Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/2f380d-843f-42e2-8fb3-ce9e1b82967d/1/cZ1U3KVI3FmDVNwyu0VE8FUehmQ.roa
File:                     cZ1U3KVI3FmDVNwyu0VE8FUehmQ.roa (raw, json)
Hash identifier:          eKBBNnsalQEcZYUUZLrsVLG/GIDZJ0S0NSFkhiLb3cI=
Subject key identifier:   71:9D:54:DC:A5:48:DC:59:83:54:DC:32:BB:45:44:F0:55:1E:86:64
Certificate issuer:       /CN=840e9d038f1bc005f3b09c5dca820ad810948b3e
Certificate serial:       018CC5DC5219728FB878030837DF3F993BFD
Authority key identifier: 84:0E:9D:03:8F:1B:C0:05:F3:B0:9C:5D:CA:82:0A:D8:10:94:8B:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hA6dA48bwAXzsJxdyoIK2BCUiz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/2f380d-843f-42e2-8fb3-ce9e1b82967d/1/cZ1U3KVI3FmDVNwyu0VE8FUehmQ.roa
Signing time:             Mon 01 Jan 2024 16:29:59 +0000
ROA not before:           Mon 01 Jan 2024 16:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43576
IP address blocks:        91.197.145.0/24 maxlen: 24
                          91.197.144.0/24 maxlen: 24
                          91.197.144.0/22 maxlen: 22
                          91.197.147.0/24 maxlen: 24
                          91.197.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/2f380d-843f-42e2-8fb3-ce9e1b82967d/1/hA6dA48bwAXzsJxdyoIK2BCUiz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/2f380d-843f-42e2-8fb3-ce9e1b82967d/1/hA6dA48bwAXzsJxdyoIK2BCUiz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hA6dA48bwAXzsJxdyoIK2BCUiz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:52:19:72:8f:b8:78:03:08:37:df:3f:99:3b:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=840e9d038f1bc005f3b09c5dca820ad810948b3e
        Validity
            Not Before: Jan  1 16:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=719d54dca548dc598354dc32bb4544f0551e8664
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:1f:3a:be:36:7d:19:74:32:d9:08:74:df:c0:
                    97:bb:e0:0c:e3:b6:48:a6:ef:3b:d3:24:cd:d2:00:
                    f1:61:47:06:21:8d:89:4e:e0:68:cc:33:9c:8b:7b:
                    9b:5a:37:fc:45:b4:f3:47:a5:2f:2f:4e:4a:b8:d6:
                    6c:28:37:b6:40:a0:30:1c:61:17:8d:e7:3d:93:31:
                    51:92:6d:bf:b7:ef:0c:b4:e9:7d:85:ee:d2:25:e2:
                    1b:86:4e:3d:dd:e3:3e:e4:45:38:30:ff:76:1f:57:
                    d1:35:25:5e:ef:91:a8:85:3d:36:c7:80:ce:e2:07:
                    3e:37:8e:ff:8b:63:35:7f:09:c0:91:84:69:2e:31:
                    55:f4:ad:2e:d5:87:5d:f3:bc:13:91:de:91:77:4f:
                    88:36:4b:cd:85:91:27:f7:d0:ca:be:b5:a0:13:da:
                    37:4d:9c:63:86:b4:d2:ff:47:e9:2d:1d:e8:ea:2a:
                    02:bb:c0:7c:ad:74:21:41:0f:2c:ec:b9:9c:c0:4d:
                    ae:5c:ff:eb:96:c0:50:20:c4:08:18:47:4d:58:60:
                    ac:7c:ea:d5:b1:5e:03:1c:a2:11:00:d4:66:c8:5b:
                    37:41:8e:b7:a8:ae:a7:65:8d:59:86:d8:77:0b:e5:
                    f3:ce:3c:37:4e:ba:5b:aa:9a:90:3d:f6:16:d7:8a:
                    1c:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:9D:54:DC:A5:48:DC:59:83:54:DC:32:BB:45:44:F0:55:1E:86:64
