Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/f2db2e-af17-4b4f-8e1f-fba64c23d3da/1/d1RufyQvV0Z72CoeIJFgV5dsyng.roa
File:                     d1RufyQvV0Z72CoeIJFgV5dsyng.roa (raw, json)
Hash identifier:          FE/jn2eiiMg7HzvgrLQZEsaxrKVxJpuzFFybmMRKfuw=
Subject key identifier:   77:54:6E:7F:24:2F:57:46:7B:D8:2A:1E:20:91:60:57:97:6C:CA:78
Certificate issuer:       /CN=06b164189f7db61e8b61fddae5622a0b134f5c16
Certificate serial:       018CC80145C9D5F347FC2DB3953090D9D5C1
Authority key identifier: 06:B1:64:18:9F:7D:B6:1E:8B:61:FD:DA:E5:62:2A:0B:13:4F:5C:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BrFkGJ99th6LYf3a5WIqCxNPXBY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/f2db2e-af17-4b4f-8e1f-fba64c23d3da/1/d1RufyQvV0Z72CoeIJFgV5dsyng.roa
Signing time:             Tue 02 Jan 2024 02:29:35 +0000
ROA not before:           Tue 02 Jan 2024 02:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62446
IP address blocks:        91.197.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/f2db2e-af17-4b4f-8e1f-fba64c23d3da/1/BrFkGJ99th6LYf3a5WIqCxNPXBY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/f2db2e-af17-4b4f-8e1f-fba64c23d3da/1/BrFkGJ99th6LYf3a5WIqCxNPXBY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BrFkGJ99th6LYf3a5WIqCxNPXBY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:45:c9:d5:f3:47:fc:2d:b3:95:30:90:d9:d5:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06b164189f7db61e8b61fddae5622a0b134f5c16
        Validity
            Not Before: Jan  2 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77546e7f242f57467bd82a1e20916057976cca78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:e5:a8:0a:bf:71:ac:ab:6c:5f:c5:af:1d:09:
                    49:3f:6d:ab:49:07:07:03:ba:c6:69:43:bb:73:4f:
                    c1:72:2a:8a:f5:e5:fb:4b:ad:ea:f6:78:ac:82:19:
                    eb:73:5e:a7:d8:52:d8:4a:04:27:46:76:7b:80:59:
                    d8:85:d0:fa:3d:d7:d6:53:7e:9a:e0:6b:37:16:7d:
                    41:04:48:54:b0:ce:fe:86:ca:14:31:dd:60:32:5b:
                    b7:ed:25:7c:6e:8d:f1:24:3a:86:2b:32:61:68:c4:
                    ca:58:dc:f6:81:97:c6:39:1a:85:5d:f0:e9:a6:be:
                    20:b4:c5:32:49:77:1b:94:95:c0:06:fe:53:7c:d1:
                    4b:29:8a:31:40:cf:1c:84:8a:7e:be:ab:83:5c:09:
                    41:7d:9b:58:4a:b8:61:26:9b:b3:b9:7d:05:43:7c:
                    d0:41:b0:0f:56:22:f2:52:e3:c1:98:40:1d:10:7f:
                    b9:a7:bc:46:56:62:81:b6:a8:8a:d1:06:b4:71:38:
                    91:66:29:53:d9:70:da:85:1b:5f:c5:7d:76:44:39:
                    cf:01:2a:ae:d3:a4:9e:1a:98:06:99:31:02:26:dc:
                    17:49:59:9a:29:77:12:41:de:e2:c0:d3:b8:a1:a9:
                    fd:1c:dd:ad:a5:31:00:0b:90:32:88:11:32:9f:0f:
                    3b:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:54:6E:7F:24:2F:57:46:7B:D8:2A:1E:20:91:60:57:97:6C:CA:78
            X509v3 Authority Key Identifier:
