Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/119951-0959-4c13-9a0e-98128eea3a65/1/j3ZStrzKNnSvKeFivsltA1Q31eo.roa
File:                     j3ZStrzKNnSvKeFivsltA1Q31eo.roa (raw, json)
Hash identifier:          KwPcpvefGYEtUCTrhsC00+H7/2mjuOBCRoolNckerp0=
Subject key identifier:   8F:76:52:B6:BC:CA:36:74:AF:29:E1:62:BE:C9:6D:03:54:37:D5:EA
Certificate issuer:       /CN=6fde440c14d9766503cb5c91b950b81062d11029
Certificate serial:       018CCA9A18EF7F530262D03F211B490D6DB6
Authority key identifier: 6F:DE:44:0C:14:D9:76:65:03:CB:5C:91:B9:50:B8:10:62:D1:10:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b95EDBTZdmUDy1yRuVC4EGLRECk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/119951-0959-4c13-9a0e-98128eea3a65/1/j3ZStrzKNnSvKeFivsltA1Q31eo.roa
Signing time:             Tue 02 Jan 2024 14:35:45 +0000
ROA not before:           Tue 02 Jan 2024 14:35:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48868
IP address blocks:        91.209.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/119951-0959-4c13-9a0e-98128eea3a65/1/b95EDBTZdmUDy1yRuVC4EGLRECk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/119951-0959-4c13-9a0e-98128eea3a65/1/b95EDBTZdmUDy1yRuVC4EGLRECk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b95EDBTZdmUDy1yRuVC4EGLRECk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:9a:18:ef:7f:53:02:62:d0:3f:21:1b:49:0d:6d:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fde440c14d9766503cb5c91b950b81062d11029
        Validity
            Not Before: Jan  2 14:35:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f7652b6bcca3674af29e162bec96d035437d5ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:59:c3:59:e7:1b:10:ff:ba:a7:07:97:c0:52:
                    5f:73:8b:f1:0a:38:af:da:47:f4:c6:09:10:c4:61:
                    89:ef:f5:f2:8a:f1:7a:a3:2f:73:a0:ab:ae:ac:1b:
                    96:dd:33:aa:1c:99:fe:ae:7e:09:4a:d4:2e:d7:91:
                    42:bb:cc:42:f6:aa:70:ca:a5:71:7c:f9:4a:e9:64:
                    5b:97:17:f2:ac:5f:9f:32:2d:34:ea:18:49:5f:d7:
                    c7:66:04:7a:71:5f:43:a9:43:96:2e:bf:47:87:44:
                    3d:2b:4b:70:dd:0d:53:54:5b:ab:f7:dd:0a:a3:d3:
                    f6:56:bc:36:c5:48:9b:61:48:f2:15:6c:d9:70:d4:
                    5d:ca:cf:cf:e9:2b:19:94:14:0f:d4:e9:1a:5f:7a:
                    cf:63:2d:40:94:a1:46:9b:61:b3:d0:5d:61:0d:f3:
                    74:37:70:d6:a0:f5:52:51:74:14:67:b5:aa:72:cd:
                    a8:f5:d4:bf:92:26:cf:07:d9:08:a3:1c:a4:87:34:
                    ce:03:db:91:43:8d:50:ff:ab:d1:17:ea:b6:b7:d3:
                    c7:f8:7d:48:96:00:8c:86:89:b4:d6:0f:d9:4d:c9:
                    2d:b3:27:51:ce:f2:95:03:0f:b7:0e:6b:0c:8d:e9:
                    9b:e2:fd:0c:d2:e1:7a:94:d9:ec:4e:41:2a:8d:be:
                    bf:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:76:52:B6:BC:CA:36:74:AF:29:E1:62:BE:C9:6D:03:54:37:D5:EA
            X509v3 Authority Key Identifier:
                keyid:6F:DE:44:0C:14:D9:76:65:03:CB:5C:91:B9:50:B8:10:62:D1:10:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b95EDBTZdmUDy1yRuVC4EGLRECk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/119951-0959-4c13-9a0e-98128eea3a65/1/j3ZStrzKNnSvKeFivsltA1Q31eo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/119951-0959-4c13-9a0e-98128eea3a65/1/b95EDBTZdmUDy1yRuVC4EGLRECk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:c9:c5:9e:8d:76:d8:10:38:91:e1:f4:e7:f7:c2:84:05:27:
         84:e7:d5:82:2d:3a:6c:d1:f5:0b:59:46:76:75:31:cb:7b:8d:
         34:7f:31:b0:5c:2d:8a:73:cb:69:17:02:5e:10:d7:4e:11:56:
         ec:a0:3e:4e:05:0d:77:51:9c:aa:78:8c:2b:7f:36:bf:73:79:
         5b:ab:c6:cd:0e:13:c7:82:e1:ff:46:77:d3:ee:89:6c:fb:79:
         51:26:1b:bb:28:6b:33:58:fe:ee:54:23:a4:81:e3:0e:17:d2:
         31:ca:cd:0c:46:b6:34:c7:33:24:9b:d3:f5:37:73:a2:99:f7:
         c6:02:1f:c6:ec:df:38:b4:90:d2:29:2f:bb:5d:39:f3:c0:5d:
         85:33:c3:be:3d:e4:f0:98:d5:eb:1d:34:f1:70:9f:78:4d:60:
         3e:1b:8c:25:1c:55:c6:ce:56:cb:70:00:67:8f:4f:10:56:d0:
         ac:eb:9a:5f:da:29:77:87:1f:c8:94:eb:4f:15:33:72:79:de:
         6b:a8:d4:40:03:ed:4a:2e:e9:c4:91:2f:fc:1f:a0:ac:56:cc:
         62:35:40:c6:28:58:a4:e8:c0:65:f0:78:72:a1:78:bc:64:f7:
         71:38:5b:c9:9b:12:34:34:b7:1b:eb:04:36:5c:40:88:bc:53:
         a4:78:51:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmhjvf1MCYtA/IRtJDW22MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmZGU0NDBjMTRkOTc2NjUwM2NiNWM5MWI5NTBiODEwNjJk
MTEwMjkwHhcNMjQwMTAyMTQzNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Zjc2NTJiNmJjY2EzNjc0YWYyOWUxNjJiZWM5NmQwMzU0MzdkNWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6FnDWecbEP+6pweXwFJfc4vxCjiv
2kf0xgkQxGGJ7/XyivF6oy9zoKuurBuW3TOqHJn+rn4JStQu15FCu8xC9qpwyqVx
fPlK6WRblxfyrF+fMi006hhJX9fHZgR6cV9DqUOWLr9Hh0Q9K0tw3Q1TVFur990K
o9P2Vrw2xUibYUjyFWzZcNRdys/P6SsZlBQP1OkaX3rPYy1AlKFGm2Gz0F1hDfN0
N3DWoPVSUXQUZ7Wqcs2o9dS/kibPB9kIoxykhzTOA9uRQ41Q/6vRF+q2t9PH+H1I
lgCMhom01g/ZTcktsydRzvKVAw+3DmsMjemb4v0M0uF6lNnsTkEqjb6/awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI92Ura8yjZ0rynhYr7JbQNUN9XqMB8GA1UdIwQY
MBaAFG/eRAwU2XZlA8tckblQuBBi0RApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjk1RURCVFpkbVVEeTF5UnVWQzRFR0xSRUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8xMTk5NTEtMDk1OS00YzEzLTlhMGUt
OTgxMjhlZWEzYTY1LzEvajNaU3RyektOblN2S2VGaXZzbHRBMVEzMWVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8xMTk5NTEtMDk1OS00YzEzLTlhMGUtOTgxMjhlZWEzYTY1
LzEvYjk1RURCVFpkbVVEeTF5UnVWQzRFR0xSRUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9HzMA0G
CSqGSIb3DQEBCwUAA4IBAQA2ycWejXbYEDiR4fTn98KEBSeE59WCLTps0fULWUZ2
dTHLe400fzGwXC2Kc8tpFwJeENdOEVbsoD5OBQ13UZyqeIwrfza/c3lbq8bNDhPH
guH/RnfT7ols+3lRJhu7KGszWP7uVCOkgeMOF9Ixys0MRrY0xzMkm9P1N3OimffG
Ah/G7N84tJDSKS+7XTnzwF2FM8O+PeTwmNXrHTTxcJ94TWA+G4wlHFXGzlbLcABn
j08QVtCs65pf2il3hx/IlOtPFTNyed5rqNRAA+1KLunEkS/8H6CsVsxiNUDGKFik
6MBl8HhyoXi8ZPdxOFvJmxI0NLcb6wQ2XECIvFOkeFHu
-----END CERTIFICATE-----