Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/d86fc4-175f-423d-984e-859f7face695/1/amGG5lCTuDxH_pf4Flr3VvQkZpI.roa
File:                     amGG5lCTuDxH_pf4Flr3VvQkZpI.roa (raw, json)
Hash identifier:          +o5L7wM9+7kwuNYJw32muZp3W9/Zk+r/ir77ovw+Ro8=
Subject key identifier:   6A:61:86:E6:50:93:B8:3C:47:FE:97:F8:16:5A:F7:56:F4:24:66:92
Certificate issuer:       /CN=88d129a7c78fb66d0773bc99008357e507c1e7be
Certificate serial:       018CC26D77FC9C38D0D31DDDE54737CD7141
Authority key identifier: 88:D1:29:A7:C7:8F:B6:6D:07:73:BC:99:00:83:57:E5:07:C1:E7:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iNEpp8ePtm0Hc7yZAINX5QfB574.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/d86fc4-175f-423d-984e-859f7face695/1/amGG5lCTuDxH_pf4Flr3VvQkZpI.roa
Signing time:             Mon 01 Jan 2024 00:30:03 +0000
ROA not before:           Mon 01 Jan 2024 00:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210579
IP address blocks:        91.214.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/d86fc4-175f-423d-984e-859f7face695/1/iNEpp8ePtm0Hc7yZAINX5QfB574.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/d86fc4-175f-423d-984e-859f7face695/1/iNEpp8ePtm0Hc7yZAINX5QfB574.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iNEpp8ePtm0Hc7yZAINX5QfB574.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:77:fc:9c:38:d0:d3:1d:dd:e5:47:37:cd:71:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88d129a7c78fb66d0773bc99008357e507c1e7be
        Validity
            Not Before: Jan  1 00:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a6186e65093b83c47fe97f8165af756f4246692
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:45:a3:5e:81:79:9d:d9:c3:74:e6:4f:56:73:
                    0b:19:90:cb:82:60:e6:4b:21:96:ec:f7:f5:7a:1d:
                    41:ec:66:47:6e:59:7f:0b:e5:38:e4:8f:32:2a:49:
                    8e:7e:2c:30:d1:2b:94:82:40:9a:5a:c6:9f:63:c4:
                    54:a3:e3:01:44:05:63:f1:3b:53:73:8f:97:2f:d1:
                    77:7d:88:1d:94:3a:8e:6e:ff:09:c0:9b:bd:2c:c3:
                    6e:00:fe:ba:a7:fc:49:d6:64:e0:30:a8:ea:f1:98:
                    8d:9b:9b:59:eb:fb:35:b5:f4:d0:ed:fa:e8:76:76:
                    f8:ff:48:78:37:dc:32:88:36:3d:86:20:e8:67:72:
                    bf:23:20:d7:a6:76:7d:95:15:7a:66:69:6b:35:4e:
                    06:7e:2e:64:00:f8:e5:32:9f:54:69:6d:14:b1:cf:
                    e1:7f:a1:53:a8:da:bb:11:06:0f:23:70:0d:27:66:
                    aa:09:07:79:20:c1:b8:5f:9b:df:2f:59:fa:6a:1d:
                    9f:49:bb:63:a3:1e:b0:00:fb:8d:12:ac:73:3d:6b:
                    3c:7a:66:e5:b3:7a:9b:79:78:32:1f:d1:b7:15:f5:
                    5e:bf:ee:81:2a:f8:b2:61:e5:ab:be:68:a2:1e:91:
                    a5:9c:20:3b:18:73:95:df:ee:19:22:50:c0:4f:5d:
                    84:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:61:86:E6:50:93:B8:3C:47:FE:97:F8:16:5A:F7:56:F4:24:66:92
            X509v3 Authority Key Identifier:
