Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/7c66b0-c808-45a1-9b50-5e758e81eff6/1/a3DFbJMaDrQVJTV-SbQraMJSwq4.roa
File:                     a3DFbJMaDrQVJTV-SbQraMJSwq4.roa (raw, json)
Hash identifier:          Hg1n7VC51IDgJirpoAezK5uduLb1o1pqBdLgAzfKPC0=
Subject key identifier:   6B:70:C5:6C:93:1A:0E:B4:15:25:35:7E:49:B4:2B:68:C2:52:C2:AE
Certificate issuer:       /CN=67af9014b0dedd2c04840ae385b5339f6c6790f5
Certificate serial:       018CC8015569BC429B464AB4948EE93F6EB8
Authority key identifier: 67:AF:90:14:B0:DE:DD:2C:04:84:0A:E3:85:B5:33:9F:6C:67:90:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z6-QFLDe3SwEhArjhbUzn2xnkPU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/7c66b0-c808-45a1-9b50-5e758e81eff6/1/a3DFbJMaDrQVJTV-SbQraMJSwq4.roa
Signing time:             Tue 02 Jan 2024 02:29:39 +0000
ROA not before:           Tue 02 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51957
IP address blocks:        91.221.156.0/23 maxlen: 23
                          2a00:5180::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/7c66b0-c808-45a1-9b50-5e758e81eff6/1/Z6-QFLDe3SwEhArjhbUzn2xnkPU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/7c66b0-c808-45a1-9b50-5e758e81eff6/1/Z6-QFLDe3SwEhArjhbUzn2xnkPU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z6-QFLDe3SwEhArjhbUzn2xnkPU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:55:69:bc:42:9b:46:4a:b4:94:8e:e9:3f:6e:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67af9014b0dedd2c04840ae385b5339f6c6790f5
        Validity
            Not Before: Jan  2 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b70c56c931a0eb41525357e49b42b68c252c2ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:6c:a9:ef:1a:1d:40:82:55:e7:72:b0:af:55:
                    ae:a9:c4:c6:32:b8:6d:7e:e4:27:46:9f:4c:34:ea:
                    86:15:6f:71:06:58:8a:5c:4c:49:7f:7f:5b:92:1e:
                    19:f5:3b:86:49:eb:cc:aa:83:96:3a:27:9c:cb:eb:
                    37:b1:ce:02:4f:ac:38:7f:56:df:d4:89:d2:4a:3c:
                    57:ed:da:29:6a:c6:eb:d1:fc:95:c5:fe:a0:61:39:
                    84:69:18:a0:58:82:6c:0c:f3:f5:71:17:d5:7a:c0:
                    fe:20:e3:2d:22:cf:a3:a9:18:ed:9b:e8:d0:5e:09:
                    ae:48:83:a7:bd:ae:ef:46:d3:2a:7a:e6:48:db:72:
                    1b:12:fc:a1:6d:45:11:1f:8b:0a:60:f3:83:d9:a7:
                    ef:ba:0a:ad:14:7c:26:68:78:08:40:f7:4a:8c:6b:
                    66:fe:4d:c9:fb:d4:fb:16:eb:e7:74:a4:c7:3b:cc:
                    18:65:df:4c:ac:0b:a0:35:c2:96:14:84:2a:b7:99:
                    42:41:66:d9:31:c9:84:a1:80:6f:25:e7:d0:a6:2c:
                    d0:23:1f:2f:35:24:eb:0a:c4:09:7f:86:03:40:e1:
                    83:bd:f1:93:f1:5a:c3:05:fa:9d:5f:3f:83:96:01:
                    3d:e7:4a:5c:11:95:7b:d0:ad:e6:4f:cb:cc:35:b9:
                    0d:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:70:C5:6C:93:1A:0E:B4:15:25:35:7E:49:B4:2B:68:C2:52:C2:AE
            X509v3 Authority Key Identifier:
