Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/77c074-da25-45e8-9d26-54c16b9cc118/1/Y4hQBvDOA-iSkZOvfqIEr6tmuSY.roa
File:                     Y4hQBvDOA-iSkZOvfqIEr6tmuSY.roa (raw, json)
Hash identifier:          ipKrO0HPfwLdfQaighvL4TjTRRUNpllW0bFuf1+LKWQ=
Subject key identifier:   63:88:50:06:F0:CE:03:E8:92:91:93:AF:7E:A2:04:AF:AB:66:B9:26
Certificate issuer:       /CN=66719ec516f11540da4c4e7e4b7f5b377d9fd25b
Certificate serial:       018CC725BBB13F99EB06ECE28E6B127B34FE
Authority key identifier: 66:71:9E:C5:16:F1:15:40:DA:4C:4E:7E:4B:7F:5B:37:7D:9F:D2:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZnGexRbxFUDaTE5-S39bN32f0ls.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/77c074-da25-45e8-9d26-54c16b9cc118/1/Y4hQBvDOA-iSkZOvfqIEr6tmuSY.roa
Signing time:             Mon 01 Jan 2024 22:29:47 +0000
ROA not before:           Mon 01 Jan 2024 22:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8685
IP address blocks:        91.195.138.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/77c074-da25-45e8-9d26-54c16b9cc118/1/ZnGexRbxFUDaTE5-S39bN32f0ls.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/77c074-da25-45e8-9d26-54c16b9cc118/1/ZnGexRbxFUDaTE5-S39bN32f0ls.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZnGexRbxFUDaTE5-S39bN32f0ls.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:bb:b1:3f:99:eb:06:ec:e2:8e:6b:12:7b:34:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66719ec516f11540da4c4e7e4b7f5b377d9fd25b
        Validity
            Not Before: Jan  1 22:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63885006f0ce03e8929193af7ea204afab66b926
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:48:dd:b8:11:45:3a:ae:e5:d2:3d:c6:a4:6d:
                    cd:6b:52:71:96:f4:25:5e:94:33:39:ac:1a:69:4f:
                    05:aa:47:89:19:5a:99:ef:57:9d:a6:0e:e3:b2:9a:
                    73:39:0e:c5:ec:bf:94:8a:f1:c0:c0:46:3e:ef:4c:
                    96:fd:88:ba:d9:10:d9:c1:ee:c3:30:b2:6a:80:8d:
                    da:b7:39:da:e5:97:81:eb:06:2b:13:ab:15:25:37:
                    00:b6:7d:d0:cb:59:22:36:5f:87:33:49:43:2c:38:
                    f1:15:0d:b3:6f:c9:1f:1e:8e:bd:3c:46:4a:13:5b:
                    77:c6:db:fe:0b:91:5e:12:c4:46:4d:19:1b:a8:78:
                    9b:e9:68:44:67:82:f5:f0:9e:01:2c:f0:62:ac:6f:
                    fd:4c:0a:db:08:f4:0c:79:f6:f6:05:68:dd:41:3a:
                    ac:ec:dc:6a:5d:0c:c2:a7:dc:2f:2c:7c:0e:5a:49:
                    f2:47:e2:80:98:5e:45:32:fd:ea:68:6b:83:2c:55:
                    ad:b1:2a:b5:74:a7:85:e3:1f:b0:c3:a4:67:a7:29:
                    7b:26:8d:28:f9:a5:dc:92:e7:71:28:78:a5:27:48:
                    fc:20:e3:d5:d9:00:10:2d:5e:87:19:ce:11:60:3c:
                    c7:6a:3e:82:1d:85:56:13:6c:60:43:45:e0:31:cb:
                    c4:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:88:50:06:F0:CE:03:E8:92:91:93:AF:7E:A2:04:AF:AB:66:B9:26
            X509v3 Authority Key Identifier:
