Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/859f30-1e4b-45fe-b7ec-6d0781532a48/1/L-AmUMsq9Az0-dS3wr6hS7PpK_w.roa
File:                     L-AmUMsq9Az0-dS3wr6hS7PpK_w.roa (raw, json)
Hash identifier:          4jweCMRkv8K5MgkTtkCibyhQZw4ikZTLLT5AMGnOPek=
Subject key identifier:   2F:E0:26:50:CB:2A:F4:0C:F4:F9:D4:B7:C2:BE:A1:4B:B3:E9:2B:FC
Certificate issuer:       /CN=8f0db79be87bd38655bab703a60e774c4d6c2357
Certificate serial:       018CC94E4F7FA8F6BDD22439811531F889E1
Authority key identifier: 8F:0D:B7:9B:E8:7B:D3:86:55:BA:B7:03:A6:0E:77:4C:4D:6C:23:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jw23m-h704ZVurcDpg53TE1sI1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/859f30-1e4b-45fe-b7ec-6d0781532a48/1/L-AmUMsq9Az0-dS3wr6hS7PpK_w.roa
Signing time:             Tue 02 Jan 2024 08:33:21 +0000
ROA not before:           Tue 02 Jan 2024 08:33:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197138
IP address blocks:        91.206.50.0/23 maxlen: 24
                          2001:67c:354::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/859f30-1e4b-45fe-b7ec-6d0781532a48/1/jw23m-h704ZVurcDpg53TE1sI1c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/859f30-1e4b-45fe-b7ec-6d0781532a48/1/jw23m-h704ZVurcDpg53TE1sI1c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jw23m-h704ZVurcDpg53TE1sI1c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:4f:7f:a8:f6:bd:d2:24:39:81:15:31:f8:89:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f0db79be87bd38655bab703a60e774c4d6c2357
        Validity
            Not Before: Jan  2 08:33:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fe02650cb2af40cf4f9d4b7c2bea14bb3e92bfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:ee:3e:86:f1:f9:06:3b:99:72:26:87:59:a5:
                    88:df:6e:38:64:f3:36:3c:8f:e5:c1:da:be:ac:24:
                    54:f2:71:6c:dd:fb:ba:25:6a:bc:49:85:2e:d8:f2:
                    ad:32:a7:a3:95:e1:5a:0f:8a:02:cb:6e:ec:7c:60:
                    7b:c1:f8:b5:2c:b3:05:10:8c:6e:f0:3e:d5:ad:d0:
                    aa:b3:8e:8f:fe:da:b3:5b:09:b7:84:0f:d3:61:7b:
                    82:26:58:4d:35:21:15:be:17:17:9c:99:05:fe:06:
                    8d:c3:96:e7:a1:b1:ea:73:41:9d:f8:e4:51:27:95:
                    62:e1:1e:fe:2a:c8:ab:5b:e2:cd:6e:1d:1e:c0:70:
                    e6:04:4d:73:ee:e7:cc:3b:39:de:2c:87:1f:be:ce:
                    c8:4a:9f:a5:36:43:3d:6d:4f:46:62:77:35:bf:1c:
                    a3:84:8e:60:13:2d:31:2b:76:f3:53:01:bc:0a:4b:
                    68:0a:fa:92:64:8a:36:91:84:67:93:17:a0:2c:8a:
                    a8:28:6d:31:05:97:ff:a7:19:92:4b:cd:d7:2c:8b:
                    35:d8:d8:a7:89:7f:87:6d:ea:a9:4a:3e:0c:98:7a:
                    3e:d3:1d:82:9d:0a:02:b5:4f:33:20:ff:a6:7f:b7:
                    63:98:3d:43:c4:2c:10:42:35:62:92:10:1a:ae:bd:
                    c9:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:E0:26:50:CB:2A:F4:0C:F4:F9:D4:B7:C2:BE:A1:4B:B3:E9:2B:FC
            X509v3 Authority Key Identifier:
                keyid:8F:0D:B7:9B:E8:7B:D3:86:55:BA:B7:03:A6:0E:77:4C:4D:6C:23:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jw23m-h704ZVurcDpg53TE1sI1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/859f30-1e4b-45fe-b7ec-6d0781532a48/1/L-AmUMsq9Az0-dS3wr6hS7PpK_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/859f30-1e4b-45fe-b7ec-6d0781532a48/1/jw23m-h704ZVurcDpg53TE1sI1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.50.0/23
                IPv6:
                  2001:67c:354::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:b3:e5:7d:24:14:e1:99:88:cb:e6:cd:15:c1:90:89:a7:12:
         de:0b:43:11:59:0c:74:d8:81:c7:21:36:34:86:2c:ab:61:85:
         91:ba:b5:5b:03:63:f1:74:7c:8c:13:54:4c:a8:5d:e3:cf:a5:
         93:b2:7a:fe:8a:e9:e0:83:8b:7d:ba:db:12:01:2f:a1:8f:0e:
         67:56:36:3d:d8:7b:7c:5f:05:6a:f3:34:07:3b:4e:fa:b2:11:
         40:71:10:da:75:e9:9f:cd:cf:c9:69:c7:18:ab:51:da:89:72:
         a2:7e:f4:f9:f2:4a:7b:20:4c:c0:15:8d:31:be:c0:30:59:62:
         fe:fb:90:c4:a6:b2:30:1f:3d:10:f7:7c:b1:83:8f:0c:18:cb:
         59:33:51:f2:1b:48:a9:fa:00:fd:53:0e:fd:34:2f:99:60:01:
         e7:a2:c8:2e:da:ec:e7:35:5e:a1:7d:5b:d1:cb:c3:f0:b9:b6:
         e3:b0:33:34:8e:88:24:94:17:82:0a:db:95:f9:b5:30:38:55:
         f9:8b:85:98:ce:3a:de:60:4c:6e:91:b2:8b:fc:e4:e4:f2:09:
         a3:08:d4:94:25:69:7b:34:f0:6c:51:4e:65:ca:f9:51:7e:4a:
         fa:3f:0c:2c:96:b1:c5:0c:20:ac:e4:cf:80:ef:d5:c5:67:74:
         0e:ca:76:75
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJTk9/qPa90iQ5gRUx+InhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMGRiNzliZTg3YmQzODY1NWJhYjcwM2E2MGU3NzRjNGQ2
YzIzNTcwHhcNMjQwMTAyMDgzMzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmUwMjY1MGNiMmFmNDBjZjRmOWQ0YjdjMmJlYTE0YmIzZTkyYmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0e4+hvH5BjuZciaHWaWI3244ZPM2
PI/lwdq+rCRU8nFs3fu6JWq8SYUu2PKtMqejleFaD4oCy27sfGB7wfi1LLMFEIxu
8D7VrdCqs46P/tqzWwm3hA/TYXuCJlhNNSEVvhcXnJkF/gaNw5bnobHqc0Gd+ORR
J5Vi4R7+KsirW+LNbh0ewHDmBE1z7ufMOzneLIcfvs7ISp+lNkM9bU9GYnc1vxyj
hI5gEy0xK3bzUwG8CktoCvqSZIo2kYRnkxegLIqoKG0xBZf/pxmSS83XLIs12Nin
iX+HbeqpSj4MmHo+0x2CnQoCtU8zIP+mf7djmD1DxCwQQjVikhAarr3JWwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFC/gJlDLKvQM9PnUt8K+oUuz6Sv8MB8GA1UdIwQY
MBaAFI8Nt5voe9OGVbq3A6YOd0xNbCNXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvancyM20taDcwNFpWdXJjRHBnNTNURTFzSTFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84NTlmMzAtMWU0Yi00NWZlLWI3ZWMt
NmQwNzgxNTMyYTQ4LzEvTC1BbVVNc3E5QXowLWRTM3dyNmhTN1BwS193LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84NTlmMzAtMWU0Yi00NWZlLWI3ZWMtNmQwNzgxNTMyYTQ4
LzEvancyM20taDcwNFpWdXJjRHBnNTNURTFzSTFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBW84yMA8E
AgACMAkDBwAgAQZ8A1QwDQYJKoZIhvcNAQELBQADggEBAAOz5X0kFOGZiMvmzRXB
kImnEt4LQxFZDHTYgcchNjSGLKthhZG6tVsDY/F0fIwTVEyoXePPpZOyev6K6eCD
i3262xIBL6GPDmdWNj3Ye3xfBWrzNAc7TvqyEUBxENp16Z/Nz8lpxxirUdqJcqJ+
9PnySnsgTMAVjTG+wDBZYv77kMSmsjAfPRD3fLGDjwwYy1kzUfIbSKn6AP1TDv00
L5lgAeeiyC7a7Oc1XqF9W9HLw/C5tuOwMzSOiCSUF4IK25X5tTA4VfmLhZjOOt5g
TG6Rsov85OTyCaMI1JQlaXs08GxRTmXK+VF+Svo/DCyWscUMIKzkz4Dv1cVndA7K
dnU=
-----END CERTIFICATE-----