Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/f12029-6758-4233-9dfc-c654356b07c4/1/sPsn8Qj2O2y01J5K_fl4ebPP2zY.roa
File:                     sPsn8Qj2O2y01J5K_fl4ebPP2zY.roa (raw, json)
Hash identifier:          /kWPdKG6KxNlmUkjWDi9jjy/LaJSghg1MGUmGDa+mCA=
Subject key identifier:   B0:FB:27:F1:08:F6:3B:6C:B4:D4:9E:4A:FD:F9:78:79:B3:CF:DB:36
Certificate issuer:       /CN=dbd382274b457662ba72d1886573a2c7dcc35486
Certificate serial:       018CC6B7A7E2928D2940105076FB34E13E22
Authority key identifier: DB:D3:82:27:4B:45:76:62:BA:72:D1:88:65:73:A2:C7:DC:C3:54:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/29OCJ0tFdmK6ctGIZXOix9zDVIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/f12029-6758-4233-9dfc-c654356b07c4/1/sPsn8Qj2O2y01J5K_fl4ebPP2zY.roa
Signing time:             Mon 01 Jan 2024 20:29:34 +0000
ROA not before:           Mon 01 Jan 2024 20:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57780
IP address blocks:        91.210.153.0/24 maxlen: 24
                          2a06:5f80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/f12029-6758-4233-9dfc-c654356b07c4/1/29OCJ0tFdmK6ctGIZXOix9zDVIY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/f12029-6758-4233-9dfc-c654356b07c4/1/29OCJ0tFdmK6ctGIZXOix9zDVIY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/29OCJ0tFdmK6ctGIZXOix9zDVIY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a7:e2:92:8d:29:40:10:50:76:fb:34:e1:3e:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbd382274b457662ba72d1886573a2c7dcc35486
        Validity
            Not Before: Jan  1 20:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0fb27f108f63b6cb4d49e4afdf97879b3cfdb36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b2:41:57:5c:d9:b3:46:1f:aa:d7:0f:dd:a4:
                    12:5c:07:34:d6:43:70:c6:c9:4a:a8:e5:58:f5:e8:
                    46:45:d8:8c:e6:bb:6d:2e:f3:6a:bc:02:71:b8:b0:
                    6d:e7:14:92:8b:c7:73:52:cf:b4:c5:fe:61:34:a0:
                    ec:b9:54:d9:c3:45:f7:54:57:b4:a3:d2:61:cb:ac:
                    fe:85:01:12:5c:0f:39:0d:16:6e:6f:84:c6:34:c8:
                    99:7f:df:70:1e:aa:7a:1d:fc:60:b0:ab:4c:b2:59:
                    92:3c:20:08:b0:9f:20:f1:a7:f3:32:bf:5a:1e:29:
                    c6:91:2c:09:2a:43:40:ac:9b:f0:4a:df:00:73:d3:
                    5f:85:db:d1:8d:22:f1:31:f2:da:4d:99:b0:fe:28:
                    44:e5:26:e3:1e:08:6b:2a:cb:b3:ba:84:ef:3b:b0:
                    73:fb:96:20:ef:f4:a1:1f:4f:3d:3e:ac:31:a0:8e:
                    18:30:bd:a7:e8:64:d4:a6:ce:14:db:92:ca:d5:2c:
                    2f:98:88:68:ce:f1:37:e5:af:68:08:b2:e5:f4:fe:
                    b5:df:fe:f1:d8:42:2a:68:e8:15:0d:36:0c:7f:62:
                    1c:a9:a1:f5:c7:50:b2:09:0f:21:4c:99:da:e5:cf:
                    be:73:5e:76:62:cc:f8:9e:1f:f8:1d:c5:a6:84:44:
                    c2:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:FB:27:F1:08:F6:3B:6C:B4:D4:9E:4A:FD:F9:78:79:B3:CF:DB:36
            X509v3 Authority Key Identifier:
