Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/afa091-b16f-4527-8b00-1ddac2b08404/1/_GqJ24gQOfIN3NK2hJe_xXB0_RU.roa
File:                     _GqJ24gQOfIN3NK2hJe_xXB0_RU.roa (raw, json)
Hash identifier:          euwLXRZTIBEgdfFmjGKm+bh8IdB+DnVaAA6xuf43LpI=
Subject key identifier:   FC:6A:89:DB:88:10:39:F2:0D:DC:D2:B6:84:97:BF:C5:70:74:FD:15
Certificate issuer:       /CN=bf982def77a26d7cc19473b3a4064dcc5217e471
Certificate serial:       018CC649E6AB94CECFEB5FA2C105668206C3
Authority key identifier: BF:98:2D:EF:77:A2:6D:7C:C1:94:73:B3:A4:06:4D:CC:52:17:E4:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v5gt73eibXzBlHOzpAZNzFIX5HE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/afa091-b16f-4527-8b00-1ddac2b08404/1/_GqJ24gQOfIN3NK2hJe_xXB0_RU.roa
Signing time:             Mon 01 Jan 2024 18:29:41 +0000
ROA not before:           Mon 01 Jan 2024 18:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198710
IP address blocks:        91.217.174.0/24 maxlen: 24
                          2a05:e700::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/afa091-b16f-4527-8b00-1ddac2b08404/1/v5gt73eibXzBlHOzpAZNzFIX5HE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/afa091-b16f-4527-8b00-1ddac2b08404/1/v5gt73eibXzBlHOzpAZNzFIX5HE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v5gt73eibXzBlHOzpAZNzFIX5HE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:e6:ab:94:ce:cf:eb:5f:a2:c1:05:66:82:06:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf982def77a26d7cc19473b3a4064dcc5217e471
        Validity
            Not Before: Jan  1 18:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc6a89db881039f20ddcd2b68497bfc57074fd15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:09:93:40:32:ab:43:d8:eb:c6:32:3e:4a:de:
                    60:86:36:09:61:57:b6:61:29:98:c0:8f:86:22:89:
                    0b:6d:d9:eb:b0:91:d1:92:28:9d:82:0e:b7:b4:d3:
                    f0:72:96:9c:3c:d7:e9:fe:ce:c3:1a:4b:bb:e2:75:
                    89:a9:3e:2e:30:fd:89:11:23:6c:5d:09:64:63:09:
                    23:30:2a:24:3c:79:a5:1a:e6:da:9f:1a:3f:ba:7f:
                    f6:10:5f:3f:86:cb:0b:81:b9:23:4a:c3:49:bf:44:
                    79:8b:dc:b2:c5:56:dd:43:0b:4d:6a:c0:45:64:3b:
                    78:f1:22:f5:93:99:57:46:d2:45:ad:f4:e8:16:36:
                    e4:8c:ca:30:f4:32:03:5c:f3:a2:8c:42:01:89:fc:
                    25:c7:e3:9e:a8:ef:e8:8f:66:f7:ce:59:93:5a:22:
                    2f:5b:97:bb:b1:07:fd:13:36:f3:c0:21:e3:ae:89:
                    ae:04:80:87:8a:6c:ec:c4:97:dc:7d:60:75:69:89:
                    ce:27:bb:bc:39:90:89:0b:32:b0:fa:a9:41:28:7a:
                    69:67:e5:f6:92:fb:bd:8e:46:11:a0:93:75:40:f4:
                    c6:83:3a:46:b8:17:f2:d8:19:a6:c4:ef:d1:2a:0f:
                    64:35:59:7f:aa:dd:ab:c3:e9:a8:15:2e:60:25:52:
                    45:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:6A:89:DB:88:10:39:F2:0D:DC:D2:B6:84:97:BF:C5:70:74:FD:15
            X509v3 Authority Key Identifier:
                keyid:BF:98:2D:EF:77:A2:6D:7C:C1:94:73:B3:A4:06:4D:CC:52:17:E4:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v5gt73eibXzBlHOzpAZNzFIX5HE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/afa091-b16f-4527-8b00-1ddac2b08404/1/_GqJ24gQOfIN3NK2hJe_xXB0_RU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/afa091-b16f-4527-8b00-1ddac2b08404/1/v5gt73eibXzBlHOzpAZNzFIX5HE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.174.0/24
                IPv6:
                  2a05:e700::/29

    Signature Algorithm: sha256WithRSAEncryption
         3f:8e:26:d3:46:f4:1c:4b:3b:01:86:43:cf:39:ea:5b:86:2a:
         8a:cb:1a:7a:e8:9e:c9:e6:21:8d:27:09:d8:9f:da:7d:e6:ad:
         8a:04:7b:1d:f7:16:9e:6f:9b:f3:d4:1c:53:40:f5:fe:6c:9a:
         e9:b9:ab:de:9f:05:61:86:ad:8e:83:04:9c:e5:64:f4:e0:f4:
         51:b3:72:e7:be:cd:02:bb:c9:86:03:5c:2e:0f:48:9d:a4:d3:
         7f:bf:ab:c2:d7:66:f2:58:8b:00:e4:c6:60:c1:bc:de:ed:0a:
         bc:a1:a9:bc:66:f5:01:fc:ea:59:ce:4c:ba:0d:ad:8c:6b:b9:
         ad:37:99:9d:f2:57:0f:ac:aa:95:e3:71:11:be:47:0a:41:39:
         a0:02:59:1e:65:ff:51:48:9a:d7:e9:a8:e0:13:9f:55:45:d2:
         8c:21:b4:fc:03:f1:e3:bf:aa:0e:33:7d:d3:22:bc:3f:ae:ec:
         2f:52:fa:50:6a:25:46:61:08:20:52:27:4d:77:bc:88:e9:c4:
         f1:35:f8:46:28:e1:01:b6:c2:18:a2:15:f2:62:d4:12:37:9f:
         3f:68:fb:6b:76:b1:a3:b0:d4:68:a6:d1:5a:23:ca:29:b8:58:
         6b:f6:c7:0d:85:0f:8f:e8:ce:58:da:0b:2f:73:41:ef:2a:6c:
         7c:da:9b:5b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSearlM7P61+iwQVmggbDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmOTgyZGVmNzdhMjZkN2NjMTk0NzNiM2E0MDY0ZGNjNTIx
N2U0NzEwHhcNMjQwMTAxMTgyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzZhODlkYjg4MTAzOWYyMGRkY2QyYjY4NDk3YmZjNTcwNzRmZDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwmTQDKrQ9jrxjI+St5ghjYJYVe2
YSmYwI+GIokLbdnrsJHRkiidgg63tNPwcpacPNfp/s7DGku74nWJqT4uMP2JESNs
XQlkYwkjMCokPHmlGubanxo/un/2EF8/hssLgbkjSsNJv0R5i9yyxVbdQwtNasBF
ZDt48SL1k5lXRtJFrfToFjbkjMow9DIDXPOijEIBifwlx+OeqO/oj2b3zlmTWiIv
W5e7sQf9EzbzwCHjromuBICHimzsxJfcfWB1aYnOJ7u8OZCJCzKw+qlBKHppZ+X2
kvu9jkYRoJN1QPTGgzpGuBfy2BmmxO/RKg9kNVl/qt2rw+moFS5gJVJFDQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPxqiduIEDnyDdzStoSXv8VwdP0VMB8GA1UdIwQY
MBaAFL+YLe93om18wZRzs6QGTcxSF+RxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjVndDczZWliWHpCbEhPenBBWk56RklYNUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZmEwOTEtYjE2Zi00NTI3LThiMDAt
MWRkYWMyYjA4NDA0LzEvX0dxSjI0Z1FPZklOM05LMmhKZV94WEIwX1JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZmEwOTEtYjE2Zi00NTI3LThiMDAtMWRkYWMyYjA4NDA0
LzEvdjVndDczZWliWHpCbEhPenBBWk56RklYNUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW9muMA0E
AgACMAcDBQMqBecAMA0GCSqGSIb3DQEBCwUAA4IBAQA/jibTRvQcSzsBhkPPOepb
hiqKyxp66J7J5iGNJwnYn9p95q2KBHsd9xaeb5vz1BxTQPX+bJrpuavenwVhhq2O
gwSc5WT04PRRs3Lnvs0Cu8mGA1wuD0idpNN/v6vC12byWIsA5MZgwbze7Qq8oam8
ZvUB/OpZzky6Da2Ma7mtN5md8lcPrKqV43ERvkcKQTmgAlkeZf9RSJrX6ajgE59V
RdKMIbT8A/Hjv6oOM33TIrw/ruwvUvpQaiVGYQggUidNd7yI6cTxNfhGKOEBtsIY
ohXyYtQSN58/aPtrdrGjsNRoptFaI8opuFhr9scNhQ+P6M5Y2gsvc0HvKmx82ptb
-----END CERTIFICATE-----