Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/89afba-4fed-42ef-a751-f5ff9afc3266/1/iklvQYJBlRgGQxIwewtM1N1H65U.roa
File:                     iklvQYJBlRgGQxIwewtM1N1H65U.roa (raw, json)
Hash identifier:          QiZEKft9N0VrGSCIPjU3kCmrlD7PY/S8sVNOXdg2VRA=
Subject key identifier:   8A:49:6F:41:82:41:95:18:06:43:12:30:7B:0B:4C:D4:DD:47:EB:95
Certificate issuer:       /CN=9a764d8d3ae725b45e0d4807f612ec3d1f2a3f4f
Certificate serial:       018CC94E26C364FC1D454CCF753F9299F644
Authority key identifier: 9A:76:4D:8D:3A:E7:25:B4:5E:0D:48:07:F6:12:EC:3D:1F:2A:3F:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mnZNjTrnJbReDUgH9hLsPR8qP08.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/89afba-4fed-42ef-a751-f5ff9afc3266/1/iklvQYJBlRgGQxIwewtM1N1H65U.roa
Signing time:             Tue 02 Jan 2024 08:33:11 +0000
ROA not before:           Tue 02 Jan 2024 08:33:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41880
IP address blocks:        91.102.208.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/89afba-4fed-42ef-a751-f5ff9afc3266/1/mnZNjTrnJbReDUgH9hLsPR8qP08.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/89afba-4fed-42ef-a751-f5ff9afc3266/1/mnZNjTrnJbReDUgH9hLsPR8qP08.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mnZNjTrnJbReDUgH9hLsPR8qP08.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:26:c3:64:fc:1d:45:4c:cf:75:3f:92:99:f6:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a764d8d3ae725b45e0d4807f612ec3d1f2a3f4f
        Validity
            Not Before: Jan  2 08:33:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a496f4182419518064312307b0b4cd4dd47eb95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:66:6d:a2:db:d3:38:9e:7d:1d:c9:eb:07:6a:
                    50:18:61:f0:9d:91:ec:6f:19:c1:77:b0:64:c3:38:
                    94:bb:cc:86:30:68:1c:99:6f:54:0d:e3:92:e8:32:
                    47:54:56:f7:e6:cc:11:33:4d:7f:bd:b8:66:6a:98:
                    0f:39:34:32:db:35:76:ae:34:ec:8b:7b:c0:f7:cc:
                    28:db:f8:7a:f2:ee:03:7e:c2:41:70:78:bb:f5:50:
                    04:32:11:12:4b:43:8a:4c:5a:8d:c1:a2:07:ec:65:
                    1c:a8:c0:97:2c:69:ea:6c:d6:23:4d:e5:77:c7:65:
                    d3:c9:ed:ef:62:d3:0e:c0:c7:fd:d4:38:6e:43:ff:
                    1e:7f:ba:cc:f0:91:1f:89:ce:53:ab:e0:ac:d6:e1:
                    3e:f9:dd:d7:ba:0f:04:57:0e:f5:ac:2b:c7:2b:f2:
                    30:1b:c3:79:df:f4:23:f2:5f:c4:11:43:10:6e:1d:
                    a9:c4:e7:7a:75:ba:ed:69:97:0d:28:70:c7:48:7c:
                    3f:2a:49:70:61:47:ef:4c:bd:1a:ad:b2:5d:8b:2c:
                    66:44:89:f4:eb:e3:68:75:12:3a:cf:ff:9c:34:50:
                    93:ec:51:98:98:9b:b7:32:51:c7:a8:e9:af:8b:07:
                    19:c4:5d:4a:56:f7:dd:fd:45:85:31:36:8f:f6:0f:
                    0e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:49:6F:41:82:41:95:18:06:43:12:30:7B:0B:4C:D4:DD:47:EB:95
            X509v3 Authority Key Identifier:
                keyid:9A:76:4D:8D:3A:E7:25:B4:5E:0D:48:07:F6:12:EC:3D:1F:2A:3F:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mnZNjTrnJbReDUgH9hLsPR8qP08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/89afba-4fed-42ef-a751-f5ff9afc3266/1/iklvQYJBlRgGQxIwewtM1N1H65U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/89afba-4fed-42ef-a751-f5ff9afc3266/1/mnZNjTrnJbReDUgH9hLsPR8qP08.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         62:41:40:64:5a:ce:69:3a:cb:f1:7d:b4:46:35:81:4a:1a:62:
         ea:f7:1a:dc:2f:92:ab:2b:d7:a5:82:93:a8:33:c0:3a:c7:d0:
         3f:29:98:41:9f:c1:4a:17:44:55:ce:fa:59:0e:46:86:e4:ff:
         ef:e4:4e:f8:34:df:81:05:cc:1e:90:eb:71:b1:88:2e:06:17:
         1a:0f:1a:6a:28:58:37:d8:40:61:f8:8c:98:2d:b6:ad:81:85:
         3c:54:30:41:7e:33:7e:9a:83:0b:7a:90:a2:aa:f9:74:92:93:
         5b:c3:7b:a3:47:d4:6d:ac:b6:3d:b4:49:88:28:02:74:11:ac:
         a8:59:1b:d7:88:44:d8:7a:c5:d6:83:9f:1a:b6:bc:8c:49:e4:
         22:6a:53:3a:f4:34:df:e9:2f:fd:0c:64:a9:23:0d:70:8f:ca:
         c0:0c:d0:4d:94:40:a1:bc:43:e7:dc:a4:38:16:e1:53:33:46:
         e9:39:12:c4:7c:9f:48:2b:2a:c7:43:5b:01:35:dc:46:20:27:
         fd:1f:14:72:e1:32:5d:39:2e:bd:30:93:ce:25:f9:17:02:7a:
         6f:7a:c5:de:e7:b3:1d:85:5f:ab:03:7d:09:c7:5e:b3:3e:65:
         15:8c:31:d3:13:12:ef:49:ad:18:c1:8b:90:e4:a1:4b:97:f0:
         3a:ea:f4:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTibDZPwdRUzPdT+SmfZEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNzY0ZDhkM2FlNzI1YjQ1ZTBkNDgwN2Y2MTJlYzNkMWYy
YTNmNGYwHhcNMjQwMTAyMDgzMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTQ5NmY0MTgyNDE5NTE4MDY0MzEyMzA3YjBiNGNkNGRkNDdlYjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGZtotvTOJ59HcnrB2pQGGHwnZHs
bxnBd7BkwziUu8yGMGgcmW9UDeOS6DJHVFb35swRM01/vbhmapgPOTQy2zV2rjTs
i3vA98wo2/h68u4DfsJBcHi79VAEMhESS0OKTFqNwaIH7GUcqMCXLGnqbNYjTeV3
x2XTye3vYtMOwMf91DhuQ/8ef7rM8JEfic5Tq+Cs1uE++d3Xug8EVw71rCvHK/Iw
G8N53/Qj8l/EEUMQbh2pxOd6dbrtaZcNKHDHSHw/KklwYUfvTL0arbJdiyxmRIn0
6+NodRI6z/+cNFCT7FGYmJu3MlHHqOmviwcZxF1KVvfd/UWFMTaP9g8OAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIpJb0GCQZUYBkMSMHsLTNTdR+uVMB8GA1UdIwQY
MBaAFJp2TY065yW0Xg1IB/YS7D0fKj9PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbW5aTmpUcm5KYlJlRFVnSDloTHNQUjhxUDA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC84OWFmYmEtNGZlZC00MmVmLWE3NTEt
ZjVmZjlhZmMzMjY2LzEvaWtsdlFZSkJsUmdHUXhJd2V3dE0xTjFINjVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC84OWFmYmEtNGZlZC00MmVmLWE3NTEtZjVmZjlhZmMzMjY2
LzEvbW5aTmpUcm5KYlJlRFVnSDloTHNQUjhxUDA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDW2bQMA0G
CSqGSIb3DQEBCwUAA4IBAQBiQUBkWs5pOsvxfbRGNYFKGmLq9xrcL5KrK9elgpOo
M8A6x9A/KZhBn8FKF0RVzvpZDkaG5P/v5E74NN+BBcwekOtxsYguBhcaDxpqKFg3
2EBh+IyYLbatgYU8VDBBfjN+moMLepCiqvl0kpNbw3ujR9RtrLY9tEmIKAJ0Eayo
WRvXiETYesXWg58atryMSeQialM69DTf6S/9DGSpIw1wj8rADNBNlEChvEPn3KQ4
FuFTM0bpORLEfJ9IKyrHQ1sBNdxGICf9HxRy4TJdOS69MJPOJfkXAnpvesXe57Md
hV+rA30Jx16zPmUVjDHTExLvSa0YwYuQ5KFLl/A66vTj
-----END CERTIFICATE-----