Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/8efd2e-692c-4f47-b749-4f36c6a20c0e/1/aintJUALDu3VNdI5FZrqq7POmDs.roa
File:                     aintJUALDu3VNdI5FZrqq7POmDs.roa (raw, json)
Hash identifier:          mj7YasbQYd61535r+SpnUF5CLFXcYfEXQMYXX6U7LoQ=
Subject key identifier:   6A:29:ED:25:40:0B:0E:ED:D5:35:D2:39:15:9A:EA:AB:B3:CE:98:3B
Certificate issuer:       /CN=2c0ac8d3690511203a31ef785e6d1c44392ca28b
Certificate serial:       018CC9BCA955D1431243F02ABB5352F4CC6C
Authority key identifier: 2C:0A:C8:D3:69:05:11:20:3A:31:EF:78:5E:6D:1C:44:39:2C:A2:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LArI02kFESA6Me94Xm0cRDksoos.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/8efd2e-692c-4f47-b749-4f36c6a20c0e/1/aintJUALDu3VNdI5FZrqq7POmDs.roa
Signing time:             Tue 02 Jan 2024 10:33:53 +0000
ROA not before:           Tue 02 Jan 2024 10:33:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31027
IP address blocks:        91.212.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/8efd2e-692c-4f47-b749-4f36c6a20c0e/1/LArI02kFESA6Me94Xm0cRDksoos.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/8efd2e-692c-4f47-b749-4f36c6a20c0e/1/LArI02kFESA6Me94Xm0cRDksoos.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LArI02kFESA6Me94Xm0cRDksoos.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:a9:55:d1:43:12:43:f0:2a:bb:53:52:f4:cc:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c0ac8d3690511203a31ef785e6d1c44392ca28b
        Validity
            Not Before: Jan  2 10:33:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a29ed25400b0eedd535d239159aeaabb3ce983b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ee:7d:89:22:c9:bd:e7:ea:b6:11:38:ea:e1:
                    73:d7:5b:5f:5a:51:5a:c2:86:7d:0d:ce:b9:90:9c:
                    80:8a:7c:ce:ba:b9:ff:f2:84:f3:c8:a6:79:13:a7:
                    6d:3c:30:0f:e4:10:c5:a0:89:94:81:6a:45:95:b9:
                    74:29:4c:de:5a:1b:87:66:41:3e:11:bc:1b:0b:8d:
                    4f:5e:ab:2d:9f:2a:2d:ae:19:42:71:4a:01:7b:dd:
                    27:e4:39:6d:99:68:29:b8:f8:c8:d6:d7:8a:d1:8d:
                    8d:ce:23:50:9a:d7:4a:c4:e2:7d:d1:1d:7f:e2:38:
                    77:c2:77:5f:8e:e4:0e:72:41:b8:60:58:95:07:bf:
                    31:15:d4:ca:d8:91:74:53:50:33:21:13:64:8b:a8:
                    26:14:9a:96:3c:fd:f6:ce:8c:6f:4b:2b:fa:3c:bc:
                    25:c4:8c:bd:3a:0c:b6:cc:9e:a3:36:91:56:ed:64:
                    cc:f6:cf:90:55:c2:4c:86:f1:dd:d5:01:00:75:d7:
                    3a:ff:bd:e3:8f:3a:b6:6f:d4:fe:e2:11:55:91:d6:
                    c6:6f:f1:27:5f:5a:9d:71:8d:d7:f3:10:61:1c:1b:
                    2a:f4:e6:7d:87:16:d2:12:59:17:82:1e:f8:88:e0:
                    e3:f9:73:86:3a:90:ac:f8:54:09:60:7b:8b:fb:d1:
                    90:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:29:ED:25:40:0B:0E:ED:D5:35:D2:39:15:9A:EA:AB:B3:CE:98:3B
            X509v3 Authority Key Identifier:
                keyid:2C:0A:C8:D3:69:05:11:20:3A:31:EF:78:5E:6D:1C:44:39:2C:A2:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LArI02kFESA6Me94Xm0cRDksoos.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/8efd2e-692c-4f47-b749-4f36c6a20c0e/1/aintJUALDu3VNdI5FZrqq7POmDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/8efd2e-692c-4f47-b749-4f36c6a20c0e/1/LArI02kFESA6Me94Xm0cRDksoos.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:06:8a:c0:a3:e1:30:e8:a0:a3:18:5c:d5:ea:23:c6:6b:0b:
         f6:54:63:aa:01:df:22:bc:cb:8b:b3:11:cf:cd:e2:df:b6:ef:
         fb:e0:31:fb:4c:2c:1d:0f:6d:e0:42:7b:ff:eb:73:02:06:7b:
         0b:6c:9c:06:34:c8:31:d0:e1:60:03:dc:a5:08:b6:17:91:86:
         d2:aa:d9:02:0c:a3:2b:7f:ab:44:e7:d9:18:b5:25:8c:ea:40:
         72:a3:6f:87:ef:b9:7d:73:9b:8f:0c:21:9e:7f:b1:9e:ff:92:
         5d:dd:e6:68:26:85:ae:94:27:9c:41:b9:6a:17:be:48:bf:68:
         0a:10:81:aa:52:13:0a:a7:e2:84:d3:7a:4b:a3:20:e1:b4:88:
         77:b8:0d:1d:06:ca:16:05:df:03:f3:26:0b:65:37:b5:87:ef:
         49:98:5e:d7:8f:05:f6:9b:c7:4f:67:52:17:34:05:4e:0f:e5:
         b6:b1:4d:0d:23:2b:a9:86:bf:ad:7e:89:27:10:64:03:50:b2:
         aa:4e:d7:ed:8a:a5:55:5d:12:73:bd:e8:eb:43:86:6b:42:11:
         ad:f5:d6:88:06:d8:7e:c8:f5:4c:fa:e8:6d:1f:df:f0:b8:4a:
         bb:77:84:a8:72:98:97:e9:78:1d:18:bd:38:d5:f7:ec:c3:0d:
         60:6e:ad:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvKlV0UMSQ/Aqu1NS9MxsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMGFjOGQzNjkwNTExMjAzYTMxZWY3ODVlNmQxYzQ0Mzky
Y2EyOGIwHhcNMjQwMTAyMTAzMzUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTI5ZWQyNTQwMGIwZWVkZDUzNWQyMzkxNTlhZWFhYmIzY2U5ODNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnO59iSLJvefqthE46uFz11tfWlFa
woZ9Dc65kJyAinzOurn/8oTzyKZ5E6dtPDAP5BDFoImUgWpFlbl0KUzeWhuHZkE+
EbwbC41PXqstnyotrhlCcUoBe90n5DltmWgpuPjI1teK0Y2NziNQmtdKxOJ90R1/
4jh3wndfjuQOckG4YFiVB78xFdTK2JF0U1AzIRNki6gmFJqWPP32zoxvSyv6PLwl
xIy9Ogy2zJ6jNpFW7WTM9s+QVcJMhvHd1QEAddc6/73jjzq2b9T+4hFVkdbGb/En
X1qdcY3X8xBhHBsq9OZ9hxbSElkXgh74iODj+XOGOpCs+FQJYHuL+9GQGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGop7SVACw7t1TXSORWa6quzzpg7MB8GA1UdIwQY
MBaAFCwKyNNpBREgOjHveF5tHEQ5LKKLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEFySTAya0ZFU0E2TWU5NFhtMGNSRGtzb29zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi84ZWZkMmUtNjkyYy00ZjQ3LWI3NDkt
NGYzNmM2YTIwYzBlLzEvYWludEpVQUxEdTNWTmRJNUZacnFxN1BPbURzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi84ZWZkMmUtNjkyYy00ZjQ3LWI3NDktNGYzNmM2YTIwYzBl
LzEvTEFySTAya0ZFU0E2TWU5NFhtMGNSRGtzb29zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9SBMA0G
CSqGSIb3DQEBCwUAA4IBAQBpBorAo+Ew6KCjGFzV6iPGawv2VGOqAd8ivMuLsxHP
zeLftu/74DH7TCwdD23gQnv/63MCBnsLbJwGNMgx0OFgA9ylCLYXkYbSqtkCDKMr
f6tE59kYtSWM6kByo2+H77l9c5uPDCGef7Ge/5Jd3eZoJoWulCecQblqF75Iv2gK
EIGqUhMKp+KE03pLoyDhtIh3uA0dBsoWBd8D8yYLZTe1h+9JmF7XjwX2m8dPZ1IX
NAVOD+W2sU0NIyuphr+tfoknEGQDULKqTtftiqVVXRJzvejrQ4ZrQhGt9daIBth+
yPVM+uhtH9/wuEq7d4SocpiX6XgdGL041ffsww1gbq08
-----END CERTIFICATE-----