Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/c3c758-a253-4989-ae2d-9c65d188e54e/1/tGgqovi_ZaOguUZ4AosMuJ9Esm4.roa
File:                     tGgqovi_ZaOguUZ4AosMuJ9Esm4.roa (raw, json)
Hash identifier:          sz/hDR5BHLAk5gGs9Xl+b9cbhv1hIlIssNejBPwqveY=
Subject key identifier:   B4:68:2A:A2:F8:BF:65:A3:A0:B9:46:78:02:8B:0C:B8:9F:44:B2:6E
Certificate issuer:       /CN=3fa2d6850bbc4720557a9174dcbc9760aecc0b1a
Certificate serial:       018CC5DD08A862E4DD8FF1CDCE6FEFE586D8
Authority key identifier: 3F:A2:D6:85:0B:BC:47:20:55:7A:91:74:DC:BC:97:60:AE:CC:0B:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P6LWhQu8RyBVepF03LyXYK7MCxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/c3c758-a253-4989-ae2d-9c65d188e54e/1/tGgqovi_ZaOguUZ4AosMuJ9Esm4.roa
Signing time:             Mon 01 Jan 2024 16:30:46 +0000
ROA not before:           Mon 01 Jan 2024 16:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49275
IP address blocks:        91.199.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/c3c758-a253-4989-ae2d-9c65d188e54e/1/P6LWhQu8RyBVepF03LyXYK7MCxo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/c3c758-a253-4989-ae2d-9c65d188e54e/1/P6LWhQu8RyBVepF03LyXYK7MCxo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P6LWhQu8RyBVepF03LyXYK7MCxo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:08:a8:62:e4:dd:8f:f1:cd:ce:6f:ef:e5:86:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fa2d6850bbc4720557a9174dcbc9760aecc0b1a
        Validity
            Not Before: Jan  1 16:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4682aa2f8bf65a3a0b94678028b0cb89f44b26e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e6:6b:d9:54:5d:9b:9d:a7:ea:7c:ee:9d:f3:
                    9f:19:40:c8:65:11:a4:d6:61:0d:f5:58:39:21:5b:
                    53:2a:1f:71:f7:6b:54:ee:ab:12:34:28:36:8b:04:
                    a9:86:38:12:03:d1:2e:c9:e3:0b:c7:5a:53:dc:b5:
                    6e:d3:60:6b:49:91:a1:89:c4:8b:b3:63:7e:d7:4e:
                    9e:d0:ae:f6:a5:99:f9:40:97:09:83:b0:98:dc:99:
                    20:d8:e4:91:ea:ac:54:44:6b:40:08:af:6f:b7:31:
                    9b:e1:dd:c0:a0:8f:45:c7:57:fa:7b:3a:a1:4f:87:
                    42:ca:3a:b0:b7:bf:17:ad:8d:2d:d9:12:99:a2:88:
                    06:bc:79:a5:86:da:0b:e1:e6:c6:66:24:c9:95:3b:
                    a0:91:46:b0:a7:60:a0:61:09:0f:7b:90:d8:27:b4:
                    d8:1e:1a:f0:f3:62:b9:ad:08:72:a7:3f:17:35:e3:
                    11:47:17:5a:56:67:e8:ee:31:6f:40:c1:56:3c:ab:
                    ca:e0:e0:0c:01:e0:14:e1:4b:f3:3c:8b:2f:50:93:
                    04:95:b6:fd:f5:fd:20:27:22:b1:35:73:2d:2a:a1:
                    e1:dc:15:e9:d1:a4:58:1f:11:e7:13:b3:97:73:6f:
                    d4:1e:e9:42:be:1a:bf:72:15:37:fc:7e:6f:da:a8:
                    2e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:68:2A:A2:F8:BF:65:A3:A0:B9:46:78:02:8B:0C:B8:9F:44:B2:6E
            X509v3 Authority Key Identifier:
                keyid:3F:A2:D6:85:0B:BC:47:20:55:7A:91:74:DC:BC:97:60:AE:CC:0B:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P6LWhQu8RyBVepF03LyXYK7MCxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/c3c758-a253-4989-ae2d-9c65d188e54e/1/tGgqovi_ZaOguUZ4AosMuJ9Esm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/c3c758-a253-4989-ae2d-9c65d188e54e/1/P6LWhQu8RyBVepF03LyXYK7MCxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:42:be:13:fa:58:bd:3d:32:11:69:87:2f:40:fd:fe:ca:78:
         57:a3:8e:e6:60:e5:3b:3d:a6:96:e2:54:f6:8e:b9:ca:d5:0f:
         f4:4c:76:ba:ab:ae:21:76:67:28:a6:f3:e9:ac:e7:6a:4f:3f:
         63:81:ce:90:a2:c9:05:9d:cd:bf:79:1e:fb:d0:a8:6f:95:ed:
         b8:69:a6:ce:09:bd:7c:ca:13:ce:e8:81:f9:d0:f3:cb:b4:9f:
         95:42:a3:cb:ec:a1:08:d9:ad:56:1a:e4:d5:05:2b:23:e5:53:
         68:5c:45:59:6e:42:04:49:dc:0a:4a:0a:0e:44:14:d9:59:62:
         aa:ab:32:72:bf:79:6b:63:83:f1:7e:98:9c:8c:57:fc:25:29:
         29:b1:bb:e0:93:ad:62:93:ef:5c:61:26:ec:34:e6:eb:da:d2:
         9e:51:7d:6d:f6:0b:73:b8:85:d4:c6:15:f3:56:fd:3f:7b:3f:
         71:a5:53:7d:23:f7:9e:5b:8a:25:5f:b7:ed:e4:c4:42:5b:8d:
         77:5b:be:23:70:ba:d2:fa:40:cf:52:d2:14:e0:24:fb:b0:eb:
         65:99:a9:9b:a7:1b:97:b4:85:bd:99:59:83:95:3a:41:c0:e3:
         4c:95:7a:62:5a:ef:d4:55:c3:3c:ed:9c:5d:bf:85:5e:20:f5:
         3d:3a:27:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3QioYuTdj/HNzm/v5YbYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmYTJkNjg1MGJiYzQ3MjA1NTdhOTE3NGRjYmM5NzYwYWVj
YzBiMWEwHhcNMjQwMTAxMTYzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDY4MmFhMmY4YmY2NWEzYTBiOTQ2NzgwMjhiMGNiODlmNDRiMjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuZr2VRdm52n6nzunfOfGUDIZRGk
1mEN9Vg5IVtTKh9x92tU7qsSNCg2iwSphjgSA9EuyeMLx1pT3LVu02BrSZGhicSL
s2N+106e0K72pZn5QJcJg7CY3Jkg2OSR6qxURGtACK9vtzGb4d3AoI9Fx1f6ezqh
T4dCyjqwt78XrY0t2RKZoogGvHmlhtoL4ebGZiTJlTugkUawp2CgYQkPe5DYJ7TY
Hhrw82K5rQhypz8XNeMRRxdaVmfo7jFvQMFWPKvK4OAMAeAU4UvzPIsvUJMElbb9
9f0gJyKxNXMtKqHh3BXp0aRYHxHnE7OXc2/UHulCvhq/chU3/H5v2qguVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLRoKqL4v2WjoLlGeAKLDLifRLJuMB8GA1UdIwQY
MBaAFD+i1oULvEcgVXqRdNy8l2CuzAsaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDZMV2hRdThSeUJWZXBGMDNMeVhZSzdNQ3hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9jM2M3NTgtYTI1My00OTg5LWFlMmQt
OWM2NWQxODhlNTRlLzEvdEdncW92aV9aYU9ndVVaNEFvc011SjlFc200LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9jM2M3NTgtYTI1My00OTg5LWFlMmQtOWM2NWQxODhlNTRl
LzEvUDZMV2hRdThSeUJWZXBGMDNMeVhZSzdNQ3hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8fvMA0G
CSqGSIb3DQEBCwUAA4IBAQBqQr4T+li9PTIRaYcvQP3+ynhXo47mYOU7PaaW4lT2
jrnK1Q/0THa6q64hdmcopvPprOdqTz9jgc6QoskFnc2/eR770Khvle24aabOCb18
yhPO6IH50PPLtJ+VQqPL7KEI2a1WGuTVBSsj5VNoXEVZbkIESdwKSgoORBTZWWKq
qzJyv3lrY4PxfpicjFf8JSkpsbvgk61ik+9cYSbsNObr2tKeUX1t9gtzuIXUxhXz
Vv0/ez9xpVN9I/eeW4olX7ft5MRCW413W74jcLrS+kDPUtIU4CT7sOtlmambpxuX
tIW9mVmDlTpBwONMlXpiWu/UVcM87Zxdv4VeIPU9Oicg
-----END CERTIFICATE-----