Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/0GmR-wJvCLr70MuZIGaIeNqNDC4.roa
File:                     0GmR-wJvCLr70MuZIGaIeNqNDC4.roa (raw, json)
Hash identifier:          1WSoc36TgJiCPwtXr+yblt/xvXLOs4hiaOCJcz79ff4=
Subject key identifier:   D0:69:91:FB:02:6F:08:BA:FB:D0:CB:99:20:66:88:78:DA:8D:0C:2E
Certificate issuer:       /CN=89e4bf59877a3b2ef14f5f120a6750dc14939c6b
Certificate serial:       018DF45021B15AB1AF3687E876AAD36C33FE
Authority key identifier: 89:E4:BF:59:87:7A:3B:2E:F1:4F:5F:12:0A:67:50:DC:14:93:9C:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ieS_WYd6Oy7xT18SCmdQ3BSTnGs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/0GmR-wJvCLr70MuZIGaIeNqNDC4.roa
Signing time:             Thu 29 Feb 2024 10:01:48 +0000
ROA not before:           Thu 29 Feb 2024 10:01:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        91.221.190.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/ieS_WYd6Oy7xT18SCmdQ3BSTnGs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/ieS_WYd6Oy7xT18SCmdQ3BSTnGs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ieS_WYd6Oy7xT18SCmdQ3BSTnGs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f4:50:21:b1:5a:b1:af:36:87:e8:76:aa:d3:6c:33:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89e4bf59877a3b2ef14f5f120a6750dc14939c6b
        Validity
            Not Before: Feb 29 10:01:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d06991fb026f08bafbd0cb9920668878da8d0c2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:3d:98:b4:01:2f:a2:0b:3c:d1:58:d2:d5:73:
                    ed:cd:bf:cc:f4:85:08:87:6e:f8:2c:62:df:e0:9a:
                    a7:03:7f:0b:a5:29:57:df:f0:91:78:df:5a:d8:4f:
                    31:e3:22:79:3a:27:88:ec:c9:c4:5b:e6:ef:52:74:
                    7b:b1:d0:c4:0b:97:00:27:93:ce:34:36:7c:98:52:
                    bb:e2:ad:c0:dd:cc:40:19:fe:e0:9d:3d:f0:38:9a:
                    b5:82:56:e6:8d:b5:e2:eb:7b:96:42:66:7b:02:98:
                    d5:64:0e:be:c1:ca:14:9e:b6:b3:33:ba:0d:87:79:
                    a9:69:7a:4c:7e:27:81:29:28:39:30:a0:e8:ad:0e:
                    37:a2:54:17:f2:38:82:23:7b:91:3a:2e:67:7f:4a:
                    67:80:6f:29:d8:5b:0d:c7:a5:43:a0:f4:78:92:6b:
                    56:8d:11:25:b4:3f:89:f9:04:13:b2:31:a3:1f:18:
                    67:5c:8e:18:b0:ff:ef:4a:4d:cf:c1:77:56:7c:62:
                    d0:12:1a:74:07:d8:64:ed:57:37:ad:ad:17:e4:ed:
                    66:7f:ed:4c:9a:44:cf:f7:94:f9:17:46:a2:e5:c8:
                    34:16:95:20:13:c6:1b:5d:d8:93:56:77:f7:4e:f2:
                    d6:2f:f2:76:8d:4f:df:df:23:6c:10:a9:23:fd:03:
                    23:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:69:91:FB:02:6F:08:BA:FB:D0:CB:99:20:66:88:78:DA:8D:0C:2E
            X509v3 Authority Key Identifier:
                keyid:89:E4:BF:59:87:7A:3B:2E:F1:4F:5F:12:0A:67:50:DC:14:93:9C:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ieS_WYd6Oy7xT18SCmdQ3BSTnGs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/0GmR-wJvCLr70MuZIGaIeNqNDC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/075bc1-2b55-40b1-990e-23bb4203eb57/1/ieS_WYd6Oy7xT18SCmdQ3BSTnGs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         78:58:63:cb:61:4f:75:cb:0b:01:a9:63:1b:9d:23:f0:27:3b:
         16:db:91:2a:4f:3b:eb:d5:21:6e:1d:58:1e:e6:34:63:f5:46:
         c6:0c:12:0c:eb:e3:8f:de:2a:cd:ca:ff:e1:d8:9e:d1:bd:75:
         c3:55:e4:c6:a0:ad:2f:be:a8:6b:87:66:cd:07:e4:8a:68:16:
         8d:78:d5:d1:90:64:49:11:67:ac:a8:5b:b6:05:3c:7e:c8:56:
         34:99:34:3d:d3:c2:a3:22:a4:c9:06:79:f8:51:9e:8c:50:31:
         37:3f:6d:f8:96:05:01:5f:ca:19:67:5c:f9:ec:a1:70:d8:4f:
         8d:04:17:8b:33:1f:66:c9:2b:cb:30:88:33:1c:3b:13:21:b7:
         88:66:5b:a3:dd:08:f9:31:6f:51:0d:1d:bc:b2:9e:60:9b:61:
         ec:11:2c:e8:fe:1b:36:ce:07:fe:69:08:bf:9c:dc:ae:5b:9a:
         2f:8c:ce:33:e8:e7:32:57:95:b9:45:fe:8d:74:ff:06:b8:98:
         bd:2b:af:10:a3:d1:17:eb:cb:70:9c:16:05:d9:44:3b:63:68:
         a4:3c:bd:44:e2:23:24:69:eb:b9:76:13:69:83:cf:a8:72:4b:
         86:76:4b:85:25:f7:9a:92:1f:af:6c:b6:f1:35:9b:ee:18:e3:
         ad:64:93:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY30UCGxWrGvNofodqrTbDP+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5ZTRiZjU5ODc3YTNiMmVmMTRmNWYxMjBhNjc1MGRjMTQ5
MzljNmIwHhcNMjQwMjI5MTAwMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDY5OTFmYjAyNmYwOGJhZmJkMGNiOTkyMDY2ODg3OGRhOGQwYzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmD2YtAEvogs80VjS1XPtzb/M9IUI
h274LGLf4JqnA38LpSlX3/CReN9a2E8x4yJ5OieI7MnEW+bvUnR7sdDEC5cAJ5PO
NDZ8mFK74q3A3cxAGf7gnT3wOJq1glbmjbXi63uWQmZ7ApjVZA6+wcoUnrazM7oN
h3mpaXpMfieBKSg5MKDorQ43olQX8jiCI3uROi5nf0pngG8p2FsNx6VDoPR4kmtW
jREltD+J+QQTsjGjHxhnXI4YsP/vSk3PwXdWfGLQEhp0B9hk7Vc3ra0X5O1mf+1M
mkTP95T5F0ai5cg0FpUgE8YbXdiTVnf3TvLWL/J2jU/f3yNsEKkj/QMjRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNBpkfsCbwi6+9DLmSBmiHjajQwuMB8GA1UdIwQY
MBaAFInkv1mHejsu8U9fEgpnUNwUk5xrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWVTX1dZZDZPeTd4VDE4U0NtZFEzQlNUbkdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8wNzViYzEtMmI1NS00MGIxLTk5MGUt
MjNiYjQyMDNlYjU3LzEvMEdtUi13SnZDTHI3ME11WklHYUllTnFOREM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8wNzViYzEtMmI1NS00MGIxLTk5MGUtMjNiYjQyMDNlYjU3
LzEvaWVTX1dZZDZPeTd4VDE4U0NtZFEzQlNUbkdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW92+MA0G
CSqGSIb3DQEBCwUAA4IBAQB4WGPLYU91ywsBqWMbnSPwJzsW25EqTzvr1SFuHVge
5jRj9UbGDBIM6+OP3irNyv/h2J7RvXXDVeTGoK0vvqhrh2bNB+SKaBaNeNXRkGRJ
EWesqFu2BTx+yFY0mTQ908KjIqTJBnn4UZ6MUDE3P234lgUBX8oZZ1z57KFw2E+N
BBeLMx9mySvLMIgzHDsTIbeIZluj3Qj5MW9RDR28sp5gm2HsESzo/hs2zgf+aQi/
nNyuW5ovjM4z6OcyV5W5Rf6NdP8GuJi9K68Qo9EX68twnBYF2UQ7Y2ikPL1E4iMk
aeu5dhNpg8+ockuGdkuFJfeakh+vbLbxNZvuGOOtZJNp
-----END CERTIFICATE-----