Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/d8c6f2-4191-46e6-8db6-b6ea82f19220/1/34WalWOVPGCQ66ivekyx5sIFFjw.roa
File:                     34WalWOVPGCQ66ivekyx5sIFFjw.roa (raw, json)
Hash identifier:          E+wvJKOwouD+rxlL/RkmmCpbfR2Q3yE/x6lkoJz7c8g=
Subject key identifier:   DF:85:9A:95:63:95:3C:60:90:EB:A8:AF:7A:4C:B1:E6:C2:05:16:3C
Certificate issuer:       /CN=2919461844549824500b7cd1c451d824ba6e5677
Certificate serial:       018CC8010FE952EEB2E7B842D901D0C6909B
Authority key identifier: 29:19:46:18:44:54:98:24:50:0B:7C:D1:C4:51:D8:24:BA:6E:56:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KRlGGERUmCRQC3zRxFHYJLpuVnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/d8c6f2-4191-46e6-8db6-b6ea82f19220/1/34WalWOVPGCQ66ivekyx5sIFFjw.roa
Signing time:             Tue 02 Jan 2024 02:29:21 +0000
ROA not before:           Tue 02 Jan 2024 02:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6876
IP address blocks:        91.194.78.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/d8c6f2-4191-46e6-8db6-b6ea82f19220/1/KRlGGERUmCRQC3zRxFHYJLpuVnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/d8c6f2-4191-46e6-8db6-b6ea82f19220/1/KRlGGERUmCRQC3zRxFHYJLpuVnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KRlGGERUmCRQC3zRxFHYJLpuVnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:0f:e9:52:ee:b2:e7:b8:42:d9:01:d0:c6:90:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2919461844549824500b7cd1c451d824ba6e5677
        Validity
            Not Before: Jan  2 02:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df859a9563953c6090eba8af7a4cb1e6c205163c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:3f:89:48:55:c1:f2:2c:f2:b4:81:d3:68:8a:
                    c1:a6:01:83:01:86:ba:d3:b1:6d:8a:f9:dc:a6:29:
                    ec:eb:e1:6e:ae:eb:4a:aa:d9:5b:7f:33:33:0a:b8:
                    46:88:47:d5:29:5c:4c:76:fa:23:e4:24:58:5a:29:
                    f0:8d:04:a8:5c:36:8b:50:4a:eb:2b:21:ec:38:4d:
                    86:d7:24:88:28:b3:6f:4f:2f:32:99:ca:fd:07:2c:
                    fe:52:63:83:8f:b5:50:9b:db:9b:26:c5:d5:22:2e:
                    37:33:25:d0:bb:5c:9c:ae:50:cc:39:76:70:4f:47:
                    d1:5f:33:1d:23:1a:22:7f:d3:10:34:03:4b:d9:65:
                    f3:24:58:84:74:85:6d:58:27:56:ed:3d:48:f0:ca:
                    84:40:26:9b:78:17:af:54:fd:74:71:68:48:8b:89:
                    8a:50:18:02:ac:96:6c:09:94:aa:bb:9f:c7:a8:45:
                    d3:0b:45:b3:82:0b:5e:86:87:44:da:06:32:0a:d6:
                    b8:dd:c0:3e:fd:6c:af:72:f5:b7:38:6e:13:86:fa:
                    5f:a7:07:c8:8d:21:4c:0d:1a:69:64:19:65:c5:be:
                    17:56:57:08:d0:52:f8:e9:c0:a4:bf:73:93:19:90:
                    09:e3:7e:14:a4:85:30:68:25:56:63:b6:b1:4d:4d:
                    d7:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:85:9A:95:63:95:3C:60:90:EB:A8:AF:7A:4C:B1:E6:C2:05:16:3C
            X509v3 Authority Key Identifier:
                keyid:29:19:46:18:44:54:98:24:50:0B:7C:D1:C4:51:D8:24:BA:6E:56:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KRlGGERUmCRQC3zRxFHYJLpuVnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/d8c6f2-4191-46e6-8db6-b6ea82f19220/1/34WalWOVPGCQ66ivekyx5sIFFjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/d8c6f2-4191-46e6-8db6-b6ea82f19220/1/KRlGGERUmCRQC3zRxFHYJLpuVnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6c:f5:ad:86:5e:d8:65:eb:87:e4:9d:d7:19:9f:7b:9b:95:ef:
         7a:46:6a:f0:c5:74:45:dd:27:7b:fe:bf:95:dc:2c:fb:53:04:
         1a:6e:cf:e8:2d:8d:f6:98:67:53:f5:48:83:26:98:02:c8:69:
         24:10:f0:ed:bd:74:ca:9e:ee:64:7c:e6:b7:bc:cf:6a:a5:c4:
         d6:af:86:41:05:0f:02:4f:01:10:48:2a:cc:21:ea:0a:56:55:
         a1:9a:7b:05:b4:0c:cf:6a:4b:da:04:80:dd:c0:51:9d:61:11:
         33:ae:15:88:fa:1a:5c:79:f3:24:ee:3f:22:d4:7c:c3:37:8f:
         4e:82:3a:8b:ae:79:72:3a:aa:05:f4:f4:d6:f2:51:c6:14:a1:
         5b:e5:8d:55:71:a0:c5:cf:ab:93:d9:57:cb:02:fc:65:0f:85:
         11:95:04:ae:83:c6:68:23:c2:0c:5f:1a:96:e6:b5:41:0a:8f:
         fa:d1:d1:61:f1:7e:63:1f:6f:62:d9:31:5e:e5:38:09:9f:26:
         e0:b0:60:d3:4a:ba:52:0c:0c:58:ef:f1:a1:ec:59:13:f2:88:
         a5:e6:e1:26:76:96:87:0d:34:3b:db:07:10:00:22:cb:63:ee:
         9b:2d:7b:5e:5f:1f:3f:9f:8f:b7:a3:3b:61:7d:4e:92:0e:fe:
         5f:87:72:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAQ/pUu6y57hC2QHQxpCbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MTk0NjE4NDQ1NDk4MjQ1MDBiN2NkMWM0NTFkODI0YmE2
ZTU2NzcwHhcNMjQwMTAyMDIyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjg1OWE5NTYzOTUzYzYwOTBlYmE4YWY3YTRjYjFlNmMyMDUxNjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgj+JSFXB8izytIHTaIrBpgGDAYa6
07Ftivncpins6+FurutKqtlbfzMzCrhGiEfVKVxMdvoj5CRYWinwjQSoXDaLUErr
KyHsOE2G1ySIKLNvTy8ymcr9Byz+UmODj7VQm9ubJsXVIi43MyXQu1ycrlDMOXZw
T0fRXzMdIxoif9MQNANL2WXzJFiEdIVtWCdW7T1I8MqEQCabeBevVP10cWhIi4mK
UBgCrJZsCZSqu5/HqEXTC0WzggtehodE2gYyCta43cA+/WyvcvW3OG4ThvpfpwfI
jSFMDRppZBllxb4XVlcI0FL46cCkv3OTGZAJ434UpIUwaCVWY7axTU3X1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN+FmpVjlTxgkOuor3pMsebCBRY8MB8GA1UdIwQY
MBaAFCkZRhhEVJgkUAt80cRR2CS6blZ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1JsR0dFUlVtQ1JRQzN6UnhGSFlKTHB1Vm5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9kOGM2ZjItNDE5MS00NmU2LThkYjYt
YjZlYTgyZjE5MjIwLzEvMzRXYWxXT1ZQR0NRNjZpdmVreXg1c0lGRmp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9kOGM2ZjItNDE5MS00NmU2LThkYjYtYjZlYTgyZjE5MjIw
LzEvS1JsR0dFUlVtQ1JRQzN6UnhGSFlKTHB1Vm5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8JOMA0G
CSqGSIb3DQEBCwUAA4IBAQBs9a2GXthl64fkndcZn3uble96RmrwxXRF3Sd7/r+V
3Cz7UwQabs/oLY32mGdT9UiDJpgCyGkkEPDtvXTKnu5kfOa3vM9qpcTWr4ZBBQ8C
TwEQSCrMIeoKVlWhmnsFtAzPakvaBIDdwFGdYREzrhWI+hpcefMk7j8i1HzDN49O
gjqLrnlyOqoF9PTW8lHGFKFb5Y1VcaDFz6uT2VfLAvxlD4URlQSug8ZoI8IMXxqW
5rVBCo/60dFh8X5jH29i2TFe5TgJnybgsGDTSrpSDAxY7/Gh7FkT8oil5uEmdpaH
DTQ72wcQACLLY+6bLXteXx8/n4+3ozthfU6SDv5fh3L9
-----END CERTIFICATE-----