Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/11cd10-3ef7-4105-8248-ba51323db4e5/1/sdNqbXJ9_xpcMt0G_E7878xulz4.roa
File:                     sdNqbXJ9_xpcMt0G_E7878xulz4.roa (raw, json)
Hash identifier:          lCRmIZNhqChgQiGH5keSgorkHDz9GP0g5DSWFeVnu1g=
Subject key identifier:   B1:D3:6A:6D:72:7D:FF:1A:5C:32:DD:06:FC:4E:FC:EF:CC:6E:97:3E
Certificate issuer:       /CN=bbf4e1fdb424a9120223b3a75c6ccc31b6f6224a
Certificate serial:       018DC11673970700E51F84720EA7EAB51527
Authority key identifier: BB:F4:E1:FD:B4:24:A9:12:02:23:B3:A7:5C:6C:CC:31:B6:F6:22:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u_Th_bQkqRICI7OnXGzMMbb2Iko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/11cd10-3ef7-4105-8248-ba51323db4e5/1/sdNqbXJ9_xpcMt0G_E7878xulz4.roa
Signing time:             Mon 19 Feb 2024 11:18:10 +0000
ROA not before:           Mon 19 Feb 2024 11:18:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197561
IP address blocks:        91.223.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/11cd10-3ef7-4105-8248-ba51323db4e5/1/u_Th_bQkqRICI7OnXGzMMbb2Iko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/11cd10-3ef7-4105-8248-ba51323db4e5/1/u_Th_bQkqRICI7OnXGzMMbb2Iko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u_Th_bQkqRICI7OnXGzMMbb2Iko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:16:73:97:07:00:e5:1f:84:72:0e:a7:ea:b5:15:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbf4e1fdb424a9120223b3a75c6ccc31b6f6224a
        Validity
            Not Before: Feb 19 11:18:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1d36a6d727dff1a5c32dd06fc4efcefcc6e973e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:f8:ee:30:a4:cc:74:f3:54:3d:83:e9:1c:2c:
                    cc:15:54:f1:40:39:4e:98:a9:7f:d5:8f:d0:f0:7a:
                    bf:87:29:82:09:da:15:7e:69:04:52:44:16:bf:f5:
                    2e:5f:45:4a:5a:3a:dd:5c:4d:9e:44:9c:cd:66:d2:
                    7b:93:17:7b:fb:21:ac:1b:0b:e3:ed:ec:a5:be:18:
                    ac:99:0c:d7:4b:92:7d:13:1e:f8:f7:d2:52:98:1c:
                    1c:32:69:2c:55:5a:3d:c4:af:b6:e1:90:15:ee:50:
                    04:d4:15:70:35:f7:41:31:1a:fb:e8:73:bb:d3:fb:
                    3c:cf:70:77:4f:33:a0:55:20:f2:99:0f:62:17:13:
                    39:cd:ad:11:0a:b6:b3:e7:99:4d:18:cd:cd:cf:cf:
                    46:07:35:64:50:89:ed:9c:f7:1f:f6:b8:bf:72:d7:
                    c8:9c:89:a8:bf:e7:29:c2:39:aa:9d:ba:f3:fb:a9:
                    6e:a4:81:bd:90:d3:af:80:a1:00:a8:f2:a5:d6:9e:
                    48:c9:c5:a0:63:88:64:be:93:91:07:a5:6f:b9:6f:
                    75:69:f8:c7:80:68:d8:60:a7:32:54:f7:a0:21:96:
                    7d:18:7f:f1:ca:11:3e:6e:65:1c:ce:5d:cc:63:66:
                    c0:ec:de:e3:7a:ed:d4:03:99:3e:b3:1e:bb:9f:85:
                    eb:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:D3:6A:6D:72:7D:FF:1A:5C:32:DD:06:FC:4E:FC:EF:CC:6E:97:3E
            X509v3 Authority Key Identifier:
