Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/c43505-b306-4941-b7c6-583823847952/1/_Iz12Gr5-yP8EUDgPII5Gkrf8XY.roa
File:                     _Iz12Gr5-yP8EUDgPII5Gkrf8XY.roa (raw, json)
Hash identifier:          z9tYJgk72LOicF/0pwzdlVsj500cibqx/MGGQcVCuRE=
Subject key identifier:   FC:8C:F5:D8:6A:F9:FB:23:FC:11:40:E0:3C:82:39:1A:4A:DF:F1:76
Certificate issuer:       /CN=5ff6ea802307bc53bff3cbb63e9f8179ac4c1e39
Certificate serial:       01902CA11D2A838391C2C3B1A19C9CA70F3E
Authority key identifier: 5F:F6:EA:80:23:07:BC:53:BF:F3:CB:B6:3E:9F:81:79:AC:4C:1E:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X_bqgCMHvFO_88u2Pp-BeaxMHjk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/c43505-b306-4941-b7c6-583823847952/1/_Iz12Gr5-yP8EUDgPII5Gkrf8XY.roa
Signing time:             Tue 18 Jun 2024 18:34:34 +0000
ROA not before:           Tue 18 Jun 2024 18:34:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57982
IP address blocks:        91.237.108.0/24 maxlen: 24
                          91.237.109.0/24 maxlen: 24
                          91.237.110.0/24 maxlen: 24
                          91.237.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/c43505-b306-4941-b7c6-583823847952/1/X_bqgCMHvFO_88u2Pp-BeaxMHjk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/c43505-b306-4941-b7c6-583823847952/1/X_bqgCMHvFO_88u2Pp-BeaxMHjk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X_bqgCMHvFO_88u2Pp-BeaxMHjk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 15:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2c:a1:1d:2a:83:83:91:c2:c3:b1:a1:9c:9c:a7:0f:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ff6ea802307bc53bff3cbb63e9f8179ac4c1e39
        Validity
            Not Before: Jun 18 18:34:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc8cf5d86af9fb23fc1140e03c82391a4adff176
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f0:b6:bd:e7:29:79:0b:77:38:5e:bd:9f:46:
                    ed:fa:22:f0:e5:97:f9:16:3a:88:92:2e:43:e5:e6:
                    0a:bf:53:9c:bb:ce:9b:35:74:f8:d8:27:45:1d:4f:
                    92:77:a9:2e:16:57:9f:7e:d5:5c:62:1b:4c:56:e0:
                    f3:3c:6f:e8:29:68:37:24:ce:e7:d1:8f:4e:29:f6:
                    74:15:4f:c1:6c:4d:2e:43:02:63:52:90:d8:04:9a:
                    b6:fa:cd:20:a1:1b:15:b8:61:b9:8f:5a:27:c9:12:
                    9d:b4:30:6e:a8:c5:b5:21:49:15:b9:fb:8b:32:cc:
                    68:83:66:6e:fd:dd:5e:ab:6e:c3:85:13:52:a0:9a:
                    78:89:03:54:d4:94:e1:f8:7f:89:65:ec:a0:c7:38:
                    8f:4c:a0:da:7c:8e:95:a2:d6:90:4f:61:61:74:c3:
                    04:9b:40:8b:47:ab:47:fd:24:25:4b:ed:b2:c6:5d:
                    32:24:79:7a:cc:e4:b1:6d:f2:31:09:dd:86:70:c0:
                    79:1f:d9:c4:15:4a:5f:47:c1:cf:2a:39:d7:6b:91:
                    9c:45:35:8c:24:82:fa:1e:2a:a5:d5:1e:ac:cb:10:
                    22:8b:0e:25:36:c1:f7:ea:d0:9a:5d:63:99:28:b4:
                    83:25:55:95:8d:a5:44:5a:27:56:c1:ff:36:7a:b6:
                    cd:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:8C:F5:D8:6A:F9:FB:23:FC:11:40:E0:3C:82:39:1A:4A:DF:F1:76
