Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/aWLrGiTvKwioJpTo5bFZc5W2F1o.roa
File:                     aWLrGiTvKwioJpTo5bFZc5W2F1o.roa (raw, json)
Hash identifier:          K3q9oVH5lE8w9PTO+oXZqKYCAZZ3iAfOOCfxIlf/wjk=
Subject key identifier:   69:62:EB:1A:24:EF:2B:08:A8:26:94:E8:E5:B1:59:73:95:B6:17:5A
Certificate issuer:       /CN=8c96c66af331c985b859d403b36974c0632e1ef2
Certificate serial:       018CC64B1C9193799219131F32802A8DEECD
Authority key identifier: 8C:96:C6:6A:F3:31:C9:85:B8:59:D4:03:B3:69:74:C0:63:2E:1E:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jJbGavMxyYW4WdQDs2l0wGMuHvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/aWLrGiTvKwioJpTo5bFZc5W2F1o.roa
Signing time:             Mon 01 Jan 2024 18:31:00 +0000
ROA not before:           Mon 01 Jan 2024 18:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49250
IP address blocks:        91.233.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/jJbGavMxyYW4WdQDs2l0wGMuHvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/jJbGavMxyYW4WdQDs2l0wGMuHvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jJbGavMxyYW4WdQDs2l0wGMuHvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:1c:91:93:79:92:19:13:1f:32:80:2a:8d:ee:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c96c66af331c985b859d403b36974c0632e1ef2
        Validity
            Not Before: Jan  1 18:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6962eb1a24ef2b08a82694e8e5b1597395b6175a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:18:8c:07:c8:c7:6a:53:25:da:be:07:6b:82:
                    ad:fb:54:c5:3c:6c:b9:5f:3f:1b:48:a7:17:0a:f3:
                    2f:fd:fe:1e:7c:36:16:29:0b:c6:05:10:03:3b:42:
                    c3:0a:08:e4:b3:67:20:40:2f:63:d5:0a:87:38:62:
                    f0:a6:f0:1a:76:26:5f:89:60:ad:4f:91:ba:0e:44:
                    fd:cf:92:40:5e:76:dc:e1:37:6a:d2:48:3f:1c:da:
                    c0:c2:58:83:0c:8a:49:cf:28:5c:93:e9:6c:a2:03:
                    83:17:4b:bf:5d:92:2a:fc:eb:92:dc:5d:dd:4b:30:
                    ec:ef:e8:91:6a:b9:fa:0e:4f:bc:2f:3d:f8:e2:26:
                    0e:1f:95:30:e2:7b:28:9b:55:4b:c9:03:3c:ea:69:
                    cf:f4:0d:bc:74:0e:7e:77:03:90:98:6c:99:56:9e:
                    f1:4f:88:5a:ad:f8:24:09:d9:32:0b:db:98:f3:26:
                    50:6d:cf:87:da:a9:c8:4d:87:67:28:bb:59:13:6c:
                    b9:33:1f:72:46:61:53:79:0d:ac:18:6d:b4:59:47:
                    b6:6e:12:4c:a7:ff:ab:b2:ac:98:82:12:c2:7b:77:
                    09:07:50:26:32:66:fc:59:05:90:6d:eb:d5:b9:54:
                    71:9e:2a:03:30:06:71:fe:df:f4:4c:ba:4c:c4:9a:
                    f1:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:62:EB:1A:24:EF:2B:08:A8:26:94:E8:E5:B1:59:73:95:B6:17:5A
            X509v3 Authority Key Identifier:
                keyid:8C:96:C6:6A:F3:31:C9:85:B8:59:D4:03:B3:69:74:C0:63:2E:1E:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jJbGavMxyYW4WdQDs2l0wGMuHvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/aWLrGiTvKwioJpTo5bFZc5W2F1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/jJbGavMxyYW4WdQDs2l0wGMuHvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:f5:15:d7:bc:0d:39:e9:05:91:30:1b:9f:4b:07:f2:c2:b8:
         e3:58:17:9d:1d:9b:b1:c3:5e:af:5e:1c:6f:97:14:10:ff:8a:
         8e:71:9e:e0:0d:2c:3c:4e:e2:9f:7f:16:56:a3:d9:be:08:7f:
         9d:2a:a0:66:bc:0e:b8:2f:c3:1d:29:0b:9e:59:be:01:49:d6:
         9c:f9:59:ef:58:47:0d:cf:d9:ef:0c:31:2e:2e:a1:40:6c:54:
         a0:a0:ac:c4:28:ea:69:af:f3:3c:c1:e5:19:48:43:b5:62:51:
         bd:97:39:11:47:7e:cd:15:99:c6:33:4c:e4:4c:b4:dc:3f:f7:
         fc:27:61:b2:bf:2b:10:d6:c1:67:37:27:fe:48:35:9c:a4:bf:
         cb:4f:6f:6f:26:e8:14:1d:8a:8e:33:fa:aa:31:b6:09:15:79:
         68:6f:cd:5a:a5:21:bc:43:8f:ff:06:8a:0b:96:56:3b:60:52:
         1e:5a:c6:c5:fe:22:ed:eb:7a:7d:d0:d6:2d:8c:80:87:a9:e7:
         53:d7:75:68:b9:8d:32:76:f6:bb:d1:ce:53:a1:a9:72:e7:bf:
         f9:ac:c1:d8:a3:0d:3f:7a:c3:05:ce:13:0f:11:c5:94:37:39:
         dd:f0:99:65:6b:ea:0c:8b:63:c8:33:2d:ab:04:e9:fe:67:49:
         21:b7:46:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSxyRk3mSGRMfMoAqje7NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjOTZjNjZhZjMzMWM5ODViODU5ZDQwM2IzNjk3NGMwNjMy
ZTFlZjIwHhcNMjQwMTAxMTgzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTYyZWIxYTI0ZWYyYjA4YTgyNjk0ZThlNWIxNTk3Mzk1YjYxNzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBiMB8jHalMl2r4Ha4Kt+1TFPGy5
Xz8bSKcXCvMv/f4efDYWKQvGBRADO0LDCgjks2cgQC9j1QqHOGLwpvAadiZfiWCt
T5G6DkT9z5JAXnbc4Tdq0kg/HNrAwliDDIpJzyhck+lsogODF0u/XZIq/OuS3F3d
SzDs7+iRarn6Dk+8Lz344iYOH5Uw4nsom1VLyQM86mnP9A28dA5+dwOQmGyZVp7x
T4harfgkCdkyC9uY8yZQbc+H2qnITYdnKLtZE2y5Mx9yRmFTeQ2sGG20WUe2bhJM
p/+rsqyYghLCe3cJB1AmMmb8WQWQbevVuVRxnioDMAZx/t/0TLpMxJrx0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGli6xok7ysIqCaU6OWxWXOVthdaMB8GA1UdIwQY
MBaAFIyWxmrzMcmFuFnUA7NpdMBjLh7yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakpiR2F2TXh5WVc0V2RRRHMybDB3R011SHZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC85N2UwNTctMGY2MC00YWFmLTlhNDgt
ODNhNDQzMTBhOTY0LzEvYVdMckdpVHZLd2lvSnBUbzViRlpjNVcyRjFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC85N2UwNTctMGY2MC00YWFmLTlhNDgtODNhNDQzMTBhOTY0
LzEvakpiR2F2TXh5WVc0V2RRRHMybDB3R011SHZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+lDMA0G
CSqGSIb3DQEBCwUAA4IBAQBs9RXXvA056QWRMBufSwfywrjjWBedHZuxw16vXhxv
lxQQ/4qOcZ7gDSw8TuKffxZWo9m+CH+dKqBmvA64L8MdKQueWb4BSdac+VnvWEcN
z9nvDDEuLqFAbFSgoKzEKOppr/M8weUZSEO1YlG9lzkRR37NFZnGM0zkTLTcP/f8
J2GyvysQ1sFnNyf+SDWcpL/LT29vJugUHYqOM/qqMbYJFXlob81apSG8Q4//BooL
llY7YFIeWsbF/iLt63p90NYtjICHqedT13VouY0ydva70c5Toaly57/5rMHYow0/
esMFzhMPEcWUNznd8Jlla+oMi2PIMy2rBOn+Z0kht0Yn
-----END CERTIFICATE-----