Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/0a8651-62ec-49f4-bde0-155c75a45c27/1/43bP_ZHahjmIqFsx8qmP1JKhsB4.roa
File:                     43bP_ZHahjmIqFsx8qmP1JKhsB4.roa (raw, json)
Hash identifier:          Qledsr2aef1Wn3QcaVxiKcA5VUu47SUUPFM8J4Xu5Bs=
Subject key identifier:   E3:76:CF:FD:91:DA:86:39:88:A8:5B:31:F2:A9:8F:D4:92:A1:B0:1E
Certificate issuer:       /CN=3d4c79394062376bca63a63a0bf973992a9f80a2
Certificate serial:       018CC42544553078BEEECFCEB099EE7EBFF3
Authority key identifier: 3D:4C:79:39:40:62:37:6B:CA:63:A6:3A:0B:F9:73:99:2A:9F:80:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PUx5OUBiN2vKY6Y6C_lzmSqfgKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/0a8651-62ec-49f4-bde0-155c75a45c27/1/43bP_ZHahjmIqFsx8qmP1JKhsB4.roa
Signing time:             Mon 01 Jan 2024 08:30:25 +0000
ROA not before:           Mon 01 Jan 2024 08:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198782
IP address blocks:        91.239.61.0/24 maxlen: 24
                          91.239.61.128/25 maxlen: 25
                          91.239.61.0/25 maxlen: 25

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/0a8651-62ec-49f4-bde0-155c75a45c27/1/PUx5OUBiN2vKY6Y6C_lzmSqfgKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/0a8651-62ec-49f4-bde0-155c75a45c27/1/PUx5OUBiN2vKY6Y6C_lzmSqfgKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PUx5OUBiN2vKY6Y6C_lzmSqfgKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:44:55:30:78:be:ee:cf:ce:b0:99:ee:7e:bf:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d4c79394062376bca63a63a0bf973992a9f80a2
        Validity
            Not Before: Jan  1 08:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e376cffd91da863988a85b31f2a98fd492a1b01e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:4d:e7:1e:3d:7d:d0:4f:b8:e7:6d:3d:d6:15:
                    54:ca:bb:d3:f4:14:17:3c:46:a1:b6:2f:24:fa:62:
                    0d:89:b5:e7:b2:74:88:b8:e7:83:84:e5:71:cd:02:
                    1a:32:6c:b3:6b:51:e8:2f:30:f0:8f:b3:35:cd:98:
                    f0:4f:3a:35:7d:30:59:48:89:3b:33:39:22:eb:ec:
                    57:50:77:09:73:bb:33:c7:68:4e:61:b4:af:a5:3d:
                    ef:a2:b3:34:ec:e9:5d:64:10:be:de:87:69:dc:46:
                    50:9e:b8:f9:36:9c:13:e2:e8:b6:1a:88:7a:16:3d:
                    79:06:c5:e8:82:73:cf:e7:0c:0d:cc:7a:73:b5:85:
                    00:6d:93:ab:05:c9:36:e1:41:29:9c:11:8f:6f:80:
                    23:a5:5b:79:bb:12:84:17:5f:3d:4a:5d:80:76:a0:
                    cf:f0:5e:97:48:ca:d6:59:38:b4:3e:6f:79:b6:a9:
                    73:e2:f5:c2:70:43:6f:40:21:68:c9:5f:85:67:b7:
                    86:4f:1b:5b:ae:87:96:fc:7d:62:a7:54:e7:51:26:
                    08:94:53:63:33:e0:b7:10:41:17:bb:f0:86:e9:1b:
                    23:2c:8b:37:70:ce:e3:ba:ff:87:61:43:ff:65:77:
                    6a:0d:aa:4a:13:ae:6f:b3:a7:79:d7:77:36:2f:44:
                    57:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:76:CF:FD:91:DA:86:39:88:A8:5B:31:F2:A9:8F:D4:92:A1:B0:1E
