Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/kJ_VT3GO0udL_NSsShskecrS4Ec.roa
File:                     kJ_VT3GO0udL_NSsShskecrS4Ec.roa (raw, json)
Hash identifier:          BSY3r9bbMLSjXXQww1EavF3FXrgtQUS1ZSpqcJZUVE8=
Subject key identifier:   90:9F:D5:4F:71:8E:D2:E7:4B:FC:D4:AC:4A:1B:24:79:CA:D2:E0:47
Certificate issuer:       /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial:       018570028C0FE467F4DDEDA91A778615E197
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/kJ_VT3GO0udL_NSsShskecrS4Ec.roa
Signing time:             Mon 02 Jan 2023 01:04:53 +0000
ROA not before:           Mon 02 Jan 2023 01:04:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20473
IP address blocks:        91.243.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Mar 2023 07:18:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:02:8c:0f:e4:67:f4:dd:ed:a9:1a:77:86:15:e1:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
        Validity
            Not Before: Jan  2 01:04:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=909fd54f718ed2e74bfcd4ac4a1b2479cad2e047
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f1:06:5b:45:78:1e:b1:3f:d2:54:5c:15:e3:
                    df:5e:b2:d2:74:ad:e7:5a:c3:98:f7:7c:0f:05:9d:
                    35:bc:80:f8:43:77:bc:07:68:33:a3:28:4b:38:92:
                    78:4d:2f:bd:97:c5:d3:ae:d9:03:d9:ae:cb:ad:34:
                    81:2d:cc:c2:48:3e:24:a4:f9:5b:72:44:56:55:c1:
                    7c:27:56:27:50:f0:d5:a0:2d:32:e2:c4:11:7c:15:
                    d3:00:39:59:4d:03:5f:9a:6a:99:6c:b6:88:8c:51:
                    03:55:8f:27:43:f9:bb:b0:1e:27:12:17:cc:8c:bf:
                    0b:4b:a7:b3:47:cd:b3:7a:b3:ed:11:db:58:a3:9c:
                    0a:27:b0:91:1d:7f:a3:5b:54:09:af:75:af:48:08:
                    e6:75:0c:7a:4d:8c:4e:10:16:36:bb:c4:40:57:6c:
                    b3:4c:90:d6:bc:80:7c:cb:4e:db:f2:af:0d:78:17:
                    2b:ab:4e:98:2b:27:b9:23:f0:7c:a7:98:fb:de:e5:
                    fe:50:69:40:7d:f0:2a:c1:cd:bb:9b:4f:16:51:ed:
                    ed:ff:2d:f4:99:59:20:74:55:4d:67:ff:f7:0c:1e:
                    f6:09:63:c6:72:af:9f:dc:eb:1d:bc:56:8e:20:de:
                    3f:a2:cc:ba:9b:c1:a8:dc:7b:b9:57:5d:2f:1f:20:
                    0c:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                90:9F:D5:4F:71:8E:D2:E7:4B:FC:D4:AC:4A:1B:24:79:CA:D2:E0:47
            X509v3 Authority Key Identifier: 
                keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/kJ_VT3GO0udL_NSsShskecrS4Ec.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.243.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:d4:16:55:93:8e:42:48:e1:62:63:3e:38:47:a9:6d:53:1c:
         87:f6:da:10:90:d5:a8:8d:e6:9f:89:49:2d:75:52:ec:44:14:
         bc:00:37:5e:b6:ac:c0:20:d9:4e:77:e4:db:02:23:d8:05:48:
         77:fd:37:04:28:61:06:ba:c6:25:37:a2:ff:57:7e:46:95:f8:
         20:78:6c:c9:de:57:6c:91:1b:0f:99:ed:39:7f:d3:8f:72:23:
         1a:86:76:28:6a:ee:1a:f4:d4:0c:e2:7b:0d:0e:81:95:05:44:
         ae:6c:76:cc:b3:4c:f1:8c:46:a2:eb:67:72:60:d8:54:57:85:
         60:58:47:48:42:27:d7:b5:ac:a6:03:02:58:f4:8f:4f:9c:11:
         a8:72:57:fc:28:2e:ad:94:82:cb:62:e5:3a:8a:a0:0f:60:d7:
         ff:3f:5e:5c:c6:54:3b:ee:1b:a9:21:a8:e5:60:00:62:cf:4f:
         96:85:32:8a:23:1d:3c:b0:5f:90:bd:64:de:84:79:47:90:2c:
         7e:23:7c:ad:8b:6a:2c:a9:2e:5d:78:8d:20:97:1f:c6:21:b6:
         a5:52:33:07:0f:06:97:89:df:1b:92:9e:40:9d:ca:45:e6:9d:
         9d:f1:4b:ec:47:62:eb:da:de:00:95:95:b3:2d:d7:8a:bb:1d:
         43:1c:d3:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVwAowP5Gf03e2pGneGFeGXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjMwMTAyMDEwNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDlmZDU0ZjcxOGVkMmU3NGJmY2Q0YWM0YTFiMjQ3OWNhZDJlMDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfEGW0V4HrE/0lRcFePfXrLSdK3n
WsOY93wPBZ01vID4Q3e8B2gzoyhLOJJ4TS+9l8XTrtkD2a7LrTSBLczCSD4kpPlb
ckRWVcF8J1YnUPDVoC0y4sQRfBXTADlZTQNfmmqZbLaIjFEDVY8nQ/m7sB4nEhfM
jL8LS6ezR82zerPtEdtYo5wKJ7CRHX+jW1QJr3WvSAjmdQx6TYxOEBY2u8RAV2yz
TJDWvIB8y07b8q8NeBcrq06YKye5I/B8p5j73uX+UGlAffAqwc27m08WUe3t/y30
mVkgdFVNZ//3DB72CWPGcq+f3OsdvFaOIN4/osy6m8Go3Hu5V10vHyAMxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJCf1U9xjtLnS/zUrEobJHnK0uBHMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEva0pfVlQzR08wdWRMX05Tc1Noc2tlY3JTNEVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/OxMA0G
CSqGSIb3DQEBCwUAA4IBAQAn1BZVk45CSOFiYz44R6ltUxyH9toQkNWojeafiUkt
dVLsRBS8ADdetqzAINlOd+TbAiPYBUh3/TcEKGEGusYlN6L/V35GlfggeGzJ3lds
kRsPme05f9OPciMahnYoau4a9NQM4nsNDoGVBUSubHbMs0zxjEai62dyYNhUV4Vg
WEdIQifXtaymAwJY9I9PnBGoclf8KC6tlILLYuU6iqAPYNf/P15cxlQ77hupIajl
YABiz0+WhTKKIx08sF+QvWTehHlHkCx+I3yti2osqS5deI0glx/GIbalUjMHDwaX
id8bkp5AncpF5p2d8UvsR2Lr2t4AlZWzLdeKux1DHNMt
-----END CERTIFICATE-----
Generated at Wed Mar 15 12:06:05 2023 by rpki-client on console-ams.rpki-client.org