Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/iaQf8vdKeavZOi3c0TzzpGZFQvM.roa
File:                     iaQf8vdKeavZOi3c0TzzpGZFQvM.roa (raw, json)
Hash identifier:          +Xx1RXFK1mCEC3/pJBQOSw1KeSCUEjfLdxB/5IHzCpk=
Subject key identifier:   89:A4:1F:F2:F7:4A:79:AB:D9:3A:2D:DC:D1:3C:F3:A4:66:45:42:F3
Certificate issuer:       /CN=b8ed3ebcd2155f9a178a103adab48fda8b2275a5
Certificate serial:       018CC8715C722F3E482C1DCF64FA19F5B0EF
Authority key identifier: B8:ED:3E:BC:D2:15:5F:9A:17:8A:10:3A:DA:B4:8F:DA:8B:22:75:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uO0-vNIVX5oXihA62rSP2osidaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/iaQf8vdKeavZOi3c0TzzpGZFQvM.roa
Signing time:             Tue 02 Jan 2024 04:32:01 +0000
ROA not before:           Tue 02 Jan 2024 04:32:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43349
IP address blocks:        91.215.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/uO0-vNIVX5oXihA62rSP2osidaU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/uO0-vNIVX5oXihA62rSP2osidaU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uO0-vNIVX5oXihA62rSP2osidaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:5c:72:2f:3e:48:2c:1d:cf:64:fa:19:f5:b0:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8ed3ebcd2155f9a178a103adab48fda8b2275a5
        Validity
            Not Before: Jan  2 04:32:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89a41ff2f74a79abd93a2ddcd13cf3a4664542f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a8:e5:90:5e:08:67:df:91:b2:ad:d6:88:ec:
                    d7:5d:34:13:88:d0:ac:48:9b:3c:40:34:b7:fe:ba:
                    76:58:83:ff:24:6d:f6:13:dd:0c:07:ca:52:9e:0f:
                    b6:91:9e:2d:f1:c9:47:52:47:d3:9a:8b:8d:a3:8a:
                    3e:74:e5:32:f7:10:d9:25:ab:51:a6:a1:e4:07:f9:
                    83:a1:de:3f:fe:da:94:39:df:9f:cb:ff:bf:7c:d2:
                    fe:05:f1:7b:1d:48:de:f9:6d:df:4c:cf:94:47:55:
                    4c:8d:a8:38:da:a0:a2:8b:fb:73:ac:bf:c5:be:4c:
                    0d:a1:9f:8e:eb:dd:1d:8b:ec:c4:4d:db:d5:5b:1c:
                    19:6d:ae:8c:63:08:29:a8:78:fb:c3:06:9d:b3:83:
                    1a:7e:92:20:bc:ad:44:49:82:3a:70:a4:b6:66:61:
                    80:bb:f5:e8:e4:42:d1:73:ba:23:0b:e7:e9:3a:f5:
                    f5:39:40:83:84:64:7e:8d:57:cd:f3:97:0e:4d:5e:
                    f3:bd:e1:38:3e:1c:3a:3e:d4:9b:43:ab:ed:a8:b5:
                    a0:1f:c9:2f:56:fe:66:34:0a:e5:19:3b:7e:3d:54:
                    96:ba:45:c3:33:c7:62:f8:d4:2d:60:19:62:01:07:
                    d7:5c:d8:8d:27:d6:d9:a8:6f:52:98:eb:f1:ad:a6:
                    cb:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:A4:1F:F2:F7:4A:79:AB:D9:3A:2D:DC:D1:3C:F3:A4:66:45:42:F3
            X509v3 Authority Key Identifier:
