Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/v2rwoS7yHsFbJ5cMnwXWzLwyhsY.roa
File:                     v2rwoS7yHsFbJ5cMnwXWzLwyhsY.roa (raw, json)
Hash identifier:          3EcXIUAH7WoExbmCLv7hnAwJquUxPlesN5bkpZ0X934=
Subject key identifier:   BF:6A:F0:A1:2E:F2:1E:C1:5B:27:97:0C:9F:05:D6:CC:BC:32:86:C6
Certificate issuer:       /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial:       018CC56E221A4C3DE84D9DDEFA88319616F2
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/v2rwoS7yHsFbJ5cMnwXWzLwyhsY.roa
Signing time:             Mon 01 Jan 2024 14:29:38 +0000
ROA not before:           Mon 01 Jan 2024 14:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211439
IP address blocks:        91.243.178.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:22:1a:4c:3d:e8:4d:9d:de:fa:88:31:96:16:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
        Validity
            Not Before: Jan  1 14:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf6af0a12ef21ec15b27970c9f05d6ccbc3286c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:64:b4:fc:42:41:10:07:b1:89:3c:f0:88:40:
                    17:2d:46:73:85:40:31:55:93:36:20:58:a8:74:84:
                    13:1c:34:c1:d5:b9:af:c4:ad:ff:38:80:5c:ac:8e:
                    9f:e3:3e:fa:73:f1:ad:3c:b8:8a:2f:11:24:0a:62:
                    d9:63:87:5d:e1:1d:85:c4:84:ce:12:72:da:c5:04:
                    b1:69:ff:0a:3f:c9:44:58:11:ac:11:68:b5:74:a0:
                    65:a8:f6:1a:47:f1:fe:51:12:0d:ba:40:58:2e:99:
                    08:33:65:55:1f:73:39:77:e4:c3:c2:70:d2:27:c9:
                    ab:00:0c:40:32:15:d7:e8:d8:8d:f9:8e:57:12:4c:
                    22:0c:df:ef:e7:18:25:12:a2:a0:e2:3a:34:08:e4:
                    8e:98:53:8d:f3:9b:21:f1:b0:ee:b3:65:af:d1:3a:
                    e7:29:26:73:e1:91:53:f4:44:63:47:72:0c:27:1c:
                    bb:f0:d1:67:08:f3:30:d8:81:c6:63:bd:e4:5d:85:
                    53:28:4d:15:2a:fd:32:92:b2:f9:d7:12:b7:70:5b:
                    04:01:a9:2d:27:36:78:e6:d3:2b:6b:cd:62:d5:2d:
                    fc:84:ad:dd:02:3b:f0:96:46:47:23:ca:d8:d8:bd:
                    47:a1:d0:60:d1:77:21:3d:79:ee:ac:ad:19:6f:4d:
                    2a:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:6A:F0:A1:2E:F2:1E:C1:5B:27:97:0C:9F:05:D6:CC:BC:32:86:C6
            X509v3 Authority Key Identifier:
                keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/v2rwoS7yHsFbJ5cMnwXWzLwyhsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.243.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:48:0c:70:f7:f9:bb:a0:74:0d:92:c4:e2:43:b1:73:eb:df:
         28:dc:d4:07:23:f4:ab:ab:6c:7a:18:f4:64:73:ac:82:3a:da:
         62:f7:73:eb:91:5a:3d:ab:14:db:3a:8f:24:dc:99:ac:bd:c2:
         3b:ac:2b:8c:29:c4:61:53:79:f1:f1:00:ca:55:b8:43:12:3a:
         4e:52:f7:d8:b8:cb:50:4b:7f:1d:f1:da:c3:97:53:72:d2:95:
         3c:b5:9d:0f:c7:ab:f4:6c:45:c9:1b:7a:f0:48:02:ba:68:2f:
         6a:39:64:13:65:40:99:9e:89:f3:12:a6:68:0b:e9:62:69:eb:
         34:6b:21:b5:21:fc:45:7e:87:49:16:4e:c4:48:f6:d4:91:c1:
         3d:2c:d2:b1:49:60:26:dc:8d:1a:7a:a0:ea:60:fb:4d:f5:a2:
         d8:31:7d:a0:14:49:93:ac:f0:9b:3a:73:15:d8:30:f1:81:bd:
         c2:ce:3c:7e:b6:fb:df:57:a1:df:47:50:0b:96:41:44:36:c1:
         c4:a3:f5:b1:06:5e:6f:43:61:2f:3b:a3:df:68:be:82:c0:37:
         12:59:4a:5a:2a:ba:69:eb:0d:86:0b:db:f6:63:ce:b4:20:cd:
         64:31:e5:c5:b9:e3:42:ae:71:87:f7:46:2c:eb:e9:62:93:ab:
         a5:79:c3:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbiIaTD3oTZ3e+ogxlhbyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjQwMTAxMTQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjZhZjBhMTJlZjIxZWMxNWIyNzk3MGM5ZjA1ZDZjY2JjMzI4NmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg2S0/EJBEAexiTzwiEAXLUZzhUAx
VZM2IFiodIQTHDTB1bmvxK3/OIBcrI6f4z76c/GtPLiKLxEkCmLZY4dd4R2FxITO
EnLaxQSxaf8KP8lEWBGsEWi1dKBlqPYaR/H+URINukBYLpkIM2VVH3M5d+TDwnDS
J8mrAAxAMhXX6NiN+Y5XEkwiDN/v5xglEqKg4jo0COSOmFON85sh8bDus2Wv0Trn
KSZz4ZFT9ERjR3IMJxy78NFnCPMw2IHGY73kXYVTKE0VKv0ykrL51xK3cFsEAakt
JzZ45tMra81i1S38hK3dAjvwlkZHI8rY2L1HodBg0XchPXnurK0Zb00qlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9q8KEu8h7BWyeXDJ8F1sy8MobGMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvdjJyd29TN3lIc0ZiSjVjTW53WFd6THd5aHNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/OyMA0G
CSqGSIb3DQEBCwUAA4IBAQACSAxw9/m7oHQNksTiQ7Fz698o3NQHI/Srq2x6GPRk
c6yCOtpi93PrkVo9qxTbOo8k3JmsvcI7rCuMKcRhU3nx8QDKVbhDEjpOUvfYuMtQ
S38d8drDl1Ny0pU8tZ0Px6v0bEXJG3rwSAK6aC9qOWQTZUCZnonzEqZoC+liaes0
ayG1IfxFfodJFk7ESPbUkcE9LNKxSWAm3I0aeqDqYPtN9aLYMX2gFEmTrPCbOnMV
2DDxgb3Czjx+tvvfV6HfR1ALlkFENsHEo/WxBl5vQ2EvO6PfaL6CwDcSWUpaKrpp
6w2GC9v2Y860IM1kMeXFueNCrnGH90Ys6+lik6ulecNQ
-----END CERTIFICATE-----