Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/8866bb-2eb7-4288-a82c-5559ac410ace/1/rlgGeLFni8erxBYipHLT6caGWAI.roa
File:                     rlgGeLFni8erxBYipHLT6caGWAI.roa (raw, json)
Hash identifier:          Gnqc9P+t0UegKl0YHjFs6rb3zRDNiXv3LFGVuG8LFgk=
Subject key identifier:   AE:58:06:78:B1:67:8B:C7:AB:C4:16:22:A4:72:D3:E9:C6:86:58:02
Certificate issuer:       /CN=f31d1c05abd714c67c3291e010d21c70a35dd57e
Certificate serial:       018CC9BBBEF589BC4BB116F11752F9A3882A
Authority key identifier: F3:1D:1C:05:AB:D7:14:C6:7C:32:91:E0:10:D2:1C:70:A3:5D:D5:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8x0cBavXFMZ8MpHgENIccKNd1X4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/8866bb-2eb7-4288-a82c-5559ac410ace/1/rlgGeLFni8erxBYipHLT6caGWAI.roa
Signing time:             Tue 02 Jan 2024 10:32:53 +0000
ROA not before:           Tue 02 Jan 2024 10:32:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12843
IP address blocks:        91.103.241.0/24 maxlen: 24
                          91.103.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/8866bb-2eb7-4288-a82c-5559ac410ace/1/8x0cBavXFMZ8MpHgENIccKNd1X4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/8866bb-2eb7-4288-a82c-5559ac410ace/1/8x0cBavXFMZ8MpHgENIccKNd1X4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8x0cBavXFMZ8MpHgENIccKNd1X4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:be:f5:89:bc:4b:b1:16:f1:17:52:f9:a3:88:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f31d1c05abd714c67c3291e010d21c70a35dd57e
        Validity
            Not Before: Jan  2 10:32:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae580678b1678bc7abc41622a472d3e9c6865802
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:3d:52:98:29:2a:46:4e:8f:61:27:b3:76:d7:
                    f0:a3:f2:6b:2f:74:8f:5a:65:eb:ce:46:ee:dd:61:
                    54:35:a2:25:b8:cd:dc:76:41:b9:98:62:37:1c:b0:
                    ff:81:ae:52:4c:04:bc:d3:1b:11:2d:dc:74:43:da:
                    74:9e:3f:c5:44:9d:5d:14:c4:d8:51:97:6d:47:8a:
                    18:1a:f3:be:c0:98:9e:1b:14:65:d9:6b:c6:35:1f:
                    8b:b2:9f:7a:07:07:29:df:2d:cf:bf:54:be:bd:dc:
                    68:ee:65:c0:f9:cb:4a:8f:11:7a:d2:59:fe:ed:6d:
                    f5:8f:e0:4e:d6:0b:aa:a9:ce:44:1a:8e:bd:14:80:
                    1e:8a:5e:1d:f3:17:d3:c5:cf:a4:c8:ec:d8:34:d2:
                    dc:00:c8:34:93:61:86:9a:b3:28:2d:16:a8:fd:6e:
                    c0:d4:e9:65:9a:78:a7:b9:88:a3:05:f8:98:ed:cf:
                    bf:6c:d2:57:61:1c:0f:84:41:59:e4:c8:54:29:bb:
                    c7:3a:07:0b:d8:a5:61:d0:21:60:32:ca:8e:24:9d:
                    b9:49:ae:d9:4f:bd:78:06:c0:32:d5:01:3c:85:d4:
                    ff:8b:d5:eb:b1:62:6e:85:f7:20:9d:60:92:2d:74:
                    11:cc:38:73:1a:e9:85:ca:00:3d:3b:db:54:ac:aa:
                    c1:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:58:06:78:B1:67:8B:C7:AB:C4:16:22:A4:72:D3:E9:C6:86:58:02
            X509v3 Authority Key Identifier:
