Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/9e3f2a-1440-4084-84c2-9312d087dfca/1/bqCVZpKVqbaM5FetsVkW7TIV3x8.roa
File:                     bqCVZpKVqbaM5FetsVkW7TIV3x8.roa (raw, json)
Hash identifier:          P1R0wophtx74hRmtEyqxTrdXg8b4bk/BoOBOZgSKnS4=
Subject key identifier:   6E:A0:95:66:92:95:A9:B6:8C:E4:57:AD:B1:59:16:ED:32:15:DF:1F
Certificate issuer:       /CN=db42059ce291d49a66920731c767da563ef21124
Certificate serial:       018CC5DBEC68CF40AD4D39DEFCEA8C7405A0
Authority key identifier: DB:42:05:9C:E2:91:D4:9A:66:92:07:31:C7:67:DA:56:3E:F2:11:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/20IFnOKR1Jpmkgcxx2faVj7yESQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/9e3f2a-1440-4084-84c2-9312d087dfca/1/bqCVZpKVqbaM5FetsVkW7TIV3x8.roa
Signing time:             Mon 01 Jan 2024 16:29:33 +0000
ROA not before:           Mon 01 Jan 2024 16:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57815
IP address blocks:        91.235.165.0/24 maxlen: 24
                          194.40.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/9e3f2a-1440-4084-84c2-9312d087dfca/1/20IFnOKR1Jpmkgcxx2faVj7yESQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/9e3f2a-1440-4084-84c2-9312d087dfca/1/20IFnOKR1Jpmkgcxx2faVj7yESQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/20IFnOKR1Jpmkgcxx2faVj7yESQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:ec:68:cf:40:ad:4d:39:de:fc:ea:8c:74:05:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db42059ce291d49a66920731c767da563ef21124
        Validity
            Not Before: Jan  1 16:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ea095669295a9b68ce457adb15916ed3215df1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ea:96:67:1e:ce:a2:b4:b5:c7:f1:a3:81:40:
                    6a:11:b0:22:e0:1a:15:35:3b:12:57:0e:78:2e:7a:
                    d9:87:44:ce:6e:4d:69:72:dd:a7:89:40:e1:97:a7:
                    71:ec:07:48:8a:35:68:a2:a9:26:4d:29:fc:d3:9c:
                    b4:0a:7f:24:cb:03:b8:f1:8c:b0:3c:ae:ab:52:1b:
                    67:a1:c0:00:03:70:b6:3e:b8:2c:42:6c:28:90:d5:
                    e2:12:33:4a:0f:83:ac:95:36:ca:cd:31:4f:ae:a4:
                    48:01:ae:08:b5:36:b8:93:07:18:c0:6e:3a:54:e9:
                    64:bb:dd:08:9f:2c:d3:dd:35:e1:f1:9a:ee:0a:41:
                    b4:71:a4:bc:37:dd:45:40:9f:a4:96:ae:6a:92:4e:
                    6a:ad:a1:c7:aa:18:eb:d6:9a:0c:b5:69:3e:d8:d7:
                    ab:99:9d:b7:f4:0e:be:70:4d:d8:ef:b8:c6:60:c2:
                    0f:38:2f:b7:0a:23:c7:3e:70:91:a1:73:c5:aa:58:
                    52:c8:9b:70:48:94:5d:d2:93:9e:d1:45:22:16:66:
                    c2:16:72:36:8b:9e:ea:d4:c5:87:b2:8c:e8:14:29:
                    1c:96:74:e8:5f:e7:80:69:33:51:68:1d:d0:a9:f9:
                    d9:6c:ed:53:54:7f:27:da:9f:1a:85:01:02:ef:1a:
                    2d:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:A0:95:66:92:95:A9:B6:8C:E4:57:AD:B1:59:16:ED:32:15:DF:1F
            X509v3 Authority Key Identifier:
