Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/pB_HPlW23Z69X5i2VGV2qJTSv4k.roa
File:                     pB_HPlW23Z69X5i2VGV2qJTSv4k.roa (raw, json)
Hash identifier:          oNMIkjOXQQKfUvSob35+Iidj/IODsYhsYio+iSepE2Q=
Subject key identifier:   A4:1F:C7:3E:55:B6:DD:9E:BD:5F:98:B6:54:65:76:A8:94:D2:BF:89
Certificate issuer:       /CN=dcfae7d4e69d42e4f4c95d99f482b9a944dbefc8
Certificate serial:       018CC2DAE82AAD7813159E41B5289288B273
Authority key identifier: DC:FA:E7:D4:E6:9D:42:E4:F4:C9:5D:99:F4:82:B9:A9:44:DB:EF:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Prn1OadQuT0yV2Z9IK5qUTb78g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/pB_HPlW23Z69X5i2VGV2qJTSv4k.roa
Signing time:             Mon 01 Jan 2024 02:29:35 +0000
ROA not before:           Mon 01 Jan 2024 02:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        91.236.66.0/24 maxlen: 24
                          91.236.67.0/24 maxlen: 24
                          2a10:a700:100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/3Prn1OadQuT0yV2Z9IK5qUTb78g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/3Prn1OadQuT0yV2Z9IK5qUTb78g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3Prn1OadQuT0yV2Z9IK5qUTb78g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:03:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e8:2a:ad:78:13:15:9e:41:b5:28:92:88:b2:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcfae7d4e69d42e4f4c95d99f482b9a944dbefc8
        Validity
            Not Before: Jan  1 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a41fc73e55b6dd9ebd5f98b6546576a894d2bf89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:40:03:bb:9f:f6:c3:7a:e0:23:3e:cb:5a:2a:
                    6a:67:f2:04:5e:f3:cb:f9:ad:64:7f:fb:b7:74:fe:
                    a3:0b:4c:a3:72:04:25:8b:cc:39:c9:68:69:be:5c:
                    57:21:d0:f2:dd:35:47:76:6a:8f:1f:68:ad:78:0a:
                    23:e4:9d:ca:c7:28:07:fe:7e:0a:1e:34:1c:12:39:
                    a4:06:43:b7:3d:c5:56:e6:5d:4d:5d:c3:c3:dc:2e:
                    32:8b:f0:15:48:c2:64:bc:fb:34:23:7b:cd:27:a1:
                    96:82:d4:d0:6c:83:48:f8:42:b1:c9:5a:cc:8e:4f:
                    6f:74:f2:d6:0e:42:a4:88:1e:12:02:7d:ee:22:9e:
                    9a:ca:01:78:64:f9:20:19:0c:e8:a9:55:23:f0:a7:
                    04:d3:26:e5:ef:c3:4e:a6:14:04:5d:1d:b6:bf:ef:
                    c2:66:44:ff:4c:1b:5d:f0:ae:56:45:24:7b:47:22:
                    e8:0a:9f:f9:62:d2:a6:2b:67:3a:45:01:19:95:3b:
                    45:40:da:e0:0d:5f:7e:09:60:c3:d1:0c:68:b8:70:
                    4b:98:20:3d:d5:3d:5e:49:be:6c:b5:ce:74:fb:cb:
                    9a:98:39:c7:51:ed:75:63:86:a7:84:9e:28:53:19:
                    ab:48:81:a1:10:38:ff:ff:8b:b4:18:68:a6:b1:bb:
                    f5:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:1F:C7:3E:55:B6:DD:9E:BD:5F:98:B6:54:65:76:A8:94:D2:BF:89
            X509v3 Authority Key Identifier:
                keyid:DC:FA:E7:D4:E6:9D:42:E4:F4:C9:5D:99:F4:82:B9:A9:44:DB:EF:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Prn1OadQuT0yV2Z9IK5qUTb78g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/pB_HPlW23Z69X5i2VGV2qJTSv4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/3Prn1OadQuT0yV2Z9IK5qUTb78g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.66.0/23
                IPv6:
                  2a10:a700:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         5b:12:5b:f0:ee:6a:3a:e6:ff:52:3e:e1:00:38:34:c4:52:fe:
         7a:57:98:d0:b8:6a:fb:5d:56:2e:2c:d9:1e:dc:3c:74:ee:01:
         d9:61:af:78:c2:80:0c:3b:6f:ca:1a:e4:ba:2c:d9:1e:ad:d1:
         5d:1d:d5:00:f4:96:32:5e:04:3a:cc:9f:0c:25:1b:26:5b:c2:
         ac:c3:43:bf:2c:9a:62:9f:c9:4e:41:95:60:6b:e5:be:3a:c9:
         63:4e:36:b6:f1:6e:6b:4a:02:3e:17:e5:52:d7:5d:a4:7d:e5:
         7b:dc:d8:37:41:88:66:f6:94:c5:15:c7:15:88:de:fb:88:54:
         c1:85:38:cc:74:c0:a4:85:2f:68:3f:2c:b7:9c:b5:4c:e5:59:
         dd:ed:86:14:e7:f0:d3:27:5f:02:72:c8:f4:27:ec:fe:21:d2:
         66:a1:2e:bc:c2:ff:b9:d7:30:76:08:b2:0e:ae:ba:2d:aa:1a:
         a3:fe:82:ea:c2:bd:df:62:1b:1b:e9:01:f8:ce:ed:83:ac:84:
         9e:7d:78:d0:1b:7e:af:6a:c6:7a:89:1e:2f:0b:78:2b:8d:9f:
         70:5a:99:08:a6:5e:72:a2:41:45:82:21:57:60:44:86:34:4b:
         86:ff:e6:c3:1c:de:76:6e:3e:a9:16:b6:d3:54:66:55:36:bc:
         6b:36:af:54
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzC2ugqrXgTFZ5BtSiSiLJzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZmFlN2Q0ZTY5ZDQyZTRmNGM5NWQ5OWY0ODJiOWE5NDRk
YmVmYzgwHhcNMjQwMTAxMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDFmYzczZTU1YjZkZDllYmQ1Zjk4YjY1NDY1NzZhODk0ZDJiZjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUADu5/2w3rgIz7LWipqZ/IEXvPL
+a1kf/u3dP6jC0yjcgQli8w5yWhpvlxXIdDy3TVHdmqPH2iteAoj5J3KxygH/n4K
HjQcEjmkBkO3PcVW5l1NXcPD3C4yi/AVSMJkvPs0I3vNJ6GWgtTQbINI+EKxyVrM
jk9vdPLWDkKkiB4SAn3uIp6aygF4ZPkgGQzoqVUj8KcE0ybl78NOphQEXR22v+/C
ZkT/TBtd8K5WRSR7RyLoCp/5YtKmK2c6RQEZlTtFQNrgDV9+CWDD0QxouHBLmCA9
1T1eSb5stc50+8uamDnHUe11Y4anhJ4oUxmrSIGhEDj//4u0GGimsbv1lwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFKQfxz5Vtt2evV+YtlRldqiU0r+JMB8GA1UdIwQY
MBaAFNz659TmnULk9MldmfSCualE2+/IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1BybjFPYWRRdVQweVYyWjlJSzVxVVRiNzhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS85MzQyZjgtZGY5ZS00NWJiLTk3MmYt
MzcyNzNkZjM5MDFjLzEvcEJfSFBsVzIzWjY5WDVpMlZHVjJxSlRTdjRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS85MzQyZjgtZGY5ZS00NWJiLTk3MmYtMzcyNzNkZjM5MDFj
LzEvM1BybjFPYWRRdVQweVYyWjlJSzVxVVRiNzhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQBW+xCMA4E
AgACMAgDBgAqEKcAATANBgkqhkiG9w0BAQsFAAOCAQEAWxJb8O5qOub/Uj7hADg0
xFL+eleY0Lhq+11WLizZHtw8dO4B2WGveMKADDtvyhrkuizZHq3RXR3VAPSWMl4E
OsyfDCUbJlvCrMNDvyyaYp/JTkGVYGvlvjrJY042tvFua0oCPhflUtddpH3le9zY
N0GIZvaUxRXHFYje+4hUwYU4zHTApIUvaD8st5y1TOVZ3e2GFOfw0ydfAnLI9Cfs
/iHSZqEuvML/udcwdgiyDq66Laoao/6C6sK932IbG+kB+M7tg6yEnn140Bt+r2rG
eokeLwt4K42fcFqZCKZecqJBRYIhV2BEhjRLhv/mwxzedm4+qRa201RmVTa8azav
VA==
-----END CERTIFICATE-----