            X509v3 Authority Key Identifier:
                keyid:3D:4C:79:39:40:62:37:6B:CA:63:A6:3A:0B:F9:73:99:2A:9F:80:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PUx5OUBiN2vKY6Y6C_lzmSqfgKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/0a8651-62ec-49f4-bde0-155c75a45c27/1/43bP_ZHahjmIqFsx8qmP1JKhsB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/0a8651-62ec-49f4-bde0-155c75a45c27/1/PUx5OUBiN2vKY6Y6C_lzmSqfgKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:b0:31:c4:49:1b:6c:da:bb:1e:bf:37:d4:bc:5d:11:58:9b:
         43:ce:f0:ed:3d:7f:75:c2:71:61:ba:ac:f3:dd:c4:63:61:35:
         d5:cb:4f:e2:b5:ef:62:95:5a:28:42:77:0f:e3:30:42:f5:cd:
         3a:59:5f:b0:15:6f:1d:a0:e9:d7:4d:c9:43:32:9b:09:9f:9c:
         c8:83:a9:1f:1e:4b:ba:31:a0:d1:4c:ac:79:b3:e0:57:53:4d:
         87:e3:f8:4d:e9:d1:bd:5b:a1:a3:8a:d4:52:32:a7:01:da:cd:
         ee:63:fc:df:4a:39:50:c8:02:5e:26:a3:35:dd:23:b0:bb:2e:
         e8:37:71:03:68:9b:b3:c8:15:46:17:1e:bf:1d:76:37:1e:51:
         63:86:ac:ad:36:03:56:e5:22:5d:80:09:af:a6:2b:64:d3:ec:
         3a:b7:8c:31:a4:a9:c6:19:14:72:4a:58:22:aa:a2:4e:f0:d5:
         8b:9d:4b:30:7c:bd:bc:50:15:e8:b7:27:ed:15:2a:57:57:a8:
         b6:7c:23:9c:79:f7:41:b3:a1:c6:4b:a6:13:59:99:71:ba:72:
         ee:43:a2:87:49:87:2d:5d:1c:de:4d:b2:94:68:ce:02:1b:3d:
         f6:d6:15:e4:47:ad:43:d7:9d:2c:cc:32:e0:84:96:1f:45:21:
         3c:ab:de:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJURVMHi+7s/OsJnufr/zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkNGM3OTM5NDA2MjM3NmJjYTYzYTYzYTBiZjk3Mzk5MmE5
ZjgwYTIwHhcNMjQwMTAxMDgzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzc2Y2ZmZDkxZGE4NjM5ODhhODViMzFmMmE5OGZkNDkyYTFiMDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmU3nHj190E+452091hVUyrvT9BQX
PEahti8k+mINibXnsnSIuOeDhOVxzQIaMmyza1HoLzDwj7M1zZjwTzo1fTBZSIk7
Mzki6+xXUHcJc7szx2hOYbSvpT3vorM07OldZBC+3odp3EZQnrj5NpwT4ui2Goh6
Fj15BsXognPP5wwNzHpztYUAbZOrBck24UEpnBGPb4AjpVt5uxKEF189Sl2AdqDP
8F6XSMrWWTi0Pm95tqlz4vXCcENvQCFoyV+FZ7eGTxtbroeW/H1ip1TnUSYIlFNj
M+C3EEEXu/CG6RsjLIs3cM7juv+HYUP/ZXdqDapKE65vs6d513c2L0RXOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFON2z/2R2oY5iKhbMfKpj9SSobAeMB8GA1UdIwQY
MBaAFD1MeTlAYjdrymOmOgv5c5kqn4CiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFV4NU9VQmlOMnZLWTZZNkNfbHptU3FmZ0tJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS8wYTg2NTEtNjJlYy00OWY0LWJkZTAt
MTU1Yzc1YTQ1YzI3LzEvNDNiUF9aSGFoam1JcUZzeDhxbVAxSktoc0I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS8wYTg2NTEtNjJlYy00OWY0LWJkZTAtMTU1Yzc1YTQ1YzI3
LzEvUFV4NU9VQmlOMnZLWTZZNkNfbHptU3FmZ0tJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+89MA0G
CSqGSIb3DQEBCwUAA4IBAQC5sDHESRts2rsevzfUvF0RWJtDzvDtPX91wnFhuqzz
3cRjYTXVy0/ite9ilVooQncP4zBC9c06WV+wFW8doOnXTclDMpsJn5zIg6kfHku6
MaDRTKx5s+BXU02H4/hN6dG9W6GjitRSMqcB2s3uY/zfSjlQyAJeJqM13SOwuy7o
N3EDaJuzyBVGFx6/HXY3HlFjhqytNgNW5SJdgAmvpitk0+w6t4wxpKnGGRRySlgi
qqJO8NWLnUswfL28UBXotyftFSpXV6i2fCOcefdBs6HGS6YTWZlxunLuQ6KHSYct
XRzeTbKUaM4CGz321hXkR61D150szDLghJYfRSE8q97G
-----END CERTIFICATE-----