Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/2fbf2c-542f-4c98-99db-a4e5de8ee716/1/1-0wmty4HIiT1GFT-oTF03X1mP3k.roa
File:                     1-0wmty4HIiT1GFT-oTF03X1mP3k.roa (raw, json)
Hash identifier:          pXa1PONs2vr1aIEgigzBE5pEIAj4P3NYmfvmZgnVElU=
Subject key identifier:   FB:4C:26:B7:2E:07:22:24:F5:18:54:FE:A1:31:74:DD:7D:66:3F:79
Certificate issuer:       /CN=3d16072ca0252fab50658d736ff2c60c1629dc76
Certificate serial:       018CC802F5CAF81FFE7162226A3A519570C2
Authority key identifier: 3D:16:07:2C:A0:25:2F:AB:50:65:8D:73:6F:F2:C6:0C:16:29:DC:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PRYHLKAlL6tQZY1zb_LGDBYp3HY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/2fbf2c-542f-4c98-99db-a4e5de8ee716/1/1-0wmty4HIiT1GFT-oTF03X1mP3k.roa
Signing time:             Tue 02 Jan 2024 02:31:26 +0000
ROA not before:           Tue 02 Jan 2024 02:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211611
IP address blocks:        91.244.247.0/24 maxlen: 24
                          45.86.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/2fbf2c-542f-4c98-99db-a4e5de8ee716/1/PRYHLKAlL6tQZY1zb_LGDBYp3HY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/2fbf2c-542f-4c98-99db-a4e5de8ee716/1/PRYHLKAlL6tQZY1zb_LGDBYp3HY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PRYHLKAlL6tQZY1zb_LGDBYp3HY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:01:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:f5:ca:f8:1f:fe:71:62:22:6a:3a:51:95:70:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d16072ca0252fab50658d736ff2c60c1629dc76
        Validity
            Not Before: Jan  2 02:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb4c26b72e072224f51854fea13174dd7d663f79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c6:33:d3:e9:8c:77:1f:c8:28:64:5f:b0:cc:
                    a4:97:aa:c7:51:8f:9d:2d:d5:4c:48:33:b5:33:26:
                    d5:50:6f:a7:ef:9a:34:35:f2:9a:98:98:00:bc:cf:
                    93:d3:bd:79:67:fc:f7:5a:3c:f9:2f:c2:ee:40:64:
                    e8:89:00:3a:b4:bb:fc:82:ac:8f:b9:4a:d4:cf:9c:
                    10:4c:ec:aa:3f:c2:f4:0e:be:fe:1c:c5:f8:d0:dc:
                    bb:f4:a2:2c:59:07:17:07:73:48:6c:15:8b:94:96:
                    01:a8:cf:88:b9:02:fc:90:d2:38:04:63:a8:03:a0:
                    34:98:10:f5:ab:8c:2d:33:27:1c:14:f4:7a:24:84:
                    94:bb:f1:94:6c:61:0a:e3:c9:55:22:f2:fd:34:08:
                    24:a2:77:99:8f:44:03:3e:fe:ff:a4:b4:a7:56:74:
                    bd:b4:e2:df:be:66:d1:9a:2f:9b:41:48:88:72:11:
                    25:7f:9e:1b:ab:f3:eb:36:45:92:e6:2b:f3:ff:7c:
                    15:c3:99:94:b1:df:13:4f:ed:f8:14:b6:ef:2a:d0:
                    01:70:ad:6b:50:09:8b:0b:e2:f0:e0:e8:d9:82:54:
                    c6:ab:cb:4e:c5:72:f4:c0:c1:2c:6b:f6:da:f3:84:
                    f7:1c:e6:25:fe:f4:c2:9d:e7:3e:44:12:6c:8d:8a:
                    2e:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:4C:26:B7:2E:07:22:24:F5:18:54:FE:A1:31:74:DD:7D:66:3F:79
            X509v3 Authority Key Identifier:
