Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/ldB8yXA8TriSKJgqXvz2negS9W4.roa
File:                     ldB8yXA8TriSKJgqXvz2negS9W4.roa (raw, json)
Hash identifier:          O/ypqBx/0qnbV97AfVXIeOa/lJRKxvDKdWnzsRGLbhI=
Subject key identifier:   95:D0:7C:C9:70:3C:4E:B8:92:28:98:2A:5E:FC:F6:9D:E8:12:F5:6E
Certificate issuer:       /CN=cec3b347a216bc437b0bd4cf0bc8cda65e8c2d3b
Certificate serial:       018CC8DE78FE549A0D2968921E394028FF4E
Authority key identifier: CE:C3:B3:47:A2:16:BC:43:7B:0B:D4:CF:0B:C8:CD:A6:5E:8C:2D:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsOzR6IWvEN7C9TPC8jNpl6MLTs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/ldB8yXA8TriSKJgqXvz2negS9W4.roa
Signing time:             Tue 02 Jan 2024 06:31:12 +0000
ROA not before:           Tue 02 Jan 2024 06:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2856
IP address blocks:        91.102.189.0/24 maxlen: 24
                          91.102.191.0/24 maxlen: 24
                          91.102.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/zsOzR6IWvEN7C9TPC8jNpl6MLTs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/zsOzR6IWvEN7C9TPC8jNpl6MLTs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsOzR6IWvEN7C9TPC8jNpl6MLTs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:78:fe:54:9a:0d:29:68:92:1e:39:40:28:ff:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec3b347a216bc437b0bd4cf0bc8cda65e8c2d3b
        Validity
            Not Before: Jan  2 06:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95d07cc9703c4eb89228982a5efcf69de812f56e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b5:4c:9e:c9:55:e8:11:65:17:a6:ed:3b:1f:
                    d5:b8:a8:93:30:bd:66:37:54:4e:e5:c4:2f:0e:f4:
                    fa:c9:43:25:ce:cc:12:97:98:34:29:e8:01:da:75:
                    da:40:08:b4:33:8f:1a:27:d0:67:f5:85:7f:f4:a2:
                    07:8a:7f:d7:b4:e6:f5:e6:35:bf:4a:5c:2e:2f:7e:
                    e2:35:7b:2a:3c:37:ac:f4:f9:54:7e:9b:88:7a:b4:
                    32:90:9f:5e:5e:df:ed:1b:f0:89:d4:5c:df:45:c7:
                    1d:7b:7d:40:d7:2c:0e:8a:2d:4b:38:4a:fc:6a:b0:
                    4c:da:0e:b3:6f:89:11:f6:5f:c6:1e:25:8d:86:91:
                    79:3a:ee:a6:78:62:8f:50:c4:a4:f6:dc:3e:49:2f:
                    77:e9:3c:92:5b:08:e5:42:61:dd:7a:f2:36:dd:7e:
                    ef:7e:67:bc:38:55:71:45:60:bb:58:1d:68:b8:68:
                    4d:1a:02:9c:18:c9:1c:a2:c5:86:22:a6:c3:2d:5e:
                    43:cf:45:eb:3f:d8:da:5a:f7:78:0f:db:d2:34:92:
                    35:34:5f:3c:44:f7:e2:3e:9e:77:66:28:4d:67:f2:
                    5c:16:f9:dd:30:a7:3f:2e:e9:ad:cb:f1:b6:aa:41:
                    2e:6f:07:64:84:dd:ea:45:85:6f:67:e8:f3:e3:10:
                    fe:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:D0:7C:C9:70:3C:4E:B8:92:28:98:2A:5E:FC:F6:9D:E8:12:F5:6E
            X509v3 Authority Key Identifier:
                keyid:CE:C3:B3:47:A2:16:BC:43:7B:0B:D4:CF:0B:C8:CD:A6:5E:8C:2D:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsOzR6IWvEN7C9TPC8jNpl6MLTs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/ldB8yXA8TriSKJgqXvz2negS9W4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/zsOzR6IWvEN7C9TPC8jNpl6MLTs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.189.0-91.102.191.255

    Signature Algorithm: sha256WithRSAEncryption
         ac:b6:76:ea:56:bd:f9:56:b2:ea:89:1c:63:8d:19:48:99:d7:
         9e:8f:4e:da:8a:cf:dc:ab:7d:7b:60:5b:df:90:93:49:f5:61:
         3c:6e:c7:b6:ca:9d:a2:cf:bb:f4:27:f4:50:42:af:3a:08:5e:
         78:0c:fa:45:ec:10:80:d7:14:d2:88:b6:67:db:55:96:08:3e:
         66:54:ba:be:58:8e:7e:2f:9c:7b:7e:41:72:83:25:59:6f:a6:
         88:43:56:dd:12:08:5d:b7:5e:d7:dc:de:fc:cd:83:54:06:49:
         a2:16:50:c7:02:d5:02:fa:72:85:fa:18:02:85:63:02:23:0b:
         19:d0:5b:d0:12:e9:c5:db:58:de:dd:1e:b9:18:b5:cf:6d:54:
         e8:cd:ac:d8:32:61:b7:5b:99:e7:d7:67:fa:06:f7:4c:a1:37:
         c5:51:4b:a6:52:d4:e7:fc:c6:06:ef:0a:bd:65:81:12:68:d3:
         63:4a:d7:4d:e4:51:fb:97:e5:d3:da:a4:23:56:6c:66:ff:eb:
         ab:b2:b0:1f:a3:e7:f8:24:08:0f:d1:0a:91:26:07:39:b9:da:
         3f:9e:14:b1:09:43:e2:9b:64:39:21:7e:c8:bc:cc:66:65:dd:
         53:3a:a9:23:4b:eb:ae:5d:ca:8a:43:2b:6b:90:fc:35:d5:de:
         6b:46:84:65
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzI3nj+VJoNKWiSHjlAKP9OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzNiMzQ3YTIxNmJjNDM3YjBiZDRjZjBiYzhjZGE2NWU4
YzJkM2IwHhcNMjQwMTAyMDYzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWQwN2NjOTcwM2M0ZWI4OTIyODk4MmE1ZWZjZjY5ZGU4MTJmNTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLVMnslV6BFlF6btOx/VuKiTML1m
N1RO5cQvDvT6yUMlzswSl5g0KegB2nXaQAi0M48aJ9Bn9YV/9KIHin/XtOb15jW/
SlwuL37iNXsqPDes9PlUfpuIerQykJ9eXt/tG/CJ1FzfRccde31A1ywOii1LOEr8
arBM2g6zb4kR9l/GHiWNhpF5Ou6meGKPUMSk9tw+SS936TySWwjlQmHdevI23X7v
fme8OFVxRWC7WB1ouGhNGgKcGMkcosWGIqbDLV5Dz0XrP9jaWvd4D9vSNJI1NF88
RPfiPp53ZihNZ/JcFvndMKc/Lumty/G2qkEubwdkhN3qRYVvZ+jz4xD+JwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJXQfMlwPE64kiiYKl789p3oEvVuMB8GA1UdIwQY
MBaAFM7Ds0eiFrxDewvUzwvIzaZejC07MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNPelI2SVd2RU43QzlUUEM4ak5wbDZNTFRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny83YTY4M2ItZmE3OC00MTEyLWI2YjYt
MTU1ZmIzZmUyODdlLzEvbGRCOHlYQThUcmlTS0pncVh2ejJuZWdTOVc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny83YTY4M2ItZmE3OC00MTEyLWI2YjYtMTU1ZmIzZmUyODdl
LzEvenNPelI2SVd2RU43QzlUUEM4ak5wbDZNTFRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABbZr0D
BAZbZoAwDQYJKoZIhvcNAQELBQADggEBAKy2dupWvflWsuqJHGONGUiZ156PTtqK
z9yrfXtgW9+Qk0n1YTxux7bKnaLPu/Qn9FBCrzoIXngM+kXsEIDXFNKItmfbVZYI
PmZUur5Yjn4vnHt+QXKDJVlvpohDVt0SCF23Xtfc3vzNg1QGSaIWUMcC1QL6coX6
GAKFYwIjCxnQW9AS6cXbWN7dHrkYtc9tVOjNrNgyYbdbmefXZ/oG90yhN8VRS6ZS
1Of8xgbvCr1lgRJo02NK103kUfuX5dPapCNWbGb/66uysB+j5/gkCA/RCpEmBzm5
2j+eFLEJQ+KbZDkhfsi8zGZl3VM6qSNL665dyopDK2uQ/DXV3mtGhGU=
-----END CERTIFICATE-----