Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/332846-9d42-421d-b3ed-980a4b544056/1/rBZEm5fhnIbcf26_crs2cH1UucY.roa
File:                     rBZEm5fhnIbcf26_crs2cH1UucY.roa (raw, json)
Hash identifier:          JB/wCEDqF7maN3RDyq0rLXmoRtDJwQPNYXQ4HtLTi9M=
Subject key identifier:   AC:16:44:9B:97:E1:9C:86:DC:7F:6E:BF:72:BB:36:70:7D:54:B9:C6
Certificate issuer:       /CN=285dee401808e1b5ec04b5c1abe5d9de5a3858ac
Certificate serial:       018CC801795A32CFC23ADB1BB870EBE6C3FD
Authority key identifier: 28:5D:EE:40:18:08:E1:B5:EC:04:B5:C1:AB:E5:D9:DE:5A:38:58:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KF3uQBgI4bXsBLXBq-XZ3lo4WKw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/332846-9d42-421d-b3ed-980a4b544056/1/rBZEm5fhnIbcf26_crs2cH1UucY.roa
Signing time:             Tue 02 Jan 2024 02:29:48 +0000
ROA not before:           Tue 02 Jan 2024 02:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48918
IP address blocks:        91.237.117.0/24 maxlen: 24
                          2001:67c:28e0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/332846-9d42-421d-b3ed-980a4b544056/1/KF3uQBgI4bXsBLXBq-XZ3lo4WKw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/332846-9d42-421d-b3ed-980a4b544056/1/KF3uQBgI4bXsBLXBq-XZ3lo4WKw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KF3uQBgI4bXsBLXBq-XZ3lo4WKw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:79:5a:32:cf:c2:3a:db:1b:b8:70:eb:e6:c3:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=285dee401808e1b5ec04b5c1abe5d9de5a3858ac
        Validity
            Not Before: Jan  2 02:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac16449b97e19c86dc7f6ebf72bb36707d54b9c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:56:70:7d:44:c1:69:8e:35:9a:c1:df:0a:f6:
                    04:6c:19:84:89:96:57:00:a6:88:52:98:aa:93:4d:
                    00:c0:93:6d:ca:ef:bd:05:78:48:dd:ca:9e:06:39:
                    35:cf:18:12:22:a3:66:45:e7:eb:f6:49:15:52:b6:
                    21:5d:f9:c1:31:60:e7:8a:9e:d2:50:dc:c9:06:1c:
                    54:f1:be:88:9f:04:25:88:20:de:0b:9a:a9:3f:0f:
                    f2:9d:fc:1e:1c:a2:c9:b3:9d:8a:51:ad:80:e6:7d:
                    42:c7:a8:b8:40:db:eb:a1:fc:61:73:f5:36:bd:17:
                    33:bd:1f:78:a4:df:0c:54:90:2a:cc:58:98:87:4d:
                    86:e3:4d:3b:c7:0d:ee:91:6a:1c:6d:a1:1c:c8:9d:
                    fb:22:61:24:f7:a6:6d:84:1f:c0:54:80:c9:8d:61:
                    d8:a1:5a:8c:de:d1:77:a2:cf:84:14:f3:ad:64:54:
                    0f:33:17:13:ef:6b:5b:37:7f:05:a2:c8:e8:5a:50:
                    ee:75:5d:d3:76:7e:1b:19:a0:db:33:99:0f:bf:43:
                    47:4e:31:67:12:d4:09:e1:36:0f:19:b5:83:4e:2b:
                    75:85:a8:a5:f7:d9:53:b4:4f:d6:34:5a:56:41:4e:
                    13:08:73:bb:3b:21:b1:fc:b3:25:58:0c:c6:4d:14:
                    98:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:16:44:9B:97:E1:9C:86:DC:7F:6E:BF:72:BB:36:70:7D:54:B9:C6
            X509v3 Authority Key Identifier:
                keyid:28:5D:EE:40:18:08:E1:B5:EC:04:B5:C1:AB:E5:D9:DE:5A:38:58:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KF3uQBgI4bXsBLXBq-XZ3lo4WKw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/332846-9d42-421d-b3ed-980a4b544056/1/rBZEm5fhnIbcf26_crs2cH1UucY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/332846-9d42-421d-b3ed-980a4b544056/1/KF3uQBgI4bXsBLXBq-XZ3lo4WKw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.117.0/24
                IPv6:
                  2001:67c:28e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:7d:0f:f9:15:be:4d:07:ea:00:a3:29:5e:89:8b:1e:ca:af:
         a3:74:84:09:0a:58:e9:2d:e3:f2:26:c5:c0:8c:df:e3:a3:8a:
         91:0c:1a:d8:09:29:15:d6:87:49:a7:d5:f9:fb:13:53:65:e8:
         7a:79:2c:33:a5:b1:48:ba:90:65:48:10:1d:78:f6:e7:e0:f0:
         16:8b:a7:96:92:b1:bb:ce:f3:df:ba:7f:a6:cd:8f:09:ed:ea:
         4d:5a:c6:f5:b4:50:a0:2c:53:c0:3e:52:d5:27:90:e5:1c:71:
         47:fc:ef:75:3f:64:27:bf:ad:47:ea:93:35:7b:ce:84:a6:63:
         e8:5e:18:10:13:af:c2:14:1b:27:3e:ca:cc:4b:83:75:d9:72:
         01:b0:2b:f3:f0:65:94:c9:32:ca:00:1d:2f:f7:dd:63:9a:80:
         e4:e9:1f:8b:4f:dc:36:95:52:0f:c3:d4:55:07:92:1a:34:56:
         ee:11:95:b9:e3:ea:34:b4:24:58:78:8c:ec:83:77:9b:d1:88:
         c8:5d:f8:47:19:ee:77:1c:8c:fc:83:2b:e3:2c:17:c5:a9:f9:
         29:40:2c:f2:a7:8d:9c:82:83:46:19:6a:75:f1:f2:c4:8e:bc:
         f8:fe:39:67:f7:7e:d0:5c:66:8f:98:6d:a9:d1:81:a1:45:32:
         b0:ee:ae:fa
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAXlaMs/COtsbuHDr5sP9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NWRlZTQwMTgwOGUxYjVlYzA0YjVjMWFiZTVkOWRlNWEz
ODU4YWMwHhcNMjQwMTAyMDIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzE2NDQ5Yjk3ZTE5Yzg2ZGM3ZjZlYmY3MmJiMzY3MDdkNTRiOWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1ZwfUTBaY41msHfCvYEbBmEiZZX
AKaIUpiqk00AwJNtyu+9BXhI3cqeBjk1zxgSIqNmRefr9kkVUrYhXfnBMWDnip7S
UNzJBhxU8b6InwQliCDeC5qpPw/ynfweHKLJs52KUa2A5n1Cx6i4QNvrofxhc/U2
vRczvR94pN8MVJAqzFiYh02G4007xw3ukWocbaEcyJ37ImEk96ZthB/AVIDJjWHY
oVqM3tF3os+EFPOtZFQPMxcT72tbN38FosjoWlDudV3Tdn4bGaDbM5kPv0NHTjFn
EtQJ4TYPGbWDTit1hail99lTtE/WNFpWQU4TCHO7OyGx/LMlWAzGTRSYhwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKwWRJuX4ZyG3H9uv3K7NnB9VLnGMB8GA1UdIwQY
MBaAFChd7kAYCOG17AS1wavl2d5aOFisMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0YzdVFCZ0k0YlhzQkxYQnEtWFozbG80V0t3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8zMzI4NDYtOWQ0Mi00MjFkLWIzZWQt
OTgwYTRiNTQ0MDU2LzEvckJaRW01ZmhuSWJjZjI2X2NyczJjSDFVdWNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8zMzI4NDYtOWQ0Mi00MjFkLWIzZWQtOTgwYTRiNTQ0MDU2
LzEvS0YzdVFCZ0k0YlhzQkxYQnEtWFozbG80V0t3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW+11MA8E
AgACMAkDBwAgAQZ8KOAwDQYJKoZIhvcNAQELBQADggEBAAB9D/kVvk0H6gCjKV6J
ix7Kr6N0hAkKWOkt4/ImxcCM3+OjipEMGtgJKRXWh0mn1fn7E1Nl6Hp5LDOlsUi6
kGVIEB149ufg8BaLp5aSsbvO89+6f6bNjwnt6k1axvW0UKAsU8A+UtUnkOUccUf8
73U/ZCe/rUfqkzV7zoSmY+heGBATr8IUGyc+ysxLg3XZcgGwK/PwZZTJMsoAHS/3
3WOagOTpH4tP3DaVUg/D1FUHkho0Vu4Rlbnj6jS0JFh4jOyDd5vRiMhd+EcZ7ncc
jPyDK+MsF8Wp+SlALPKnjZyCg0YZanXx8sSOvPj+OWf3ftBcZo+YbanRgaFFMrDu
rvo=
-----END CERTIFICATE-----