Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/56a006-919f-487c-9316-0bb6a83f9f40/1/p3KFkqJ-lOHfsVEEMz07E1iZH7Q.roa
File:                     p3KFkqJ-lOHfsVEEMz07E1iZH7Q.roa (raw, json)
Hash identifier:          k78tjFHEJIwPb3v0CY/Fc6wBB+L/Nd1ZqgXsK7m+UFw=
Subject key identifier:   A7:72:85:92:A2:7E:94:E1:DF:B1:51:04:33:3D:3B:13:58:99:1F:B4
Certificate issuer:       /CN=b79c2de3eb309180f4f5a5af2d56fe4258784648
Certificate serial:       018CC4246033DCC34B085086BA3223EA9585
Authority key identifier: B7:9C:2D:E3:EB:30:91:80:F4:F5:A5:AF:2D:56:FE:42:58:78:46:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t5wt4-swkYD09aWvLVb-Qlh4Rkg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/56a006-919f-487c-9316-0bb6a83f9f40/1/p3KFkqJ-lOHfsVEEMz07E1iZH7Q.roa
Signing time:             Mon 01 Jan 2024 08:29:27 +0000
ROA not before:           Mon 01 Jan 2024 08:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        91.203.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/56a006-919f-487c-9316-0bb6a83f9f40/1/t5wt4-swkYD09aWvLVb-Qlh4Rkg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/56a006-919f-487c-9316-0bb6a83f9f40/1/t5wt4-swkYD09aWvLVb-Qlh4Rkg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t5wt4-swkYD09aWvLVb-Qlh4Rkg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 10:02:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:60:33:dc:c3:4b:08:50:86:ba:32:23:ea:95:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b79c2de3eb309180f4f5a5af2d56fe4258784648
        Validity
            Not Before: Jan  1 08:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7728592a27e94e1dfb15104333d3b1358991fb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:75:50:83:fb:88:f4:de:41:e3:f9:c5:82:45:
                    7c:6f:3b:ec:f4:08:a1:ee:ef:39:a5:70:c1:71:1b:
                    2f:c0:57:5d:0f:e7:0f:e1:df:a9:0c:d8:6b:22:f0:
                    10:8b:88:83:38:c8:66:e2:8f:7f:74:93:5a:db:85:
                    f3:d3:71:d5:8e:c0:8c:02:4c:63:54:23:95:f7:7c:
                    80:4c:b0:c4:3b:75:c1:3f:b3:26:7d:d6:2b:e7:cf:
                    7b:fc:8d:4e:29:e8:db:da:b0:26:aa:fd:42:ef:1e:
                    00:bd:48:7f:63:22:ea:4e:31:b4:67:38:98:e7:09:
                    50:22:fe:ea:cf:a7:a2:61:1d:5f:db:6c:3c:5a:8d:
                    69:16:02:68:cf:b0:9f:3c:da:ce:45:9c:53:de:5c:
                    ac:65:bc:26:21:dd:2d:27:54:79:a7:e3:22:77:a8:
                    8e:69:49:50:85:a3:02:46:5e:0a:3d:80:4f:ac:d4:
                    35:3b:64:a4:66:b0:50:0b:d6:65:c3:36:f8:36:01:
                    37:74:b5:78:e9:19:d2:01:17:c6:7c:fc:7b:5c:d3:
                    7e:7d:b9:c5:e5:07:8e:2a:0a:f9:60:40:98:9d:56:
                    70:43:9a:56:e4:09:97:13:8e:28:2a:26:94:c3:13:
                    ee:aa:a7:af:27:65:f0:ea:d0:71:cd:fc:be:15:ec:
                    b6:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:72:85:92:A2:7E:94:E1:DF:B1:51:04:33:3D:3B:13:58:99:1F:B4
            X509v3 Authority Key Identifier:
