Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/t0cA3ZMOtsB7I1EWG9plRCADyCE.roa
File:                     t0cA3ZMOtsB7I1EWG9plRCADyCE.roa (raw, json)
Hash identifier:          WI8L61f1g12WImSZMXDiJ6MOeOEWS3qlRAx22RB3PnU=
Subject key identifier:   B7:47:00:DD:93:0E:B6:C0:7B:23:51:16:1B:DA:65:44:20:03:C8:21
Certificate issuer:       /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial:       018CC94E30FE49C99C41EAA4FB4C5CDBC09A
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/t0cA3ZMOtsB7I1EWG9plRCADyCE.roa
Signing time:             Tue 02 Jan 2024 08:33:13 +0000
ROA not before:           Tue 02 Jan 2024 08:33:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29372
IP address blocks:        91.68.249.0/24 maxlen: 24
                          91.68.247.0/24 maxlen: 24
                          91.68.248.0/24 maxlen: 24
                          91.68.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:30:fe:49:c9:9c:41:ea:a4:fb:4c:5c:db:c0:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
        Validity
            Not Before: Jan  2 08:33:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b74700dd930eb6c07b2351161bda65442003c821
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ef:18:73:9f:d7:30:24:3e:f6:e2:e6:d3:19:
                    7f:76:f9:45:d4:17:7e:de:0e:be:b3:3c:6a:d1:c3:
                    bc:ea:7e:c6:ee:c3:d5:c2:d7:08:f9:0d:f1:26:5c:
                    2e:c7:59:e6:17:e0:35:86:88:11:fd:d8:3b:a1:e8:
                    13:52:8f:94:dd:5f:33:4b:df:e1:d5:90:56:7b:cd:
                    97:77:55:d0:2d:f7:f6:7a:7e:45:4c:69:48:84:19:
                    32:c1:9b:95:4d:d6:77:cd:bf:08:63:78:12:64:c4:
                    e6:dc:9f:f8:c6:4a:0c:d5:3b:bf:28:09:e7:73:8a:
                    04:ab:11:5f:41:2a:d8:0c:d9:61:15:21:18:91:db:
                    60:dc:7e:b4:2e:22:db:6f:62:8f:d7:34:0a:1c:56:
                    93:de:44:0c:36:f4:c0:a4:af:8b:e7:84:b0:89:b6:
                    20:83:47:d2:93:59:e1:25:49:5a:bb:43:8d:b6:50:
                    f7:9e:6f:86:c0:03:35:27:26:44:a6:e9:f0:f3:d2:
                    a1:e5:5b:db:29:d5:ac:78:f4:c4:9b:64:c2:d7:1b:
                    5a:45:ba:e1:5b:04:af:83:f3:07:eb:f1:ff:69:f0:
                    0e:42:46:ac:2c:96:43:cd:8b:0e:a7:42:f6:33:6e:
                    c4:ce:52:62:0e:c2:f8:b8:2b:af:a2:88:30:4a:e6:
                    65:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:47:00:DD:93:0E:B6:C0:7B:23:51:16:1B:DA:65:44:20:03:C8:21
            X509v3 Authority Key Identifier:
                keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/t0cA3ZMOtsB7I1EWG9plRCADyCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.68.247.0-91.68.250.255

    Signature Algorithm: sha256WithRSAEncryption
         87:63:5f:a0:11:62:d4:39:24:9e:7a:fc:bc:95:15:0b:99:d5:
         ab:ec:c5:ab:11:06:3a:21:be:04:3f:8e:1d:ce:d8:52:a2:51:
         9a:a7:f6:fb:47:84:8c:af:5f:80:fe:b4:93:f3:a6:ac:81:09:
         df:df:5f:eb:5a:7e:a8:f5:16:bf:78:59:7e:dd:1a:fb:a5:dc:
         cc:9b:56:74:a7:a3:09:f9:8e:e9:79:d6:9a:a2:96:7b:9f:9b:
         ac:d4:69:8b:b5:f5:7f:a7:97:5d:23:3a:32:10:f4:2a:b6:0c:
         6d:d6:38:38:bc:ef:b7:60:93:7e:44:6b:e2:08:cb:02:8d:f0:
         a5:b0:6c:7c:62:fa:d2:f7:67:85:14:28:1e:b9:e8:a5:cf:b4:
         8e:82:ba:d2:df:93:5d:b3:bd:15:7d:1e:34:a4:5b:76:3c:71:
         49:f3:e0:f6:2a:2c:5e:4a:86:7b:88:ff:3b:61:27:fc:09:a0:
         b2:9d:90:7b:17:ee:7d:7a:c4:89:fd:95:87:e9:e9:d3:a7:c1:
         94:26:2d:f2:65:a6:a2:86:10:02:af:e0:9c:35:19:6d:be:49:
         f5:53:67:11:16:1d:02:42:dc:8b:73:4d:c3:fa:cf:df:ae:30:
         a3:1a:98:09:e5:fc:5c:48:b9:5e:e2:2b:61:57:cf:d1:a5:12:
         13:29:07:ac
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJTjD+ScmcQeqk+0xc28CaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjQwMTAyMDgzMzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzQ3MDBkZDkzMGViNmMwN2IyMzUxMTYxYmRhNjU0NDIwMDNjODIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuu8Yc5/XMCQ+9uLm0xl/dvlF1Bd+
3g6+szxq0cO86n7G7sPVwtcI+Q3xJlwux1nmF+A1hogR/dg7oegTUo+U3V8zS9/h
1ZBWe82Xd1XQLff2en5FTGlIhBkywZuVTdZ3zb8IY3gSZMTm3J/4xkoM1Tu/KAnn
c4oEqxFfQSrYDNlhFSEYkdtg3H60LiLbb2KP1zQKHFaT3kQMNvTApK+L54SwibYg
g0fSk1nhJUlau0ONtlD3nm+GwAM1JyZEpunw89Kh5VvbKdWsePTEm2TC1xtaRbrh
WwSvg/MH6/H/afAOQkasLJZDzYsOp0L2M27EzlJiDsL4uCuvoogwSuZlwwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLdHAN2TDrbAeyNRFhvaZUQgA8ghMB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEvdDBjQTNaTU90c0I3STFFV0c5cGxSQ0FEeUNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2MtMDI5MmIwMjAxNTBh
LzEvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABbRPcD
BABbRPowDQYJKoZIhvcNAQELBQADggEBAIdjX6ARYtQ5JJ56/LyVFQuZ1avsxasR
BjohvgQ/jh3O2FKiUZqn9vtHhIyvX4D+tJPzpqyBCd/fX+tafqj1Fr94WX7dGvul
3MybVnSnown5jul51pqilnufm6zUaYu19X+nl10jOjIQ9Cq2DG3WODi877dgk35E
a+IIywKN8KWwbHxi+tL3Z4UUKB656KXPtI6CutLfk12zvRV9HjSkW3Y8cUnz4PYq
LF5KhnuI/zthJ/wJoLKdkHsX7n16xIn9lYfp6dOnwZQmLfJlpqKGEAKv4Jw1GW2+
SfVTZxEWHQJC3ItzTcP6z9+uMKMamAnl/FxIuV7iK2FXz9GlEhMpB6w=
-----END CERTIFICATE-----