Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/67c21d-0e92-4242-994e-fb40d6da2468/1/1O7gu2kvuvn7017oTng-dQeTAa0.roa
File:                     1O7gu2kvuvn7017oTng-dQeTAa0.roa (raw, json)
Hash identifier:          OT6WrJOyhkhsYl96CZgHLWxPY1slnsd9sVBdoJxdDhQ=
Subject key identifier:   D4:EE:E0:BB:69:2F:BA:F9:FB:D3:5E:E8:4E:78:3E:75:07:93:01:AD
Certificate issuer:       /CN=21cb2ac377fc603f95faecc54ac7d590f2cc319d
Certificate serial:       018EBDE73F45381A830C7D6932499E062425
Authority key identifier: 21:CB:2A:C3:77:FC:60:3F:95:FA:EC:C5:4A:C7:D5:90:F2:CC:31:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Icsqw3f8YD-V-uzFSsfVkPLMMZ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/67c21d-0e92-4242-994e-fb40d6da2468/1/1O7gu2kvuvn7017oTng-dQeTAa0.roa
Signing time:             Mon 08 Apr 2024 13:30:32 +0000
ROA not before:           Mon 08 Apr 2024 13:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57809
IP address blocks:        91.212.26.0/24 maxlen: 24
                          185.177.44.0/24 maxlen: 24
                          2a0a:2f81::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/67c21d-0e92-4242-994e-fb40d6da2468/1/Icsqw3f8YD-V-uzFSsfVkPLMMZ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/67c21d-0e92-4242-994e-fb40d6da2468/1/Icsqw3f8YD-V-uzFSsfVkPLMMZ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Icsqw3f8YD-V-uzFSsfVkPLMMZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bd:e7:3f:45:38:1a:83:0c:7d:69:32:49:9e:06:24:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21cb2ac377fc603f95faecc54ac7d590f2cc319d
        Validity
            Not Before: Apr  8 13:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4eee0bb692fbaf9fbd35ee84e783e75079301ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:22:77:fa:60:0f:08:62:5e:9b:30:19:75:bd:
                    b0:f8:67:d8:56:db:c1:7d:81:d4:7b:78:03:fb:c6:
                    9b:3c:15:ce:b6:a5:f6:08:5e:e0:b8:ef:ae:0c:d2:
                    df:39:58:01:eb:fa:1a:93:7e:a5:87:33:36:f4:2c:
                    86:65:67:7e:8b:7d:40:6b:b8:ee:b6:e9:0a:18:b0:
                    b1:e6:65:c2:c3:76:35:da:e4:13:ad:86:79:b1:73:
                    da:e4:ca:a0:cb:90:62:e9:43:88:9c:89:00:43:63:
                    34:ef:c2:7e:61:a5:15:c4:cb:d0:14:c9:96:4d:0b:
                    9d:ee:c4:9e:fb:31:43:c7:87:f3:29:e6:1f:e8:a6:
                    30:8c:df:df:56:7a:6a:be:a0:fb:b8:6c:d6:a2:7c:
                    c9:57:28:1d:55:a4:c0:5b:01:34:7d:b6:16:b4:27:
                    0b:47:92:fe:80:c2:e7:f1:22:a8:a2:dc:14:82:a9:
                    2b:6c:75:91:ba:1b:2d:0f:f0:6b:f2:69:e5:96:88:
                    29:fe:f1:03:3a:01:29:dd:f5:aa:d0:b8:02:12:0c:
                    6a:11:24:33:01:94:dd:c5:0b:81:82:56:6a:7b:0e:
                    c4:6b:03:89:c1:ad:d6:f0:f5:80:c1:ae:ec:44:ec:
                    a7:5d:38:e8:d9:5f:4a:a5:86:2d:28:a0:8e:df:a9:
                    8c:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:EE:E0:BB:69:2F:BA:F9:FB:D3:5E:E8:4E:78:3E:75:07:93:01:AD
            X509v3 Authority Key Identifier:
                keyid:21:CB:2A:C3:77:FC:60:3F:95:FA:EC:C5:4A:C7:D5:90:F2:CC:31:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Icsqw3f8YD-V-uzFSsfVkPLMMZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/67c21d-0e92-4242-994e-fb40d6da2468/1/1O7gu2kvuvn7017oTng-dQeTAa0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/67c21d-0e92-4242-994e-fb40d6da2468/1/Icsqw3f8YD-V-uzFSsfVkPLMMZ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.26.0/24
                  185.177.44.0/24
                IPv6:
                  2a0a:2f81::/32

    Signature Algorithm: sha256WithRSAEncryption
         3f:02:cf:72:f7:1a:e5:96:61:e0:fe:9e:07:e2:a8:17:ab:7d:
         ef:1c:c5:21:62:c5:6e:c2:88:f6:e6:b3:95:48:bd:11:ca:7c:
         7a:e2:ff:4a:be:38:a0:28:2f:b7:b3:a4:73:8e:f1:d7:95:34:
         10:b7:f7:4a:fb:0d:f7:52:77:1f:9c:64:cd:1f:8c:de:b4:9c:
         4a:6e:7b:a7:74:15:30:6e:16:d2:c7:42:a5:fa:7a:b8:09:68:
         7e:45:ce:02:e8:af:fa:16:79:d6:e2:f0:ea:e3:3e:a4:ea:69:
         f6:ed:d4:8d:57:dd:4d:12:7e:ab:6f:78:8a:08:21:47:5c:c6:
         7e:e3:59:fa:d8:60:4a:53:9d:a8:56:96:ca:bf:0b:e6:ee:88:
         81:fb:d6:ef:37:e0:2b:cf:79:ed:66:c4:74:cf:ce:f3:b7:33:
         22:34:a4:a3:b6:04:ad:7d:47:9f:d6:30:f7:a1:b1:b4:ea:9c:
         d2:76:44:9e:4c:30:81:1d:90:31:65:8b:d4:fd:40:2e:ac:c8:
         3c:57:75:94:83:35:b0:e7:af:66:77:f0:d0:4c:b7:0a:a0:99:
         30:3d:60:51:44:82:f9:9b:fa:22:c5:56:8b:43:cf:dd:c4:80:
         1d:b4:ab:fe:97:ac:d4:05:15:73:c0:96:71:0d:e9:dd:1f:cf:
         ad:dd:85:90
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY695z9FOBqDDH1pMkmeBiQlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxY2IyYWMzNzdmYzYwM2Y5NWZhZWNjNTRhYzdkNTkwZjJj
YzMxOWQwHhcNMjQwNDA4MTMzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGVlZTBiYjY5MmZiYWY5ZmJkMzVlZTg0ZTc4M2U3NTA3OTMwMWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyJ3+mAPCGJemzAZdb2w+GfYVtvB
fYHUe3gD+8abPBXOtqX2CF7guO+uDNLfOVgB6/oak36lhzM29CyGZWd+i31Aa7ju
tukKGLCx5mXCw3Y12uQTrYZ5sXPa5Mqgy5Bi6UOInIkAQ2M078J+YaUVxMvQFMmW
TQud7sSe+zFDx4fzKeYf6KYwjN/fVnpqvqD7uGzWonzJVygdVaTAWwE0fbYWtCcL
R5L+gMLn8SKootwUgqkrbHWRuhstD/Br8mnllogp/vEDOgEp3fWq0LgCEgxqESQz
AZTdxQuBglZqew7EawOJwa3W8PWAwa7sROynXTjo2V9KpYYtKKCO36mMawIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNTu4LtpL7r5+9Ne6E54PnUHkwGtMB8GA1UdIwQY
MBaAFCHLKsN3/GA/lfrsxUrH1ZDyzDGdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWNzcXczZjhZRC1WLXV6RlNzZlZrUExNTVowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy82N2MyMWQtMGU5Mi00MjQyLTk5NGUt
ZmI0MGQ2ZGEyNDY4LzEvMU83Z3Uya3Z1dm43MDE3b1RuZy1kUWVUQWEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy82N2MyMWQtMGU5Mi00MjQyLTk5NGUtZmI0MGQ2ZGEyNDY4
LzEvSWNzcXczZjhZRC1WLXV6RlNzZlZrUExNTVowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW9QaAwQA
ubEsMA0EAgACMAcDBQAqCi+BMA0GCSqGSIb3DQEBCwUAA4IBAQA/As9y9xrllmHg
/p4H4qgXq33vHMUhYsVuwoj25rOVSL0Rynx64v9KvjigKC+3s6RzjvHXlTQQt/dK
+w33UncfnGTNH4zetJxKbnundBUwbhbSx0Kl+nq4CWh+Rc4C6K/6FnnW4vDq4z6k
6mn27dSNV91NEn6rb3iKCCFHXMZ+41n62GBKU52oVpbKvwvm7oiB+9bvN+Arz3nt
ZsR0z87ztzMiNKSjtgStfUef1jD3obG06pzSdkSeTDCBHZAxZYvU/UAurMg8V3WU
gzWw569md/DQTLcKoJkwPWBRRIL5m/oixVaLQ8/dxIAdtKv+l6zUBRVzwJZxDend
H8+t3YWQ
-----END CERTIFICATE-----