                keyid:B7:9C:2D:E3:EB:30:91:80:F4:F5:A5:AF:2D:56:FE:42:58:78:46:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t5wt4-swkYD09aWvLVb-Qlh4Rkg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/56a006-919f-487c-9316-0bb6a83f9f40/1/p3KFkqJ-lOHfsVEEMz07E1iZH7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/56a006-919f-487c-9316-0bb6a83f9f40/1/t5wt4-swkYD09aWvLVb-Qlh4Rkg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:c2:da:09:75:bf:39:6b:fc:2b:04:c5:75:c9:41:c9:d4:a7:
         9e:c2:07:ba:50:35:0f:76:4c:06:98:22:e1:af:d5:a8:9f:77:
         0d:9f:77:df:2d:67:6a:2b:cf:4e:fb:a2:0d:0b:a9:db:25:94:
         98:5f:36:6f:72:47:a7:39:70:3c:bd:c2:df:b2:1f:fe:f9:ac:
         86:0f:22:21:bd:54:f0:b7:51:69:a1:98:33:2b:53:95:ad:28:
         b4:55:90:a7:47:4c:c3:38:8e:3e:9d:19:9a:39:ee:33:15:27:
         e5:64:79:6e:a2:7d:ac:65:54:ec:bb:8f:9d:e7:f2:fc:b2:a0:
         0a:40:1f:b8:cf:7e:d8:74:78:f3:01:f1:95:1e:86:00:ee:0f:
         f4:ad:ec:bc:22:ee:95:06:39:f5:bc:10:d4:8c:5a:d4:75:ed:
         81:dc:b9:fa:ab:1b:c7:78:21:17:a7:9b:39:03:96:e8:ac:e8:
         af:0e:a6:15:a8:93:69:f5:bb:89:20:45:3f:75:b4:b7:88:c4:
         d8:9f:ba:c4:7a:81:c1:56:39:4b:cf:eb:47:29:94:9f:46:3f:
         da:94:a6:37:10:0e:1c:63:8d:bb:f5:06:97:2d:6f:f6:9e:65:
         57:78:48:56:29:56:7c:75:90:28:04:89:d5:51:3e:82:22:96:
         77:bb:7b:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJGAz3MNLCFCGujIj6pWFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3OWMyZGUzZWIzMDkxODBmNGY1YTVhZjJkNTZmZTQyNTg3
ODQ2NDgwHhcNMjQwMTAxMDgyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzcyODU5MmEyN2U5NGUxZGZiMTUxMDQzMzNkM2IxMzU4OTkxZmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHVQg/uI9N5B4/nFgkV8bzvs9Aih
7u85pXDBcRsvwFddD+cP4d+pDNhrIvAQi4iDOMhm4o9/dJNa24Xz03HVjsCMAkxj
VCOV93yATLDEO3XBP7MmfdYr5897/I1OKejb2rAmqv1C7x4AvUh/YyLqTjG0ZziY
5wlQIv7qz6eiYR1f22w8Wo1pFgJoz7CfPNrORZxT3lysZbwmId0tJ1R5p+Mid6iO
aUlQhaMCRl4KPYBPrNQ1O2SkZrBQC9Zlwzb4NgE3dLV46RnSARfGfPx7XNN+fbnF
5QeOKgr5YECYnVZwQ5pW5AmXE44oKiaUwxPuqqevJ2Xw6tBxzfy+Fey20wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKdyhZKifpTh37FRBDM9OxNYmR+0MB8GA1UdIwQY
MBaAFLecLePrMJGA9PWlry1W/kJYeEZIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDV3dDQtc3drWUQwOWFXdkxWYi1RbGg0UmtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81NmEwMDYtOTE5Zi00ODdjLTkzMTYt
MGJiNmE4M2Y5ZjQwLzEvcDNLRmtxSi1sT0hmc1ZFRU16MDdFMWlaSDdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81NmEwMDYtOTE5Zi00ODdjLTkzMTYtMGJiNmE4M2Y5ZjQw
LzEvdDV3dDQtc3drWUQwOWFXdkxWYi1RbGg0UmtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8vmMA0G
CSqGSIb3DQEBCwUAA4IBAQCHwtoJdb85a/wrBMV1yUHJ1Keewge6UDUPdkwGmCLh
r9Won3cNn3ffLWdqK89O+6INC6nbJZSYXzZvckenOXA8vcLfsh/++ayGDyIhvVTw
t1FpoZgzK1OVrSi0VZCnR0zDOI4+nRmaOe4zFSflZHluon2sZVTsu4+d5/L8sqAK
QB+4z37YdHjzAfGVHoYA7g/0rey8Iu6VBjn1vBDUjFrUde2B3Ln6qxvHeCEXp5s5
A5borOivDqYVqJNp9buJIEU/dbS3iMTYn7rEeoHBVjlLz+tHKZSfRj/alKY3EA4c
Y4279QaXLW/2nmVXeEhWKVZ8dZAoBInVUT6CIpZ3u3tC
-----END CERTIFICATE-----