Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/a_gv73vBHvW6M1OSN4SSwBehRck.roa
File:                     a_gv73vBHvW6M1OSN4SSwBehRck.roa (raw, json)
Hash identifier:          NSlmlB5Cr/QqLyre0OJhz5KgGrs46zJK8Bm4bMW12f4=
Subject key identifier:   6B:F8:2F:EF:7B:C1:1E:F5:BA:33:53:92:37:84:92:C0:17:A1:45:C9
Certificate issuer:       /CN=dcfae7d4e69d42e4f4c95d99f482b9a944dbefc8
Certificate serial:       018CC2DAE944EBD2ECAD4A39E435025F0DA9
Authority key identifier: DC:FA:E7:D4:E6:9D:42:E4:F4:C9:5D:99:F4:82:B9:A9:44:DB:EF:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Prn1OadQuT0yV2Z9IK5qUTb78g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/a_gv73vBHvW6M1OSN4SSwBehRck.roa
Signing time:             Mon 01 Jan 2024 02:29:35 +0000
ROA not before:           Mon 01 Jan 2024 02:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212329
IP address blocks:        91.236.64.0/22 maxlen: 24
                          185.216.48.0/24 maxlen: 24
                          2a10:a700::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/3Prn1OadQuT0yV2Z9IK5qUTb78g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/3Prn1OadQuT0yV2Z9IK5qUTb78g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3Prn1OadQuT0yV2Z9IK5qUTb78g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 10:02:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e9:44:eb:d2:ec:ad:4a:39:e4:35:02:5f:0d:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcfae7d4e69d42e4f4c95d99f482b9a944dbefc8
        Validity
            Not Before: Jan  1 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6bf82fef7bc11ef5ba335392378492c017a145c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:5e:81:b6:ff:74:a6:d4:15:36:f9:e6:6b:55:
                    ed:06:1f:03:15:c8:fd:7d:9e:9e:f7:77:34:50:29:
                    dd:d0:91:94:50:b0:25:b0:ea:f0:88:02:e4:54:20:
                    be:c9:83:cb:b4:a8:3b:cd:ee:af:97:d2:12:7c:24:
                    03:b7:6b:f7:a3:47:6c:5f:98:5e:42:fd:b2:49:bb:
                    33:f9:9b:02:42:c8:e2:0a:95:00:d5:11:ed:cf:cb:
                    64:38:e0:53:df:03:55:7e:69:e9:ba:49:79:a8:23:
                    d9:97:12:dc:68:ab:2a:e3:d7:90:55:af:49:33:71:
                    42:98:cc:10:6d:34:b9:76:fd:ea:71:3e:fe:c7:46:
                    92:7c:0d:7d:bb:3f:24:34:f7:65:bb:14:4b:92:c4:
                    a8:22:db:a5:27:c0:6e:99:d3:69:0f:bb:f8:df:23:
                    66:9f:15:6e:16:25:4a:68:8b:52:a3:47:57:c4:f6:
                    87:36:c3:ca:5f:0f:4b:c6:02:46:8e:50:1d:1e:9a:
                    9e:1d:63:d6:13:38:5d:54:03:c1:e9:99:ed:87:c5:
                    97:f3:5c:bf:a8:53:77:ca:46:ed:04:1a:f6:da:67:
                    7f:1e:82:79:2b:e7:74:c7:5e:41:e4:e6:7d:da:de:
                    ad:22:c2:f3:6b:6a:c8:cd:74:88:35:66:bc:1d:ae:
                    82:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:F8:2F:EF:7B:C1:1E:F5:BA:33:53:92:37:84:92:C0:17:A1:45:C9
            X509v3 Authority Key Identifier:
                keyid:DC:FA:E7:D4:E6:9D:42:E4:F4:C9:5D:99:F4:82:B9:A9:44:DB:EF:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Prn1OadQuT0yV2Z9IK5qUTb78g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/a_gv73vBHvW6M1OSN4SSwBehRck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/3Prn1OadQuT0yV2Z9IK5qUTb78g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.64.0/22
                  185.216.48.0/24
                IPv6:
                  2a10:a700::/29

    Signature Algorithm: sha256WithRSAEncryption
         79:2a:75:21:90:c8:46:73:bb:93:41:c6:9f:78:35:ee:df:3f:
         a0:4f:1c:ef:ed:a9:4a:02:34:ee:84:dd:90:35:c0:d6:53:36:
         27:eb:8a:ee:04:f9:98:eb:c1:03:f3:fe:ad:0a:32:3a:f5:a2:
         40:84:7f:ca:5c:c7:8c:60:58:90:bb:b9:0d:d6:29:0f:ef:34:
         bc:4b:e3:14:01:5a:f6:29:06:10:1c:65:67:f8:c4:be:13:dd:
         84:3c:00:f0:bd:d9:47:e5:89:cb:d3:09:35:39:44:26:ca:e4:
         f2:74:56:da:45:8e:0b:e9:83:f1:59:bf:9a:53:e0:bf:11:7c:
         ea:96:b5:e9:20:12:a1:47:bc:7a:4e:25:cc:3e:fe:a9:85:ec:
         0b:06:bb:60:c8:3f:45:ed:54:39:b3:6c:81:09:bd:5c:8d:09:
         9b:78:47:84:12:b3:78:44:b6:f9:73:77:1c:f5:ee:5a:3e:da:
         e1:1c:f4:d4:e9:e9:74:78:8d:1f:2a:5c:0c:b4:8d:cf:8d:68:
         18:6e:59:e5:e8:23:11:c9:03:57:ea:3f:5e:9b:34:99:26:da:
         c5:7f:d3:6d:eb:44:38:16:10:30:42:4a:12:7e:7b:00:6f:ae:
         9f:5e:f7:a5:05:99:9e:88:49:95:75:45:b0:8d:65:34:b7:dd:
         41:52:1f:e0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzC2ulE69LsrUo55DUCXw2pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZmFlN2Q0ZTY5ZDQyZTRmNGM5NWQ5OWY0ODJiOWE5NDRk
YmVmYzgwHhcNMjQwMTAxMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmY4MmZlZjdiYzExZWY1YmEzMzUzOTIzNzg0OTJjMDE3YTE0NWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgl6Btv90ptQVNvnma1XtBh8DFcj9
fZ6e93c0UCnd0JGUULAlsOrwiALkVCC+yYPLtKg7ze6vl9ISfCQDt2v3o0dsX5he
Qv2ySbsz+ZsCQsjiCpUA1RHtz8tkOOBT3wNVfmnpukl5qCPZlxLcaKsq49eQVa9J
M3FCmMwQbTS5dv3qcT7+x0aSfA19uz8kNPdluxRLksSoItulJ8BumdNpD7v43yNm
nxVuFiVKaItSo0dXxPaHNsPKXw9LxgJGjlAdHpqeHWPWEzhdVAPB6Znth8WX81y/
qFN3ykbtBBr22md/HoJ5K+d0x15B5OZ92t6tIsLza2rIzXSINWa8Ha6C2wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGv4L+97wR71ujNTkjeEksAXoUXJMB8GA1UdIwQY
MBaAFNz659TmnULk9MldmfSCualE2+/IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1BybjFPYWRRdVQweVYyWjlJSzVxVVRiNzhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS85MzQyZjgtZGY5ZS00NWJiLTk3MmYt
MzcyNzNkZjM5MDFjLzEvYV9ndjczdkJIdlc2TTFPU040U1N3QmVoUmNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS85MzQyZjgtZGY5ZS00NWJiLTk3MmYtMzcyNzNkZjM5MDFj
LzEvM1BybjFPYWRRdVQweVYyWjlJSzVxVVRiNzhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCW+xAAwQA
udgwMA0EAgACMAcDBQMqEKcAMA0GCSqGSIb3DQEBCwUAA4IBAQB5KnUhkMhGc7uT
QcafeDXu3z+gTxzv7alKAjTuhN2QNcDWUzYn64ruBPmY68ED8/6tCjI69aJAhH/K
XMeMYFiQu7kN1ikP7zS8S+MUAVr2KQYQHGVn+MS+E92EPADwvdlH5YnL0wk1OUQm
yuTydFbaRY4L6YPxWb+aU+C/EXzqlrXpIBKhR7x6TiXMPv6phewLBrtgyD9F7VQ5
s2yBCb1cjQmbeEeEErN4RLb5c3cc9e5aPtrhHPTU6el0eI0fKlwMtI3PjWgYblnl
6CMRyQNX6j9emzSZJtrFf9Nt60Q4FhAwQkoSfnsAb66fXvelBZmeiEmVdUWwjWU0
t91BUh/g
-----END CERTIFICATE-----