Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/wZ5uWw9B78ff6Z3oAWHb7uxgxrw.roa
File:                     wZ5uWw9B78ff6Z3oAWHb7uxgxrw.roa (raw, json)
Hash identifier:          E6tXbN2Z9yjXPnVfDBxsoWwmtzY95lDQN4GCzWjIJIM=
Subject key identifier:   C1:9E:6E:5B:0F:41:EF:C7:DF:E9:9D:E8:01:61:DB:EE:EC:60:C6:BC
Certificate issuer:       /CN=9faf0bf93fc4381fff7e7aa86b4076c033242ffa
Certificate serial:       018F19171176813B77F404E9AC113FD70E49
Authority key identifier: 9F:AF:0B:F9:3F:C4:38:1F:FF:7E:7A:A8:6B:40:76:C0:33:24:2F:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n68L-T_EOB__fnqoa0B2wDMkL_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/wZ5uWw9B78ff6Z3oAWHb7uxgxrw.roa
Signing time:             Fri 26 Apr 2024 06:28:13 +0000
ROA not before:           Fri 26 Apr 2024 06:28:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        185.91.205.0/24 maxlen: 24
                          185.91.206.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/n68L-T_EOB__fnqoa0B2wDMkL_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/n68L-T_EOB__fnqoa0B2wDMkL_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n68L-T_EOB__fnqoa0B2wDMkL_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 06:28:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:19:17:11:76:81:3b:77:f4:04:e9:ac:11:3f:d7:0e:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9faf0bf93fc4381fff7e7aa86b4076c033242ffa
        Validity
            Not Before: Apr 26 06:28:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c19e6e5b0f41efc7dfe99de80161dbeeec60c6bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:67:23:80:b6:11:46:bf:61:3f:3d:b0:a2:15:
                    e6:3f:1b:52:ba:09:be:ea:5a:87:e6:5d:f2:aa:59:
                    28:a7:27:b0:2f:45:9b:90:33:12:28:0f:d2:87:1a:
                    4c:04:8c:65:d0:64:f3:32:a3:86:5e:f7:3f:bf:44:
                    e4:ee:ab:46:02:7a:79:12:ac:e9:42:05:c1:5e:2e:
                    44:9d:19:93:f1:9f:4d:87:be:84:a8:02:1d:5f:70:
                    b4:74:33:bc:3a:c0:5f:1e:d0:6f:f2:51:13:ea:f3:
                    e2:e0:24:14:7f:0c:fa:74:d5:67:37:54:06:b0:d0:
                    cc:b0:94:03:b2:91:60:fe:8b:65:f8:34:74:06:6b:
                    64:eb:fc:45:7e:d8:fb:12:6c:e1:0d:ac:0f:2a:e5:
                    d9:34:ac:00:df:26:7f:bb:aa:23:74:36:86:89:cb:
                    8d:3b:0f:a1:e8:d0:a2:40:68:19:5d:48:72:e2:68:
                    80:72:7b:de:fd:eb:b6:6d:85:0d:6f:af:87:1d:0a:
                    2f:e6:cf:7c:27:26:9b:52:65:8c:53:53:5c:ab:93:
                    d7:0d:f4:cb:eb:95:8e:f2:e6:38:46:d1:64:0b:55:
                    17:13:a4:f3:d6:eb:04:86:93:92:bc:e9:5b:08:eb:
                    05:da:86:73:a6:c4:7f:05:76:11:b0:3d:cc:4d:ed:
                    4a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:9E:6E:5B:0F:41:EF:C7:DF:E9:9D:E8:01:61:DB:EE:EC:60:C6:BC
            X509v3 Authority Key Identifier:
