Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/n7dvXs46PJvH-fvJf3blKX8JhWk.roa
File:                     n7dvXs46PJvH-fvJf3blKX8JhWk.roa (raw, json)
Hash identifier:          w7waTTDZYz+QmxcU1/skRxYwOak0DGxoKCTCZA1IiYA=
Subject key identifier:   9F:B7:6F:5E:CE:3A:3C:9B:C7:F9:FB:C9:7F:76:E5:29:7F:09:85:69
Certificate issuer:       /CN=6696aea6bab79c48f5ddee4a46bf4ab64d863160
Certificate serial:       018CC8714AC12354E77251BCA1FCB6CA53C2
Authority key identifier: 66:96:AE:A6:BA:B7:9C:48:F5:DD:EE:4A:46:BF:4A:B6:4D:86:31:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zpauprq3nEj13e5KRr9Ktk2GMWA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/n7dvXs46PJvH-fvJf3blKX8JhWk.roa
Signing time:             Tue 02 Jan 2024 04:31:57 +0000
ROA not before:           Tue 02 Jan 2024 04:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200363
IP address blocks:        91.197.232.0/24 maxlen: 24
                          91.197.233.0/24 maxlen: 24
                          2a01:af::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/Zpauprq3nEj13e5KRr9Ktk2GMWA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/Zpauprq3nEj13e5KRr9Ktk2GMWA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zpauprq3nEj13e5KRr9Ktk2GMWA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:4a:c1:23:54:e7:72:51:bc:a1:fc:b6:ca:53:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6696aea6bab79c48f5ddee4a46bf4ab64d863160
        Validity
            Not Before: Jan  2 04:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9fb76f5ece3a3c9bc7f9fbc97f76e5297f098569
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d7:6e:d2:53:02:e5:9f:c0:d9:75:9d:a6:e6:
                    20:ee:8e:4a:bc:bb:19:79:0d:28:11:8e:95:cb:a7:
                    f3:85:84:b9:52:60:2b:1a:09:18:e3:d5:67:9a:06:
                    05:b3:51:5d:2c:6c:7b:d0:be:19:5d:3d:2f:f5:27:
                    56:db:f9:3b:3a:4f:c3:9b:5e:02:0b:d6:82:48:49:
                    e4:6a:09:95:03:5d:84:92:12:d2:2b:24:fe:dd:75:
                    05:15:7a:53:a3:62:93:38:2e:a6:5f:76:01:86:aa:
                    97:43:e2:fd:c5:49:32:97:00:e9:9f:b3:b9:b8:98:
                    9c:d4:88:5b:8f:3f:a7:75:df:cd:93:af:6b:4f:81:
                    7f:ad:45:b6:96:85:9d:44:df:ba:da:3c:e5:39:45:
                    d6:b2:1c:5e:2e:71:18:36:c8:d6:61:8d:7f:89:d4:
                    d8:00:01:50:4e:2c:53:79:fd:e3:45:23:8e:41:a2:
                    57:f1:1c:a0:3d:54:79:16:7a:24:c6:40:e2:1f:a2:
                    36:ba:62:14:8a:e0:43:dc:bc:50:f4:ec:a6:76:0f:
                    99:56:63:0c:fb:3b:21:f2:ab:0c:d4:83:ea:f5:0d:
                    4f:9d:b3:1c:42:d3:62:04:8f:86:dd:41:a7:f6:15:
                    4b:5e:51:0e:b1:69:55:d6:a9:d3:5c:d7:7d:04:5b:
                    ac:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:B7:6F:5E:CE:3A:3C:9B:C7:F9:FB:C9:7F:76:E5:29:7F:09:85:69
            X509v3 Authority Key Identifier:
                keyid:66:96:AE:A6:BA:B7:9C:48:F5:DD:EE:4A:46:BF:4A:B6:4D:86:31:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zpauprq3nEj13e5KRr9Ktk2GMWA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/n7dvXs46PJvH-fvJf3blKX8JhWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/Zpauprq3nEj13e5KRr9Ktk2GMWA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.232.0/23
                IPv6:
                  2a01:af::/32

    Signature Algorithm: sha256WithRSAEncryption
         56:f5:4b:cb:b3:74:d7:e7:fa:50:8c:ea:3e:32:67:93:be:c2:
         e0:3c:7e:6d:96:78:b8:0a:62:49:bb:75:c4:2f:fb:09:07:7f:
         e9:dd:64:79:d9:67:81:a6:62:fa:c0:6f:25:26:96:9a:03:c7:
         6e:9f:95:68:01:c1:4a:b9:63:d1:58:1b:77:c5:09:ac:ad:49:
         39:66:31:72:20:a8:2d:16:a7:8c:6d:54:1a:12:8f:eb:dd:40:
         47:82:18:96:d5:fe:16:cb:f8:af:95:ec:0c:11:08:9d:43:93:
         97:cc:ac:fa:ae:29:3d:ff:72:97:5e:c1:a4:c5:26:f4:b7:75:
         c2:26:f0:7a:d6:9b:f8:8f:1f:7d:cc:d4:e2:54:3e:96:1f:90:
         7c:b5:d3:43:f0:3f:30:5a:0a:e0:83:94:d8:1b:47:f8:41:6e:
         29:eb:23:fc:3f:c0:8f:96:17:e3:95:49:ee:ce:61:6d:b8:83:
         2a:2b:2b:21:41:fb:54:22:2d:30:0a:7a:42:1b:dc:e9:13:99:
         3d:22:cb:b1:1a:cd:f9:5c:75:c2:ea:74:d3:11:ec:a7:a6:95:
         fb:35:64:41:36:c7:22:8d:23:c7:c6:11:39:a9:45:1e:06:da:
         5b:f9:fb:98:87:91:10:87:1a:a6:b6:5e:2e:49:5b:09:33:2b:
         11:7f:57:f2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIcUrBI1TnclG8ofy2ylPCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OTZhZWE2YmFiNzljNDhmNWRkZWU0YTQ2YmY0YWI2NGQ4
NjMxNjAwHhcNMjQwMTAyMDQzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmI3NmY1ZWNlM2EzYzliYzdmOWZiYzk3Zjc2ZTUyOTdmMDk4NTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNdu0lMC5Z/A2XWdpuYg7o5KvLsZ
eQ0oEY6Vy6fzhYS5UmArGgkY49VnmgYFs1FdLGx70L4ZXT0v9SdW2/k7Ok/Dm14C
C9aCSEnkagmVA12EkhLSKyT+3XUFFXpTo2KTOC6mX3YBhqqXQ+L9xUkylwDpn7O5
uJic1Ihbjz+ndd/Nk69rT4F/rUW2loWdRN+62jzlOUXWshxeLnEYNsjWYY1/idTY
AAFQTixTef3jRSOOQaJX8RygPVR5FnokxkDiH6I2umIUiuBD3LxQ9Oymdg+ZVmMM
+zsh8qsM1IPq9Q1PnbMcQtNiBI+G3UGn9hVLXlEOsWlV1qnTXNd9BFusPQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJ+3b17OOjybx/n7yX925Sl/CYVpMB8GA1UdIwQY
MBaAFGaWrqa6t5xI9d3uSka/SrZNhjFgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnBhdXBycTNuRWoxM2U1S1JyOUt0azJHTVdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My80NTJjMmItZjJjZi00YTkyLWExY2Qt
ZjAxOThjNmMyNDc0LzEvbjdkdlhzNDZQSnZILWZ2SmYzYmxLWDhKaFdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My80NTJjMmItZjJjZi00YTkyLWExY2QtZjAxOThjNmMyNDc0
LzEvWnBhdXBycTNuRWoxM2U1S1JyOUt0azJHTVdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBW8XoMA0E
AgACMAcDBQAqAQCvMA0GCSqGSIb3DQEBCwUAA4IBAQBW9UvLs3TX5/pQjOo+MmeT
vsLgPH5tlni4CmJJu3XEL/sJB3/p3WR52WeBpmL6wG8lJpaaA8dun5VoAcFKuWPR
WBt3xQmsrUk5ZjFyIKgtFqeMbVQaEo/r3UBHghiW1f4Wy/ivlewMEQidQ5OXzKz6
rik9/3KXXsGkxSb0t3XCJvB61pv4jx99zNTiVD6WH5B8tdND8D8wWgrgg5TYG0f4
QW4p6yP8P8CPlhfjlUnuzmFtuIMqKyshQftUIi0wCnpCG9zpE5k9IsuxGs35XHXC
6nTTEeynppX7NWRBNscijSPHxhE5qUUeBtpb+fuYh5EQhxqmtl4uSVsJMysRf1fy
-----END CERTIFICATE-----