Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/8e7054-fd50-4f91-9cc7-264f0cc5ff80/1/gUPmdBy-5QiaX_PD5fK-8wh94kA.roa
File:                     gUPmdBy-5QiaX_PD5fK-8wh94kA.roa (raw, json)
Hash identifier:          Li4iFmdLZQqvw0BOnxnDaDJElBd0sx3DM63e/c+cDSM=
Subject key identifier:   81:43:E6:74:1C:BE:E5:08:9A:5F:F3:C3:E5:F2:BE:F3:08:7D:E2:40
Certificate issuer:       /CN=1aae75a26ccf8621222816a471ccb7c0d5e716e2
Certificate serial:       0191A33E6CDDA2DFEFDF9FD883653BFAB62B
Authority key identifier: 1A:AE:75:A2:6C:CF:86:21:22:28:16:A4:71:CC:B7:C0:D5:E7:16:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gq51omzPhiEiKBakccy3wNXnFuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/8e7054-fd50-4f91-9cc7-264f0cc5ff80/1/gUPmdBy-5QiaX_PD5fK-8wh94kA.roa
Signing time:             Fri 30 Aug 2024 12:24:22 +0000
ROA not before:           Fri 30 Aug 2024 12:24:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211691
IP address blocks:        91.195.22.0/24 maxlen: 24
                          91.195.23.0/24 maxlen: 24
                          2001:67c:2fe4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/8e7054-fd50-4f91-9cc7-264f0cc5ff80/1/Gq51omzPhiEiKBakccy3wNXnFuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/8e7054-fd50-4f91-9cc7-264f0cc5ff80/1/Gq51omzPhiEiKBakccy3wNXnFuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gq51omzPhiEiKBakccy3wNXnFuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a3:3e:6c:dd:a2:df:ef:df:9f:d8:83:65:3b:fa:b6:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aae75a26ccf8621222816a471ccb7c0d5e716e2
        Validity
            Not Before: Aug 30 12:24:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8143e6741cbee5089a5ff3c3e5f2bef3087de240
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:1c:65:3d:42:c1:0e:c6:6c:37:53:f1:da:60:
                    40:93:c9:1f:a3:2e:8d:e6:87:e8:5d:77:09:e5:86:
                    50:52:d6:12:6d:53:5a:b5:69:2a:f7:de:12:87:5d:
                    cd:e1:a5:9c:fd:e5:79:37:e0:3b:79:f3:8d:32:24:
                    01:4b:5c:bb:0d:b5:8d:15:75:93:bb:37:ac:3e:4a:
                    cd:2a:43:fa:b6:e5:5a:67:60:88:1f:ac:52:36:48:
                    97:3c:81:f7:2c:88:55:f2:47:ee:17:3d:0b:cf:21:
                    0e:9e:8b:ad:26:6d:8d:fa:3a:ab:16:7d:1a:56:77:
                    9e:49:79:ee:5d:24:62:69:79:87:2b:a2:7f:ac:6d:
                    83:64:4e:c8:62:65:03:75:31:3d:ea:95:77:dd:8a:
                    b2:b3:dc:ae:25:64:fb:9c:b7:03:53:11:73:84:df:
                    54:9b:0b:b4:9a:b5:78:07:e2:77:81:f1:fe:46:ec:
                    78:41:e2:6f:4c:9c:cd:fe:74:81:e7:42:12:c9:c2:
                    54:ac:a8:ce:9b:a4:a3:e4:a5:61:86:db:48:f4:93:
                    c9:96:2a:ae:17:30:9c:43:81:67:5f:bc:31:22:72:
                    c0:d0:a1:65:96:f9:9d:67:f2:cd:ab:d8:92:e1:36:
                    7d:a1:9d:11:eb:5b:88:e6:7e:da:88:1a:8f:f6:6a:
                    5c:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:43:E6:74:1C:BE:E5:08:9A:5F:F3:C3:E5:F2:BE:F3:08:7D:E2:40
            X509v3 Authority Key Identifier:
                keyid:1A:AE:75:A2:6C:CF:86:21:22:28:16:A4:71:CC:B7:C0:D5:E7:16:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gq51omzPhiEiKBakccy3wNXnFuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/8e7054-fd50-4f91-9cc7-264f0cc5ff80/1/gUPmdBy-5QiaX_PD5fK-8wh94kA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/8e7054-fd50-4f91-9cc7-264f0cc5ff80/1/Gq51omzPhiEiKBakccy3wNXnFuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.22.0/23
                IPv6:
                  2001:67c:2fe4::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:e9:48:20:5e:fe:10:74:90:0f:c6:d5:53:d0:db:1f:e5:1e:
         80:2d:d2:fd:99:c3:61:18:05:3a:7c:3d:80:8a:f2:66:29:1c:
         9d:d3:86:26:16:db:66:b4:20:4e:0a:0a:6a:60:37:89:88:ae:
         9f:49:87:61:e3:d7:37:b0:ca:da:c4:31:e3:9e:66:66:06:71:
         82:74:bf:39:f4:24:d5:7e:83:76:d7:35:e9:80:90:81:66:d3:
         a1:0b:cc:b1:d8:58:9f:06:30:9f:47:41:f0:15:5c:19:36:82:
         73:d9:37:b9:82:74:cf:ae:83:d2:0c:c8:13:ae:1e:b9:92:7b:
         8a:03:0d:c1:80:81:87:5c:d7:cf:bf:1e:33:54:a5:d2:e5:c4:
         f8:61:38:5d:de:4b:15:35:24:bd:14:0f:35:8f:ac:41:b7:19:
         4a:b7:bb:26:76:55:a3:2a:d1:d3:a7:80:d5:98:5a:41:55:6f:
         ac:ac:4c:0b:52:d9:68:e5:9f:f4:80:0e:68:f1:98:0d:13:42:
         2e:0d:fe:c8:8e:74:8c:2b:d5:fe:c4:27:f7:32:20:63:51:75:
         1c:60:c0:b5:2c:a3:bd:4b:00:49:ca:be:6d:8b:7f:1d:a8:24:
         b2:ff:76:ff:9f:99:4e:b7:67:2f:9f:0e:4c:3f:0d:4e:4f:d9:
         e8:5f:d5:90
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZGjPmzdot/v35/Yg2U7+rYrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhYWU3NWEyNmNjZjg2MjEyMjI4MTZhNDcxY2NiN2MwZDVl
NzE2ZTIwHhcNMjQwODMwMTIyNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTQzZTY3NDFjYmVlNTA4OWE1ZmYzYzNlNWYyYmVmMzA4N2RlMjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRxlPULBDsZsN1Px2mBAk8kfoy6N
5ofoXXcJ5YZQUtYSbVNatWkq994Sh13N4aWc/eV5N+A7efONMiQBS1y7DbWNFXWT
uzesPkrNKkP6tuVaZ2CIH6xSNkiXPIH3LIhV8kfuFz0LzyEOnoutJm2N+jqrFn0a
VneeSXnuXSRiaXmHK6J/rG2DZE7IYmUDdTE96pV33Yqys9yuJWT7nLcDUxFzhN9U
mwu0mrV4B+J3gfH+Rux4QeJvTJzN/nSB50ISycJUrKjOm6Sj5KVhhttI9JPJliqu
FzCcQ4FnX7wxInLA0KFllvmdZ/LNq9iS4TZ9oZ0R61uI5n7aiBqP9mpcfQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIFD5nQcvuUIml/zw+XyvvMIfeJAMB8GA1UdIwQY
MBaAFBqudaJsz4YhIigWpHHMt8DV5xbiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3E1MW9telBoaUVpS0Jha2NjeTN3TlhuRnVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy84ZTcwNTQtZmQ1MC00ZjkxLTljYzct
MjY0ZjBjYzVmZjgwLzEvZ1VQbWRCeS01UWlhWF9QRDVmSy04d2g5NGtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy84ZTcwNTQtZmQ1MC00ZjkxLTljYzctMjY0ZjBjYzVmZjgw
LzEvR3E1MW9telBoaUVpS0Jha2NjeTN3TlhuRnVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBW8MWMA8E
AgACMAkDBwAgAQZ8L+QwDQYJKoZIhvcNAQELBQADggEBAAbpSCBe/hB0kA/G1VPQ
2x/lHoAt0v2Zw2EYBTp8PYCK8mYpHJ3ThiYW22a0IE4KCmpgN4mIrp9Jh2Hj1zew
ytrEMeOeZmYGcYJ0vzn0JNV+g3bXNemAkIFm06ELzLHYWJ8GMJ9HQfAVXBk2gnPZ
N7mCdM+ug9IMyBOuHrmSe4oDDcGAgYdc18+/HjNUpdLlxPhhOF3eSxU1JL0UDzWP
rEG3GUq3uyZ2VaMq0dOngNWYWkFVb6ysTAtS2Wjln/SADmjxmA0TQi4N/siOdIwr
1f7EJ/cyIGNRdRxgwLUso71LAEnKvm2Lfx2oJLL/dv+fmU63Zy+fDkw/DU5P2ehf
1ZA=
-----END CERTIFICATE-----