            X509v3 Authority Key Identifier:
                keyid:84:0E:9D:03:8F:1B:C0:05:F3:B0:9C:5D:CA:82:0A:D8:10:94:8B:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hA6dA48bwAXzsJxdyoIK2BCUiz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/2f380d-843f-42e2-8fb3-ce9e1b82967d/1/cZ1U3KVI3FmDVNwyu0VE8FUehmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/2f380d-843f-42e2-8fb3-ce9e1b82967d/1/hA6dA48bwAXzsJxdyoIK2BCUiz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:cb:3a:a4:42:17:48:a3:4f:f6:68:05:af:8d:55:72:fc:35:
         ff:e1:94:12:5c:ff:5f:3a:af:a5:8b:a1:28:0f:78:df:22:c9:
         44:03:16:36:13:35:c3:56:44:07:4f:68:75:fe:bb:17:34:ba:
         a9:21:dd:f4:ca:59:25:f2:e2:cc:49:e7:b4:65:18:13:a9:70:
         8c:08:48:59:6b:4a:1a:db:86:20:d0:5e:20:ec:32:ef:9c:a0:
         1f:10:f1:bf:a9:96:6b:0e:77:58:6b:1f:df:cf:b4:b0:98:12:
         1b:40:98:d8:dd:ad:26:ef:a5:dd:d5:ce:ba:20:06:52:11:53:
         39:08:5a:f6:4a:c5:3e:6e:dd:69:ed:8f:04:f0:3f:5d:8e:f9:
         af:29:0e:67:01:f3:8c:6b:eb:fe:c1:ae:3c:bc:4b:e0:ce:90:
         45:9e:e5:56:bf:3f:b8:57:fd:cf:86:a4:8e:24:25:af:f7:b2:
         64:20:ef:69:48:29:dc:6a:39:69:de:a2:25:40:09:1d:1c:f1:
         4a:d4:9b:e4:a7:38:13:1b:e9:d4:6e:7b:11:cb:43:47:06:df:
         9b:22:6d:30:e4:da:ec:1f:1f:54:0d:2d:87:ed:e8:3b:6c:dc:
         33:96:58:43:c4:24:84:2d:6d:e1:b0:19:81:aa:b1:1b:76:4e:
         5b:20:7c:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3FIZco+4eAMIN98/mTv9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0MGU5ZDAzOGYxYmMwMDVmM2IwOWM1ZGNhODIwYWQ4MTA5
NDhiM2UwHhcNMjQwMTAxMTYyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTlkNTRkY2E1NDhkYzU5ODM1NGRjMzJiYjQ1NDRmMDU1MWU4NjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuR86vjZ9GXQy2Qh038CXu+AM47ZI
pu870yTN0gDxYUcGIY2JTuBozDOci3ubWjf8RbTzR6UvL05KuNZsKDe2QKAwHGEX
jec9kzFRkm2/t+8MtOl9he7SJeIbhk493eM+5EU4MP92H1fRNSVe75GohT02x4DO
4gc+N47/i2M1fwnAkYRpLjFV9K0u1Ydd87wTkd6Rd0+INkvNhZEn99DKvrWgE9o3
TZxjhrTS/0fpLR3o6ioCu8B8rXQhQQ8s7LmcwE2uXP/rlsBQIMQIGEdNWGCsfOrV
sV4DHKIRANRmyFs3QY63qK6nZY1Zhth3C+Xzzjw3TrpbqpqQPfYW14ocrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHGdVNylSNxZg1TcMrtFRPBVHoZkMB8GA1UdIwQY
MBaAFIQOnQOPG8AF87CcXcqCCtgQlIs+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEE2ZEE0OGJ3QVh6c0p4ZHlvSUsyQkNVaXo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8yZjM4MGQtODQzZi00MmUyLThmYjMt
Y2U5ZTFiODI5NjdkLzEvY1oxVTNLVkkzRm1EVk53eXUwVkU4RlVlaG1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8yZjM4MGQtODQzZi00MmUyLThmYjMtY2U5ZTFiODI5Njdk
LzEvaEE2ZEE0OGJ3QVh6c0p4ZHlvSUsyQkNVaXo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8WQMA0G
CSqGSIb3DQEBCwUAA4IBAQAxyzqkQhdIo0/2aAWvjVVy/DX/4ZQSXP9fOq+li6Eo
D3jfIslEAxY2EzXDVkQHT2h1/rsXNLqpId30ylkl8uLMSee0ZRgTqXCMCEhZa0oa
24Yg0F4g7DLvnKAfEPG/qZZrDndYax/fz7SwmBIbQJjY3a0m76Xd1c66IAZSEVM5
CFr2SsU+bt1p7Y8E8D9djvmvKQ5nAfOMa+v+wa48vEvgzpBFnuVWvz+4V/3PhqSO
JCWv97JkIO9pSCncajlp3qIlQAkdHPFK1JvkpzgTG+nUbnsRy0NHBt+bIm0w5Nrs
Hx9UDS2H7eg7bNwzllhDxCSELW3hsBmBqrEbdk5bIHwa
-----END CERTIFICATE-----