                keyid:67:AF:90:14:B0:DE:DD:2C:04:84:0A:E3:85:B5:33:9F:6C:67:90:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z6-QFLDe3SwEhArjhbUzn2xnkPU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/7c66b0-c808-45a1-9b50-5e758e81eff6/1/a3DFbJMaDrQVJTV-SbQraMJSwq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/7c66b0-c808-45a1-9b50-5e758e81eff6/1/Z6-QFLDe3SwEhArjhbUzn2xnkPU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.156.0/23
                IPv6:
                  2a00:5180::/48

    Signature Algorithm: sha256WithRSAEncryption
         a9:8c:94:9f:7f:84:b4:8f:64:c6:df:f5:b1:4f:52:08:44:83:
         fb:be:d1:df:a8:1e:5e:8c:bc:79:c6:29:31:4a:81:0d:89:2c:
         df:68:ad:b1:f9:c9:b4:a3:fa:16:7e:9e:f8:5d:34:d4:81:49:
         9a:e0:11:83:ff:93:03:3a:39:f1:50:a2:a4:e3:b2:77:2a:53:
         20:c7:3e:19:b3:14:df:6e:93:d6:de:95:e3:04:41:13:fe:ee:
         12:cc:23:fe:3a:e8:99:1f:aa:96:ef:ac:0c:73:8e:b6:ee:76:
         b7:8a:da:71:39:63:dc:91:80:52:e7:04:c2:f2:ef:6d:05:c7:
         41:04:51:c7:5f:bf:68:73:54:19:47:1e:37:ed:79:50:5a:2c:
         93:96:0f:22:27:25:e7:24:38:80:5d:68:51:4a:42:a2:d2:54:
         e0:9a:6c:8e:00:4e:ad:9f:48:16:f5:36:3b:0f:20:43:fb:ef:
         31:28:28:95:0c:21:c6:86:0f:04:9b:38:44:a8:76:3a:e3:87:
         dd:e2:11:70:f9:61:18:81:e2:12:c2:5a:7c:76:84:12:78:80:
         78:a7:a5:98:17:9c:62:e5:c3:ae:00:2f:f3:ad:f4:f9:3b:37:
         22:a3:aa:7a:9c:68:ea:4d:0a:ce:29:82:69:5b:23:68:41:51:
         41:64:e9:56
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAVVpvEKbRkq0lI7pP264MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YWY5MDE0YjBkZWRkMmMwNDg0MGFlMzg1YjUzMzlmNmM2
NzkwZjUwHhcNMjQwMTAyMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjcwYzU2YzkzMWEwZWI0MTUyNTM1N2U0OWI0MmI2OGMyNTJjMmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGyp7xodQIJV53Kwr1WuqcTGMrht
fuQnRp9MNOqGFW9xBliKXExJf39bkh4Z9TuGSevMqoOWOiecy+s3sc4CT6w4f1bf
1InSSjxX7dopasbr0fyVxf6gYTmEaRigWIJsDPP1cRfVesD+IOMtIs+jqRjtm+jQ
XgmuSIOnva7vRtMqeuZI23IbEvyhbUURH4sKYPOD2afvugqtFHwmaHgIQPdKjGtm
/k3J+9T7FuvndKTHO8wYZd9MrAugNcKWFIQqt5lCQWbZMcmEoYBvJefQpizQIx8v
NSTrCsQJf4YDQOGDvfGT8VrDBfqdXz+DlgE950pcEZV70K3mT8vMNbkNJQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGtwxWyTGg60FSU1fkm0K2jCUsKuMB8GA1UdIwQY
MBaAFGevkBSw3t0sBIQK44W1M59sZ5D1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjYtUUZMRGUzU3dFaEFyamhiVXpuMnhua1BVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC83YzY2YjAtYzgwOC00NWExLTliNTAt
NWU3NThlODFlZmY2LzEvYTNERmJKTWFEclFWSlRWLVNiUXJhTUpTd3E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC83YzY2YjAtYzgwOC00NWExLTliNTAtNWU3NThlODFlZmY2
LzEvWjYtUUZMRGUzU3dFaEFyamhiVXpuMnhua1BVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBW92cMA8E
AgACMAkDBwAqAFGAAAAwDQYJKoZIhvcNAQELBQADggEBAKmMlJ9/hLSPZMbf9bFP
UghEg/u+0d+oHl6MvHnGKTFKgQ2JLN9orbH5ybSj+hZ+nvhdNNSBSZrgEYP/kwM6
OfFQoqTjsncqUyDHPhmzFN9uk9beleMEQRP+7hLMI/466JkfqpbvrAxzjrbudreK
2nE5Y9yRgFLnBMLy720Fx0EEUcdfv2hzVBlHHjfteVBaLJOWDyInJeckOIBdaFFK
QqLSVOCabI4ATq2fSBb1NjsPIEP77zEoKJUMIcaGDwSbOESodjrjh93iEXD5YRiB
4hLCWnx2hBJ4gHinpZgXnGLlw64AL/Ot9Pk7NyKjqnqcaOpNCs4pgmlbI2hBUUFk
6VY=
-----END CERTIFICATE-----