Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/bGQDj8QPA9r_pLMxydrQRyKgQqQ.roa
File:                     bGQDj8QPA9r_pLMxydrQRyKgQqQ.roa (raw, json)
Hash identifier:          rHtqUwmxie5jgzFI2CTIIOS8XCDYGfxb0sXMZ1656HU=
Subject key identifier:   6C:64:03:8F:C4:0F:03:DA:FF:A4:B3:31:C9:DA:D0:47:22:A0:42:A4
Certificate issuer:       /CN=0a81fe9059f6820bc18ad5802f2f1fca77d254b7
Certificate serial:       018CC94D4C3E3BA6DB9AC0341822F7EB1AE9
Authority key identifier: 0A:81:FE:90:59:F6:82:0B:C1:8A:D5:80:2F:2F:1F:CA:77:D2:54:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/bGQDj8QPA9r_pLMxydrQRyKgQqQ.roa
Signing time:             Tue 02 Jan 2024 08:32:15 +0000
ROA not before:           Tue 02 Jan 2024 08:32:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30731
IP address blocks:        91.236.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:4c:3e:3b:a6:db:9a:c0:34:18:22:f7:eb:1a:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a81fe9059f6820bc18ad5802f2f1fca77d254b7
        Validity
            Not Before: Jan  2 08:32:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c64038fc40f03daffa4b331c9dad04722a042a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:94:1f:be:82:8c:41:95:f3:86:34:e1:71:f0:
                    a7:1b:3d:11:b1:0c:0a:a1:e4:f1:f7:2f:bb:88:dd:
                    75:dc:fd:34:74:4c:0c:d0:b4:51:2f:1d:07:66:09:
                    66:4f:43:50:0c:ef:bb:dd:8a:b1:56:8d:b7:09:6f:
                    d9:82:cc:5d:d4:ee:9b:0b:a1:2b:dd:1b:62:99:c7:
                    a8:68:84:72:bd:23:f2:ef:f3:3c:ba:1c:52:93:f5:
                    77:d6:f6:33:f9:e9:6a:5d:0f:4c:72:97:f9:80:27:
                    89:00:c6:46:76:68:01:b3:5f:7c:f0:b5:f9:96:ff:
                    1c:12:7f:15:58:42:92:6e:6b:90:a9:a4:03:11:f7:
                    06:b0:b0:3c:d5:05:c9:f0:dc:8e:17:66:bf:38:85:
                    d1:37:e4:cd:e3:a5:7d:34:04:66:13:d5:4f:8e:b5:
                    cb:17:20:2b:50:7b:c0:13:f5:fa:ad:c9:7e:13:fb:
                    bc:05:0f:1c:19:39:b8:c3:e6:d5:1f:11:f8:b5:15:
                    cc:9e:8c:b3:fc:ad:1d:f6:86:1d:8e:aa:39:e7:50:
                    09:a4:62:d9:ce:3e:db:e4:45:f4:a1:fc:0e:e6:40:
                    94:68:fc:68:37:22:a5:ae:46:5b:c3:12:47:5b:1c:
                    bf:24:78:7e:8d:50:3d:d1:d0:84:25:65:af:35:ad:
                    72:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:64:03:8F:C4:0F:03:DA:FF:A4:B3:31:C9:DA:D0:47:22:A0:42:A4
            X509v3 Authority Key Identifier:
                keyid:0A:81:FE:90:59:F6:82:0B:C1:8A:D5:80:2F:2F:1F:CA:77:D2:54:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/bGQDj8QPA9r_pLMxydrQRyKgQqQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:7c:92:1e:73:1e:f6:e1:a9:fe:1c:1b:3d:02:2e:72:63:57:
         0d:cc:d2:af:ba:11:7b:af:f6:96:d3:a3:d8:08:3c:db:08:d3:
         f8:a4:d1:e1:ee:f4:80:c5:cf:00:e9:26:a4:f4:d3:4d:5c:84:
         51:12:f6:36:71:96:6b:91:d7:b8:92:8d:e7:b0:7b:37:07:cb:
         93:98:65:4c:e7:3f:ca:40:83:62:a2:95:66:ac:c1:9b:28:2e:
         94:53:7f:18:91:c0:ea:99:0d:0d:c0:24:7b:56:95:c4:b1:0e:
         94:b2:f2:08:95:15:f8:50:af:97:81:7d:41:a8:78:b6:22:7e:
         ed:36:8b:7a:1f:22:8f:84:61:56:99:2e:ed:74:5c:fe:70:63:
         2e:de:57:18:b9:cd:f1:85:8c:97:8c:6c:8b:34:cf:c8:0a:5f:
         a6:a5:e6:72:74:e1:da:1c:f5:cd:91:ca:a8:fe:d1:c2:b2:ff:
         55:76:99:7e:2b:d5:2b:c6:ae:2b:98:30:cf:fe:89:70:bb:59:
         9b:b4:d5:23:cb:1e:83:00:22:a4:7d:51:9f:f9:79:44:81:af:
         30:42:c0:06:7f:e8:c6:0b:ab:d4:7a:18:e9:83:c8:fe:6d:8b:
         26:6b:5e:40:6f:9b:56:55:96:26:30:ec:f2:17:58:56:e3:70:
         98:46:76:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTUw+O6bbmsA0GCL36xrpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhODFmZTkwNTlmNjgyMGJjMThhZDU4MDJmMmYxZmNhNzdk
MjU0YjcwHhcNMjQwMTAyMDgzMjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzY0MDM4ZmM0MGYwM2RhZmZhNGIzMzFjOWRhZDA0NzIyYTA0MmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj5QfvoKMQZXzhjThcfCnGz0RsQwK
oeTx9y+7iN113P00dEwM0LRRLx0HZglmT0NQDO+73YqxVo23CW/Zgsxd1O6bC6Er
3RtimceoaIRyvSPy7/M8uhxSk/V31vYz+elqXQ9Mcpf5gCeJAMZGdmgBs1988LX5
lv8cEn8VWEKSbmuQqaQDEfcGsLA81QXJ8NyOF2a/OIXRN+TN46V9NARmE9VPjrXL
FyArUHvAE/X6rcl+E/u8BQ8cGTm4w+bVHxH4tRXMnoyz/K0d9oYdjqo551AJpGLZ
zj7b5EX0ofwO5kCUaPxoNyKlrkZbwxJHWxy/JHh+jVA90dCEJWWvNa1y7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGxkA4/EDwPa/6SzMcna0EcioEKkMB8GA1UdIwQY
MBaAFAqB/pBZ9oILwYrVgC8vH8p30lS3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ29ILWtGbjJnZ3ZCaXRXQUx5OGZ5bmZTVkxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC80OTg0ZGYtNmRiMi00ZTBhLTkxZjgt
YmYwNWFjYzgyYmQxLzEvYkdRRGo4UVBBOXJfcExNeHlkclFSeUtnUXFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC80OTg0ZGYtNmRiMi00ZTBhLTkxZjgtYmYwNWFjYzgyYmQx
LzEvQ29ILWtGbjJnZ3ZCaXRXQUx5OGZ5bmZTVkxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+yCMA0G
CSqGSIb3DQEBCwUAA4IBAQBifJIecx724an+HBs9Ai5yY1cNzNKvuhF7r/aW06PY
CDzbCNP4pNHh7vSAxc8A6Sak9NNNXIRREvY2cZZrkde4ko3nsHs3B8uTmGVM5z/K
QINiopVmrMGbKC6UU38YkcDqmQ0NwCR7VpXEsQ6UsvIIlRX4UK+XgX1BqHi2In7t
Not6HyKPhGFWmS7tdFz+cGMu3lcYuc3xhYyXjGyLNM/ICl+mpeZydOHaHPXNkcqo
/tHCsv9Vdpl+K9Urxq4rmDDP/olwu1mbtNUjyx6DACKkfVGf+XlEga8wQsAGf+jG
C6vUehjpg8j+bYsma15Ab5tWVZYmMOzyF1hW43CYRnbw
-----END CERTIFICATE-----