Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f0b285-d038-4de6-9374-c472e62ebea8/1/qIHFhtr0Wye-WS0_ltBm-gxqOlE.roa
File:                     qIHFhtr0Wye-WS0_ltBm-gxqOlE.roa (raw, json)
Hash identifier:          6PNheQ4+hVYR3MABgEgAZ7XsYGCbr7GYNmF36PfEpg8=
Subject key identifier:   A8:81:C5:86:DA:F4:5B:27:BE:59:2D:3F:96:D0:66:FA:0C:6A:3A:51
Certificate issuer:       /CN=4dd6e779a6c0f0b09216622380467dce2d11a318
Certificate serial:       018CC64B57D999DD6BC17216583C06D60193
Authority key identifier: 4D:D6:E7:79:A6:C0:F0:B0:92:16:62:23:80:46:7D:CE:2D:11:A3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdbneabA8LCSFmIjgEZ9zi0Roxg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f0b285-d038-4de6-9374-c472e62ebea8/1/qIHFhtr0Wye-WS0_ltBm-gxqOlE.roa
Signing time:             Mon 01 Jan 2024 18:31:15 +0000
ROA not before:           Mon 01 Jan 2024 18:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8758
IP address blocks:        91.229.102.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f0b285-d038-4de6-9374-c472e62ebea8/1/TdbneabA8LCSFmIjgEZ9zi0Roxg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f0b285-d038-4de6-9374-c472e62ebea8/1/TdbneabA8LCSFmIjgEZ9zi0Roxg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdbneabA8LCSFmIjgEZ9zi0Roxg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:57:d9:99:dd:6b:c1:72:16:58:3c:06:d6:01:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd6e779a6c0f0b09216622380467dce2d11a318
        Validity
            Not Before: Jan  1 18:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a881c586daf45b27be592d3f96d066fa0c6a3a51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:da:77:29:17:b6:16:b7:da:17:4c:4f:70:5c:
                    c4:62:26:39:a1:8b:7c:21:37:23:10:a4:d8:85:f2:
                    65:69:ec:2b:e9:81:05:59:bf:a4:39:10:17:ce:0f:
                    18:9d:5c:7c:c2:1f:76:54:3d:39:45:25:03:a9:ad:
                    92:8f:23:36:1b:e2:67:c4:e6:c0:ee:20:d8:8f:ca:
                    8d:33:5d:2d:c2:2b:f6:bf:ea:fa:d1:5c:16:48:9f:
                    18:98:1d:83:74:10:ef:92:ae:48:74:4d:74:59:ea:
                    81:bb:9f:bd:99:e8:66:85:a6:4a:a2:6e:c2:9f:12:
                    17:4a:56:ac:7d:69:84:72:46:d2:26:5d:82:94:49:
                    87:26:5a:23:9e:3e:4c:31:5b:ec:b5:fe:04:02:fe:
                    ce:28:fb:73:7a:37:f2:88:56:5d:1a:25:0e:ec:ae:
                    68:5f:a0:27:e3:27:22:90:ba:62:03:0c:89:bc:3e:
                    1a:23:e2:c4:fb:5a:8c:99:82:77:a2:ef:62:8b:76:
                    d3:7b:66:b7:02:a8:d9:75:e0:15:25:bc:c0:7f:36:
                    19:a9:cc:bb:2b:ee:5b:ea:4c:97:9b:42:15:6b:a5:
                    41:0e:d2:fd:ce:6f:33:83:26:13:d6:af:42:bc:6b:
                    cd:b1:e2:04:cb:dc:c7:f6:38:7f:9a:4d:f8:f3:64:
                    ed:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:81:C5:86:DA:F4:5B:27:BE:59:2D:3F:96:D0:66:FA:0C:6A:3A:51
            X509v3 Authority Key Identifier:
                keyid:4D:D6:E7:79:A6:C0:F0:B0:92:16:62:23:80:46:7D:CE:2D:11:A3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdbneabA8LCSFmIjgEZ9zi0Roxg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f0b285-d038-4de6-9374-c472e62ebea8/1/qIHFhtr0Wye-WS0_ltBm-gxqOlE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f0b285-d038-4de6-9374-c472e62ebea8/1/TdbneabA8LCSFmIjgEZ9zi0Roxg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:af:d4:cd:81:e8:0f:86:76:7e:4f:16:c9:c2:72:84:fb:ab:
         05:b4:7b:5e:c3:a7:4d:e1:6e:26:d0:91:a7:c1:9a:b0:6a:fc:
         13:00:9f:40:46:c2:77:c0:a9:23:ee:c7:2e:cc:60:7e:05:3c:
         4f:5a:88:57:0b:99:59:96:36:93:5f:2b:df:a4:0f:b7:e5:dd:
         11:39:de:6f:0a:58:79:a5:0b:9f:f2:0d:23:43:69:f6:fa:2c:
         12:8d:35:45:94:5c:97:7b:2d:1f:74:af:c8:6d:70:a2:79:c0:
         79:61:f6:2c:8c:6d:6e:b4:a2:04:3b:1e:2d:ff:d4:e6:88:2c:
         c6:a7:03:4c:62:b2:d7:2b:6b:f9:15:74:db:a6:0f:56:46:81:
         cd:44:4a:05:0b:e0:7f:bb:6f:37:f9:23:37:5f:bf:25:45:38:
         86:c7:09:ad:45:51:39:9e:09:3d:21:e6:fa:05:a5:42:91:a5:
         89:4c:b5:da:50:4b:d2:6f:55:ea:49:2f:97:f0:36:02:b6:8f:
         6b:1d:26:9e:ff:42:b4:c7:c5:20:56:32:56:25:96:e8:42:79:
         c4:eb:9c:ad:d7:7f:17:50:64:db:b9:8f:7d:26:21:9c:cb:8a:
         7a:1d:4b:84:47:54:c6:3e:4e:b2:b9:dd:10:2e:c4:99:49:09:
         37:ca:ef:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS1fZmd1rwXIWWDwG1gGTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDZlNzc5YTZjMGYwYjA5MjE2NjIyMzgwNDY3ZGNlMmQx
MWEzMTgwHhcNMjQwMTAxMTgzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODgxYzU4NmRhZjQ1YjI3YmU1OTJkM2Y5NmQwNjZmYTBjNmEzYTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNp3KRe2FrfaF0xPcFzEYiY5oYt8
ITcjEKTYhfJlaewr6YEFWb+kORAXzg8YnVx8wh92VD05RSUDqa2SjyM2G+JnxObA
7iDYj8qNM10twiv2v+r60VwWSJ8YmB2DdBDvkq5IdE10WeqBu5+9mehmhaZKom7C
nxIXSlasfWmEckbSJl2ClEmHJlojnj5MMVvstf4EAv7OKPtzejfyiFZdGiUO7K5o
X6An4ycikLpiAwyJvD4aI+LE+1qMmYJ3ou9ii3bTe2a3AqjZdeAVJbzAfzYZqcy7
K+5b6kyXm0IVa6VBDtL9zm8zgyYT1q9CvGvNseIEy9zH9jh/mk3482TtdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKiBxYba9FsnvlktP5bQZvoMajpRMB8GA1UdIwQY
MBaAFE3W53mmwPCwkhZiI4BGfc4tEaMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRibmVhYkE4TENTRm1JamdFWjl6aTBSb3hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMGIyODUtZDAzOC00ZGU2LTkzNzQt
YzQ3MmU2MmViZWE4LzEvcUlIRmh0cjBXeWUtV1MwX2x0Qm0tZ3hxT2xFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMGIyODUtZDAzOC00ZGU2LTkzNzQtYzQ3MmU2MmViZWE4
LzEvVGRibmVhYkE4TENTRm1JamdFWjl6aTBSb3hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+VmMA0G
CSqGSIb3DQEBCwUAA4IBAQB5r9TNgegPhnZ+TxbJwnKE+6sFtHtew6dN4W4m0JGn
wZqwavwTAJ9ARsJ3wKkj7scuzGB+BTxPWohXC5lZljaTXyvfpA+35d0ROd5vClh5
pQuf8g0jQ2n2+iwSjTVFlFyXey0fdK/IbXCiecB5YfYsjG1utKIEOx4t/9TmiCzG
pwNMYrLXK2v5FXTbpg9WRoHNREoFC+B/u283+SM3X78lRTiGxwmtRVE5ngk9Ieb6
BaVCkaWJTLXaUEvSb1XqSS+X8DYCto9rHSae/0K0x8UgVjJWJZboQnnE65yt138X
UGTbuY99JiGcy4p6HUuER1TGPk6yud0QLsSZSQk3yu9d
-----END CERTIFICATE-----