Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/1NbrHWDxB9nx-WZIehALBx5tYMs.roa
File:                     1NbrHWDxB9nx-WZIehALBx5tYMs.roa (raw, json)
Hash identifier:          byr4cP5NgOmBJ5NmdnKLJkjMbbf+dUAjWaUlmK3o4CY=
Subject key identifier:   D4:D6:EB:1D:60:F1:07:D9:F1:F9:66:48:7A:10:0B:07:1E:6D:60:CB
Certificate issuer:       /CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
Certificate serial:       018CC8DEED6B7B2F14AEE8F1C84622A7D39C
Authority key identifier: 6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/1NbrHWDxB9nx-WZIehALBx5tYMs.roa
Signing time:             Tue 02 Jan 2024 06:31:42 +0000
ROA not before:           Tue 02 Jan 2024 06:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210975
IP address blocks:        91.211.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 14:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:ed:6b:7b:2f:14:ae:e8:f1:c8:46:22:a7:d3:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
        Validity
            Not Before: Jan  2 06:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4d6eb1d60f107d9f1f966487a100b071e6d60cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:84:fa:a3:cc:64:c6:a1:eb:82:36:7b:25:d1:
                    30:a9:9d:f1:7a:77:29:fd:e9:47:c7:6e:7a:4e:18:
                    f8:58:c1:95:d9:a9:f2:b6:6d:df:ab:2c:29:d3:a9:
                    73:ae:36:f6:12:32:16:df:71:86:61:0a:d7:76:2b:
                    60:40:2f:51:4d:5c:ca:5a:0f:72:92:3a:1a:e5:00:
                    a5:2f:fc:7f:cb:d5:6c:b3:53:dd:c0:ef:b8:5d:c1:
                    db:15:09:44:4b:4c:18:d3:8c:4f:41:32:2f:e2:6c:
                    06:92:0a:eb:f8:1b:d3:14:02:27:88:fb:4b:87:7e:
                    9d:41:8e:f6:05:32:b6:0a:80:fa:aa:ad:5f:c8:c1:
                    2f:9c:c8:cb:d8:c5:cc:3c:80:89:65:4b:e6:fb:6f:
                    8d:2c:07:52:09:3a:c1:98:bb:05:de:17:ce:d7:f2:
                    f4:5d:f5:9c:62:28:b6:20:9a:8a:50:80:76:27:b1:
                    33:d3:b3:51:60:51:53:2c:06:9d:1d:d8:a8:6e:34:
                    25:fc:a5:54:6d:db:10:22:df:10:5a:13:0b:47:fe:
                    92:e7:1c:1b:a9:51:8d:c3:57:58:c0:e6:eb:8b:18:
                    ac:b5:08:8f:bd:f2:09:f9:8e:64:02:e1:1e:1d:d7:
                    ac:4e:69:ad:8f:83:bd:c7:31:47:e4:10:bc:ce:03:
                    72:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:D6:EB:1D:60:F1:07:D9:F1:F9:66:48:7A:10:0B:07:1E:6D:60:CB
            X509v3 Authority Key Identifier:
                keyid:6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/1NbrHWDxB9nx-WZIehALBx5tYMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:0b:c1:e3:4d:6e:cd:ce:df:1f:8d:72:b2:34:ee:8f:d6:96:
         1d:ea:b5:ba:22:79:88:3d:e8:c1:52:65:c9:c1:7a:5d:0f:9b:
         82:b9:77:96:be:d6:34:13:ad:39:07:ef:cf:76:dc:ab:78:0e:
         75:8e:ff:c4:17:38:ec:62:d8:8e:73:70:3b:08:c4:ed:c3:6d:
         dd:0e:bf:b8:81:71:6b:f6:99:ec:e1:73:94:b6:bf:02:b5:47:
         b5:54:55:65:37:37:9d:3a:3f:a7:4a:54:f2:48:e7:48:05:d9:
         e8:a3:9c:3f:81:2e:f5:eb:a4:2e:2b:11:51:24:af:68:ef:65:
         a7:05:2b:c3:19:9c:45:cb:02:92:0b:5f:ab:64:62:c9:a0:fc:
         82:50:cc:70:b9:54:df:cd:8d:de:46:64:aa:ff:c9:24:bf:bd:
         11:6f:cd:62:12:a1:e5:12:76:0c:51:7c:5b:1e:a5:ed:2b:96:
         c0:b5:30:ae:aa:6c:84:d0:2e:0c:e3:c5:e9:8f:bb:ff:37:7e:
         7c:23:b1:b0:44:5a:5b:ba:0f:76:83:43:94:52:f6:8a:cc:f3:
         8c:af:f0:95:93:b4:e1:18:e3:83:e7:95:f4:cf:2c:3b:dc:16:
         7e:8d:35:08:c3:d4:b7:79:2f:e0:de:fc:63:ff:d1:cb:87:ce:
         97:9e:8b:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3u1rey8UrujxyEYip9OcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZTk3Y2Y0ZDhkMGJjMTdiM2FmMWQ2MmM0ZDcxNDg4NjYx
YmQyMTIwHhcNMjQwMTAyMDYzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGQ2ZWIxZDYwZjEwN2Q5ZjFmOTY2NDg3YTEwMGIwNzFlNmQ2MGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYT6o8xkxqHrgjZ7JdEwqZ3xencp
/elHx256Thj4WMGV2anytm3fqywp06lzrjb2EjIW33GGYQrXditgQC9RTVzKWg9y
kjoa5QClL/x/y9Vss1PdwO+4XcHbFQlES0wY04xPQTIv4mwGkgrr+BvTFAIniPtL
h36dQY72BTK2CoD6qq1fyMEvnMjL2MXMPICJZUvm+2+NLAdSCTrBmLsF3hfO1/L0
XfWcYii2IJqKUIB2J7Ez07NRYFFTLAadHdiobjQl/KVUbdsQIt8QWhMLR/6S5xwb
qVGNw1dYwObrixistQiPvfIJ+Y5kAuEeHdesTmmtj4O9xzFH5BC8zgNyLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNTW6x1g8QfZ8flmSHoQCwcebWDLMB8GA1UdIwQY
MBaAFGzpfPTY0LwXs68dYsTXFIhmG9ISMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMt
Mzk5M2FhMzI0ZTFmLzEvMU5ickhXRHhCOW54LVdaSWVoQUxCeDV0WU1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMtMzk5M2FhMzI0ZTFm
LzEvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9N5MA0G
CSqGSIb3DQEBCwUAA4IBAQATC8HjTW7Nzt8fjXKyNO6P1pYd6rW6InmIPejBUmXJ
wXpdD5uCuXeWvtY0E605B+/PdtyreA51jv/EFzjsYtiOc3A7CMTtw23dDr+4gXFr
9pns4XOUtr8CtUe1VFVlNzedOj+nSlTySOdIBdnoo5w/gS7166QuKxFRJK9o72Wn
BSvDGZxFywKSC1+rZGLJoPyCUMxwuVTfzY3eRmSq/8kkv70Rb81iEqHlEnYMUXxb
HqXtK5bAtTCuqmyE0C4M48Xpj7v/N358I7GwRFpbug92g0OUUvaKzPOMr/CVk7Th
GOOD55X0zyw73BZ+jTUIw9S3eS/g3vxj/9HLh86Xnov1
-----END CERTIFICATE-----