Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/d4e434-6356-46fd-8b35-7ffd5c550385/1/bfiIBz0O4mQBu6DBFzxZpAbrGS8.roa
File:                     bfiIBz0O4mQBu6DBFzxZpAbrGS8.roa (raw, json)
Hash identifier:          N+6SSy+dRDHtePYahekfytCPqVY61OYN6/8EE/Dg1HQ=
Subject key identifier:   6D:F8:88:07:3D:0E:E2:64:01:BB:A0:C1:17:3C:59:A4:06:EB:19:2F
Certificate issuer:       /CN=25dd9b849c0dafae386f470123b09261ae355517
Certificate serial:       018CCA2A213FF661593A5D25790A73E24794
Authority key identifier: 25:DD:9B:84:9C:0D:AF:AE:38:6F:47:01:23:B0:92:61:AE:35:55:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jd2bhJwNr644b0cBI7CSYa41VRc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/d4e434-6356-46fd-8b35-7ffd5c550385/1/bfiIBz0O4mQBu6DBFzxZpAbrGS8.roa
Signing time:             Tue 02 Jan 2024 12:33:27 +0000
ROA not before:           Tue 02 Jan 2024 12:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51323
IP address blocks:        91.203.104.0/24 maxlen: 24
                          185.31.88.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/d4e434-6356-46fd-8b35-7ffd5c550385/1/Jd2bhJwNr644b0cBI7CSYa41VRc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/d4e434-6356-46fd-8b35-7ffd5c550385/1/Jd2bhJwNr644b0cBI7CSYa41VRc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jd2bhJwNr644b0cBI7CSYa41VRc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:21:3f:f6:61:59:3a:5d:25:79:0a:73:e2:47:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25dd9b849c0dafae386f470123b09261ae355517
        Validity
            Not Before: Jan  2 12:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6df888073d0ee26401bba0c1173c59a406eb192f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:af:b8:75:78:50:87:a9:9e:eb:87:8d:a8:99:
                    5f:b8:fa:35:41:fe:66:96:2c:83:43:05:bd:43:52:
                    bf:71:fe:de:a0:0a:78:5e:ac:91:ad:38:6c:57:e2:
                    76:92:2c:0a:2d:c6:ec:e3:6d:01:c6:e7:c1:b4:00:
                    2c:1b:df:ad:51:53:06:32:e0:dd:89:7f:fa:bf:24:
                    5c:27:ba:3f:4a:01:22:7a:33:0b:54:6c:70:fa:7e:
                    a5:37:00:9e:e9:71:3b:4b:12:18:5f:70:94:70:e4:
                    a7:92:66:70:90:32:eb:fd:0f:57:0c:33:95:24:9f:
                    17:5e:d5:9c:77:f0:8f:d1:99:87:50:12:71:dd:f4:
                    92:f6:cc:96:f9:c5:69:25:a1:26:2b:7c:45:92:07:
                    17:62:93:49:d0:b0:71:98:8b:23:28:4c:33:7e:ca:
                    1e:fb:e2:c2:2f:04:74:f4:d4:c8:5c:32:02:58:de:
                    36:ad:66:62:8e:9f:86:9a:d0:b8:c6:91:ae:86:d6:
                    66:eb:99:4f:6a:5e:24:4f:70:db:a6:d6:fa:33:fd:
                    78:e9:72:ed:94:36:23:e5:4f:50:26:86:49:67:a2:
                    55:e4:00:a2:45:ee:d8:c6:1d:e8:1e:42:45:52:85:
                    f5:17:0c:a5:33:17:25:02:c5:9f:f4:85:86:3b:a9:
                    b3:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:F8:88:07:3D:0E:E2:64:01:BB:A0:C1:17:3C:59:A4:06:EB:19:2F
            X509v3 Authority Key Identifier:
