Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/pBhv9P68i-8YzlNPdovuXbN9lYo.roa
File:                     pBhv9P68i-8YzlNPdovuXbN9lYo.roa (raw, json)
Hash identifier:          +Qod0Y0FAvigFElY7sHUgjZc6918YdsWDv/Jcr7RR/o=
Subject key identifier:   A4:18:6F:F4:FE:BC:8B:EF:18:CE:53:4F:76:8B:EE:5D:B3:7D:95:8A
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       018CEE21CA06805C09044726C12F9B9A95E4
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/pBhv9P68i-8YzlNPdovuXbN9lYo.roa
Signing time:             Tue 09 Jan 2024 12:10:40 +0000
ROA not before:           Tue 09 Jan 2024 12:10:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202636
IP address blocks:        91.246.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ee:21:ca:06:80:5c:09:04:47:26:c1:2f:9b:9a:95:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Jan  9 12:10:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4186ff4febc8bef18ce534f768bee5db37d958a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:8a:0a:d6:2a:00:e3:26:06:66:42:2e:60:f6:
                    51:2a:82:af:b3:b5:5f:20:9d:38:9b:0b:ec:1a:eb:
                    8b:84:7c:8f:35:f5:58:d3:61:31:3b:e2:41:3f:06:
                    ce:98:52:31:69:61:86:19:fa:7d:8d:2a:fb:77:b9:
                    21:82:4a:50:51:00:c3:bb:f9:5e:0a:78:11:a7:9e:
                    ab:5a:e0:fe:83:b3:28:e9:d9:af:9a:16:b1:45:a5:
                    e4:fb:17:96:e4:5d:4a:1f:af:43:66:96:d0:0a:a5:
                    d8:9b:f2:89:31:e4:ab:f8:79:70:9e:47:be:0b:51:
                    d3:6e:dc:3f:71:2d:9e:32:08:2d:d2:fc:c3:d8:2b:
                    33:3b:05:67:69:fd:eb:37:9d:ad:e0:e5:60:ce:40:
                    aa:32:c8:f9:5c:9d:a7:f1:e6:d4:66:08:de:e5:b9:
                    85:18:c3:e2:31:24:17:99:6b:dc:1d:f7:f5:0b:3b:
                    d8:b5:67:12:26:6e:36:42:06:34:ce:21:17:b6:17:
                    32:09:b8:41:1d:58:df:49:57:d7:f6:c0:f1:30:57:
                    19:39:79:91:ce:d6:f9:27:d6:a8:60:5e:14:5a:56:
                    4d:68:5a:45:b2:94:34:03:59:97:64:92:ab:23:5b:
                    b6:91:60:0a:5c:71:64:2e:96:69:85:45:b1:22:05:
                    1f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:18:6F:F4:FE:BC:8B:EF:18:CE:53:4F:76:8B:EE:5D:B3:7D:95:8A
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/pBhv9P68i-8YzlNPdovuXbN9lYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.246.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:6b:8d:8b:5d:a8:34:85:5d:80:9e:25:d3:17:ab:32:9d:c7:
         1f:25:2c:ab:cd:e5:68:e8:82:26:ad:08:7e:7b:5c:f5:71:9e:
         fb:17:b3:3c:b6:45:d8:d1:d7:71:db:aa:1c:db:75:08:77:93:
         1b:58:f6:f1:7b:2e:6e:5c:29:1c:28:99:97:d0:54:2e:be:c7:
         37:c8:23:ce:03:08:d7:da:93:26:4d:1d:db:27:49:d7:a4:ac:
         7b:50:40:46:7f:67:2d:79:8e:15:b3:80:eb:a5:19:97:54:ff:
         d6:f5:1b:cc:5e:5a:e4:fd:13:d1:fb:d7:3a:6c:6c:11:63:c3:
         58:d0:85:04:55:43:6f:36:27:90:bc:ba:81:28:9c:3a:e3:57:
         4c:21:64:42:ff:40:e0:49:7b:58:4f:27:50:69:d3:f6:13:93:
         6c:d7:d5:a3:fe:cc:de:6b:8b:10:f4:20:e9:0d:64:66:07:25:
         b2:20:40:93:48:dd:1f:38:fc:5f:95:f4:d3:28:f2:cb:ab:78:
         c9:9d:5d:06:9e:dc:de:e6:5d:02:81:c0:db:04:5f:bd:d8:be:
         fa:4c:1c:58:b5:c2:3f:40:58:f2:31:89:6c:19:00:46:61:0b:
         9f:de:0a:c5:ab:dc:87:5b:96:84:df:7d:62:1c:de:40:48:b8:
         53:14:01:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzuIcoGgFwJBEcmwS+bmpXkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjQwMTA5MTIxMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDE4NmZmNGZlYmM4YmVmMThjZTUzNGY3NjhiZWU1ZGIzN2Q5NThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg4oK1ioA4yYGZkIuYPZRKoKvs7Vf
IJ04mwvsGuuLhHyPNfVY02ExO+JBPwbOmFIxaWGGGfp9jSr7d7khgkpQUQDDu/le
CngRp56rWuD+g7Mo6dmvmhaxRaXk+xeW5F1KH69DZpbQCqXYm/KJMeSr+Hlwnke+
C1HTbtw/cS2eMggt0vzD2CszOwVnaf3rN52t4OVgzkCqMsj5XJ2n8ebUZgje5bmF
GMPiMSQXmWvcHff1CzvYtWcSJm42QgY0ziEXthcyCbhBHVjfSVfX9sDxMFcZOXmR
ztb5J9aoYF4UWlZNaFpFspQ0A1mXZJKrI1u2kWAKXHFkLpZphUWxIgUfawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKQYb/T+vIvvGM5TT3aL7l2zfZWKMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvcEJodjlQNjhpLThZemxOUGRvdnVYYk45bFlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/Y0MA0G
CSqGSIb3DQEBCwUAA4IBAQAsa42LXag0hV2AniXTF6synccfJSyrzeVo6IImrQh+
e1z1cZ77F7M8tkXY0ddx26oc23UId5MbWPbxey5uXCkcKJmX0FQuvsc3yCPOAwjX
2pMmTR3bJ0nXpKx7UEBGf2cteY4Vs4DrpRmXVP/W9RvMXlrk/RPR+9c6bGwRY8NY
0IUEVUNvNieQvLqBKJw641dMIWRC/0DgSXtYTydQadP2E5Ns19Wj/szea4sQ9CDp
DWRmByWyIECTSN0fOPxflfTTKPLLq3jJnV0Gntze5l0CgcDbBF+92L76TBxYtcI/
QFjyMYlsGQBGYQuf3grFq9yHW5aE331iHN5ASLhTFAGU
-----END CERTIFICATE-----