Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/2485f5-df3e-4dba-810e-fe440111d807/1/Gb_s9Qy4mK-7_xR5Gmio0lHfIRE.roa
File:                     Gb_s9Qy4mK-7_xR5Gmio0lHfIRE.roa (raw, json)
Hash identifier:          ckcVB8QwDgSRCnnE7felGsFxmpSHNnaUdEK96ia9BMU=
Subject key identifier:   19:BF:EC:F5:0C:B8:98:AF:BB:FF:14:79:1A:68:A8:D2:51:DF:21:11
Certificate issuer:       /CN=1d87f30274951cadfb5b737e1333c73d64b04256
Certificate serial:       018CC80198E5407C599AF5A625FABE59F25C
Authority key identifier: 1D:87:F3:02:74:95:1C:AD:FB:5B:73:7E:13:33:C7:3D:64:B0:42:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HYfzAnSVHK37W3N-EzPHPWSwQlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/2485f5-df3e-4dba-810e-fe440111d807/1/Gb_s9Qy4mK-7_xR5Gmio0lHfIRE.roa
Signing time:             Tue 02 Jan 2024 02:29:57 +0000
ROA not before:           Tue 02 Jan 2024 02:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6696
IP address blocks:        91.220.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/2485f5-df3e-4dba-810e-fe440111d807/1/HYfzAnSVHK37W3N-EzPHPWSwQlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/2485f5-df3e-4dba-810e-fe440111d807/1/HYfzAnSVHK37W3N-EzPHPWSwQlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HYfzAnSVHK37W3N-EzPHPWSwQlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:98:e5:40:7c:59:9a:f5:a6:25:fa:be:59:f2:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d87f30274951cadfb5b737e1333c73d64b04256
        Validity
            Not Before: Jan  2 02:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19bfecf50cb898afbbff14791a68a8d251df2111
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e3:9b:14:7c:04:8f:fa:47:14:98:56:b4:7e:
                    9f:b4:b3:cc:54:db:4e:2c:02:b3:c9:7f:0a:1b:b8:
                    3b:a3:73:ad:52:3c:07:82:67:5f:e5:6c:42:da:ca:
                    a6:99:ac:11:3e:89:bc:4a:72:a6:c0:bc:10:8f:54:
                    49:65:0f:8e:29:71:d9:f5:28:3f:15:26:e7:14:72:
                    88:e9:16:38:1b:f9:15:f3:bc:ea:a6:2e:05:3a:f3:
                    ce:87:1f:62:a0:8b:24:c0:0c:8b:ef:79:8a:d3:87:
                    d8:07:9b:fe:1d:a7:03:e7:85:2c:53:b5:94:8b:82:
                    c5:d4:ff:a6:8f:98:47:ba:34:ee:90:79:c8:02:c2:
                    2e:04:0e:96:8f:e7:b9:a7:72:3b:9a:4a:a9:c6:26:
                    bd:ea:31:b9:a7:93:11:dd:3e:48:30:f0:8d:6a:e9:
                    00:9a:72:70:af:5d:59:e3:67:d3:56:65:ab:91:5d:
                    ed:0b:0d:d1:a7:4b:3a:2f:c6:59:65:2c:eb:5b:eb:
                    72:ea:d7:4b:62:3b:66:6a:c4:bf:61:54:31:73:46:
                    99:15:64:a1:e0:0c:ee:bd:1c:a4:a6:ce:91:4d:c2:
                    10:73:12:4e:3e:13:d6:95:ba:3d:72:b4:82:38:5c:
                    35:c6:ec:63:2e:91:f9:06:40:16:48:b8:8d:06:9e:
                    77:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:BF:EC:F5:0C:B8:98:AF:BB:FF:14:79:1A:68:A8:D2:51:DF:21:11
            X509v3 Authority Key Identifier:
                keyid:1D:87:F3:02:74:95:1C:AD:FB:5B:73:7E:13:33:C7:3D:64:B0:42:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HYfzAnSVHK37W3N-EzPHPWSwQlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/2485f5-df3e-4dba-810e-fe440111d807/1/Gb_s9Qy4mK-7_xR5Gmio0lHfIRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/2485f5-df3e-4dba-810e-fe440111d807/1/HYfzAnSVHK37W3N-EzPHPWSwQlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:91:2e:09:f3:d9:25:a6:30:49:3c:bc:71:83:5e:22:f2:9e:
         6c:c9:5b:e6:7d:94:be:97:b5:17:dd:3f:80:f7:47:24:be:05:
         66:a5:48:b2:39:a9:de:4c:ea:b9:94:d9:ee:b4:57:0d:f3:59:
         7a:8f:82:df:0b:bb:bd:1c:65:34:3f:d6:07:ca:57:61:08:3f:
         28:f2:f4:27:0e:62:83:a3:79:d3:47:10:84:fb:c5:80:ed:44:
         bd:3c:e7:2a:7c:8e:85:e5:29:d7:c0:f3:cd:76:b8:3e:e8:0d:
         ad:d5:a6:94:74:8b:42:ef:cc:e9:fe:6b:8a:92:13:d6:11:e2:
         47:df:85:6f:b6:4f:79:2c:c4:32:79:44:01:00:0d:a3:e3:9e:
         a4:a6:de:19:3f:24:4d:26:a7:a1:94:b7:31:a0:a2:06:1c:1e:
         4f:ee:af:8a:d6:02:21:26:82:79:d9:a5:95:12:6f:86:13:30:
         03:6e:cd:c3:e9:b6:b7:c7:70:fe:98:f5:d6:0d:81:78:02:64:
         93:8b:02:1c:ec:59:4a:42:76:a7:8c:29:c6:8d:af:42:95:d1:
         e1:34:ad:61:0e:dc:d6:46:44:74:97:20:af:18:de:70:59:ae:
         d3:19:d5:15:1d:3c:be:6d:4b:58:49:20:18:9e:b0:76:b9:e8:
         bb:f3:71:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAZjlQHxZmvWmJfq+WfJcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkODdmMzAyNzQ5NTFjYWRmYjViNzM3ZTEzMzNjNzNkNjRi
MDQyNTYwHhcNMjQwMTAyMDIyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWJmZWNmNTBjYjg5OGFmYmJmZjE0NzkxYTY4YThkMjUxZGYyMTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+ObFHwEj/pHFJhWtH6ftLPMVNtO
LAKzyX8KG7g7o3OtUjwHgmdf5WxC2sqmmawRPom8SnKmwLwQj1RJZQ+OKXHZ9Sg/
FSbnFHKI6RY4G/kV87zqpi4FOvPOhx9ioIskwAyL73mK04fYB5v+HacD54UsU7WU
i4LF1P+mj5hHujTukHnIAsIuBA6Wj+e5p3I7mkqpxia96jG5p5MR3T5IMPCNaukA
mnJwr11Z42fTVmWrkV3tCw3Rp0s6L8ZZZSzrW+ty6tdLYjtmasS/YVQxc0aZFWSh
4AzuvRykps6RTcIQcxJOPhPWlbo9crSCOFw1xuxjLpH5BkAWSLiNBp537QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBm/7PUMuJivu/8UeRpoqNJR3yERMB8GA1UdIwQY
MBaAFB2H8wJ0lRyt+1tzfhMzxz1ksEJWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFlmekFuU1ZISzM3VzNOLUV6UEhQV1N3UWxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8yNDg1ZjUtZGYzZS00ZGJhLTgxMGUt
ZmU0NDAxMTFkODA3LzEvR2JfczlReTRtSy03X3hSNUdtaW8wbEhmSVJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8yNDg1ZjUtZGYzZS00ZGJhLTgxMGUtZmU0NDAxMTFkODA3
LzEvSFlmekFuU1ZISzM3VzNOLUV6UEhQV1N3UWxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9xvMA0G
CSqGSIb3DQEBCwUAA4IBAQCQkS4J89klpjBJPLxxg14i8p5syVvmfZS+l7UX3T+A
90ckvgVmpUiyOaneTOq5lNnutFcN81l6j4LfC7u9HGU0P9YHyldhCD8o8vQnDmKD
o3nTRxCE+8WA7US9POcqfI6F5SnXwPPNdrg+6A2t1aaUdItC78zp/muKkhPWEeJH
34Vvtk95LMQyeUQBAA2j456kpt4ZPyRNJqehlLcxoKIGHB5P7q+K1gIhJoJ52aWV
Em+GEzADbs3D6ba3x3D+mPXWDYF4AmSTiwIc7FlKQnanjCnGja9CldHhNK1hDtzW
RkR0lyCvGN5wWa7TGdUVHTy+bUtYSSAYnrB2uei783Fe
-----END CERTIFICATE-----