                keyid:88:D1:29:A7:C7:8F:B6:6D:07:73:BC:99:00:83:57:E5:07:C1:E7:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iNEpp8ePtm0Hc7yZAINX5QfB574.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/d86fc4-175f-423d-984e-859f7face695/1/amGG5lCTuDxH_pf4Flr3VvQkZpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/d86fc4-175f-423d-984e-859f7face695/1/iNEpp8ePtm0Hc7yZAINX5QfB574.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.214.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:3b:dd:0d:7b:ac:d1:f1:da:dd:27:5d:be:cf:63:9f:79:7b:
         32:a6:d6:95:b7:ad:2c:67:d0:95:5c:2b:56:36:95:23:52:e6:
         1a:81:aa:55:06:d7:2a:7e:ad:00:0a:fa:e7:3c:bc:a1:7c:5a:
         7d:6e:49:d9:2c:e9:03:4e:e4:82:d7:c4:33:7f:7d:37:2d:09:
         1e:2d:11:fe:d9:c0:3b:4c:6b:e6:e1:17:2a:f8:fa:05:c1:ef:
         04:f4:c9:30:e6:8e:61:93:18:95:83:43:4f:f6:46:25:e0:58:
         55:9e:0f:e2:b0:80:23:42:64:63:d8:66:af:dc:2b:c1:1f:a4:
         d1:31:84:43:16:f1:64:f7:07:37:1c:64:c6:6c:a3:c9:98:68:
         dd:96:6a:73:b8:95:39:69:f6:6b:05:cc:ce:08:f2:39:8c:0e:
         9c:6e:e7:ad:59:42:73:d9:61:1d:aa:93:b5:6b:b0:63:2d:e2:
         bf:8f:e7:9d:30:90:45:3b:48:a1:8f:ff:bc:b2:30:73:17:16:
         56:cc:a7:cf:d0:2c:cf:95:77:e0:ca:3d:e1:30:07:dd:ad:fa:
         77:6f:3d:85:bd:ed:23:fa:e8:88:2c:b1:af:05:33:2d:a0:1f:
         6d:2b:71:ab:a6:f5:fe:3a:bb:c8:8c:3e:84:f9:8e:3c:b7:dc:
         38:71:12:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXf8nDjQ0x3d5Uc3zXFBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZDEyOWE3Yzc4ZmI2NmQwNzczYmM5OTAwODM1N2U1MDdj
MWU3YmUwHhcNMjQwMTAxMDAzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTYxODZlNjUwOTNiODNjNDdmZTk3ZjgxNjVhZjc1NmY0MjQ2NjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UWjXoF5ndnDdOZPVnMLGZDLgmDm
SyGW7Pf1eh1B7GZHbll/C+U45I8yKkmOfiww0SuUgkCaWsafY8RUo+MBRAVj8TtT
c4+XL9F3fYgdlDqObv8JwJu9LMNuAP66p/xJ1mTgMKjq8ZiNm5tZ6/s1tfTQ7fro
dnb4/0h4N9wyiDY9hiDoZ3K/IyDXpnZ9lRV6ZmlrNU4Gfi5kAPjlMp9UaW0Usc/h
f6FTqNq7EQYPI3ANJ2aqCQd5IMG4X5vfL1n6ah2fSbtjox6wAPuNEqxzPWs8embl
s3qbeXgyH9G3FfVev+6BKviyYeWrvmiiHpGlnCA7GHOV3+4ZIlDAT12EtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGphhuZQk7g8R/6X+BZa91b0JGaSMB8GA1UdIwQY
MBaAFIjRKafHj7ZtB3O8mQCDV+UHwee+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaU5FcHA4ZVB0bTBIYzd5WkFJTlg1UWZCNTc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9kODZmYzQtMTc1Zi00MjNkLTk4NGUt
ODU5ZjdmYWNlNjk1LzEvYW1HRzVsQ1R1RHhIX3BmNEZscjNWdlFrWnBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9kODZmYzQtMTc1Zi00MjNkLTk4NGUtODU5ZjdmYWNlNjk1
LzEvaU5FcHA4ZVB0bTBIYzd5WkFJTlg1UWZCNTc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9ZwMA0G
CSqGSIb3DQEBCwUAA4IBAQAwO90Ne6zR8drdJ12+z2OfeXsyptaVt60sZ9CVXCtW
NpUjUuYagapVBtcqfq0ACvrnPLyhfFp9bknZLOkDTuSC18Qzf303LQkeLRH+2cA7
TGvm4Rcq+PoFwe8E9Mkw5o5hkxiVg0NP9kYl4FhVng/isIAjQmRj2Gav3CvBH6TR
MYRDFvFk9wc3HGTGbKPJmGjdlmpzuJU5afZrBczOCPI5jA6cbuetWUJz2WEdqpO1
a7BjLeK/j+edMJBFO0ihj/+8sjBzFxZWzKfP0CzPlXfgyj3hMAfdrfp3bz2Fve0j
+uiILLGvBTMtoB9tK3GrpvX+OrvIjD6E+Y48t9w4cRIh
-----END CERTIFICATE-----