Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/CrLVpC0mj22DIo6dIwNnwW8l22M.roa
File:                     CrLVpC0mj22DIo6dIwNnwW8l22M.roa (raw, json)
Hash identifier:          aPRsqFYqYRDDS9J9vbOPUX7TPF5/yAQNQj5mPVvJwbU=
Subject key identifier:   0A:B2:D5:A4:2D:26:8F:6D:83:22:8E:9D:23:03:67:C1:6F:25:DB:63
Certificate issuer:       /CN=002647c801fb58fcfaac135bb48f5e61fea7e566
Certificate serial:       018CC8018CC5467B333E1C787E103250E331
Authority key identifier: 00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/CrLVpC0mj22DIo6dIwNnwW8l22M.roa
Signing time:             Tue 02 Jan 2024 02:29:53 +0000
ROA not before:           Tue 02 Jan 2024 02:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48126
IP address blocks:        91.229.248.0/24 maxlen: 24
                          195.110.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:8c:c5:46:7b:33:3e:1c:78:7e:10:32:50:e3:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=002647c801fb58fcfaac135bb48f5e61fea7e566
        Validity
            Not Before: Jan  2 02:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ab2d5a42d268f6d83228e9d230367c16f25db63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:13:c1:fb:7b:44:eb:28:96:a5:da:ce:d2:2e:
                    c3:61:a8:d8:70:2a:6a:17:34:f4:b5:43:79:c0:09:
                    53:de:a2:1c:a3:9a:4e:f3:a9:1f:d5:c7:59:3f:cc:
                    7b:ad:33:58:f1:67:c8:c4:96:74:ee:87:58:d9:6f:
                    b5:e7:49:b2:93:5e:fa:1a:0b:43:4a:e0:62:09:d1:
                    94:64:a3:0e:d2:7c:3c:3e:29:4b:50:15:b7:78:cb:
                    28:e9:5c:b5:1f:5d:07:d8:bd:7e:e8:77:54:bf:ab:
                    6d:86:7d:5a:bb:4b:41:2e:81:f2:53:b1:41:34:42:
                    97:83:9d:b7:64:12:dc:50:e9:69:af:dc:84:d2:dd:
                    fb:40:59:16:18:72:3e:a9:4e:59:7d:11:ab:e7:6e:
                    13:12:b7:e3:a9:3c:d5:d4:74:71:d9:bf:70:f3:29:
                    c7:b1:16:27:74:26:49:e3:d0:b0:72:6c:92:b0:1e:
                    52:99:87:96:8b:b9:98:bb:cb:17:91:f6:1b:01:39:
                    d8:fe:2e:b9:81:7c:2e:d9:9e:0f:6f:b4:e4:6d:d5:
                    41:b1:36:16:14:d1:26:56:60:0a:68:a4:c4:fa:c0:
                    79:3b:f1:9a:9f:52:eb:20:23:5e:72:48:d9:ba:7e:
                    20:7c:ab:a6:38:2f:1b:c2:2c:ff:b9:06:47:ee:91:
                    39:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:B2:D5:A4:2D:26:8F:6D:83:22:8E:9D:23:03:67:C1:6F:25:DB:63
            X509v3 Authority Key Identifier:
                keyid:00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/CrLVpC0mj22DIo6dIwNnwW8l22M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.248.0/24
                  195.110.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:0e:76:1a:35:dd:2c:f4:91:a5:20:71:42:a3:b9:9c:99:49:
         33:01:84:ab:a6:4f:17:28:e8:82:e4:c5:2b:43:49:f5:17:bd:
         93:92:c3:f8:96:c8:8f:8f:4c:e5:9e:25:9c:df:8a:2e:73:fc:
         6d:b9:02:af:1f:c7:a9:da:28:25:17:c2:82:6a:3f:5f:d7:be:
         28:7d:59:69:b1:7d:c7:b9:c6:ff:be:10:5f:b6:5d:90:00:55:
         60:67:12:2f:68:b1:a5:d4:c1:76:4b:a2:b6:fe:2a:24:4b:10:
         81:25:c8:08:07:ed:de:4b:36:31:de:ac:27:bf:29:67:95:bc:
         64:96:f0:ce:6a:84:e8:f7:2c:e9:5e:bf:99:1e:d4:6f:c4:17:
         47:96:28:6b:38:8a:6d:13:85:68:9c:ee:da:f2:de:3c:bf:f6:
         8b:e4:4a:2e:ff:82:a9:5a:d4:4f:e8:63:33:5f:bc:a8:85:82:
         14:01:8b:99:19:e4:e8:45:d3:f7:6c:5e:2f:96:6d:69:07:ff:
         91:b4:90:54:2c:77:3c:33:bc:af:eb:76:dc:af:a9:06:21:80:
         f2:55:75:52:6a:47:5d:30:db:35:fb:b0:91:03:f6:8e:ff:a6:
         33:e2:2e:2c:57:6b:a9:17:bb:9a:6c:d8:7d:26:15:87:c9:ef:
         03:81:7b:50
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAYzFRnszPhx4fhAyUOMxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMjY0N2M4MDFmYjU4ZmNmYWFjMTM1YmI0OGY1ZTYxZmVh
N2U1NjYwHhcNMjQwMTAyMDIyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWIyZDVhNDJkMjY4ZjZkODMyMjhlOWQyMzAzNjdjMTZmMjVkYjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxPB+3tE6yiWpdrO0i7DYajYcCpq
FzT0tUN5wAlT3qIco5pO86kf1cdZP8x7rTNY8WfIxJZ07odY2W+150myk176GgtD
SuBiCdGUZKMO0nw8PilLUBW3eMso6Vy1H10H2L1+6HdUv6tthn1au0tBLoHyU7FB
NEKXg523ZBLcUOlpr9yE0t37QFkWGHI+qU5ZfRGr524TErfjqTzV1HRx2b9w8ynH
sRYndCZJ49CwcmySsB5SmYeWi7mYu8sXkfYbATnY/i65gXwu2Z4Pb7TkbdVBsTYW
FNEmVmAKaKTE+sB5O/Gan1LrICNeckjZun4gfKumOC8bwiz/uQZH7pE5fwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAqy1aQtJo9tgyKOnSMDZ8FvJdtjMB8GA1UdIwQY
MBaAFAAmR8gB+1j8+qwTW7SPXmH+p+VmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODIt
OTRlZmJmNWNlY2Q0LzEvQ3JMVnBDMG1qMjJESW82ZEl3Tm53VzhsMjJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODItOTRlZmJmNWNlY2Q0
LzEvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+X4AwQA
w24VMA0GCSqGSIb3DQEBCwUAA4IBAQBaDnYaNd0s9JGlIHFCo7mcmUkzAYSrpk8X
KOiC5MUrQ0n1F72TksP4lsiPj0zlniWc34ouc/xtuQKvH8ep2iglF8KCaj9f174o
fVlpsX3Hucb/vhBftl2QAFVgZxIvaLGl1MF2S6K2/iokSxCBJcgIB+3eSzYx3qwn
vylnlbxklvDOaoTo9yzpXr+ZHtRvxBdHlihrOIptE4VonO7a8t48v/aL5Eou/4Kp
WtRP6GMzX7yohYIUAYuZGeToRdP3bF4vlm1pB/+RtJBULHc8M7yv63bcr6kGIYDy
VXVSakddMNs1+7CRA/aO/6Yz4i4sV2upF7uabNh9JhWHye8DgXtQ
-----END CERTIFICATE-----