                keyid:06:B1:64:18:9F:7D:B6:1E:8B:61:FD:DA:E5:62:2A:0B:13:4F:5C:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BrFkGJ99th6LYf3a5WIqCxNPXBY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f2db2e-af17-4b4f-8e1f-fba64c23d3da/1/d1RufyQvV0Z72CoeIJFgV5dsyng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f2db2e-af17-4b4f-8e1f-fba64c23d3da/1/BrFkGJ99th6LYf3a5WIqCxNPXBY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:2d:5b:be:1f:f1:dc:75:e8:de:7c:61:f0:cc:d1:ad:ab:6b:
         45:d3:bf:7a:c0:b5:8d:6b:57:26:8f:9b:dc:7a:cf:3a:a2:ee:
         67:06:02:28:b3:f5:a9:b6:65:31:43:ee:c7:fe:d8:4c:82:81:
         b8:d7:94:6b:23:15:7e:38:03:de:38:39:e5:27:a8:6e:82:2c:
         9d:78:d1:c1:ca:d6:e9:1a:e3:b2:87:cd:7e:2f:84:d6:cb:fa:
         97:7f:18:81:3e:5b:14:48:c5:cb:61:e4:67:cd:7d:a3:23:b5:
         cf:aa:f6:d9:e6:e9:bc:ac:f7:74:db:66:12:91:0e:8a:3b:71:
         ec:73:39:fb:d4:da:39:ec:5c:7a:43:61:a3:a0:a6:1f:d8:91:
         3a:5f:70:5d:90:68:9d:a4:61:c8:91:15:d4:00:e2:09:51:2e:
         fd:c4:e9:3b:40:93:8f:6e:3a:55:ac:c0:52:11:96:9f:86:d3:
         d3:7d:4d:80:a1:f6:bf:2e:7b:90:f6:2d:2b:48:8f:c1:37:4f:
         4a:72:c3:76:ab:f3:74:18:41:c0:4e:95:7b:cb:c5:b8:7b:8c:
         c8:6b:9c:64:53:20:b3:7b:1b:d6:aa:a4:10:62:f7:1a:46:2c:
         ac:d6:86:1c:03:57:8f:d3:c4:41:3e:77:56:53:32:dc:0e:64:
         04:d4:93:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAUXJ1fNH/C2zlTCQ2dXBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2YjE2NDE4OWY3ZGI2MWU4YjYxZmRkYWU1NjIyYTBiMTM0
ZjVjMTYwHhcNMjQwMTAyMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzU0NmU3ZjI0MmY1NzQ2N2JkODJhMWUyMDkxNjA1Nzk3NmNjYTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjeWoCr9xrKtsX8WvHQlJP22rSQcH
A7rGaUO7c0/BciqK9eX7S63q9nisghnrc16n2FLYSgQnRnZ7gFnYhdD6PdfWU36a
4Gs3Fn1BBEhUsM7+hsoUMd1gMlu37SV8bo3xJDqGKzJhaMTKWNz2gZfGORqFXfDp
pr4gtMUySXcblJXABv5TfNFLKYoxQM8chIp+vquDXAlBfZtYSrhhJpuzuX0FQ3zQ
QbAPViLyUuPBmEAdEH+5p7xGVmKBtqiK0Qa0cTiRZilT2XDahRtfxX12RDnPASqu
06SeGpgGmTECJtwXSVmaKXcSQd7iwNO4oan9HN2tpTEAC5AyiBEynw874wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHdUbn8kL1dGe9gqHiCRYFeXbMp4MB8GA1UdIwQY
MBaAFAaxZBiffbYei2H92uViKgsTT1wWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnJGa0dKOTl0aDZMWWYzYTVXSXFDeE5QWEJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9mMmRiMmUtYWYxNy00YjRmLThlMWYt
ZmJhNjRjMjNkM2RhLzEvZDFSdWZ5UXZWMFo3MkNvZUlKRmdWNWRzeW5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9mMmRiMmUtYWYxNy00YjRmLThlMWYtZmJhNjRjMjNkM2Rh
LzEvQnJGa0dKOTl0aDZMWWYzYTVXSXFDeE5QWEJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8U5MA0G
CSqGSIb3DQEBCwUAA4IBAQA5LVu+H/HcdejefGHwzNGtq2tF0796wLWNa1cmj5vc
es86ou5nBgIos/WptmUxQ+7H/thMgoG415RrIxV+OAPeODnlJ6hugiydeNHBytbp
GuOyh81+L4TWy/qXfxiBPlsUSMXLYeRnzX2jI7XPqvbZ5um8rPd022YSkQ6KO3Hs
czn71No57Fx6Q2GjoKYf2JE6X3BdkGidpGHIkRXUAOIJUS79xOk7QJOPbjpVrMBS
EZafhtPTfU2Aofa/LnuQ9i0rSI/BN09KcsN2q/N0GEHATpV7y8W4e4zIa5xkUyCz
exvWqqQQYvcaRiys1oYcA1eP08RBPndWUzLcDmQE1JPH
-----END CERTIFICATE-----