Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/d1f8e9-d166-41bf-b96d-f17b0fddd0e0/1/gXuPoqUCrva6vtnmShnbxKlNgUM.roa
File:                     gXuPoqUCrva6vtnmShnbxKlNgUM.roa (raw, json)
Hash identifier:          R3Bzub4AVzcQuHU6hDVI1ch4F6A9rcY7E8sWs2S2V60=
Subject key identifier:   81:7B:8F:A2:A5:02:AE:F6:BA:BE:D9:E6:4A:19:DB:C4:A9:4D:81:43
Certificate issuer:       /CN=a4cafcb4612d1d6571920f4e486056981036a620
Certificate serial:       018CC9BBAC92CFF4347041615D9D3E319476
Authority key identifier: A4:CA:FC:B4:61:2D:1D:65:71:92:0F:4E:48:60:56:98:10:36:A6:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pMr8tGEtHWVxkg9OSGBWmBA2piA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/d1f8e9-d166-41bf-b96d-f17b0fddd0e0/1/gXuPoqUCrva6vtnmShnbxKlNgUM.roa
Signing time:             Tue 02 Jan 2024 10:32:49 +0000
ROA not before:           Tue 02 Jan 2024 10:32:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39002
IP address blocks:        91.208.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/d1f8e9-d166-41bf-b96d-f17b0fddd0e0/1/pMr8tGEtHWVxkg9OSGBWmBA2piA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/d1f8e9-d166-41bf-b96d-f17b0fddd0e0/1/pMr8tGEtHWVxkg9OSGBWmBA2piA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pMr8tGEtHWVxkg9OSGBWmBA2piA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 07:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:ac:92:cf:f4:34:70:41:61:5d:9d:3e:31:94:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4cafcb4612d1d6571920f4e486056981036a620
        Validity
            Not Before: Jan  2 10:32:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=817b8fa2a502aef6babed9e64a19dbc4a94d8143
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:27:1a:2f:44:50:72:71:d8:b6:92:d4:23:b0:
                    a3:77:2e:1c:ad:b3:3a:be:da:d1:78:f5:dd:01:d8:
                    01:ec:12:e3:c9:0e:e6:a4:18:28:30:91:f5:04:4d:
                    98:74:84:69:06:21:b0:91:92:9c:3b:06:25:15:fd:
                    47:c8:27:70:da:c6:f4:2e:4a:97:7d:4a:de:ad:a6:
                    b1:da:89:1f:a3:0a:29:5a:16:30:79:82:04:24:58:
                    22:f2:43:dd:3b:43:c5:17:62:05:00:62:ad:81:13:
                    82:c9:a4:3f:35:1f:2e:38:cc:69:61:01:6c:49:80:
                    31:94:5a:90:c2:34:7a:10:8d:95:64:d1:ad:5c:0f:
                    be:b5:a2:4c:e8:8a:2d:c8:77:81:65:b4:7e:c6:e4:
                    f3:ce:34:cc:0a:ae:91:61:2b:bb:b6:46:77:2f:74:
                    51:a9:74:22:1c:6d:fc:fd:fd:3f:1d:81:4d:29:b2:
                    42:58:06:8b:b8:5e:c1:2f:f3:85:9b:6a:18:7a:1b:
                    1a:4d:00:a5:f0:ea:b4:fa:04:b0:8e:43:c1:bf:5f:
                    4d:4b:6d:53:a5:cf:30:72:f0:c7:c6:35:3c:07:de:
                    e5:9f:79:48:3a:25:dd:cc:fd:e7:5c:b6:2f:0d:48:
                    6a:58:47:28:68:50:50:3e:c4:ce:ad:96:63:60:0c:
                    9f:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:7B:8F:A2:A5:02:AE:F6:BA:BE:D9:E6:4A:19:DB:C4:A9:4D:81:43
            X509v3 Authority Key Identifier:
                keyid:A4:CA:FC:B4:61:2D:1D:65:71:92:0F:4E:48:60:56:98:10:36:A6:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pMr8tGEtHWVxkg9OSGBWmBA2piA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/d1f8e9-d166-41bf-b96d-f17b0fddd0e0/1/gXuPoqUCrva6vtnmShnbxKlNgUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/d1f8e9-d166-41bf-b96d-f17b0fddd0e0/1/pMr8tGEtHWVxkg9OSGBWmBA2piA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:cf:81:17:05:a3:d9:27:51:7e:4a:c4:14:b3:f2:42:4f:c3:
         57:3a:83:6a:b9:79:e3:49:db:f1:a8:dd:f0:10:ec:b9:e4:f0:
         64:2c:6a:ff:01:ec:cd:63:24:f1:55:72:ca:ea:d9:cc:88:61:
         16:73:4e:3e:ab:3f:0c:2f:b6:2b:0c:c6:62:d0:24:9b:06:61:
         ce:0d:e9:3c:ca:24:12:94:94:36:d6:50:65:32:83:09:d7:26:
         2b:3d:fc:6f:3d:b6:cc:61:57:a7:7d:2a:76:bd:8e:14:5e:07:
         10:a0:e6:5f:07:9b:08:e1:a6:76:b0:6a:b8:39:e7:1f:89:a9:
         77:9b:f4:bc:cc:40:cf:12:37:2e:4d:05:c2:44:f5:97:35:ad:
         f9:e8:aa:43:1f:13:33:33:4f:1a:28:a9:02:1a:fc:3e:f5:d2:
         82:c6:42:00:ac:e6:f0:5f:19:f2:ac:d2:59:05:0b:c5:ed:e2:
         52:1b:4f:90:1f:9e:93:ac:74:76:dd:1e:bd:76:98:50:6a:53:
         9b:ab:cb:21:0d:4e:ad:61:6b:05:cc:b2:e0:de:2a:c9:82:60:
         8b:1e:18:08:00:38:19:f1:b5:78:3d:e8:ae:56:05:65:a5:71:
         68:fc:e5:1d:1f:99:4b:73:21:22:5c:ec:46:f7:17:c2:1e:81:
         11:07:8c:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu6ySz/Q0cEFhXZ0+MZR2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0Y2FmY2I0NjEyZDFkNjU3MTkyMGY0ZTQ4NjA1Njk4MTAz
NmE2MjAwHhcNMjQwMTAyMTAzMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTdiOGZhMmE1MDJhZWY2YmFiZWQ5ZTY0YTE5ZGJjNGE5NGQ4MTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCcaL0RQcnHYtpLUI7Cjdy4crbM6
vtrRePXdAdgB7BLjyQ7mpBgoMJH1BE2YdIRpBiGwkZKcOwYlFf1HyCdw2sb0LkqX
fUreraax2okfowopWhYweYIEJFgi8kPdO0PFF2IFAGKtgROCyaQ/NR8uOMxpYQFs
SYAxlFqQwjR6EI2VZNGtXA++taJM6IotyHeBZbR+xuTzzjTMCq6RYSu7tkZ3L3RR
qXQiHG38/f0/HYFNKbJCWAaLuF7BL/OFm2oYehsaTQCl8Oq0+gSwjkPBv19NS21T
pc8wcvDHxjU8B97ln3lIOiXdzP3nXLYvDUhqWEcoaFBQPsTOrZZjYAyfNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIF7j6KlAq72ur7Z5koZ28SpTYFDMB8GA1UdIwQY
MBaAFKTK/LRhLR1lcZIPTkhgVpgQNqYgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE1yOHRHRXRIV1Z4a2c5T1NHQldtQkEycGlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kMWY4ZTktZDE2Ni00MWJmLWI5NmQt
ZjE3YjBmZGRkMGUwLzEvZ1h1UG9xVUNydmE2dnRubVNobmJ4S2xOZ1VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kMWY4ZTktZDE2Ni00MWJmLWI5NmQtZjE3YjBmZGRkMGUw
LzEvcE1yOHRHRXRIV1Z4a2c5T1NHQldtQkEycGlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9CzMA0G
CSqGSIb3DQEBCwUAA4IBAQBdz4EXBaPZJ1F+SsQUs/JCT8NXOoNquXnjSdvxqN3w
EOy55PBkLGr/AezNYyTxVXLK6tnMiGEWc04+qz8ML7YrDMZi0CSbBmHODek8yiQS
lJQ21lBlMoMJ1yYrPfxvPbbMYVenfSp2vY4UXgcQoOZfB5sI4aZ2sGq4Oecfial3
m/S8zEDPEjcuTQXCRPWXNa356KpDHxMzM08aKKkCGvw+9dKCxkIArObwXxnyrNJZ
BQvF7eJSG0+QH56TrHR23R69dphQalObq8shDU6tYWsFzLLg3irJgmCLHhgIADgZ
8bV4PeiuVgVlpXFo/OUdH5lLcyEiXOxG9xfCHoERB4yS
-----END CERTIFICATE-----