                keyid:3D:16:07:2C:A0:25:2F:AB:50:65:8D:73:6F:F2:C6:0C:16:29:DC:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PRYHLKAlL6tQZY1zb_LGDBYp3HY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/2fbf2c-542f-4c98-99db-a4e5de8ee716/1/1-0wmty4HIiT1GFT-oTF03X1mP3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/2fbf2c-542f-4c98-99db-a4e5de8ee716/1/PRYHLKAlL6tQZY1zb_LGDBYp3HY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.220.0/24
                  91.244.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:b1:d6:40:90:24:e2:32:f9:45:8a:06:94:83:2c:16:b4:b6:
         0f:4b:0a:ec:33:22:44:02:1b:a5:76:ca:d8:c3:d0:cc:8e:f8:
         fa:36:c6:61:ef:8b:99:03:0e:fb:14:85:05:d0:30:4b:00:88:
         41:25:42:a7:56:32:17:bb:7f:99:55:82:da:e1:76:44:ea:ff:
         ee:50:c1:1d:3d:63:bc:ea:05:d2:5c:75:8c:b2:0d:cf:af:9b:
         c5:d4:bd:81:aa:45:c4:8a:32:de:13:79:2b:e4:bb:75:0d:bc:
         22:16:e5:f4:b3:c5:63:f7:44:20:a6:3b:af:52:d6:df:c3:d8:
         74:09:46:d5:a4:fc:15:17:ad:43:2f:6a:07:00:3f:39:20:e5:
         cd:6e:d4:55:a6:91:42:d0:11:4b:34:f2:78:be:a9:ee:31:bf:
         87:13:ad:44:32:51:08:45:32:61:97:8c:a2:d5:e3:19:9d:f2:
         17:da:39:da:5b:78:3d:20:5b:a2:76:50:d3:0a:70:18:4d:15:
         ab:e5:84:15:b4:f4:59:4a:80:d1:9d:8a:8d:d3:e0:ee:97:91:
         7f:ff:f6:72:4d:7b:c3:6e:ab:a9:f8:54:1b:76:17:90:40:0a:
         b0:30:95:99:1c:c9:c3:6d:b9:f1:83:72:4c:0a:f9:6a:e1:77:
         bb:af:82:aa
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYzIAvXK+B/+cWIiajpRlXDCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkMTYwNzJjYTAyNTJmYWI1MDY1OGQ3MzZmZjJjNjBjMTYy
OWRjNzYwHhcNMjQwMTAyMDIzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjRjMjZiNzJlMDcyMjI0ZjUxODU0ZmVhMTMxNzRkZDdkNjYzZjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAssYz0+mMdx/IKGRfsMykl6rHUY+d
LdVMSDO1MybVUG+n75o0NfKamJgAvM+T0715Z/z3Wjz5L8LuQGToiQA6tLv8gqyP
uUrUz5wQTOyqP8L0Dr7+HMX40Ny79KIsWQcXB3NIbBWLlJYBqM+IuQL8kNI4BGOo
A6A0mBD1q4wtMyccFPR6JISUu/GUbGEK48lVIvL9NAgkoneZj0QDPv7/pLSnVnS9
tOLfvmbRmi+bQUiIchElf54bq/PrNkWS5ivz/3wVw5mUsd8TT+34FLbvKtABcK1r
UAmLC+Lw4OjZglTGq8tOxXL0wMEsa/ba84T3HOYl/vTCnec+RBJsjYouswIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPtMJrcuByIk9RhU/qExdN19Zj95MB8GA1UdIwQY
MBaAFD0WByygJS+rUGWNc2/yxgwWKdx2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFJZSExLQWxMNnRRWlkxemJfTEdEQllwM0hZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8yZmJmMmMtNTQyZi00Yzk4LTk5ZGIt
YTRlNWRlOGVlNzE2LzEvMS0wd210eTRISWlUMUdGVC1vVEYwM1gxbVAzay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWIvMmZiZjJjLTU0MmYtNGM5OC05OWRiLWE0ZTVkZThlZTcx
Ni8xL1BSWUhMS0FsTDZ0UVpZMXpiX0xHREJZcDNIWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAC1W3AME
AFv09zANBgkqhkiG9w0BAQsFAAOCAQEApbHWQJAk4jL5RYoGlIMsFrS2D0sK7DMi
RAIbpXbK2MPQzI74+jbGYe+LmQMO+xSFBdAwSwCIQSVCp1YyF7t/mVWC2uF2ROr/
7lDBHT1jvOoF0lx1jLINz6+bxdS9gapFxIoy3hN5K+S7dQ28Ihbl9LPFY/dEIKY7
r1LW38PYdAlG1aT8FRetQy9qBwA/OSDlzW7UVaaRQtARSzTyeL6p7jG/hxOtRDJR
CEUyYZeMotXjGZ3yF9o52lt4PSBbonZQ0wpwGE0Vq+WEFbT0WUqA0Z2KjdPg7peR
f//2ck17w26rqfhUG3YXkEAKsDCVmRzJw2258YNyTAr5auF3u6+Cqg==
-----END CERTIFICATE-----