Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/PWMj2GTB4Lkywqoxyj_z8X7wEjU.roa
File:                     PWMj2GTB4Lkywqoxyj_z8X7wEjU.roa (raw, json)
Hash identifier:          l41b1YOGhN3rLsl2hAlTbOvVZ9LbOU4veQyxzI/LZcg=
Subject key identifier:   3D:63:23:D8:64:C1:E0:B9:32:C2:AA:31:CA:3F:F3:F1:7E:F0:12:35
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B97D98A889599B202EB475742CDD7
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/PWMj2GTB4Lkywqoxyj_z8X7wEjU.roa
Signing time:             Mon 01 Jan 2024 18:31:32 +0000
ROA not before:           Mon 01 Jan 2024 18:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207838
IP address blocks:        188.114.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:97:d9:8a:88:95:99:b2:02:eb:47:57:42:cd:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d6323d864c1e0b932c2aa31ca3ff3f17ef01235
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:25:ce:ae:31:72:3d:b4:d9:f8:35:8c:5e:6d:
                    06:c2:4b:ad:fb:c0:11:27:00:f6:7d:e5:85:77:73:
                    84:bf:7a:5d:aa:ab:4c:c0:5f:b9:ba:b6:31:01:20:
                    4b:e4:c5:1b:d4:21:f8:de:0c:a5:f7:96:0c:ee:cb:
                    65:c7:4c:06:19:ca:d5:93:35:de:42:3a:d0:ac:e4:
                    db:60:74:8c:9f:91:b5:7a:d0:20:e3:44:d2:bc:44:
                    f4:9d:a1:95:1a:80:0d:c3:d8:0f:b6:dc:75:3d:20:
                    04:aa:8b:08:b5:85:4a:a9:61:8b:62:19:9f:8f:42:
                    cc:91:04:22:d2:da:46:8f:5e:3c:d5:97:65:67:4b:
                    e2:91:31:4d:c1:c0:cc:d9:c7:82:7a:05:75:a9:30:
                    48:b6:28:c0:20:6d:50:ef:59:ab:28:4b:a6:55:30:
                    3f:07:50:ca:34:fc:8f:bb:66:b9:39:bc:ee:3f:4e:
                    a6:75:ea:20:26:2a:22:10:07:ae:c5:48:62:2f:8f:
                    2d:40:bd:96:23:e5:83:b2:28:59:02:10:ba:e1:0c:
                    db:bf:b6:d5:ae:6e:f1:c2:1c:07:03:31:29:84:48:
                    0e:89:7d:7f:90:0d:f5:75:4e:fc:ec:b4:6d:c0:5d:
                    79:ce:26:f0:b6:cd:c0:79:23:89:c8:c6:7f:a2:fe:
                    90:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:63:23:D8:64:C1:E0:B9:32:C2:AA:31:CA:3F:F3:F1:7E:F0:12:35
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/PWMj2GTB4Lkywqoxyj_z8X7wEjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.114.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:ad:60:95:a1:4f:3a:4d:22:55:64:ae:9a:38:37:f6:b5:23:
         3b:d0:f5:8d:5c:d1:14:6b:d1:e0:81:85:b4:c6:36:dc:30:4c:
         25:55:c3:59:b7:46:ef:c6:a8:bb:ab:6b:a5:1b:2c:4c:08:4b:
         19:43:a9:51:e8:b7:d1:51:f9:a6:73:8e:7a:f6:50:32:33:f1:
         53:52:b9:9d:03:04:30:8c:1e:63:25:1b:0a:c4:f3:8f:0e:0d:
         c7:2c:e5:f2:a6:3d:7d:c6:68:b0:da:b8:f9:df:2e:7c:f7:db:
         18:28:d1:15:c6:00:fa:0f:6a:08:ef:fb:c0:bf:ce:b7:74:8d:
         5b:be:16:2d:9a:1c:4a:d1:13:7e:09:a3:58:e6:e2:b9:56:e7:
         6d:e6:8c:44:77:6e:e8:32:b0:b7:85:fd:96:33:61:91:8c:33:
         6e:bc:d3:3c:83:97:7a:c5:f0:37:0e:e9:f3:43:16:4d:a9:7a:
         c5:0c:ec:08:22:4d:c2:0a:c7:44:d3:59:61:c7:28:a8:e6:c5:
         f8:49:2f:99:34:a6:85:6e:09:8b:b8:a2:b0:62:2d:c6:24:0c:
         d6:aa:f2:be:27:4c:12:96:3c:31:00:59:82:81:2f:23:c7:1a:
         18:4b:1b:dc:eb:a2:12:8e:6a:36:74:33:f9:d1:8c:e2:c7:a5:
         6a:e1:9d:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS5fZioiVmbIC60dXQs3XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDYzMjNkODY0YzFlMGI5MzJjMmFhMzFjYTNmZjNmMTdlZjAxMjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCXOrjFyPbTZ+DWMXm0Gwkut+8AR
JwD2feWFd3OEv3pdqqtMwF+5urYxASBL5MUb1CH43gyl95YM7stlx0wGGcrVkzXe
QjrQrOTbYHSMn5G1etAg40TSvET0naGVGoANw9gPttx1PSAEqosItYVKqWGLYhmf
j0LMkQQi0tpGj1481ZdlZ0vikTFNwcDM2ceCegV1qTBItijAIG1Q71mrKEumVTA/
B1DKNPyPu2a5ObzuP06mdeogJioiEAeuxUhiL48tQL2WI+WDsihZAhC64Qzbv7bV
rm7xwhwHAzEphEgOiX1/kA31dU787LRtwF15zibwts3AeSOJyMZ/ov6QpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD1jI9hkweC5MsKqMco/8/F+8BI1MB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvUFdNajJHVEI0TGt5d3FveHlqX3o4WDd3RWpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvHJbMA0G
CSqGSIb3DQEBCwUAA4IBAQAPrWCVoU86TSJVZK6aODf2tSM70PWNXNEUa9HggYW0
xjbcMEwlVcNZt0bvxqi7q2ulGyxMCEsZQ6lR6LfRUfmmc4569lAyM/FTUrmdAwQw
jB5jJRsKxPOPDg3HLOXypj19xmiw2rj53y5899sYKNEVxgD6D2oI7/vAv863dI1b
vhYtmhxK0RN+CaNY5uK5Vudt5oxEd27oMrC3hf2WM2GRjDNuvNM8g5d6xfA3Dunz
QxZNqXrFDOwIIk3CCsdE01lhxyio5sX4SS+ZNKaFbgmLuKKwYi3GJAzWqvK+J0wS
ljwxAFmCgS8jxxoYSxvc66ISjmo2dDP50Yzix6Vq4Z1x
-----END CERTIFICATE-----