                keyid:25:DD:9B:84:9C:0D:AF:AE:38:6F:47:01:23:B0:92:61:AE:35:55:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jd2bhJwNr644b0cBI7CSYa41VRc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/d4e434-6356-46fd-8b35-7ffd5c550385/1/bfiIBz0O4mQBu6DBFzxZpAbrGS8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/d4e434-6356-46fd-8b35-7ffd5c550385/1/Jd2bhJwNr644b0cBI7CSYa41VRc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.104.0/24
                  185.31.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:b4:c3:e3:bf:37:44:15:67:71:7d:4a:37:e3:ee:fb:1e:b5:
         18:f4:30:88:9c:bd:65:5c:ae:e5:30:8a:44:c2:49:14:e2:51:
         a2:30:bd:f0:76:80:60:2c:35:bf:7e:81:bf:79:6d:cc:86:67:
         cb:fa:bf:5a:13:3d:ea:3f:9e:9b:66:0b:e9:1f:e2:ac:e6:4d:
         6b:21:f1:ef:75:70:90:a4:18:78:bd:54:c8:89:ad:20:5b:1c:
         bb:57:5e:bc:79:95:4f:2a:65:8e:44:69:8f:b3:6d:f8:46:5d:
         2a:7e:be:9d:0f:24:63:2d:97:be:a0:38:6f:d1:d3:49:da:27:
         2a:22:61:cd:8e:63:ef:54:a3:7b:82:85:b1:80:8a:fb:38:54:
         ae:a6:8b:b1:f7:e2:53:c5:74:b5:7c:17:d0:2c:b3:13:5f:fc:
         f4:ee:e2:e6:24:6f:e2:82:5a:70:f9:3b:c1:04:f8:b3:88:57:
         e2:ed:16:03:0a:80:df:1a:21:97:c5:2c:7d:6e:b4:d8:41:d4:
         99:2c:00:0d:2e:82:bf:f8:4d:d2:ea:2b:ff:51:45:08:75:7c:
         da:ec:19:3b:a0:31:73:d9:65:bb:be:7c:ed:3b:d3:7e:d7:70:
         57:da:3b:49:f7:43:e0:48:12:f7:a3:b1:b2:19:52:9d:da:92:
         a7:ac:36:ce
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKiE/9mFZOl0leQpz4keUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZGQ5Yjg0OWMwZGFmYWUzODZmNDcwMTIzYjA5MjYxYWUz
NTU1MTcwHhcNMjQwMTAyMTIzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGY4ODgwNzNkMGVlMjY0MDFiYmEwYzExNzNjNTlhNDA2ZWIxOTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApq+4dXhQh6me64eNqJlfuPo1Qf5m
liyDQwW9Q1K/cf7eoAp4XqyRrThsV+J2kiwKLcbs420BxufBtAAsG9+tUVMGMuDd
iX/6vyRcJ7o/SgEiejMLVGxw+n6lNwCe6XE7SxIYX3CUcOSnkmZwkDLr/Q9XDDOV
JJ8XXtWcd/CP0ZmHUBJx3fSS9syW+cVpJaEmK3xFkgcXYpNJ0LBxmIsjKEwzfsoe
++LCLwR09NTIXDICWN42rWZijp+GmtC4xpGuhtZm65lPal4kT3Dbptb6M/146XLt
lDYj5U9QJoZJZ6JV5ACiRe7Yxh3oHkJFUoX1FwylMxclAsWf9IWGO6mz5QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG34iAc9DuJkAbugwRc8WaQG6xkvMB8GA1UdIwQY
MBaAFCXdm4ScDa+uOG9HASOwkmGuNVUXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmQyYmhKd05yNjQ0YjBjQkk3Q1NZYTQxVlJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9kNGU0MzQtNjM1Ni00NmZkLThiMzUt
N2ZmZDVjNTUwMzg1LzEvYmZpSUJ6ME80bVFCdTZEQkZ6eFpwQWJyR1M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9kNGU0MzQtNjM1Ni00NmZkLThiMzUtN2ZmZDVjNTUwMzg1
LzEvSmQyYmhKd05yNjQ0YjBjQkk3Q1NZYTQxVlJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8toAwQC
uR9YMA0GCSqGSIb3DQEBCwUAA4IBAQCBtMPjvzdEFWdxfUo34+77HrUY9DCInL1l
XK7lMIpEwkkU4lGiML3wdoBgLDW/foG/eW3MhmfL+r9aEz3qP56bZgvpH+Ks5k1r
IfHvdXCQpBh4vVTIia0gWxy7V168eZVPKmWORGmPs234Rl0qfr6dDyRjLZe+oDhv
0dNJ2icqImHNjmPvVKN7goWxgIr7OFSupoux9+JTxXS1fBfQLLMTX/z07uLmJG/i
glpw+TvBBPiziFfi7RYDCoDfGiGXxSx9brTYQdSZLAANLoK/+E3S6iv/UUUIdXza
7Bk7oDFz2WW7vnztO9N+13BX2jtJ90PgSBL3o7GyGVKd2pKnrDbO
-----END CERTIFICATE-----