Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/tHKBbTaapOYAzaopCFn3Z8XktW8.roa
File:                     tHKBbTaapOYAzaopCFn3Z8XktW8.roa (raw, json)
Hash identifier:          fox619NsYfGFhxzjR4NKw6P0KFbfoi3cWHLfJ7gOgZg=
Subject key identifier:   B4:72:81:6D:36:9A:A4:E6:00:CD:AA:29:08:59:F7:67:C5:E4:B5:6F
Certificate issuer:       /CN=cec3b347a216bc437b0bd4cf0bc8cda65e8c2d3b
Certificate serial:       018CC8DE7A2E8A31D9DD3D6D333EA6F028FA
Authority key identifier: CE:C3:B3:47:A2:16:BC:43:7B:0B:D4:CF:0B:C8:CD:A6:5E:8C:2D:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsOzR6IWvEN7C9TPC8jNpl6MLTs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/tHKBbTaapOYAzaopCFn3Z8XktW8.roa
Signing time:             Tue 02 Jan 2024 06:31:12 +0000
ROA not before:           Tue 02 Jan 2024 06:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41963
IP address blocks:        91.102.184.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/zsOzR6IWvEN7C9TPC8jNpl6MLTs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/zsOzR6IWvEN7C9TPC8jNpl6MLTs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsOzR6IWvEN7C9TPC8jNpl6MLTs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:7a:2e:8a:31:d9:dd:3d:6d:33:3e:a6:f0:28:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec3b347a216bc437b0bd4cf0bc8cda65e8c2d3b
        Validity
            Not Before: Jan  2 06:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b472816d369aa4e600cdaa290859f767c5e4b56f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:b7:92:4a:55:e3:79:ca:6c:1c:29:45:3e:34:
                    a7:db:77:71:17:bd:ed:dc:16:32:b2:29:e6:0e:04:
                    28:47:c7:3c:2b:ae:ac:00:6d:8f:82:3d:3c:67:62:
                    71:e1:17:64:8f:8e:f5:56:3b:2a:e7:6d:3f:95:63:
                    d7:78:45:23:b4:b0:85:50:1e:93:36:d0:b3:bf:1b:
                    da:4e:a0:5e:19:aa:a4:a3:d6:f1:23:75:85:9a:c1:
                    ac:f1:a5:04:89:b4:9f:e7:f8:94:bd:c1:fa:04:06:
                    2c:80:4e:ea:81:1b:38:b3:1c:c0:40:45:51:d5:e3:
                    5a:88:fb:af:88:32:01:51:f8:07:e8:d3:40:d1:5a:
                    b7:76:d0:f5:ee:0e:18:5b:ac:52:87:cf:df:a7:47:
                    02:b7:3a:0f:2b:15:87:54:22:5e:fd:7d:4b:49:e9:
                    14:3b:75:c1:3a:40:08:13:ff:4d:f4:55:9f:73:bc:
                    51:7f:50:91:3c:c9:bf:ed:f4:c6:70:a8:a9:60:60:
                    5a:32:37:51:28:bc:86:90:29:e4:d3:b4:f6:64:6b:
                    44:b5:f9:fe:aa:29:12:62:c5:b2:90:bc:94:f2:fb:
                    b1:c6:18:84:d5:88:ab:23:dd:54:eb:5f:1b:c0:45:
                    b0:0d:af:63:f1:0e:01:0e:df:74:08:3b:4d:32:ff:
                    53:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:72:81:6D:36:9A:A4:E6:00:CD:AA:29:08:59:F7:67:C5:E4:B5:6F
            X509v3 Authority Key Identifier:
                keyid:CE:C3:B3:47:A2:16:BC:43:7B:0B:D4:CF:0B:C8:CD:A6:5E:8C:2D:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsOzR6IWvEN7C9TPC8jNpl6MLTs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/tHKBbTaapOYAzaopCFn3Z8XktW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/zsOzR6IWvEN7C9TPC8jNpl6MLTs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.184.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b3:3e:bd:15:c0:e7:d3:78:93:43:1d:b0:0f:3a:4a:bd:a3:2d:
         0e:ca:ea:f1:10:14:93:9e:15:2a:76:cd:4f:5e:29:8a:b9:05:
         7a:c9:b0:c8:18:7a:85:c8:f0:4b:f0:6e:06:5c:35:b2:ab:94:
         62:09:19:8a:f5:ab:e0:92:03:18:48:a4:55:72:86:24:46:98:
         0c:f2:a4:25:39:cc:30:49:d6:83:47:cc:30:fc:21:26:25:2a:
         30:3b:60:1b:98:a2:3c:bb:6a:d5:85:ed:6c:94:99:7e:55:62:
         bd:36:09:2a:db:e6:b9:97:4a:39:10:d5:ad:d0:c3:4d:a4:26:
         9d:56:b8:97:b7:69:65:90:e4:58:4e:13:b2:1c:64:dd:14:1a:
         0e:f3:fc:66:68:46:ce:2f:46:64:dc:d6:76:5c:04:4d:1c:21:
         5a:a4:8c:f7:59:57:12:4b:2a:2a:89:91:ff:0c:98:89:3a:18:
         ac:fb:6a:b5:e3:71:99:52:af:0d:ba:c2:4c:63:5e:36:3f:d4:
         85:d6:4c:88:8e:9c:0e:ad:69:31:18:c5:02:d9:9d:f9:13:87:
         73:9a:de:30:de:5d:9f:7f:d9:14:5b:9a:4e:98:fc:ef:7f:38:
         53:cb:d9:b4:cb:0c:03:03:ea:e2:6f:99:a5:8d:fc:19:3c:3a:
         cd:e8:da:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3nouijHZ3T1tMz6m8Cj6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzNiMzQ3YTIxNmJjNDM3YjBiZDRjZjBiYzhjZGE2NWU4
YzJkM2IwHhcNMjQwMTAyMDYzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDcyODE2ZDM2OWFhNGU2MDBjZGFhMjkwODU5Zjc2N2M1ZTRiNTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsreSSlXjecpsHClFPjSn23dxF73t
3BYysinmDgQoR8c8K66sAG2Pgj08Z2Jx4Rdkj471Vjsq520/lWPXeEUjtLCFUB6T
NtCzvxvaTqBeGaqko9bxI3WFmsGs8aUEibSf5/iUvcH6BAYsgE7qgRs4sxzAQEVR
1eNaiPuviDIBUfgH6NNA0Vq3dtD17g4YW6xSh8/fp0cCtzoPKxWHVCJe/X1LSekU
O3XBOkAIE/9N9FWfc7xRf1CRPMm/7fTGcKipYGBaMjdRKLyGkCnk07T2ZGtEtfn+
qikSYsWykLyU8vuxxhiE1YirI91U618bwEWwDa9j8Q4BDt90CDtNMv9T1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLRygW02mqTmAM2qKQhZ92fF5LVvMB8GA1UdIwQY
MBaAFM7Ds0eiFrxDewvUzwvIzaZejC07MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNPelI2SVd2RU43QzlUUEM4ak5wbDZNTFRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny83YTY4M2ItZmE3OC00MTEyLWI2YjYt
MTU1ZmIzZmUyODdlLzEvdEhLQmJUYWFwT1lBemFvcENGbjNaOFhrdFc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny83YTY4M2ItZmE3OC00MTEyLWI2YjYtMTU1ZmIzZmUyODdl
LzEvenNPelI2SVd2RU43QzlUUEM4ak5wbDZNTFRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDW2a4MA0G
CSqGSIb3DQEBCwUAA4IBAQCzPr0VwOfTeJNDHbAPOkq9oy0OyurxEBSTnhUqds1P
XimKuQV6ybDIGHqFyPBL8G4GXDWyq5RiCRmK9avgkgMYSKRVcoYkRpgM8qQlOcww
SdaDR8ww/CEmJSowO2AbmKI8u2rVhe1slJl+VWK9Ngkq2+a5l0o5ENWt0MNNpCad
VriXt2llkORYThOyHGTdFBoO8/xmaEbOL0Zk3NZ2XARNHCFapIz3WVcSSyoqiZH/
DJiJOhis+2q143GZUq8NusJMY142P9SF1kyIjpwOrWkxGMUC2Z35E4dzmt4w3l2f
f9kUW5pOmPzvfzhTy9m0ywwDA+rib5mljfwZPDrN6NoE
-----END CERTIFICATE-----