                keyid:F3:1D:1C:05:AB:D7:14:C6:7C:32:91:E0:10:D2:1C:70:A3:5D:D5:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8x0cBavXFMZ8MpHgENIccKNd1X4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/8866bb-2eb7-4288-a82c-5559ac410ace/1/rlgGeLFni8erxBYipHLT6caGWAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/8866bb-2eb7-4288-a82c-5559ac410ace/1/8x0cBavXFMZ8MpHgENIccKNd1X4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.103.241.0-91.103.242.255

    Signature Algorithm: sha256WithRSAEncryption
         4d:d9:da:ea:33:e3:65:3c:43:25:d4:49:0d:f6:38:51:da:73:
         d7:18:08:a8:40:79:ee:35:fc:a3:fb:7c:02:b6:45:28:03:ec:
         3c:1e:19:bd:3a:99:22:5a:8f:61:ff:9d:b6:46:da:43:b3:da:
         24:54:60:9d:50:28:d2:92:24:43:89:03:8c:64:7d:3e:81:e8:
         e3:52:2d:36:11:4b:1e:7d:48:e2:46:0a:10:b8:2f:b8:19:e4:
         eb:40:a8:d3:d6:21:64:20:71:12:77:39:9f:33:ac:0f:c1:6d:
         df:6f:1b:62:e6:b0:a7:9c:22:d9:ce:6e:6f:f4:42:cf:fb:e7:
         40:63:18:af:8e:09:ff:5f:60:c2:8e:49:ea:7e:01:34:13:04:
         a0:f2:64:05:dd:f0:58:4a:39:7e:e8:37:bb:8c:d9:9e:d8:aa:
         6d:0c:f3:1f:a8:df:28:94:09:ba:fd:c5:9d:4c:fa:0d:92:80:
         98:20:7f:65:08:75:6f:46:ac:de:ab:60:0d:9f:c0:ac:66:e1:
         60:8c:25:67:9b:64:58:ee:07:f1:47:dd:ad:7b:51:6e:9d:df:
         25:de:8f:47:21:e0:99:c6:2a:a9:27:5e:43:13:00:e1:b1:a9:
         6e:01:fe:99:c3:34:59:fd:1b:01:fb:e5:88:29:83:98:ba:86:
         9a:db:60:73
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJu771ibxLsRbxF1L5o4gqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMWQxYzA1YWJkNzE0YzY3YzMyOTFlMDEwZDIxYzcwYTM1
ZGQ1N2UwHhcNMjQwMTAyMTAzMjUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTU4MDY3OGIxNjc4YmM3YWJjNDE2MjJhNDcyZDNlOWM2ODY1ODAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkj1SmCkqRk6PYSezdtfwo/JrL3SP
WmXrzkbu3WFUNaIluM3cdkG5mGI3HLD/ga5STAS80xsRLdx0Q9p0nj/FRJ1dFMTY
UZdtR4oYGvO+wJieGxRl2WvGNR+Lsp96Bwcp3y3Pv1S+vdxo7mXA+ctKjxF60ln+
7W31j+BO1guqqc5EGo69FIAeil4d8xfTxc+kyOzYNNLcAMg0k2GGmrMoLRao/W7A
1OllmninuYijBfiY7c+/bNJXYRwPhEFZ5MhUKbvHOgcL2KVh0CFgMsqOJJ25Sa7Z
T714BsAy1QE8hdT/i9XrsWJuhfcgnWCSLXQRzDhzGumFygA9O9tUrKrBkwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFK5YBnixZ4vHq8QWIqRy0+nGhlgCMB8GA1UdIwQY
MBaAFPMdHAWr1xTGfDKR4BDSHHCjXdV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHgwY0JhdlhGTVo4TXBIZ0VOSWNjS05kMVg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC84ODY2YmItMmViNy00Mjg4LWE4MmMt
NTU1OWFjNDEwYWNlLzEvcmxnR2VMRm5pOGVyeEJZaXBITFQ2Y2FHV0FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC84ODY2YmItMmViNy00Mjg4LWE4MmMtNTU1OWFjNDEwYWNl
LzEvOHgwY0JhdlhGTVo4TXBIZ0VOSWNjS05kMVg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABbZ/ED
BABbZ/IwDQYJKoZIhvcNAQELBQADggEBAE3Z2uoz42U8QyXUSQ32OFHac9cYCKhA
ee41/KP7fAK2RSgD7DweGb06mSJaj2H/nbZG2kOz2iRUYJ1QKNKSJEOJA4xkfT6B
6ONSLTYRSx59SOJGChC4L7gZ5OtAqNPWIWQgcRJ3OZ8zrA/Bbd9vG2LmsKecItnO
bm/0Qs/750BjGK+OCf9fYMKOSep+ATQTBKDyZAXd8FhKOX7oN7uM2Z7Yqm0M8x+o
3yiUCbr9xZ1M+g2SgJggf2UIdW9GrN6rYA2fwKxm4WCMJWebZFjuB/FH3a17UW6d
3yXej0ch4JnGKqknXkMTAOGxqW4B/pnDNFn9GwH75Ygpg5i6hprbYHM=
-----END CERTIFICATE-----