                keyid:DB:42:05:9C:E2:91:D4:9A:66:92:07:31:C7:67:DA:56:3E:F2:11:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/20IFnOKR1Jpmkgcxx2faVj7yESQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/9e3f2a-1440-4084-84c2-9312d087dfca/1/bqCVZpKVqbaM5FetsVkW7TIV3x8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/9e3f2a-1440-4084-84c2-9312d087dfca/1/20IFnOKR1Jpmkgcxx2faVj7yESQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.165.0/24
                  194.40.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:22:d6:10:e8:41:0d:3b:a7:8d:25:2e:f6:94:8e:15:bc:e0:
         1b:9a:72:e3:21:14:8c:95:41:1f:01:88:d0:f7:ac:51:78:ff:
         ca:83:f8:4a:a5:cf:d5:56:6c:08:78:9e:fc:a4:16:6c:0c:44:
         ba:c2:bf:a4:0d:93:d8:57:b6:7f:c5:57:70:68:7a:bf:29:fb:
         32:ed:36:79:dc:be:a5:e0:ff:b1:6c:1e:b6:14:dc:d6:77:1d:
         29:c4:6f:72:b2:3e:d1:66:01:34:1a:33:c6:0f:5b:3c:cc:15:
         07:8a:ef:68:67:2b:86:05:80:b0:11:49:60:b7:eb:ad:a8:74:
         27:9c:2f:9c:d5:8a:8f:86:98:8c:ab:72:44:20:2b:94:e3:2a:
         f6:99:a0:a3:a6:4b:fa:ca:38:45:47:8a:17:cb:b0:c8:41:e3:
         2e:6e:74:d9:fb:8d:0e:60:ed:1b:f6:75:da:09:99:93:a0:4f:
         3b:b2:90:4e:44:13:7b:b5:a5:8d:cc:47:75:b4:9f:dc:0b:dd:
         d2:23:d7:c5:14:8e:d7:c7:f7:a1:98:b1:0e:0c:e2:47:00:30:
         a2:02:24:36:b9:65:7a:5e:00:6f:04:9b:5e:2a:a1:9c:08:20:
         03:4a:2b:97:e6:55:f8:26:d3:bb:98:56:7e:d7:50:d5:f2:6b:
         15:a6:77:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF2+xoz0CtTTne/OqMdAWgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiNDIwNTljZTI5MWQ0OWE2NjkyMDczMWM3NjdkYTU2M2Vm
MjExMjQwHhcNMjQwMTAxMTYyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWEwOTU2NjkyOTVhOWI2OGNlNDU3YWRiMTU5MTZlZDMyMTVkZjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+qWZx7OorS1x/GjgUBqEbAi4BoV
NTsSVw54LnrZh0TObk1pct2niUDhl6dx7AdIijVooqkmTSn805y0Cn8kywO48Yyw
PK6rUhtnocAAA3C2PrgsQmwokNXiEjNKD4OslTbKzTFPrqRIAa4ItTa4kwcYwG46
VOlku90InyzT3TXh8ZruCkG0caS8N91FQJ+klq5qkk5qraHHqhjr1poMtWk+2Ner
mZ239A6+cE3Y77jGYMIPOC+3CiPHPnCRoXPFqlhSyJtwSJRd0pOe0UUiFmbCFnI2
i57q1MWHsozoFCkclnToX+eAaTNRaB3QqfnZbO1TVH8n2p8ahQEC7xotwwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG6glWaSlam2jORXrbFZFu0yFd8fMB8GA1UdIwQY
MBaAFNtCBZzikdSaZpIHMcdn2lY+8hEkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjBJRm5PS1IxSnBta2djeHgyZmFWajd5RVNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni85ZTNmMmEtMTQ0MC00MDg0LTg0YzIt
OTMxMmQwODdkZmNhLzEvYnFDVlpwS1ZxYmFNNUZldHNWa1c3VElWM3g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni85ZTNmMmEtMTQ0MC00MDg0LTg0YzItOTMxMmQwODdkZmNh
LzEvMjBJRm5PS1IxSnBta2djeHgyZmFWajd5RVNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+ulAwQA
wijSMA0GCSqGSIb3DQEBCwUAA4IBAQBnItYQ6EENO6eNJS72lI4VvOAbmnLjIRSM
lUEfAYjQ96xReP/Kg/hKpc/VVmwIeJ78pBZsDES6wr+kDZPYV7Z/xVdwaHq/Kfsy
7TZ53L6l4P+xbB62FNzWdx0pxG9ysj7RZgE0GjPGD1s8zBUHiu9oZyuGBYCwEUlg
t+utqHQnnC+c1YqPhpiMq3JEICuU4yr2maCjpkv6yjhFR4oXy7DIQeMubnTZ+40O
YO0b9nXaCZmToE87spBORBN7taWNzEd1tJ/cC93SI9fFFI7Xx/ehmLEODOJHADCi
AiQ2uWV6XgBvBJteKqGcCCADSiuX5lX4JtO7mFZ+11DV8msVpnec
-----END CERTIFICATE-----