                keyid:BB:F4:E1:FD:B4:24:A9:12:02:23:B3:A7:5C:6C:CC:31:B6:F6:22:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u_Th_bQkqRICI7OnXGzMMbb2Iko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/11cd10-3ef7-4105-8248-ba51323db4e5/1/sdNqbXJ9_xpcMt0G_E7878xulz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/11cd10-3ef7-4105-8248-ba51323db4e5/1/u_Th_bQkqRICI7OnXGzMMbb2Iko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:91:55:b2:bb:f4:bc:65:79:c6:b4:de:0c:9f:c6:68:b8:35:
         2e:de:1c:12:2d:b9:a2:8d:fe:2b:98:19:2f:62:34:6e:56:c1:
         b6:73:5a:ca:c6:a4:7c:92:26:a9:23:bb:88:45:ab:77:f4:ff:
         81:cd:de:0f:3c:ed:a4:cc:b0:b1:98:0c:2d:c4:c8:ac:b3:44:
         64:df:93:61:c5:6d:83:d5:e8:76:0a:ef:5b:be:eb:b7:0d:49:
         c9:31:a4:7a:c4:21:2a:08:9a:c8:bb:f4:a3:c0:a6:cf:bd:7b:
         24:79:78:27:46:91:3b:0a:a9:36:11:1d:42:a1:28:44:1a:6c:
         2f:88:2f:44:51:aa:36:2a:a2:e2:a4:fb:5b:6e:81:62:f1:3d:
         69:8d:82:62:2e:7b:17:78:c6:da:73:b3:3e:68:2a:d4:67:38:
         12:fa:ee:7a:37:25:91:95:42:0b:36:3e:a2:2e:b0:82:36:1d:
         93:90:bc:9f:5c:a1:5e:d8:29:e2:b2:a8:05:32:9e:20:6c:0f:
         d2:12:45:f1:57:1f:26:ea:90:91:de:f9:6b:0b:dc:5b:e0:9f:
         15:20:00:55:78:54:42:2d:11:8f:71:aa:79:08:24:ac:8d:c5:
         05:5a:91:80:97:2a:67:a1:c1:2e:d6:4b:c8:2e:fb:ee:22:6d:
         71:f7:dc:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3BFnOXBwDlH4RyDqfqtRUnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZjRlMWZkYjQyNGE5MTIwMjIzYjNhNzVjNmNjYzMxYjZm
NjIyNGEwHhcNMjQwMjE5MTExODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWQzNmE2ZDcyN2RmZjFhNWMzMmRkMDZmYzRlZmNlZmNjNmU5NzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPjuMKTMdPNUPYPpHCzMFVTxQDlO
mKl/1Y/Q8Hq/hymCCdoVfmkEUkQWv/UuX0VKWjrdXE2eRJzNZtJ7kxd7+yGsGwvj
7eylvhismQzXS5J9Ex7499JSmBwcMmksVVo9xK+24ZAV7lAE1BVwNfdBMRr76HO7
0/s8z3B3TzOgVSDymQ9iFxM5za0RCraz55lNGM3Nz89GBzVkUIntnPcf9ri/ctfI
nImov+cpwjmqnbrz+6lupIG9kNOvgKEAqPKl1p5IycWgY4hkvpORB6VvuW91afjH
gGjYYKcyVPegIZZ9GH/xyhE+bmUczl3MY2bA7N7jeu3UA5k+sx67n4Xr2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHTam1yff8aXDLdBvxO/O/Mbpc+MB8GA1UdIwQY
MBaAFLv04f20JKkSAiOzp1xszDG29iJKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdV9UaF9iUWtxUklDSTdPblhHek1NYmIySWtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8xMWNkMTAtM2VmNy00MTA1LTgyNDgt
YmE1MTMyM2RiNGU1LzEvc2ROcWJYSjlfeHBjTXQwR19FNzg3OHh1bHo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8xMWNkMTAtM2VmNy00MTA1LTgyNDgtYmE1MTMyM2RiNGU1
LzEvdV9UaF9iUWtxUklDSTdPblhHek1NYmIySWtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW99nMA0G
CSqGSIb3DQEBCwUAA4IBAQARkVWyu/S8ZXnGtN4Mn8ZouDUu3hwSLbmijf4rmBkv
YjRuVsG2c1rKxqR8kiapI7uIRat39P+Bzd4PPO2kzLCxmAwtxMiss0Rk35NhxW2D
1eh2Cu9bvuu3DUnJMaR6xCEqCJrIu/SjwKbPvXskeXgnRpE7Cqk2ER1CoShEGmwv
iC9EUao2KqLipPtbboFi8T1pjYJiLnsXeMbac7M+aCrUZzgS+u56NyWRlUILNj6i
LrCCNh2TkLyfXKFe2CnisqgFMp4gbA/SEkXxVx8m6pCR3vlrC9xb4J8VIABVeFRC
LRGPcap5CCSsjcUFWpGAlypnocEu1kvILvvuIm1x99z8
-----END CERTIFICATE-----