Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/f0c9d7-168f-4e10-b5a1-cdc8f9bbc372/1/u3Rg0XuOYMtlAtLZ5JkePDykK40.roa
File:                     u3Rg0XuOYMtlAtLZ5JkePDykK40.roa (raw, json)
Hash identifier:          jX1ePPe32lPhlxEMtu2HGhT6RZA3jhjTclQ9loXfD0Q=
Subject key identifier:   BB:74:60:D1:7B:8E:60:CB:65:02:D2:D9:E4:99:1E:3C:3C:A4:2B:8D
Certificate issuer:       /CN=bd350606914333f7bfc2c0d1f8d3c3e4b72a302d
Certificate serial:       018F7881892541999F8F88FAED9B6F632D95
Authority key identifier: BD:35:06:06:91:43:33:F7:BF:C2:C0:D1:F8:D3:C3:E4:B7:2A:30:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vTUGBpFDM_e_wsDR-NPD5LcqMC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/f0c9d7-168f-4e10-b5a1-cdc8f9bbc372/1/u3Rg0XuOYMtlAtLZ5JkePDykK40.roa
Signing time:             Tue 14 May 2024 19:08:25 +0000
ROA not before:           Tue 14 May 2024 19:08:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211251
IP address blocks:        91.142.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/f0c9d7-168f-4e10-b5a1-cdc8f9bbc372/1/vTUGBpFDM_e_wsDR-NPD5LcqMC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/f0c9d7-168f-4e10-b5a1-cdc8f9bbc372/1/vTUGBpFDM_e_wsDR-NPD5LcqMC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vTUGBpFDM_e_wsDR-NPD5LcqMC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:78:81:89:25:41:99:9f:8f:88:fa:ed:9b:6f:63:2d:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd350606914333f7bfc2c0d1f8d3c3e4b72a302d
        Validity
            Not Before: May 14 19:08:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb7460d17b8e60cb6502d2d9e4991e3c3ca42b8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:08:0f:b2:9c:52:a6:e2:3c:75:9f:9a:a2:43:
                    ed:e4:f5:d0:01:f9:63:a2:41:2b:1c:ac:0d:61:20:
                    cb:df:e2:d5:76:63:9c:17:fa:63:72:7b:ca:23:b3:
                    08:7a:5d:e0:3e:ff:d6:73:6f:df:c8:de:db:93:97:
                    bd:6c:c8:48:62:4b:48:f7:3b:71:9c:bb:0a:82:02:
                    63:37:a1:08:76:6c:98:d1:84:78:f0:44:b5:3d:18:
                    4c:4f:f0:6c:84:c0:0d:07:c0:3a:9d:8f:da:5f:d6:
                    af:0e:8e:f2:6c:56:78:db:c7:1a:d2:84:87:d8:a1:
                    e2:eb:53:e8:4e:30:1b:a7:53:e5:4f:c2:c2:a5:0e:
                    64:ff:f1:0d:de:a5:ec:1d:4c:d2:06:92:50:e1:30:
                    b2:60:31:90:10:68:cf:e8:34:ce:36:6d:42:76:e5:
                    49:38:dc:13:c9:bb:42:34:2b:c4:4c:64:8a:55:20:
                    75:ba:66:a6:e5:f3:01:af:e2:79:bf:06:62:52:2f:
                    5a:d0:7b:6d:41:5f:b4:5e:b5:59:0b:56:7e:16:b9:
                    e4:ed:cd:d0:9c:c4:9c:b8:df:98:ab:9c:f4:bc:d0:
                    aa:df:47:d6:66:76:a4:2b:8a:1b:98:32:44:fd:9b:
                    79:54:85:be:8b:ff:19:1a:a6:da:a7:e6:43:bb:55:
                    76:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:74:60:D1:7B:8E:60:CB:65:02:D2:D9:E4:99:1E:3C:3C:A4:2B:8D
            X509v3 Authority Key Identifier:
                keyid:BD:35:06:06:91:43:33:F7:BF:C2:C0:D1:F8:D3:C3:E4:B7:2A:30:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vTUGBpFDM_e_wsDR-NPD5LcqMC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/f0c9d7-168f-4e10-b5a1-cdc8f9bbc372/1/u3Rg0XuOYMtlAtLZ5JkePDykK40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/f0c9d7-168f-4e10-b5a1-cdc8f9bbc372/1/vTUGBpFDM_e_wsDR-NPD5LcqMC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.142.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:56:00:30:7f:80:51:45:84:74:e0:17:29:b7:5b:3a:f6:b5:
         fd:db:10:2f:de:76:5f:fd:97:6d:76:00:90:4e:d5:be:88:e5:
         4f:05:7f:3d:13:bb:4c:6c:3e:1c:19:00:86:25:53:8f:7d:97:
         75:4e:2d:78:cd:09:35:58:f4:32:3d:c5:1b:99:ef:3c:93:1e:
         b7:d7:c4:26:0b:3b:07:ba:fa:97:70:de:07:b9:ec:93:a4:1e:
         ee:79:2b:c3:0c:98:ee:84:1a:86:f5:6d:1f:07:ab:ca:04:88:
         bd:b0:b3:56:e6:d5:fc:d6:44:18:18:c8:80:bc:34:ee:a0:69:
         6b:85:23:0d:eb:9a:05:5b:68:0b:10:c9:fc:3f:d7:17:ed:1d:
         34:8f:b7:b5:5b:83:d4:ce:1a:85:47:65:ab:a5:6c:a0:ed:2d:
         37:9e:3d:61:f1:3f:55:33:c7:54:72:63:02:54:94:5e:95:55:
         ef:15:1d:27:96:75:56:c2:36:3e:88:a4:a1:75:86:71:27:13:
         cb:74:dd:b3:9e:71:9b:7d:7a:5c:b6:6f:25:19:2a:ec:49:80:
         ca:14:72:a9:b1:48:81:50:28:ce:84:51:93:58:bb:66:4a:fe:
         5c:f6:a2:fc:89:d1:97:9d:a7:9e:4e:93:43:d7:5b:d4:55:8e:
         2a:c6:f9:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY94gYklQZmfj4j67ZtvYy2VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMzUwNjA2OTE0MzMzZjdiZmMyYzBkMWY4ZDNjM2U0Yjcy
YTMwMmQwHhcNMjQwNTE0MTkwODI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjc0NjBkMTdiOGU2MGNiNjUwMmQyZDllNDk5MWUzYzNjYTQyYjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQgPspxSpuI8dZ+aokPt5PXQAflj
okErHKwNYSDL3+LVdmOcF/pjcnvKI7MIel3gPv/Wc2/fyN7bk5e9bMhIYktI9ztx
nLsKggJjN6EIdmyY0YR48ES1PRhMT/BshMANB8A6nY/aX9avDo7ybFZ428ca0oSH
2KHi61PoTjAbp1PlT8LCpQ5k//EN3qXsHUzSBpJQ4TCyYDGQEGjP6DTONm1CduVJ
ONwTybtCNCvETGSKVSB1umam5fMBr+J5vwZiUi9a0HttQV+0XrVZC1Z+Frnk7c3Q
nMScuN+Yq5z0vNCq30fWZnakK4obmDJE/Zt5VIW+i/8ZGqbap+ZDu1V2sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLt0YNF7jmDLZQLS2eSZHjw8pCuNMB8GA1UdIwQY
MBaAFL01BgaRQzP3v8LA0fjTw+S3KjAtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlRVR0JwRkRNX2Vfd3NEUi1OUEQ1TGNxTUMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9mMGM5ZDctMTY4Zi00ZTEwLWI1YTEt
Y2RjOGY5YmJjMzcyLzEvdTNSZzBYdU9ZTXRsQXRMWjVKa2VQRHlrSzQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9mMGM5ZDctMTY4Zi00ZTEwLWI1YTEtY2RjOGY5YmJjMzcy
LzEvdlRVR0JwRkRNX2Vfd3NEUi1OUEQ1TGNxTUMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW46EMA0G
CSqGSIb3DQEBCwUAA4IBAQBmVgAwf4BRRYR04Bcpt1s69rX92xAv3nZf/ZdtdgCQ
TtW+iOVPBX89E7tMbD4cGQCGJVOPfZd1Ti14zQk1WPQyPcUbme88kx6318QmCzsH
uvqXcN4HueyTpB7ueSvDDJjuhBqG9W0fB6vKBIi9sLNW5tX81kQYGMiAvDTuoGlr
hSMN65oFW2gLEMn8P9cX7R00j7e1W4PUzhqFR2WrpWyg7S03nj1h8T9VM8dUcmMC
VJRelVXvFR0nlnVWwjY+iKShdYZxJxPLdN2znnGbfXpctm8lGSrsSYDKFHKpsUiB
UCjOhFGTWLtmSv5c9qL8idGXnaeeTpND11vUVY4qxvkn
-----END CERTIFICATE-----