Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/d6db46-85b1-420c-8ce7-f7dabb0d2787/1/dpPotOgLeEgYwaFuXIPvj4J6E_Y.roa
File:                     dpPotOgLeEgYwaFuXIPvj4J6E_Y.roa (raw, json)
Hash identifier:          nsRSt5ZKfisc8Y5B6AZi6y6hR40EhJvM+sGFW61maR8=
Subject key identifier:   76:93:E8:B4:E8:0B:78:48:18:C1:A1:6E:5C:83:EF:8F:82:7A:13:F6
Certificate issuer:       /CN=21eb7f9b58952b9e80afcf7bbdba32b26a34d0a1
Certificate serial:       018CC50147384E54BCE12ACDC19F2EAEFCB8
Authority key identifier: 21:EB:7F:9B:58:95:2B:9E:80:AF:CF:7B:BD:BA:32:B2:6A:34:D0:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iet_m1iVK56Ar897vboysmo00KE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/d6db46-85b1-420c-8ce7-f7dabb0d2787/1/dpPotOgLeEgYwaFuXIPvj4J6E_Y.roa
Signing time:             Mon 01 Jan 2024 12:30:44 +0000
ROA not before:           Mon 01 Jan 2024 12:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198684
IP address blocks:        91.238.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/d6db46-85b1-420c-8ce7-f7dabb0d2787/1/Iet_m1iVK56Ar897vboysmo00KE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/d6db46-85b1-420c-8ce7-f7dabb0d2787/1/Iet_m1iVK56Ar897vboysmo00KE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iet_m1iVK56Ar897vboysmo00KE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:47:38:4e:54:bc:e1:2a:cd:c1:9f:2e:ae:fc:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21eb7f9b58952b9e80afcf7bbdba32b26a34d0a1
        Validity
            Not Before: Jan  1 12:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7693e8b4e80b784818c1a16e5c83ef8f827a13f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:0e:50:d6:d3:3a:f3:f4:60:cd:da:a2:44:ae:
                    6a:25:4d:9a:92:e4:c0:46:f2:1a:6e:f8:bd:c9:66:
                    e6:49:ad:a9:86:48:10:b7:bc:4c:8e:5f:89:57:47:
                    bb:73:63:1f:01:59:0b:33:66:81:57:a8:fe:05:8d:
                    99:2c:d7:dc:f8:ed:6c:fc:77:6d:b2:8f:84:b3:a7:
                    58:2b:d1:27:58:b7:9e:fc:50:3a:23:36:c7:ef:9f:
                    08:42:2a:f2:d5:d6:7c:0d:cf:f0:f7:de:20:8b:b4:
                    3e:0d:63:c8:4d:09:43:3d:8f:b1:55:ee:4b:9e:75:
                    09:55:d8:ce:4a:95:5d:15:f8:dd:02:9e:81:b2:fb:
                    5f:e7:38:30:35:f4:a1:c3:7d:ff:f8:5e:36:f8:25:
                    69:75:4a:e0:f7:e3:a7:42:c8:4b:07:5c:e4:68:46:
                    9a:2e:0a:0d:02:d3:0e:08:ab:7f:3f:be:50:18:06:
                    03:ff:b8:85:86:f4:9a:a0:98:48:4a:3d:f2:f3:3f:
                    86:1a:83:9e:ad:ee:5e:1f:75:d6:8e:66:91:73:30:
                    05:cb:7c:3e:da:95:9a:3e:43:5e:e5:55:fe:cc:5f:
                    be:0b:59:91:c2:1c:84:89:66:25:74:aa:de:19:c7:
                    9c:5a:84:2a:22:02:a3:fc:b0:f4:4f:1f:0f:67:11:
                    2c:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:93:E8:B4:E8:0B:78:48:18:C1:A1:6E:5C:83:EF:8F:82:7A:13:F6
            X509v3 Authority Key Identifier:
                keyid:21:EB:7F:9B:58:95:2B:9E:80:AF:CF:7B:BD:BA:32:B2:6A:34:D0:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iet_m1iVK56Ar897vboysmo00KE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/d6db46-85b1-420c-8ce7-f7dabb0d2787/1/dpPotOgLeEgYwaFuXIPvj4J6E_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/d6db46-85b1-420c-8ce7-f7dabb0d2787/1/Iet_m1iVK56Ar897vboysmo00KE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:b5:94:6f:31:50:73:9d:2a:92:1a:a7:b5:b8:af:b5:7d:78:
         dd:6d:5b:e8:04:d6:dc:63:c6:d4:cf:0f:42:60:a7:b1:7a:f9:
         9e:d4:80:03:15:c2:46:fa:af:61:8f:c7:bc:b2:cb:ea:eb:b2:
         d8:a7:d8:b3:45:bf:67:56:11:cd:d4:db:b0:ad:ce:5f:03:29:
         8c:af:38:fd:09:82:11:d5:a2:bc:a3:7e:87:a3:46:a6:17:e2:
         c7:07:a5:8a:b7:ca:c8:22:29:1a:2c:af:cc:f0:6d:0e:24:e9:
         53:8b:f6:fc:4c:25:70:12:09:23:fb:26:d7:b8:23:60:92:a5:
         a8:75:2d:c5:25:34:33:f1:4c:83:84:08:99:97:e2:03:1a:7d:
         fb:e3:07:6b:41:0f:3f:04:8b:e5:03:8f:be:5c:13:8e:31:65:
         85:8a:22:ac:d3:be:53:18:57:2e:c2:30:85:eb:6b:30:94:a4:
         a5:7e:d0:53:5e:ef:b1:c3:79:0c:a1:54:eb:12:c2:c5:76:28:
         9c:8a:d0:4b:97:79:7f:55:e7:e4:2e:93:7a:8b:13:dd:f7:d0:
         2e:c9:00:52:fa:e5:58:5d:20:25:ca:64:cb:51:70:2d:49:76:
         30:f5:83:f8:a7:7f:d1:27:20:7d:e1:cc:21:9f:7f:92:53:2f:
         03:26:48:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUc4TlS84SrNwZ8urvy4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxZWI3ZjliNTg5NTJiOWU4MGFmY2Y3YmJkYmEzMmIyNmEz
NGQwYTEwHhcNMjQwMTAxMTIzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjkzZThiNGU4MGI3ODQ4MThjMWExNmU1YzgzZWY4ZjgyN2ExM2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmg5Q1tM68/RgzdqiRK5qJU2akuTA
RvIabvi9yWbmSa2phkgQt7xMjl+JV0e7c2MfAVkLM2aBV6j+BY2ZLNfc+O1s/Hdt
so+Es6dYK9EnWLee/FA6IzbH758IQiry1dZ8Dc/w994gi7Q+DWPITQlDPY+xVe5L
nnUJVdjOSpVdFfjdAp6Bsvtf5zgwNfShw33/+F42+CVpdUrg9+OnQshLB1zkaEaa
LgoNAtMOCKt/P75QGAYD/7iFhvSaoJhISj3y8z+GGoOere5eH3XWjmaRczAFy3w+
2pWaPkNe5VX+zF++C1mRwhyEiWYldKreGcecWoQqIgKj/LD0Tx8PZxEsMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHaT6LToC3hIGMGhblyD74+CehP2MB8GA1UdIwQY
MBaAFCHrf5tYlSuegK/Pe726MrJqNNChMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWV0X20xaVZLNTZBcjg5N3Zib3lzbW8wMEtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9kNmRiNDYtODViMS00MjBjLThjZTct
ZjdkYWJiMGQyNzg3LzEvZHBQb3RPZ0xlRWdZd2FGdVhJUHZqNEo2RV9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9kNmRiNDYtODViMS00MjBjLThjZTctZjdkYWJiMGQyNzg3
LzEvSWV0X20xaVZLNTZBcjg5N3Zib3lzbW8wMEtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+6EMA0G
CSqGSIb3DQEBCwUAA4IBAQBrtZRvMVBznSqSGqe1uK+1fXjdbVvoBNbcY8bUzw9C
YKexevme1IADFcJG+q9hj8e8ssvq67LYp9izRb9nVhHN1Nuwrc5fAymMrzj9CYIR
1aK8o36Ho0amF+LHB6WKt8rIIikaLK/M8G0OJOlTi/b8TCVwEgkj+ybXuCNgkqWo
dS3FJTQz8UyDhAiZl+IDGn374wdrQQ8/BIvlA4++XBOOMWWFiiKs075TGFcuwjCF
62swlKSlftBTXu+xw3kMoVTrEsLFdiicitBLl3l/VefkLpN6ixPd99AuyQBS+uVY
XSAlymTLUXAtSXYw9YP4p3/RJyB94cwhn3+SUy8DJkhL
-----END CERTIFICATE-----