                keyid:B8:ED:3E:BC:D2:15:5F:9A:17:8A:10:3A:DA:B4:8F:DA:8B:22:75:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uO0-vNIVX5oXihA62rSP2osidaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/iaQf8vdKeavZOi3c0TzzpGZFQvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/uO0-vNIVX5oXihA62rSP2osidaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.215.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:c4:9d:9b:66:41:4c:35:2c:9e:32:85:7c:11:e0:71:e2:fb:
         8a:f6:b7:3d:88:d0:3f:04:a9:4d:9e:36:73:f7:a2:79:09:28:
         0e:25:1c:02:02:9c:3e:bc:f0:23:84:fb:e4:8e:d6:a5:f2:b2:
         c9:f5:fc:a1:20:e5:b9:ae:08:1f:a5:e2:5e:91:fd:40:76:80:
         73:ba:ef:08:1c:b8:60:8d:48:b1:92:16:8f:31:e5:8e:13:ae:
         eb:db:2a:63:34:85:54:2c:a3:71:5a:b5:14:9e:9e:48:4e:e1:
         13:19:33:4a:81:40:b2:7e:c3:35:4e:0a:92:a0:e4:ff:db:c4:
         28:ef:a1:24:c3:63:1a:67:7c:15:f6:d5:de:97:d3:8c:10:8e:
         30:da:a5:96:fb:3b:21:ba:00:90:69:c9:d5:a2:c6:dc:a9:c1:
         cf:51:f3:29:27:19:80:49:90:35:82:70:8a:fd:29:2e:fc:8c:
         c9:37:da:28:83:8b:00:c5:b1:c7:0a:34:13:c4:7e:39:78:51:
         c6:78:15:fe:bf:4f:3e:3c:68:ff:45:1b:31:02:78:a0:43:9a:
         f8:74:3f:d5:32:e9:9f:d0:8c:e9:75:32:2e:12:ec:15:f3:d7:
         22:1c:24:e5:60:a7:3d:a9:fa:72:b9:6f:5b:74:b1:51:89:98:
         9d:90:d8:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcVxyLz5ILB3PZPoZ9bDvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4ZWQzZWJjZDIxNTVmOWExNzhhMTAzYWRhYjQ4ZmRhOGIy
Mjc1YTUwHhcNMjQwMTAyMDQzMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWE0MWZmMmY3NGE3OWFiZDkzYTJkZGNkMTNjZjNhNDY2NDU0MmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApKjlkF4IZ9+Rsq3WiOzXXTQTiNCs
SJs8QDS3/rp2WIP/JG32E90MB8pSng+2kZ4t8clHUkfTmouNo4o+dOUy9xDZJatR
pqHkB/mDod4//tqUOd+fy/+/fNL+BfF7HUje+W3fTM+UR1VMjag42qCii/tzrL/F
vkwNoZ+O690di+zETdvVWxwZba6MYwgpqHj7wwads4MafpIgvK1ESYI6cKS2ZmGA
u/Xo5ELRc7ojC+fpOvX1OUCDhGR+jVfN85cOTV7zveE4Phw6PtSbQ6vtqLWgH8kv
Vv5mNArlGTt+PVSWukXDM8di+NQtYBliAQfXXNiNJ9bZqG9SmOvxrabLIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFImkH/L3Snmr2Tot3NE886RmRULzMB8GA1UdIwQY
MBaAFLjtPrzSFV+aF4oQOtq0j9qLInWlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU8wLXZOSVZYNW9YaWhBNjJyU1Ayb3NpZGFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi80MjFjNmQtNTM1Yy00YzEzLThkYTMt
ZGVhMTJkZDhjN2Y0LzEvaWFRZjh2ZEtlYXZaT2kzYzBUenpwR1pGUXZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi80MjFjNmQtNTM1Yy00YzEzLThkYTMtZGVhMTJkZDhjN2Y0
LzEvdU8wLXZOSVZYNW9YaWhBNjJyU1Ayb3NpZGFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9fJMA0G
CSqGSIb3DQEBCwUAA4IBAQAsxJ2bZkFMNSyeMoV8EeBx4vuK9rc9iNA/BKlNnjZz
96J5CSgOJRwCApw+vPAjhPvkjtal8rLJ9fyhIOW5rggfpeJekf1AdoBzuu8IHLhg
jUixkhaPMeWOE67r2ypjNIVULKNxWrUUnp5ITuETGTNKgUCyfsM1TgqSoOT/28Qo
76Ekw2MaZ3wV9tXel9OMEI4w2qWW+zshugCQacnVosbcqcHPUfMpJxmASZA1gnCK
/Sku/IzJN9oog4sAxbHHCjQTxH45eFHGeBX+v08+PGj/RRsxAnigQ5r4dD/VMumf
0IzpdTIuEuwV89ciHCTlYKc9qfpyuW9bdLFRiZidkNi4
-----END CERTIFICATE-----