Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/4cc2ff-2104-49df-9e0e-662c41673d69/1/ibv39Ay3PJbMdntufQht56n0Zbs.roa
File:                     ibv39Ay3PJbMdntufQht56n0Zbs.roa (raw, json)
Hash identifier:          dro2yZ1kMlvQloAU22rhnene53Po07NmAGCSu5zovkk=
Subject key identifier:   89:BB:F7:F4:0C:B7:3C:96:CC:76:7B:6E:7D:08:6D:E7:A9:F4:65:BB
Certificate issuer:       /CN=a312d1d87d7d48f0ef51fc912b9672c3f73ecbe7
Certificate serial:       018CC64AFAC28E2FC576B7561B26F96450E6
Authority key identifier: A3:12:D1:D8:7D:7D:48:F0:EF:51:FC:91:2B:96:72:C3:F7:3E:CB:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oxLR2H19SPDvUfyRK5Zyw_c-y-c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/4cc2ff-2104-49df-9e0e-662c41673d69/1/ibv39Ay3PJbMdntufQht56n0Zbs.roa
Signing time:             Mon 01 Jan 2024 18:30:51 +0000
ROA not before:           Mon 01 Jan 2024 18:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50959
IP address blocks:        91.216.134.0/24 maxlen: 24
                          2a12:5740::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/4cc2ff-2104-49df-9e0e-662c41673d69/1/oxLR2H19SPDvUfyRK5Zyw_c-y-c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/4cc2ff-2104-49df-9e0e-662c41673d69/1/oxLR2H19SPDvUfyRK5Zyw_c-y-c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oxLR2H19SPDvUfyRK5Zyw_c-y-c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:fa:c2:8e:2f:c5:76:b7:56:1b:26:f9:64:50:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a312d1d87d7d48f0ef51fc912b9672c3f73ecbe7
        Validity
            Not Before: Jan  1 18:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89bbf7f40cb73c96cc767b6e7d086de7a9f465bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:9f:54:91:29:42:fb:e3:4c:3a:0a:b5:fa:cb:
                    0a:ad:e6:3f:44:e9:44:b0:28:35:eb:41:6d:b1:b8:
                    9f:6f:cb:e1:48:ac:3d:41:e8:aa:7c:1f:59:b3:06:
                    6e:06:99:42:d0:8b:fd:ce:23:39:ce:12:86:2a:0f:
                    29:69:69:76:ce:98:6e:3b:16:06:6b:9c:e9:45:d5:
                    e2:13:18:a5:d8:2a:8d:ea:d4:24:42:40:45:dd:5d:
                    2d:e4:57:5a:94:98:e7:02:3b:ed:36:39:18:39:f0:
                    cf:e8:a3:55:9c:65:e8:3b:ed:ae:f7:1c:ac:fc:f3:
                    1f:22:a8:7e:59:dd:85:1a:53:48:6e:33:a9:9f:44:
                    36:aa:a8:fc:fc:56:bc:ff:cc:e8:a6:d4:cc:ef:75:
                    f4:f9:43:30:11:81:e7:e7:a8:c4:92:05:34:b9:f8:
                    d3:51:10:a2:c3:41:e9:3d:bf:6a:e3:f1:b9:70:01:
                    2d:19:15:df:23:89:50:02:cc:c1:6b:df:76:ca:47:
                    d4:a8:3d:4f:17:f2:84:43:8c:5c:cb:2e:71:9c:7a:
                    59:8d:56:76:2b:d4:bd:cb:b8:77:1c:fc:c9:a3:06:
                    07:05:5d:80:c3:f1:8c:b3:a8:fb:18:0a:6d:32:c6:
                    f5:22:9e:65:1f:0b:ac:5e:93:ba:9e:be:e2:f5:db:
                    ec:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:BB:F7:F4:0C:B7:3C:96:CC:76:7B:6E:7D:08:6D:E7:A9:F4:65:BB
            X509v3 Authority Key Identifier:
                keyid:A3:12:D1:D8:7D:7D:48:F0:EF:51:FC:91:2B:96:72:C3:F7:3E:CB:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oxLR2H19SPDvUfyRK5Zyw_c-y-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/4cc2ff-2104-49df-9e0e-662c41673d69/1/ibv39Ay3PJbMdntufQht56n0Zbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/4cc2ff-2104-49df-9e0e-662c41673d69/1/oxLR2H19SPDvUfyRK5Zyw_c-y-c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.134.0/24
                IPv6:
                  2a12:5740::/29

    Signature Algorithm: sha256WithRSAEncryption
         6c:21:8a:d6:f2:df:f0:c6:a7:ea:57:8b:09:0f:bf:07:48:e8:
         1c:97:76:11:77:59:05:e9:2b:dd:6e:cd:ab:36:96:5d:47:74:
         b6:28:00:be:3f:fb:97:01:52:c8:35:96:bc:fa:d1:d3:c8:81:
         f1:d0:81:cc:a7:ad:11:b5:05:48:08:6f:da:1f:f5:8b:ed:64:
         12:63:ef:c5:92:ae:70:f3:5f:1e:a3:22:2f:c2:4c:ae:97:d2:
         ba:78:e6:cb:61:6b:4c:1d:2b:ce:50:2d:2e:d1:50:59:18:1c:
         2e:c8:2b:4a:d1:46:a7:eb:72:34:ec:5c:47:d3:3e:35:67:3f:
         c2:43:b3:f0:28:10:5b:f3:b3:0a:64:38:1d:70:ba:7f:a1:f9:
         60:30:f6:7b:87:05:e0:d6:f7:29:af:07:76:0f:45:db:11:bb:
         a8:24:88:bf:3e:11:3a:6e:00:d0:5b:aa:4b:28:ff:9b:cc:16:
         98:d1:f9:9c:e8:24:41:e7:ce:4c:eb:ab:52:56:59:3f:7b:d7:
         67:45:78:5b:ab:46:11:81:21:3a:24:70:b9:d5:4b:6e:76:f7:
         9b:b8:05:df:07:b4:36:fc:dd:67:bd:d0:94:2d:ab:dc:2e:60:
         9c:cd:63:46:15:61:bf:6b:12:78:26:47:c1:9b:37:18:b6:13:
         0f:96:61:8e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSvrCji/FdrdWGyb5ZFDmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzMTJkMWQ4N2Q3ZDQ4ZjBlZjUxZmM5MTJiOTY3MmMzZjcz
ZWNiZTcwHhcNMjQwMTAxMTgzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWJiZjdmNDBjYjczYzk2Y2M3NjdiNmU3ZDA4NmRlN2E5ZjQ2NWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAop9UkSlC++NMOgq1+ssKreY/ROlE
sCg160Ftsbifb8vhSKw9QeiqfB9ZswZuBplC0Iv9ziM5zhKGKg8paWl2zphuOxYG
a5zpRdXiExil2CqN6tQkQkBF3V0t5FdalJjnAjvtNjkYOfDP6KNVnGXoO+2u9xys
/PMfIqh+Wd2FGlNIbjOpn0Q2qqj8/Fa8/8zoptTM73X0+UMwEYHn56jEkgU0ufjT
URCiw0HpPb9q4/G5cAEtGRXfI4lQAszBa992ykfUqD1PF/KEQ4xcyy5xnHpZjVZ2
K9S9y7h3HPzJowYHBV2Aw/GMs6j7GAptMsb1Ip5lHwusXpO6nr7i9dvs+wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIm79/QMtzyWzHZ7bn0Ibeep9GW7MB8GA1UdIwQY
MBaAFKMS0dh9fUjw71H8kSuWcsP3PsvnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3hMUjJIMTlTUER2VWZ5Uks1Wnl3X2MteS1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy80Y2MyZmYtMjEwNC00OWRmLTllMGUt
NjYyYzQxNjczZDY5LzEvaWJ2MzlBeTNQSmJNZG50dWZRaHQ1Nm4wWmJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy80Y2MyZmYtMjEwNC00OWRmLTllMGUtNjYyYzQxNjczZDY5
LzEvb3hMUjJIMTlTUER2VWZ5Uks1Wnl3X2MteS1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW9iGMA0E
AgACMAcDBQMqEldAMA0GCSqGSIb3DQEBCwUAA4IBAQBsIYrW8t/wxqfqV4sJD78H
SOgcl3YRd1kF6Svdbs2rNpZdR3S2KAC+P/uXAVLINZa8+tHTyIHx0IHMp60RtQVI
CG/aH/WL7WQSY+/Fkq5w818eoyIvwkyul9K6eObLYWtMHSvOUC0u0VBZGBwuyCtK
0Uan63I07FxH0z41Zz/CQ7PwKBBb87MKZDgdcLp/oflgMPZ7hwXg1vcprwd2D0Xb
EbuoJIi/PhE6bgDQW6pLKP+bzBaY0fmc6CRB585M66tSVlk/e9dnRXhbq0YRgSE6
JHC51UtudvebuAXfB7Q2/N1nvdCULavcLmCczWNGFWG/axJ4JkfBmzcYthMPlmGO
-----END CERTIFICATE-----