Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/5c0b4a-2da4-43a5-9289-1937bde8cd6f/1/2WBFidnUIZfm1Xhwjd_NR-WVXRc.roa
File:                     2WBFidnUIZfm1Xhwjd_NR-WVXRc.roa (raw, json)
Hash identifier:          ctQcAg1aMdEyFjxmegT5PYjvgi4qsKQSZKMfWaGtdLs=
Subject key identifier:   D9:60:45:89:D9:D4:21:97:E6:D5:78:70:8D:DF:CD:47:E5:95:5D:17
Certificate issuer:       /CN=9a918b80cbb32737a46b244869a6ad5509543fa1
Certificate serial:       018CC794638B583F32B99AD53E3D1CDF2976
Authority key identifier: 9A:91:8B:80:CB:B3:27:37:A4:6B:24:48:69:A6:AD:55:09:54:3F:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mpGLgMuzJzekayRIaaatVQlUP6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/5c0b4a-2da4-43a5-9289-1937bde8cd6f/1/2WBFidnUIZfm1Xhwjd_NR-WVXRc.roa
Signing time:             Tue 02 Jan 2024 00:30:39 +0000
ROA not before:           Tue 02 Jan 2024 00:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51347
IP address blocks:        91.247.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/5c0b4a-2da4-43a5-9289-1937bde8cd6f/1/mpGLgMuzJzekayRIaaatVQlUP6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/5c0b4a-2da4-43a5-9289-1937bde8cd6f/1/mpGLgMuzJzekayRIaaatVQlUP6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mpGLgMuzJzekayRIaaatVQlUP6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:63:8b:58:3f:32:b9:9a:d5:3e:3d:1c:df:29:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a918b80cbb32737a46b244869a6ad5509543fa1
        Validity
            Not Before: Jan  2 00:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9604589d9d42197e6d578708ddfcd47e5955d17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c2:64:60:31:cf:ff:b7:1b:aa:08:55:d8:37:
                    73:d9:7b:2c:9f:4e:f2:1f:5c:3a:4f:fe:e5:7f:5d:
                    a9:06:5a:1c:7f:b0:b0:29:7e:23:73:15:c3:63:6a:
                    69:48:40:65:d2:37:15:17:2d:47:1a:67:d8:d9:00:
                    35:fe:96:61:48:e0:f9:91:f3:19:b7:d3:cf:e2:9c:
                    7c:ad:d4:b3:ed:24:a2:13:b3:c2:fc:9f:6e:87:f7:
                    1c:f0:1b:ef:fe:81:e7:0e:78:66:10:4c:7b:00:8f:
                    8a:23:73:33:1c:b2:ee:56:04:ef:cf:a1:3d:f6:86:
                    a3:dc:d5:de:4d:37:58:30:8d:e9:73:e8:60:02:d7:
                    e3:5f:32:3d:2e:1b:d1:87:cf:40:cc:49:f3:06:45:
                    34:86:75:de:ea:c0:e1:64:41:9b:ff:b1:8f:04:0e:
                    f6:2f:ec:25:30:c7:7e:3e:7b:75:5d:c3:37:1d:5a:
                    22:c3:69:aa:79:fb:7c:f7:1b:66:87:0d:47:0e:54:
                    cd:bf:a7:d8:43:41:af:69:da:9b:62:ec:e6:b4:bf:
                    bd:2e:4b:15:98:a9:16:b2:5a:4e:22:ef:8b:d6:9b:
                    f4:3a:54:d2:ef:b4:aa:07:1a:7c:89:dc:7b:ae:58:
                    8a:7f:35:1f:e8:87:9b:ba:d8:4a:8c:2b:41:8d:c4:
                    e7:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:60:45:89:D9:D4:21:97:E6:D5:78:70:8D:DF:CD:47:E5:95:5D:17
            X509v3 Authority Key Identifier:
                keyid:9A:91:8B:80:CB:B3:27:37:A4:6B:24:48:69:A6:AD:55:09:54:3F:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mpGLgMuzJzekayRIaaatVQlUP6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/5c0b4a-2da4-43a5-9289-1937bde8cd6f/1/2WBFidnUIZfm1Xhwjd_NR-WVXRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/5c0b4a-2da4-43a5-9289-1937bde8cd6f/1/mpGLgMuzJzekayRIaaatVQlUP6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.247.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:c3:90:42:b6:dc:b8:ec:b6:e4:a8:f7:1b:96:06:3f:ce:29:
         26:41:01:31:d1:c7:d3:08:2b:ab:93:b5:f9:f6:fb:60:99:04:
         24:94:89:16:c7:ba:7c:82:25:c4:25:8e:5e:be:bb:fd:76:fe:
         3c:e1:57:80:11:a5:e5:ba:91:b1:69:04:03:2d:51:44:bc:8f:
         99:49:01:08:0f:84:7b:5d:44:df:91:2c:47:1f:33:a8:0c:27:
         8c:1f:61:58:a3:c5:7d:af:99:af:2b:9a:e8:2d:90:f7:59:46:
         51:95:e8:39:cc:d4:85:76:3b:ad:62:4e:ba:24:5b:15:ad:cf:
         67:79:68:3f:c7:80:f9:1c:e1:a1:d7:96:89:f1:b0:3f:73:7b:
         82:51:ba:fe:53:60:4c:b3:ef:c8:c9:f0:6f:d2:fa:af:b7:31:
         30:2e:09:a3:ad:7f:81:5d:88:6c:3b:31:b9:7a:15:b3:84:58:
         ec:89:12:90:28:fd:21:41:ee:61:9e:e0:c4:f5:4a:63:a1:e4:
         80:a9:d4:30:43:38:dc:63:19:7b:ec:3f:cb:61:83:f3:9d:3a:
         4f:92:59:66:74:13:00:d1:ce:1d:20:ef:fa:0c:74:7d:83:0e:
         e6:f9:d2:68:e8:6d:0d:3e:0a:79:93:93:2f:fc:3b:1c:c6:71:
         b7:dd:e5:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlGOLWD8yuZrVPj0c3yl2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhOTE4YjgwY2JiMzI3MzdhNDZiMjQ0ODY5YTZhZDU1MDk1
NDNmYTEwHhcNMjQwMTAyMDAzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTYwNDU4OWQ5ZDQyMTk3ZTZkNTc4NzA4ZGRmY2Q0N2U1OTU1ZDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMJkYDHP/7cbqghV2Ddz2Xssn07y
H1w6T/7lf12pBlocf7CwKX4jcxXDY2ppSEBl0jcVFy1HGmfY2QA1/pZhSOD5kfMZ
t9PP4px8rdSz7SSiE7PC/J9uh/cc8Bvv/oHnDnhmEEx7AI+KI3MzHLLuVgTvz6E9
9oaj3NXeTTdYMI3pc+hgAtfjXzI9LhvRh89AzEnzBkU0hnXe6sDhZEGb/7GPBA72
L+wlMMd+Pnt1XcM3HVoiw2mqeft89xtmhw1HDlTNv6fYQ0GvadqbYuzmtL+9LksV
mKkWslpOIu+L1pv0OlTS77SqBxp8idx7rliKfzUf6IebuthKjCtBjcTnowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNlgRYnZ1CGX5tV4cI3fzUfllV0XMB8GA1UdIwQY
MBaAFJqRi4DLsyc3pGskSGmmrVUJVD+hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXBHTGdNdXpKemVrYXlSSWFhYXRWUWxVUDZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi81YzBiNGEtMmRhNC00M2E1LTkyODkt
MTkzN2JkZThjZDZmLzEvMldCRmlkblVJWmZtMVhod2pkX05SLVdWWFJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi81YzBiNGEtMmRhNC00M2E1LTkyODktMTkzN2JkZThjZDZm
LzEvbXBHTGdNdXpKemVrYXlSSWFhYXRWUWxVUDZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/dIMA0G
CSqGSIb3DQEBCwUAA4IBAQBBw5BCtty47LbkqPcblgY/zikmQQEx0cfTCCurk7X5
9vtgmQQklIkWx7p8giXEJY5evrv9dv484VeAEaXlupGxaQQDLVFEvI+ZSQEID4R7
XUTfkSxHHzOoDCeMH2FYo8V9r5mvK5roLZD3WUZRleg5zNSFdjutYk66JFsVrc9n
eWg/x4D5HOGh15aJ8bA/c3uCUbr+U2BMs+/IyfBv0vqvtzEwLgmjrX+BXYhsOzG5
ehWzhFjsiRKQKP0hQe5hnuDE9UpjoeSAqdQwQzjcYxl77D/LYYPznTpPkllmdBMA
0c4dIO/6DHR9gw7m+dJo6G0NPgp5k5Mv/DscxnG33eV0
-----END CERTIFICATE-----