt4wsCViyaO32g2h8iRIJ/yyoDOX/mJmt1lXPdNTwvEDFjbghRk1aqd
S9o0yl3xN95i5PwZo/uyoXdXDMtAAE6h4VF26wAcIdVqgXh8kinwasQRdRrw6XGv
hDLif23TwxHzLl17nbovhOCXqEQeDHnuVU9Gh1saqfJkOQxjoxZ5hi6J3jOqu0yA
Hz1smw2BilNmWnP1ky4ELvkctWqtBUDslXHCOa1/PX8ZdpSHqUernr+dlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEW1SWZs4ZITmJysINcVkn2dxVOVMB8GA1UdIwQY
MBaAFGJ4p2jJELrc1cSu98FyqfBhVH6MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQt
MzQ1NGY0OTBmZDk2LzEvUmJWSlptemhraE9Zbkt3ZzF4V1NmWjNGVTVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQtMzQ1NGY0OTBmZDk2
LzEvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9+iMA0G
CSqGSIb3DQEBCwUAA4IBAQA63qQKNdpWiinx290tBNj6gYHxqgrdU04c2lLFYqrx
HRF2JY8NdgS9K9pwgeMNTVEwBvxBTPX1wnVB/LF84RrlxKFFat2q8OIDgsc6o9Vc
bBONUEH5P5XWj3s62gOpy2eb4hW08fSH6k332ccIOLfK9ZHOSMJh6sqpN73bmgNq
Ca3UYjNeGW6gbABe9txCEXGw2J9/bCAhjed1g7aSMwsUZPIDqTslrHo8wFx5J9hz
PfHwoOoWftGq/Z2oU7jUK52fUXg5DagJxtE5auDUMLrz3cxv2w30olut10vbMoKn
4VOKFrIYRts33V5DVax8wSx5wB38tbqhUKELL2Dy5x0I
-----END CERTIFICATE-----