                keyid:66:71:9E:C5:16:F1:15:40:DA:4C:4E:7E:4B:7F:5B:37:7D:9F:D2:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZnGexRbxFUDaTE5-S39bN32f0ls.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/77c074-da25-45e8-9d26-54c16b9cc118/1/Y4hQBvDOA-iSkZOvfqIEr6tmuSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/77c074-da25-45e8-9d26-54c16b9cc118/1/ZnGexRbxFUDaTE5-S39bN32f0ls.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:57:58:5f:76:ea:21:a5:a2:bb:9b:fd:47:58:d6:ce:4b:a2:
         ee:db:f3:05:ae:9f:12:44:47:bb:95:e2:90:c0:f2:ec:83:43:
         88:66:26:9a:7f:56:69:8d:03:11:99:fc:f3:a2:e7:26:a8:85:
         cf:e8:67:cb:c3:f8:33:23:c1:02:c5:e2:5a:3e:6f:59:95:3d:
         67:c9:b1:7a:1f:19:c4:60:0a:ae:d0:93:15:32:ba:c9:b2:ff:
         74:52:39:fc:88:81:53:69:fc:34:aa:a8:69:48:53:5f:ec:56:
         99:60:c5:48:89:91:c0:7c:d5:5f:63:80:68:ed:c1:7b:cc:08:
         2f:d8:c5:c1:62:7d:bd:67:2e:72:7f:b9:2d:28:c4:e2:ec:39:
         b1:ff:dc:aa:4a:ca:30:37:05:cb:f7:26:80:be:f6:71:8a:8e:
         65:8d:6d:34:d4:ea:ab:1a:4c:f9:0e:2f:83:2d:21:39:01:7b:
         3a:4f:be:7d:b9:02:dd:2c:b5:b4:7f:d0:6c:05:6b:92:16:06:
         a3:c7:ad:45:6c:8f:da:0a:b5:51:b2:28:09:ee:8d:53:46:03:
         ee:30:1b:16:b7:68:2a:03:e9:59:3c:cf:4d:3f:31:89:a7:63:
         3f:59:0e:bc:eb:6a:1b:07:36:92:26:ee:c2:51:62:41:97:1c:
         ee:a6:b4:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJbuxP5nrBuzijmsSezT+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NzE5ZWM1MTZmMTE1NDBkYTRjNGU3ZTRiN2Y1YjM3N2Q5
ZmQyNWIwHhcNMjQwMTAxMjIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mzg4NTAwNmYwY2UwM2U4OTI5MTkzYWY3ZWEyMDRhZmFiNjZiOTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0jduBFFOq7l0j3GpG3Na1JxlvQl
XpQzOawaaU8FqkeJGVqZ71edpg7jsppzOQ7F7L+UivHAwEY+70yW/Yi62RDZwe7D
MLJqgI3atzna5ZeB6wYrE6sVJTcAtn3Qy1kiNl+HM0lDLDjxFQ2zb8kfHo69PEZK
E1t3xtv+C5FeEsRGTRkbqHib6WhEZ4L18J4BLPBirG/9TArbCPQMefb2BWjdQTqs
7NxqXQzCp9wvLHwOWknyR+KAmF5FMv3qaGuDLFWtsSq1dKeF4x+ww6Rnpyl7Jo0o
+aXckudxKHilJ0j8IOPV2QAQLV6HGc4RYDzHaj6CHYVWE2xgQ0XgMcvEbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGOIUAbwzgPokpGTr36iBK+rZrkmMB8GA1UdIwQY
MBaAFGZxnsUW8RVA2kxOfkt/Wzd9n9JbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm5HZXhSYnhGVURhVEU1LVMzOWJOMzJmMGxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC83N2MwNzQtZGEyNS00NWU4LTlkMjYt
NTRjMTZiOWNjMTE4LzEvWTRoUUJ2RE9BLWlTa1pPdmZxSUVyNnRtdVNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC83N2MwNzQtZGEyNS00NWU4LTlkMjYtNTRjMTZiOWNjMTE4
LzEvWm5HZXhSYnhGVURhVEU1LVMzOWJOMzJmMGxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8OKMA0G
CSqGSIb3DQEBCwUAA4IBAQBlV1hfduohpaK7m/1HWNbOS6Lu2/MFrp8SREe7leKQ
wPLsg0OIZiaaf1ZpjQMRmfzzoucmqIXP6GfLw/gzI8ECxeJaPm9ZlT1nybF6HxnE
YAqu0JMVMrrJsv90Ujn8iIFTafw0qqhpSFNf7FaZYMVIiZHAfNVfY4Bo7cF7zAgv
2MXBYn29Zy5yf7ktKMTi7Dmx/9yqSsowNwXL9yaAvvZxio5ljW001OqrGkz5Di+D
LSE5AXs6T759uQLdLLW0f9BsBWuSFgajx61FbI/aCrVRsigJ7o1TRgPuMBsWt2gq
A+lZPM9NPzGJp2M/WQ6862obBzaSJu7CUWJBlxzuprTe
-----END CERTIFICATE-----