Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/247116-9690-4b20-9b0f-68e986fd6419/1/aAR8LBeel36AvKyXAX2cZd_1KBc.roa
File:                     aAR8LBeel36AvKyXAX2cZd_1KBc.roa (raw, json)
Hash identifier:          ciZkfh9cEMkSxhr4al1V4wlKznpshyJBuktiqkhhCKE=
Subject key identifier:   68:04:7C:2C:17:9E:97:7E:80:BC:AC:97:01:7D:9C:65:DF:F5:28:17
Certificate issuer:       /CN=1265c9165fd336df6dfe849aebdce4685fb1993c
Certificate serial:       018CC3B6EF689E238D035DAF13E33888D205
Authority key identifier: 12:65:C9:16:5F:D3:36:DF:6D:FE:84:9A:EB:DC:E4:68:5F:B1:99:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EmXJFl_TNt9t_oSa69zkaF-xmTw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/247116-9690-4b20-9b0f-68e986fd6419/1/aAR8LBeel36AvKyXAX2cZd_1KBc.roa
Signing time:             Mon 01 Jan 2024 06:29:55 +0000
ROA not before:           Mon 01 Jan 2024 06:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42927
IP address blocks:        91.217.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/247116-9690-4b20-9b0f-68e986fd6419/1/EmXJFl_TNt9t_oSa69zkaF-xmTw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/247116-9690-4b20-9b0f-68e986fd6419/1/EmXJFl_TNt9t_oSa69zkaF-xmTw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EmXJFl_TNt9t_oSa69zkaF-xmTw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 00:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:ef:68:9e:23:8d:03:5d:af:13:e3:38:88:d2:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1265c9165fd336df6dfe849aebdce4685fb1993c
        Validity
            Not Before: Jan  1 06:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68047c2c179e977e80bcac97017d9c65dff52817
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:fb:1e:12:51:38:08:12:f3:02:00:e7:2a:a6:
                    52:6c:9a:b7:55:fc:fc:2b:ca:66:dd:fc:c6:e6:16:
                    67:91:67:58:b3:1e:fa:40:25:12:4b:8c:5d:7b:71:
                    d9:a3:2e:6c:bd:4b:54:cd:e8:7c:4e:97:a3:c9:4b:
                    63:86:f6:36:e9:17:43:20:b2:43:62:84:e6:a4:17:
                    1d:5c:be:ca:18:22:c3:86:4d:54:5e:f2:61:97:4d:
                    2c:dc:9d:42:b5:05:7d:d0:af:53:8a:81:bc:1d:15:
                    fc:a9:0b:54:1a:2b:f0:a6:3e:b3:37:9a:51:09:46:
                    f5:a1:09:84:89:d1:49:a1:a7:d0:8c:18:6a:71:fa:
                    c8:a5:5a:fd:d7:00:8c:0f:7a:49:bf:6d:c1:fc:93:
                    6e:0e:da:92:80:6e:18:55:77:25:b7:cd:35:cf:c0:
                    38:4a:01:cb:91:e6:c8:ee:2b:73:57:8e:b2:39:92:
                    81:c5:96:00:fd:ae:da:64:a1:b8:d3:3b:7d:ca:4b:
                    3e:4e:cc:c9:36:c7:ee:60:53:9e:b5:05:b5:05:43:
                    2a:ed:f1:61:a0:54:a2:d8:e7:88:8e:f6:ca:e5:3a:
                    9e:8a:92:f7:38:bc:be:b9:ef:44:3c:de:5a:10:ef:
                    95:98:68:4f:0b:60:fe:b7:15:89:ba:28:43:b2:d0:
                    09:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:04:7C:2C:17:9E:97:7E:80:BC:AC:97:01:7D:9C:65:DF:F5:28:17
            X509v3 Authority Key Identifier:
                keyid:12:65:C9:16:5F:D3:36:DF:6D:FE:84:9A:EB:DC:E4:68:5F:B1:99:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EmXJFl_TNt9t_oSa69zkaF-xmTw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/247116-9690-4b20-9b0f-68e986fd6419/1/aAR8LBeel36AvKyXAX2cZd_1KBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/247116-9690-4b20-9b0f-68e986fd6419/1/EmXJFl_TNt9t_oSa69zkaF-xmTw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:23:8d:8e:58:fa:33:d4:85:a0:ff:b7:6c:15:2b:ef:84:53:
         dd:43:52:c4:f7:21:69:6e:42:ef:0a:da:49:18:96:93:02:8a:
         60:72:47:c9:a4:cf:0a:ad:79:0c:e2:54:b1:b0:4c:76:bb:84:
         14:5f:02:60:70:71:57:c6:18:ad:b5:94:5f:36:01:09:2e:1e:
         c8:f2:d4:a1:71:a6:c9:9e:3e:77:4c:a5:41:e6:2a:a0:eb:4b:
         39:81:c6:87:51:dd:e5:b9:a7:31:b0:15:97:62:a5:c4:34:c0:
         3a:f1:88:b3:cb:c1:ea:f7:e8:cd:79:ac:80:c5:d3:0e:7f:c0:
         c8:af:81:0f:af:8b:83:63:c0:f0:2f:61:53:a5:0d:2c:4b:18:
         f1:98:56:8d:b0:06:fa:64:d4:73:c7:d3:03:21:89:bd:b7:04:
         c0:81:b9:4e:84:d0:4b:4b:0e:f5:cf:30:ff:80:b5:f6:b1:92:
         33:fa:a1:a5:a9:51:5d:ba:ca:b1:1b:36:5d:d9:e3:f3:ee:11:
         bc:6e:d6:2a:e4:0e:f5:04:a3:1a:12:f1:f4:a5:02:e0:e7:d8:
         db:97:45:71:12:d9:bb:e4:60:a7:04:69:39:2e:4a:f1:84:dc:
         49:3a:90:95:f7:40:46:63:4d:7d:af:bc:87:5d:0d:eb:49:9e:
         02:2d:e0:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtu9oniONA12vE+M4iNIFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNjVjOTE2NWZkMzM2ZGY2ZGZlODQ5YWViZGNlNDY4NWZi
MTk5M2MwHhcNMjQwMTAxMDYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODA0N2MyYzE3OWU5NzdlODBiY2FjOTcwMTdkOWM2NWRmZjUyODE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/seElE4CBLzAgDnKqZSbJq3Vfz8
K8pm3fzG5hZnkWdYsx76QCUSS4xde3HZoy5svUtUzeh8TpejyUtjhvY26RdDILJD
YoTmpBcdXL7KGCLDhk1UXvJhl00s3J1CtQV90K9TioG8HRX8qQtUGivwpj6zN5pR
CUb1oQmEidFJoafQjBhqcfrIpVr91wCMD3pJv23B/JNuDtqSgG4YVXclt801z8A4
SgHLkebI7itzV46yOZKBxZYA/a7aZKG40zt9yks+TszJNsfuYFOetQW1BUMq7fFh
oFSi2OeIjvbK5TqeipL3OLy+ue9EPN5aEO+VmGhPC2D+txWJuihDstAJZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGgEfCwXnpd+gLyslwF9nGXf9SgXMB8GA1UdIwQY
MBaAFBJlyRZf0zbfbf6Emuvc5GhfsZk8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW1YSkZsX1ROdDl0X29TYTY5emthRi14bVR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8yNDcxMTYtOTY5MC00YjIwLTliMGYt
NjhlOTg2ZmQ2NDE5LzEvYUFSOExCZWVsMzZBdkt5WEFYMmNaZF8xS0JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8yNDcxMTYtOTY5MC00YjIwLTliMGYtNjhlOTg2ZmQ2NDE5
LzEvRW1YSkZsX1ROdDl0X29TYTY5emthRi14bVR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9m2MA0G
CSqGSIb3DQEBCwUAA4IBAQB1I42OWPoz1IWg/7dsFSvvhFPdQ1LE9yFpbkLvCtpJ
GJaTAopgckfJpM8KrXkM4lSxsEx2u4QUXwJgcHFXxhittZRfNgEJLh7I8tShcabJ
nj53TKVB5iqg60s5gcaHUd3luacxsBWXYqXENMA68Yizy8Hq9+jNeayAxdMOf8DI
r4EPr4uDY8DwL2FTpQ0sSxjxmFaNsAb6ZNRzx9MDIYm9twTAgblOhNBLSw71zzD/
gLX2sZIz+qGlqVFdusqxGzZd2ePz7hG8btYq5A71BKMaEvH0pQLg59jbl0VxEtm7
5GCnBGk5LkrxhNxJOpCV90BGY019r7yHXQ3rSZ4CLeCQ
-----END CERTIFICATE-----