            X509v3 Authority Key Identifier:
                keyid:5F:F6:EA:80:23:07:BC:53:BF:F3:CB:B6:3E:9F:81:79:AC:4C:1E:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X_bqgCMHvFO_88u2Pp-BeaxMHjk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/c43505-b306-4941-b7c6-583823847952/1/_Iz12Gr5-yP8EUDgPII5Gkrf8XY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/c43505-b306-4941-b7c6-583823847952/1/X_bqgCMHvFO_88u2Pp-BeaxMHjk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:f5:47:05:72:97:63:c5:5e:a3:94:0e:fd:8f:08:b8:2f:5d:
         46:08:9b:0d:36:dd:cf:12:43:78:93:22:64:4d:58:df:25:09:
         bf:e4:4b:78:00:58:b5:78:07:8f:5f:b7:79:f6:d1:d1:e9:1d:
         78:16:79:5a:d4:c0:3c:3c:38:b9:f5:43:bb:30:4a:a6:62:54:
         ce:3d:0f:7d:f3:93:cf:8f:df:4b:2c:7e:a4:b5:01:9c:35:d7:
         da:2e:ae:4a:b4:e7:5f:b8:3b:81:d9:5c:6a:d4:05:68:86:9e:
         55:70:b6:56:ec:9d:e1:0a:6a:2e:4e:6b:bc:ba:1e:e0:fc:2e:
         56:4c:ff:60:66:0f:76:a7:b7:93:37:b2:36:6f:b2:89:ae:69:
         16:18:a1:f5:d9:c8:71:ea:35:72:f0:94:bf:58:02:72:5c:05:
         f0:4c:59:6e:91:fa:fe:55:28:f0:d7:70:5f:9c:9b:c3:68:25:
         41:21:25:5d:75:fb:d3:6b:94:94:a2:54:16:35:26:fa:74:d7:
         75:a3:b1:3c:10:93:8a:92:53:28:cd:c0:b6:11:b3:06:d3:2a:
         5f:af:2d:da:9b:95:b5:46:7f:6b:c3:02:23:a0:c2:84:0c:c8:
         d7:31:3e:8a:12:bf:7f:4a:e4:79:64:9b:06:37:56:45:6f:be:
         75:60:4a:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAsoR0qg4ORwsOxoZycpw8+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmZjZlYTgwMjMwN2JjNTNiZmYzY2JiNjNlOWY4MTc5YWM0
YzFlMzkwHhcNMjQwNjE4MTgzNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzhjZjVkODZhZjlmYjIzZmMxMTQwZTAzYzgyMzkxYTRhZGZmMTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvC2vecpeQt3OF69n0bt+iLw5Zf5
FjqIki5D5eYKv1Ocu86bNXT42CdFHU+Sd6kuFlefftVcYhtMVuDzPG/oKWg3JM7n
0Y9OKfZ0FU/BbE0uQwJjUpDYBJq2+s0goRsVuGG5j1onyRKdtDBuqMW1IUkVufuL
Msxog2Zu/d1eq27DhRNSoJp4iQNU1JTh+H+JZeygxziPTKDafI6VotaQT2FhdMME
m0CLR6tH/SQlS+2yxl0yJHl6zOSxbfIxCd2GcMB5H9nEFUpfR8HPKjnXa5GcRTWM
JIL6Hiql1R6syxAiiw4lNsH36tCaXWOZKLSDJVWVjaVEWidWwf82erbNSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPyM9dhq+fsj/BFA4DyCORpK3/F2MB8GA1UdIwQY
MBaAFF/26oAjB7xTv/PLtj6fgXmsTB45MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWF9icWdDTUh2Rk9fODh1MlBwLUJlYXhNSGprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC9jNDM1MDUtYjMwNi00OTQxLWI3YzYt
NTgzODIzODQ3OTUyLzEvX0l6MTJHcjUteVA4RVVEZ1BJSTVHa3JmOFhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC9jNDM1MDUtYjMwNi00OTQxLWI3YzYtNTgzODIzODQ3OTUy
LzEvWF9icWdDTUh2Rk9fODh1MlBwLUJlYXhNSGprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+1sMA0G
CSqGSIb3DQEBCwUAA4IBAQCO9UcFcpdjxV6jlA79jwi4L11GCJsNNt3PEkN4kyJk
TVjfJQm/5Et4AFi1eAePX7d59tHR6R14Fnla1MA8PDi59UO7MEqmYlTOPQ9985PP
j99LLH6ktQGcNdfaLq5KtOdfuDuB2Vxq1AVohp5VcLZW7J3hCmouTmu8uh7g/C5W
TP9gZg92p7eTN7I2b7KJrmkWGKH12chx6jVy8JS/WAJyXAXwTFlukfr+VSjw13Bf
nJvDaCVBISVddfvTa5SUolQWNSb6dNd1o7E8EJOKklMozcC2EbMG0ypfry3am5W1
Rn9rwwIjoMKEDMjXMT6KEr9/SuR5ZJsGN1ZFb751YEql
-----END CERTIFICATE-----