Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a815b3-c48c-4ff9-989d-8854c92d47b1/1/gKgdAMDbMKnijn_6V-pzjI6RNHQ.roa
File:                     gKgdAMDbMKnijn_6V-pzjI6RNHQ.roa (raw, json)
Hash identifier:          9i2U3h7ZseW94hPv/JklRBcynjv74i5WcinlnP+dhbo=
Subject key identifier:   80:A8:1D:00:C0:DB:30:A9:E2:8E:7F:FA:57:EA:73:8C:8E:91:34:74
Certificate issuer:       /CN=3514ff67f3b8d4f6f6bda23ecbbc7b0f09fe6080
Certificate serial:       018CC7257FCB936442A39FCD39C7C7731FCC
Authority key identifier: 35:14:FF:67:F3:B8:D4:F6:F6:BD:A2:3E:CB:BC:7B:0F:09:FE:60:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRT_Z_O41Pb2vaI-y7x7Dwn-YIA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a815b3-c48c-4ff9-989d-8854c92d47b1/1/gKgdAMDbMKnijn_6V-pzjI6RNHQ.roa
Signing time:             Mon 01 Jan 2024 22:29:32 +0000
ROA not before:           Mon 01 Jan 2024 22:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24971
IP address blocks:        91.213.160.0/24 maxlen: 24
                          2001:67c:68::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/a815b3-c48c-4ff9-989d-8854c92d47b1/1/NRT_Z_O41Pb2vaI-y7x7Dwn-YIA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/a815b3-c48c-4ff9-989d-8854c92d47b1/1/NRT_Z_O41Pb2vaI-y7x7Dwn-YIA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRT_Z_O41Pb2vaI-y7x7Dwn-YIA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:7f:cb:93:64:42:a3:9f:cd:39:c7:c7:73:1f:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3514ff67f3b8d4f6f6bda23ecbbc7b0f09fe6080
        Validity
            Not Before: Jan  1 22:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80a81d00c0db30a9e28e7ffa57ea738c8e913474
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:de:f3:47:ea:80:a1:d0:6d:fd:fa:3d:77:ac:
                    63:b5:42:6c:bd:61:72:35:ca:1d:0b:7c:6e:94:a9:
                    33:75:51:11:49:b4:8c:60:6d:b3:d1:94:e5:b4:45:
                    a2:08:b3:35:1f:58:6a:6f:c9:10:5a:81:a6:5f:58:
                    2f:03:79:ab:c8:8c:18:d9:5f:eb:d6:16:95:ad:eb:
                    59:a0:27:b5:c7:17:4a:c5:a4:ef:48:c8:b7:98:fb:
                    fe:02:49:35:2b:27:1d:96:4a:52:9b:33:50:48:41:
                    18:65:60:45:d7:53:30:72:7d:74:ea:b8:98:bb:aa:
                    ad:7c:4b:52:24:af:d8:4b:4a:20:6c:72:e0:da:9a:
                    76:d8:bd:ff:8f:ed:df:ad:53:c1:e6:39:f9:19:93:
                    ba:f8:c5:1f:57:9b:55:26:40:3b:1c:e0:41:81:fa:
                    8f:63:e5:e6:61:05:bd:c9:ec:50:71:29:d6:50:ae:
                    e9:69:1b:e4:f3:6d:38:34:a0:ad:65:9d:7c:09:dd:
                    f9:ef:02:d5:d8:03:e3:bf:6a:32:1d:ac:c5:79:97:
                    47:83:2b:40:c6:0b:e5:cd:0a:93:50:c6:44:fc:77:
                    e9:cc:92:45:08:60:2d:64:35:e5:f2:f1:20:09:a8:
                    69:a9:e4:d9:05:83:b3:d4:9e:9c:44:bd:b0:65:ce:
                    18:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:A8:1D:00:C0:DB:30:A9:E2:8E:7F:FA:57:EA:73:8C:8E:91:34:74
            X509v3 Authority Key Identifier:
                keyid:35:14:FF:67:F3:B8:D4:F6:F6:BD:A2:3E:CB:BC:7B:0F:09:FE:60:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRT_Z_O41Pb2vaI-y7x7Dwn-YIA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a815b3-c48c-4ff9-989d-8854c92d47b1/1/gKgdAMDbMKnijn_6V-pzjI6RNHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a815b3-c48c-4ff9-989d-8854c92d47b1/1/NRT_Z_O41Pb2vaI-y7x7Dwn-YIA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.160.0/24
                IPv6:
                  2001:67c:68::/48

    Signature Algorithm: sha256WithRSAEncryption
         a8:25:28:93:f0:f5:00:1c:60:49:1f:f9:ed:6c:ba:81:25:6d:
         a0:3e:26:7d:df:b0:9f:c9:2d:06:0d:ca:b8:34:59:1e:27:98:
         28:9f:6c:f6:fb:e0:88:2c:05:55:66:3c:5d:67:18:9b:7c:53:
         34:17:6f:33:44:62:87:3f:ba:bb:55:c2:00:35:67:97:59:7a:
         5d:95:87:12:b3:75:cc:e5:24:8a:39:3b:9c:d8:68:ea:fa:77:
         ab:bc:27:ee:91:00:86:0b:0f:4a:29:c3:92:36:93:65:92:a3:
         73:e3:72:87:d7:31:fe:48:c1:7c:0b:b8:1f:e8:7d:4d:b5:ec:
         0a:bc:d1:82:d9:8f:91:b5:5e:64:4e:95:ab:f8:ad:03:a9:95:
         d1:4e:f3:94:84:88:89:d7:8f:82:9c:27:cf:8b:58:c1:e6:99:
         32:82:70:1b:3e:46:37:9d:2c:e7:02:1f:df:a3:f6:1d:e6:ab:
         d1:bf:2d:d7:c7:ad:ea:a3:2b:31:5b:d4:50:15:31:04:95:d3:
         c8:e4:4c:82:27:05:e0:3c:cc:0a:d7:15:1d:d8:5c:dd:48:53:
         79:57:b8:4d:a9:4d:5c:ce:bf:c0:95:b1:23:33:36:7d:f7:8a:
         8c:0b:84:1d:9d:2d:11:89:16:19:d5:c0:26:3a:47:c8:8f:60:
         40:4d:16:fd
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHJX/Lk2RCo5/NOcfHcx/MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MTRmZjY3ZjNiOGQ0ZjZmNmJkYTIzZWNiYmM3YjBmMDlm
ZTYwODAwHhcNMjQwMTAxMjIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGE4MWQwMGMwZGIzMGE5ZTI4ZTdmZmE1N2VhNzM4YzhlOTEzNDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhN7zR+qAodBt/fo9d6xjtUJsvWFy
NcodC3xulKkzdVERSbSMYG2z0ZTltEWiCLM1H1hqb8kQWoGmX1gvA3mryIwY2V/r
1haVretZoCe1xxdKxaTvSMi3mPv+Akk1KycdlkpSmzNQSEEYZWBF11Mwcn106riY
u6qtfEtSJK/YS0ogbHLg2pp22L3/j+3frVPB5jn5GZO6+MUfV5tVJkA7HOBBgfqP
Y+XmYQW9yexQcSnWUK7paRvk8204NKCtZZ18Cd357wLV2APjv2oyHazFeZdHgytA
xgvlzQqTUMZE/HfpzJJFCGAtZDXl8vEgCahpqeTZBYOz1J6cRL2wZc4Y+QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFICoHQDA2zCp4o5/+lfqc4yOkTR0MB8GA1UdIwQY
MBaAFDUU/2fzuNT29r2iPsu8ew8J/mCAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJUX1pfTzQxUGIydmFJLXk3eDdEd24tWUlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hODE1YjMtYzQ4Yy00ZmY5LTk4OWQt
ODg1NGM5MmQ0N2IxLzEvZ0tnZEFNRGJNS25pam5fNlYtcHpqSTZSTkhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hODE1YjMtYzQ4Yy00ZmY5LTk4OWQtODg1NGM5MmQ0N2Ix
LzEvTlJUX1pfTzQxUGIydmFJLXk3eDdEd24tWUlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9WgMA8E
AgACMAkDBwAgAQZ8AGgwDQYJKoZIhvcNAQELBQADggEBAKglKJPw9QAcYEkf+e1s
uoElbaA+Jn3fsJ/JLQYNyrg0WR4nmCifbPb74IgsBVVmPF1nGJt8UzQXbzNEYoc/
urtVwgA1Z5dZel2VhxKzdczlJIo5O5zYaOr6d6u8J+6RAIYLD0opw5I2k2WSo3Pj
cofXMf5IwXwLuB/ofU217Aq80YLZj5G1XmROlav4rQOpldFO85SEiInXj4KcJ8+L
WMHmmTKCcBs+RjedLOcCH9+j9h3mq9G/LdfHreqjKzFb1FAVMQSV08jkTIInBeA8
zArXFR3YXN1IU3lXuE2pTVzOv8CVsSMzNn33iowLhB2dLRGJFhnVwCY6R8iPYEBN
Fv0=
-----END CERTIFICATE-----