Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/bk4fp90k2kQdmkh5KRdzTicr1Kk.roa
File:                     bk4fp90k2kQdmkh5KRdzTicr1Kk.roa (raw, json)
Hash identifier:          PYQhd7rqGB9VcZrFo9h/VvsYhWGrQjdsWSuTC4Cygr0=
Subject key identifier:   6E:4E:1F:A7:DD:24:DA:44:1D:9A:48:79:29:17:73:4E:27:2B:D4:A9
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB3EF668CB118B951F17CC1FCA0FCE
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/bk4fp90k2kQdmkh5KRdzTicr1Kk.roa
Signing time:             Mon 01 Jan 2024 02:29:57 +0000
ROA not before:           Mon 01 Jan 2024 02:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398436
IP address blocks:        91.242.108.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:3e:f6:68:cb:11:8b:95:1f:17:cc:1f:ca:0f:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e4e1fa7dd24da441d9a48792917734e272bd4a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:67:ab:22:3f:2a:50:a9:cf:f8:b9:d6:5f:a7:
                    1e:49:22:f7:f4:ac:44:20:84:23:93:a5:db:6a:1c:
                    29:04:28:80:fd:12:20:ab:1b:6f:ad:38:b5:91:b1:
                    96:0f:31:35:d0:89:ac:98:86:1e:70:df:24:5e:16:
                    7a:76:98:55:cd:39:69:94:6a:d5:b6:41:fb:5f:e4:
                    4b:3c:8e:7e:13:a5:72:59:d3:ae:ba:29:08:63:e8:
                    08:ce:60:89:bc:e9:d5:ff:8f:05:94:7b:58:09:38:
                    88:82:92:1a:a4:05:55:82:9d:e6:14:ca:39:2d:38:
                    27:75:d0:a6:63:e6:99:95:50:c9:cd:d1:fd:42:70:
                    e3:cb:b7:9e:e2:dd:6e:08:56:3e:ce:ce:76:a8:49:
                    23:15:9b:88:03:d3:88:9b:e2:7c:19:0b:61:77:8b:
                    dc:a2:4a:9a:5d:44:08:94:85:63:06:41:60:12:fa:
                    04:2d:9c:ca:58:18:24:da:a9:b4:57:bb:65:16:4b:
                    34:8b:ff:4b:1b:61:92:3b:f4:14:e0:55:e4:33:93:
                    ad:e1:50:25:4b:0f:82:5c:dc:d6:6f:fd:c2:77:a5:
                    a8:5d:fd:c6:18:68:ac:6f:11:b3:1b:1e:cb:f7:2a:
                    a8:30:48:14:f3:b0:f5:70:ed:5c:c8:4d:5a:b9:be:
                    d5:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:4E:1F:A7:DD:24:DA:44:1D:9A:48:79:29:17:73:4E:27:2B:D4:A9
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/bk4fp90k2kQdmkh5KRdzTicr1Kk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:17:44:77:96:8f:36:70:72:31:73:12:ad:e4:c6:1c:2c:3a:
         8e:c8:92:fa:6f:86:b2:27:0f:6b:11:3b:11:4d:78:7a:bf:0a:
         76:e1:b2:75:b6:9c:e3:d1:12:2b:86:85:e7:13:e8:fa:96:cf:
         22:82:56:b3:8d:b4:cf:28:a3:85:e1:ed:c6:56:3d:b7:13:4a:
         b8:49:97:54:24:82:e0:1a:38:31:d7:26:e9:a5:28:09:b6:9c:
         fc:98:73:83:65:52:dc:85:fd:d1:78:fc:25:fe:a8:49:7e:4e:
         0d:21:7f:8a:72:2c:c5:b8:7a:54:23:0f:3c:c0:bb:d1:4f:ac:
         b2:5f:42:d6:21:30:21:28:ec:9d:ac:3a:13:49:01:d9:bb:34:
         c2:de:04:07:c5:c0:c3:58:09:46:d3:76:26:71:d2:7a:a6:d1:
         55:ba:47:bb:89:62:50:d6:d4:ae:67:2d:68:3a:85:fb:11:67:
         0c:45:dc:e4:0d:f5:5e:85:23:90:5c:80:af:04:a1:2b:89:d5:
         17:ed:f9:b0:3e:3d:5d:56:eb:9b:ca:b0:1d:6a:1f:07:73:15:
         25:3d:6a:a2:81:34:6c:0f:36:12:6f:79:6b:5c:6e:2c:49:20:
         ec:18:a5:92:ed:82:a1:f2:eb:40:39:d8:e0:2e:82:8b:06:ed:
         a7:46:b7:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2z72aMsRi5UfF8wfyg/OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTRlMWZhN2RkMjRkYTQ0MWQ5YTQ4NzkyOTE3NzM0ZTI3MmJkNGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2erIj8qUKnP+LnWX6ceSSL39KxE
IIQjk6XbahwpBCiA/RIgqxtvrTi1kbGWDzE10ImsmIYecN8kXhZ6dphVzTlplGrV
tkH7X+RLPI5+E6VyWdOuuikIY+gIzmCJvOnV/48FlHtYCTiIgpIapAVVgp3mFMo5
LTgnddCmY+aZlVDJzdH9QnDjy7ee4t1uCFY+zs52qEkjFZuIA9OIm+J8GQthd4vc
okqaXUQIlIVjBkFgEvoELZzKWBgk2qm0V7tlFks0i/9LG2GSO/QU4FXkM5Ot4VAl
Sw+CXNzWb/3Cd6WoXf3GGGisbxGzGx7L9yqoMEgU87D1cO1cyE1aub7VkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG5OH6fdJNpEHZpIeSkXc04nK9SpMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvYms0ZnA5MGsya1FkbWtoNUtSZHpUaWNyMUtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW/JsMA0G
CSqGSIb3DQEBCwUAA4IBAQASF0R3lo82cHIxcxKt5MYcLDqOyJL6b4ayJw9rETsR
TXh6vwp24bJ1tpzj0RIrhoXnE+j6ls8iglazjbTPKKOF4e3GVj23E0q4SZdUJILg
Gjgx1ybppSgJtpz8mHODZVLchf3RePwl/qhJfk4NIX+KcizFuHpUIw88wLvRT6yy
X0LWITAhKOydrDoTSQHZuzTC3gQHxcDDWAlG03YmcdJ6ptFVuke7iWJQ1tSuZy1o
OoX7EWcMRdzkDfVehSOQXICvBKEridUX7fmwPj1dVuubyrAdah8HcxUlPWqigTRs
DzYSb3lrXG4sSSDsGKWS7YKh8utAOdjgLoKLBu2nRrd4
-----END CERTIFICATE-----