Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/6bafe9-878b-46fd-a305-7ba25d5595fa/1/3ibMriVI-ahyBNvfdhrXRrwenmk.roa
File:                     3ibMriVI-ahyBNvfdhrXRrwenmk.roa (raw, json)
Hash identifier:          nnhq9TJFkYttK0ahlz6f/2CIAUUqQpyuBuhZMeaV/es=
Subject key identifier:   DE:26:CC:AE:25:48:F9:A8:72:04:DB:DF:76:1A:D7:46:BC:1E:9E:69
Certificate issuer:       /CN=9f3ec21e10f3646e4dc0e23f5f7ec44501560de3
Certificate serial:       018E76ABF6F1E6FC68641B36D573ACB6AABC
Authority key identifier: 9F:3E:C2:1E:10:F3:64:6E:4D:C0:E2:3F:5F:7E:C4:45:01:56:0D:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nz7CHhDzZG5NwOI_X37ERQFWDeM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/6bafe9-878b-46fd-a305-7ba25d5595fa/1/3ibMriVI-ahyBNvfdhrXRrwenmk.roa
Signing time:             Mon 25 Mar 2024 17:32:45 +0000
ROA not before:           Mon 25 Mar 2024 17:32:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15083
IP address blocks:        91.200.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/6bafe9-878b-46fd-a305-7ba25d5595fa/1/nz7CHhDzZG5NwOI_X37ERQFWDeM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/6bafe9-878b-46fd-a305-7ba25d5595fa/1/nz7CHhDzZG5NwOI_X37ERQFWDeM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nz7CHhDzZG5NwOI_X37ERQFWDeM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:76:ab:f6:f1:e6:fc:68:64:1b:36:d5:73:ac:b6:aa:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f3ec21e10f3646e4dc0e23f5f7ec44501560de3
        Validity
            Not Before: Mar 25 17:32:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de26ccae2548f9a87204dbdf761ad746bc1e9e69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:d5:56:58:dd:1b:00:00:c3:54:c3:9f:d9:59:
                    bc:27:24:7d:24:7b:64:30:0b:db:75:4f:99:d7:39:
                    2d:aa:7b:85:d1:59:28:45:e1:28:64:b9:16:ba:56:
                    e0:11:4c:8e:b7:de:1a:91:de:b1:89:99:4a:06:3f:
                    15:a4:17:e8:c8:c8:8c:a8:b0:7e:13:3d:71:9d:05:
                    35:3d:9e:96:89:24:f1:64:41:0c:4c:2c:8f:99:ba:
                    50:ca:da:ac:c8:96:75:55:cd:f7:75:33:7a:af:a5:
                    d0:ac:6e:53:61:85:f3:95:87:0d:f3:65:73:83:53:
                    34:83:f2:40:f7:5c:00:82:94:3a:5b:b8:4f:1e:ab:
                    99:93:b2:bc:84:39:95:c7:03:91:f9:93:87:53:be:
                    b0:31:31:af:6e:3e:fc:e7:06:d8:4f:02:02:ea:07:
                    23:d0:1a:54:bb:26:07:71:a7:7f:78:4d:c6:a3:ad:
                    bb:43:37:52:42:50:d1:8b:5c:46:af:63:01:fa:99:
                    6e:7e:35:55:e7:7c:04:39:fa:e9:4e:2b:b4:55:ba:
                    bf:5e:32:4c:14:62:6f:bd:2c:d9:27:bc:01:0a:aa:
                    42:58:0f:72:67:cf:87:e9:b0:42:e2:d2:a2:91:fa:
                    dc:b5:5c:f1:29:51:c8:1b:4f:3d:0e:89:13:04:01:
                    72:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:26:CC:AE:25:48:F9:A8:72:04:DB:DF:76:1A:D7:46:BC:1E:9E:69
            X509v3 Authority Key Identifier:
                keyid:9F:3E:C2:1E:10:F3:64:6E:4D:C0:E2:3F:5F:7E:C4:45:01:56:0D:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nz7CHhDzZG5NwOI_X37ERQFWDeM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/6bafe9-878b-46fd-a305-7ba25d5595fa/1/3ibMriVI-ahyBNvfdhrXRrwenmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/6bafe9-878b-46fd-a305-7ba25d5595fa/1/nz7CHhDzZG5NwOI_X37ERQFWDeM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:c1:95:78:5f:78:06:a7:27:35:89:bd:7b:4b:74:39:a9:ef:
         1d:ba:4d:2b:5e:bf:1a:01:7c:b0:e8:79:9c:ae:be:70:c6:3b:
         d8:19:16:50:0a:5d:92:84:bc:73:c7:a3:ee:44:be:26:2d:b3:
         0a:5a:54:ca:ca:a8:07:f9:71:5a:18:01:dd:dd:13:f0:d1:b3:
         2d:a3:80:c5:eb:88:05:51:66:2b:80:ce:ea:43:93:c1:86:d0:
         07:f0:de:55:b5:ad:33:93:8a:5c:da:e3:52:8e:37:3d:3e:4e:
         d7:9f:5f:74:28:b8:8c:7f:b8:5e:8c:40:85:fa:71:0b:19:2d:
         0e:83:e3:60:c1:93:88:d1:b4:31:9f:66:22:de:47:28:7d:89:
         8b:f1:10:4f:81:24:36:6d:0c:e7:c3:f7:60:15:68:d9:4e:36:
         a2:3a:e4:73:db:4e:bf:af:54:d4:81:69:9c:60:72:c5:09:49:
         40:e7:03:92:76:46:7f:5b:d9:90:d2:b1:51:d8:4b:3c:c0:af:
         d7:13:1c:db:81:44:b8:12:e5:94:d7:fd:e3:60:6b:6b:db:bc:
         7f:e6:c4:64:bb:14:67:ec:39:b1:44:d6:b0:31:c7:ac:42:51:
         27:57:48:e3:e7:d4:99:55:56:fe:e1:bc:bc:8e:09:3a:ca:81:
         3d:05:ad:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY52q/bx5vxoZBs21XOstqq8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmM2VjMjFlMTBmMzY0NmU0ZGMwZTIzZjVmN2VjNDQ1MDE1
NjBkZTMwHhcNMjQwMzI1MTczMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTI2Y2NhZTI1NDhmOWE4NzIwNGRiZGY3NjFhZDc0NmJjMWU5ZTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4dVWWN0bAADDVMOf2Vm8JyR9JHtk
MAvbdU+Z1zktqnuF0VkoReEoZLkWulbgEUyOt94akd6xiZlKBj8VpBfoyMiMqLB+
Ez1xnQU1PZ6WiSTxZEEMTCyPmbpQytqsyJZ1Vc33dTN6r6XQrG5TYYXzlYcN82Vz
g1M0g/JA91wAgpQ6W7hPHquZk7K8hDmVxwOR+ZOHU76wMTGvbj785wbYTwIC6gcj
0BpUuyYHcad/eE3Go627QzdSQlDRi1xGr2MB+plufjVV53wEOfrpTiu0Vbq/XjJM
FGJvvSzZJ7wBCqpCWA9yZ8+H6bBC4tKikfrctVzxKVHIG089DokTBAFywQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN4mzK4lSPmocgTb33Ya10a8Hp5pMB8GA1UdIwQY
MBaAFJ8+wh4Q82RuTcDiP19+xEUBVg3jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbno3Q0hoRHpaRzVOd09JX1gzN0VSUUZXRGVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS82YmFmZTktODc4Yi00NmZkLWEzMDUt
N2JhMjVkNTU5NWZhLzEvM2liTXJpVkktYWh5Qk52ZmRoclhScndlbm1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS82YmFmZTktODc4Yi00NmZkLWEzMDUtN2JhMjVkNTU5NWZh
LzEvbno3Q0hoRHpaRzVOd09JX1gzN0VSUUZXRGVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8iRMA0G
CSqGSIb3DQEBCwUAA4IBAQCJwZV4X3gGpyc1ib17S3Q5qe8duk0rXr8aAXyw6Hmc
rr5wxjvYGRZQCl2ShLxzx6PuRL4mLbMKWlTKyqgH+XFaGAHd3RPw0bMto4DF64gF
UWYrgM7qQ5PBhtAH8N5Vta0zk4pc2uNSjjc9Pk7Xn190KLiMf7hejECF+nELGS0O
g+NgwZOI0bQxn2Yi3kcofYmL8RBPgSQ2bQznw/dgFWjZTjaiOuRz206/r1TUgWmc
YHLFCUlA5wOSdkZ/W9mQ0rFR2Es8wK/XExzbgUS4EuWU1/3jYGtr27x/5sRkuxRn
7DmxRNawMcesQlEnV0jj59SZVVb+4by8jgk6yoE9Ba2c
-----END CERTIFICATE-----