Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/b8RQ2SWrmHMtpqc71VI0g1_QB94.roa
File:                     b8RQ2SWrmHMtpqc71VI0g1_QB94.roa (raw, json)
Hash identifier:          Cco9DxxQ9jv2CHivCDHlads91lNTEJjbbmF5A7BsNg4=
Subject key identifier:   6F:C4:50:D9:25:AB:98:73:2D:A6:A7:3B:D5:52:34:83:5F:D0:07:DE
Certificate issuer:       /CN=c7983b3a9758fcbe78733d9155aed266c882a23c
Certificate serial:       018CC424526D5D3DCF2CE29085E4449B311D
Authority key identifier: C7:98:3B:3A:97:58:FC:BE:78:73:3D:91:55:AE:D2:66:C8:82:A2:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x5g7OpdY_L54cz2RVa7SZsiCojw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/b8RQ2SWrmHMtpqc71VI0g1_QB94.roa
Signing time:             Mon 01 Jan 2024 08:29:23 +0000
ROA not before:           Mon 01 Jan 2024 08:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42084
IP address blocks:        176.107.40.0/21 maxlen: 21
                          91.189.0.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/x5g7OpdY_L54cz2RVa7SZsiCojw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/x5g7OpdY_L54cz2RVa7SZsiCojw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x5g7OpdY_L54cz2RVa7SZsiCojw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:52:6d:5d:3d:cf:2c:e2:90:85:e4:44:9b:31:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7983b3a9758fcbe78733d9155aed266c882a23c
        Validity
            Not Before: Jan  1 08:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6fc450d925ab98732da6a73bd55234835fd007de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:8d:6a:0b:3a:79:fc:99:43:16:51:88:c8:eb:
                    b7:3e:a8:f4:c3:65:e3:1a:6d:31:3c:0b:76:17:74:
                    b3:2b:a7:d8:c6:d0:2e:27:5a:bd:60:05:19:5b:9e:
                    fb:66:fc:46:a1:76:e9:f1:c7:4a:bd:d6:c3:e9:40:
                    29:2b:68:f8:b3:26:bf:5e:85:d7:5f:4b:56:47:ac:
                    ea:32:51:c0:3e:f6:e5:29:f7:e9:c9:9e:b7:e4:63:
                    ed:92:08:62:c7:d5:3f:0b:e1:c0:df:86:34:53:8f:
                    8c:74:4d:bd:4a:82:bb:65:53:93:29:b1:2d:c5:06:
                    9a:e5:9d:49:97:45:a4:37:59:5b:15:0a:d8:95:0c:
                    a7:06:ce:b7:42:5f:27:bc:ac:21:87:8f:31:de:ce:
                    53:11:eb:aa:06:b0:60:d9:23:ec:5b:7b:8f:06:32:
                    c9:cc:42:cf:17:ea:b9:48:77:48:d6:1a:38:ff:0f:
                    de:3c:9d:0e:d6:73:e1:c7:e5:e9:76:51:34:93:e0:
                    47:63:91:87:27:ba:e1:41:e1:43:fb:17:00:ad:88:
                    38:df:b9:32:d4:9b:5b:ec:2a:bb:3b:29:73:c0:b3:
                    ba:17:cb:18:7e:62:7b:03:91:c2:a4:21:47:ab:f9:
                    08:41:bc:ac:ac:10:b9:00:83:4e:48:54:9e:8c:2a:
                    9d:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:C4:50:D9:25:AB:98:73:2D:A6:A7:3B:D5:52:34:83:5F:D0:07:DE
            X509v3 Authority Key Identifier:
                keyid:C7:98:3B:3A:97:58:FC:BE:78:73:3D:91:55:AE:D2:66:C8:82:A2:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x5g7OpdY_L54cz2RVa7SZsiCojw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/b8RQ2SWrmHMtpqc71VI0g1_QB94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/x5g7OpdY_L54cz2RVa7SZsiCojw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.189.0.0/21
                  176.107.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         90:dd:6e:09:85:1d:4c:9a:70:66:db:0b:af:a1:ca:4b:25:72:
         e1:93:44:58:98:4b:06:7b:e1:c3:99:96:00:ab:d2:02:9e:bd:
         9a:2e:07:1d:80:12:7c:b6:45:50:40:53:30:8e:08:de:c7:a1:
         fa:0a:57:36:cf:11:98:fa:d0:3d:24:f8:41:8c:f7:f8:c3:90:
         3e:17:c6:0d:d4:b2:7a:d2:64:ff:49:05:9b:90:bc:fd:db:2f:
         9f:29:f7:5c:b1:2b:69:17:c2:5d:c0:33:e1:f6:4c:7a:0d:ff:
         0b:70:a7:a9:21:1e:5f:6f:63:72:03:29:bc:bf:55:6a:2a:52:
         84:25:d6:b5:e4:2b:2b:fb:8b:bc:73:b7:5f:49:c1:66:39:64:
         2f:65:c9:2d:65:eb:9c:72:11:5d:32:fd:1b:b8:06:cf:ec:33:
         72:30:56:4d:87:81:c5:ea:22:ff:41:60:d0:07:a5:05:78:15:
         71:20:e4:eb:dd:fc:ec:48:b5:07:c1:8e:ed:15:ec:e6:1b:d4:
         01:a9:ba:2f:f4:e2:eb:3f:e8:41:23:26:87:70:10:e1:a7:86:
         d2:07:33:38:87:81:ae:d9:12:40:b1:6e:78:6b:5e:d4:35:b4:
         a1:ae:3f:06:29:31:69:70:09:fd:ec:cc:3a:54:67:4a:d1:11:
         ac:61:bf:d4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJFJtXT3PLOKQheREmzEdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3OTgzYjNhOTc1OGZjYmU3ODczM2Q5MTU1YWVkMjY2Yzg4
MmEyM2MwHhcNMjQwMTAxMDgyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmM0NTBkOTI1YWI5ODczMmRhNmE3M2JkNTUyMzQ4MzVmZDAwN2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlo1qCzp5/JlDFlGIyOu3Pqj0w2Xj
Gm0xPAt2F3SzK6fYxtAuJ1q9YAUZW577ZvxGoXbp8cdKvdbD6UApK2j4sya/XoXX
X0tWR6zqMlHAPvblKffpyZ635GPtkghix9U/C+HA34Y0U4+MdE29SoK7ZVOTKbEt
xQaa5Z1Jl0WkN1lbFQrYlQynBs63Ql8nvKwhh48x3s5TEeuqBrBg2SPsW3uPBjLJ
zELPF+q5SHdI1ho4/w/ePJ0O1nPhx+XpdlE0k+BHY5GHJ7rhQeFD+xcArYg437ky
1Jtb7Cq7OylzwLO6F8sYfmJ7A5HCpCFHq/kIQbysrBC5AINOSFSejCqdkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG/EUNklq5hzLaanO9VSNINf0AfeMB8GA1UdIwQY
MBaAFMeYOzqXWPy+eHM9kVWu0mbIgqI8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDVnN09wZFlfTDU0Y3oyUlZhN1Nac2lDb2p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC84MTFkMTYtYjUxMy00N2VkLTllNzEt
MjM4NDA1ZjJjZGU5LzEvYjhSUTJTV3JtSE10cHFjNzFWSTBnMV9RQjk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC84MTFkMTYtYjUxMy00N2VkLTllNzEtMjM4NDA1ZjJjZGU5
LzEveDVnN09wZFlfTDU0Y3oyUlZhN1Nac2lDb2p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDW70AAwQD
sGsoMA0GCSqGSIb3DQEBCwUAA4IBAQCQ3W4JhR1MmnBm2wuvocpLJXLhk0RYmEsG
e+HDmZYAq9ICnr2aLgcdgBJ8tkVQQFMwjgjex6H6Clc2zxGY+tA9JPhBjPf4w5A+
F8YN1LJ60mT/SQWbkLz92y+fKfdcsStpF8JdwDPh9kx6Df8LcKepIR5fb2NyAym8
v1VqKlKEJda15Csr+4u8c7dfScFmOWQvZcktZeucchFdMv0buAbP7DNyMFZNh4HF
6iL/QWDQB6UFeBVxIOTr3fzsSLUHwY7tFezmG9QBqbov9OLrP+hBIyaHcBDhp4bS
BzM4h4Gu2RJAsW54a17UNbShrj8GKTFpcAn97Mw6VGdK0RGsYb/U
-----END CERTIFICATE-----