                keyid:DB:D3:82:27:4B:45:76:62:BA:72:D1:88:65:73:A2:C7:DC:C3:54:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/29OCJ0tFdmK6ctGIZXOix9zDVIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/f12029-6758-4233-9dfc-c654356b07c4/1/sPsn8Qj2O2y01J5K_fl4ebPP2zY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/f12029-6758-4233-9dfc-c654356b07c4/1/29OCJ0tFdmK6ctGIZXOix9zDVIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.153.0/24
                IPv6:
                  2a06:5f80::/32

    Signature Algorithm: sha256WithRSAEncryption
         20:25:21:c0:1b:ff:d9:c2:4f:90:8d:1d:ba:6c:ec:39:1c:4f:
         ad:95:25:3c:16:4a:5c:2a:29:dc:2b:3a:ee:b5:c3:8d:a7:94:
         6b:93:a4:20:c7:32:45:30:3f:74:9f:36:e4:7f:01:84:27:0a:
         41:df:76:4f:e0:0f:14:c2:65:57:91:e2:cb:5b:85:2a:94:c3:
         da:57:8a:2d:6a:4e:64:17:9e:00:52:8c:73:49:62:3f:8d:58:
         ac:d8:5f:94:06:e9:0b:2b:2b:11:24:5a:57:f6:cf:31:45:31:
         8a:99:38:f7:fa:9f:8d:a3:d8:7c:44:eb:89:3c:85:7a:51:1d:
         54:88:ee:34:fd:85:a5:f0:2f:c1:2e:0e:0a:2b:43:4e:66:bc:
         60:42:73:f8:3e:39:7f:b9:7c:32:f1:26:08:ca:ac:bf:34:29:
         ba:14:68:64:db:6c:38:e4:9a:6e:0b:a7:9e:52:65:95:c0:0c:
         16:c3:ae:3e:d3:28:ea:95:12:2e:91:1d:50:bf:7f:36:b6:1b:
         26:c5:28:07:17:fc:2e:1e:3a:e6:da:40:e6:62:ed:2f:29:3b:
         b1:f7:72:06:21:1b:a9:85:7e:bc:f2:1f:14:2d:13:67:16:fa:
         7c:ea:69:bb:fe:61:3c:e5:c9:9d:00:70:ee:38:e5:e2:27:31:
         d7:a3:61:6b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGt6fiko0pQBBQdvs04T4iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZDM4MjI3NGI0NTc2NjJiYTcyZDE4ODY1NzNhMmM3ZGNj
MzU0ODYwHhcNMjQwMTAxMjAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGZiMjdmMTA4ZjYzYjZjYjRkNDllNGFmZGY5Nzg3OWIzY2ZkYjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrJBV1zZs0YfqtcP3aQSXAc01kNw
xslKqOVY9ehGRdiM5rttLvNqvAJxuLBt5xSSi8dzUs+0xf5hNKDsuVTZw0X3VFe0
o9Jhy6z+hQESXA85DRZub4TGNMiZf99wHqp6HfxgsKtMslmSPCAIsJ8g8afzMr9a
HinGkSwJKkNArJvwSt8Ac9NfhdvRjSLxMfLaTZmw/ihE5SbjHghrKsuzuoTvO7Bz
+5Yg7/ShH089PqwxoI4YML2n6GTUps4U25LK1SwvmIhozvE35a9oCLLl9P613/7x
2EIqaOgVDTYMf2IcqaH1x1CyCQ8hTJna5c++c152Ysz4nh/4HcWmhETCJQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLD7J/EI9jtstNSeSv35eHmzz9s2MB8GA1UdIwQY
MBaAFNvTgidLRXZiunLRiGVzosfcw1SGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjlPQ0owdEZkbUs2Y3RHSVpYT2l4OXpEVklZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9mMTIwMjktNjc1OC00MjMzLTlkZmMt
YzY1NDM1NmIwN2M0LzEvc1BzbjhRajJPMnkwMUo1S19mbDRlYlBQMnpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9mMTIwMjktNjc1OC00MjMzLTlkZmMtYzY1NDM1NmIwN2M0
LzEvMjlPQ0owdEZkbUs2Y3RHSVpYT2l4OXpEVklZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW9KZMA0E
AgACMAcDBQAqBl+AMA0GCSqGSIb3DQEBCwUAA4IBAQAgJSHAG//Zwk+QjR26bOw5
HE+tlSU8FkpcKincKzrutcONp5Rrk6QgxzJFMD90nzbkfwGEJwpB33ZP4A8UwmVX
keLLW4UqlMPaV4otak5kF54AUoxzSWI/jVis2F+UBukLKysRJFpX9s8xRTGKmTj3
+p+No9h8ROuJPIV6UR1UiO40/YWl8C/BLg4KK0NOZrxgQnP4Pjl/uXwy8SYIyqy/
NCm6FGhk22w45JpuC6eeUmWVwAwWw64+0yjqlRIukR1Qv382thsmxSgHF/wuHjrm
2kDmYu0vKTux93IGIRuphX688h8ULRNnFvp86mm7/mE85cmdAHDuOOXiJzHXo2Fr
-----END CERTIFICATE-----