                keyid:9F:AF:0B:F9:3F:C4:38:1F:FF:7E:7A:A8:6B:40:76:C0:33:24:2F:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n68L-T_EOB__fnqoa0B2wDMkL_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/wZ5uWw9B78ff6Z3oAWHb7uxgxrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/n68L-T_EOB__fnqoa0B2wDMkL_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.205.0-185.91.207.255

    Signature Algorithm: sha256WithRSAEncryption
         92:b7:b8:b2:e6:7e:54:71:8f:5e:cb:6e:a9:c0:99:1e:55:11:
         73:d5:ba:45:fd:80:e0:04:32:f3:f9:cc:8d:bd:2e:86:72:3a:
         60:ab:50:05:7a:e3:e4:7c:3d:0a:55:6e:77:4a:a2:f9:d5:64:
         39:84:41:c9:0f:f0:2f:22:a2:23:ca:ee:8f:33:65:d4:48:0e:
         a2:3e:3f:00:9e:85:19:be:0a:25:ce:e2:ea:c9:37:a7:26:61:
         1b:2d:35:8e:94:44:59:e6:df:10:8c:73:06:6b:2b:b9:99:76:
         6b:2a:35:8d:01:b1:9c:36:76:5e:1a:84:67:1a:c2:65:17:0f:
         64:df:72:94:a2:a0:8b:7a:47:57:1c:d8:a5:ce:ca:d7:63:28:
         0a:d5:d8:7c:1b:75:f6:9f:98:3a:38:82:54:1d:98:53:c2:c1:
         ca:ba:94:9e:41:c0:34:93:77:af:f6:97:4b:64:0f:56:f0:88:
         e2:57:af:f6:b5:38:bb:85:80:a1:a0:45:85:95:d6:b4:74:a1:
         9f:28:c1:87:e0:ed:0e:94:9c:d1:ce:f0:48:d9:ab:cd:91:ba:
         e2:5f:b8:19:a3:5c:46:7d:09:42:f1:d0:3d:2c:4d:92:f8:94:
         af:a2:2a:95:0d:93:19:9d:ef:b3:86:ef:4b:22:8f:f6:09:5c:
         60:c1:db:00
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY8ZFxF2gTt39ATprBE/1w5JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYWYwYmY5M2ZjNDM4MWZmZjdlN2FhODZiNDA3NmMwMzMy
NDJmZmEwHhcNMjQwNDI2MDYyODEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTllNmU1YjBmNDFlZmM3ZGZlOTlkZTgwMTYxZGJlZWVjNjBjNmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWcjgLYRRr9hPz2wohXmPxtSugm+
6lqH5l3yqlkopyewL0WbkDMSKA/ShxpMBIxl0GTzMqOGXvc/v0Tk7qtGAnp5Eqzp
QgXBXi5EnRmT8Z9Nh76EqAIdX3C0dDO8OsBfHtBv8lET6vPi4CQUfwz6dNVnN1QG
sNDMsJQDspFg/otl+DR0Bmtk6/xFftj7EmzhDawPKuXZNKwA3yZ/u6ojdDaGicuN
Ow+h6NCiQGgZXUhy4miAcnve/eu2bYUNb6+HHQov5s98JyabUmWMU1Ncq5PXDfTL
65WO8uY4RtFkC1UXE6Tz1usEhpOSvOlbCOsF2oZzpsR/BXYRsD3MTe1KXQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMGeblsPQe/H3+md6AFh2+7sYMa8MB8GA1UdIwQY
MBaAFJ+vC/k/xDgf/356qGtAdsAzJC/6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjY4TC1UX0VPQl9fZm5xb2EwQjJ3RE1rTF9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9hNGZmMzMtYjI5MC00MzA3LWFmYzgt
ZjUyMGE3ZDcxZWY1LzEvd1o1dVd3OUI3OGZmNlozb0FXSGI3dXhneHJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9hNGZmMzMtYjI5MC00MzA3LWFmYzgtZjUyMGE3ZDcxZWY1
LzEvbjY4TC1UX0VPQl9fZm5xb2EwQjJ3RE1rTF9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5W80D
BAS5W8AwDQYJKoZIhvcNAQELBQADggEBAJK3uLLmflRxj17LbqnAmR5VEXPVukX9
gOAEMvP5zI29LoZyOmCrUAV64+R8PQpVbndKovnVZDmEQckP8C8ioiPK7o8zZdRI
DqI+PwCehRm+CiXO4urJN6cmYRstNY6URFnm3xCMcwZrK7mZdmsqNY0BsZw2dl4a
hGcawmUXD2TfcpSioIt6R1cc2KXOytdjKArV2HwbdfafmDo4glQdmFPCwcq6lJ5B
wDSTd6/2l0tkD1bwiOJXr/a1OLuFgKGgRYWV1rR0oZ8owYfg7Q6UnNHO8EjZq82R
uuJfuBmjXEZ9CULx0D0sTZL4lK+iKpUNkxmd77OG70sij/YJXGDB2wA=
-----END CERTIFICATE-----