Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/dca257-d163-4ed9-94ad-c170091283eb/1/0J_dUh6TpGtMUDikNeOOc5ZHD-Q.roa
File:                     0J_dUh6TpGtMUDikNeOOc5ZHD-Q.roa (raw, json)
Hash identifier:          kRwbqil5gaJUEpmxx2V5nQxT8HTzRv15QNTH5kEURlA=
Subject key identifier:   D0:9F:DD:52:1E:93:A4:6B:4C:50:38:A4:35:E3:8E:73:96:47:0F:E4
Certificate issuer:       /CN=561c7ccc52376787374092eafac2623e0571a81e
Certificate serial:       018CC94E2B0009F93561706712509C7C805C
Authority key identifier: 56:1C:7C:CC:52:37:67:87:37:40:92:EA:FA:C2:62:3E:05:71:A8:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vhx8zFI3Z4c3QJLq-sJiPgVxqB4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/dca257-d163-4ed9-94ad-c170091283eb/1/0J_dUh6TpGtMUDikNeOOc5ZHD-Q.roa
Signing time:             Tue 02 Jan 2024 08:33:12 +0000
ROA not before:           Tue 02 Jan 2024 08:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211332
IP address blocks:        91.233.183.0/24 maxlen: 24
                          2a0d:c140::/29 maxlen: 29
                          2a09:f140::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/dca257-d163-4ed9-94ad-c170091283eb/1/Vhx8zFI3Z4c3QJLq-sJiPgVxqB4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/dca257-d163-4ed9-94ad-c170091283eb/1/Vhx8zFI3Z4c3QJLq-sJiPgVxqB4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vhx8zFI3Z4c3QJLq-sJiPgVxqB4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:2b:00:09:f9:35:61:70:67:12:50:9c:7c:80:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=561c7ccc52376787374092eafac2623e0571a81e
        Validity
            Not Before: Jan  2 08:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d09fdd521e93a46b4c5038a435e38e7396470fe4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:87:f9:a1:de:46:a1:f5:4d:38:00:35:be:6f:
                    73:29:49:73:8f:14:5d:98:2d:b7:a6:3a:3d:aa:20:
                    f9:68:98:4b:3e:64:78:03:6c:34:bd:d1:31:63:3b:
                    91:26:02:9a:01:c5:7e:04:ec:59:96:4c:ff:3a:af:
                    96:45:4a:24:8b:7c:c9:e5:cd:df:8e:90:24:cc:01:
                    ae:54:be:dc:f1:91:74:90:bd:3f:cd:01:ef:f1:21:
                    e3:80:68:bb:c7:ea:44:22:96:7b:57:77:1d:bc:3a:
                    d8:1f:d6:07:22:3e:1f:3b:f3:2a:9f:c7:b0:bf:d4:
                    48:3d:df:5f:52:3b:b4:eb:90:f0:9d:b6:fd:0c:02:
                    4d:fc:80:9e:6a:64:f8:7e:d4:05:c9:eb:20:1b:7d:
                    0d:de:c0:02:39:ff:5a:8d:1d:37:af:6d:33:8c:b5:
                    ff:52:79:88:00:30:cc:01:3b:c5:bb:73:ef:a7:cf:
                    e0:b3:64:fd:31:f9:cb:b2:86:b6:4f:cb:2c:36:3d:
                    8d:e7:d4:1e:6a:78:f5:e5:ae:0f:1a:b7:ab:91:a4:
                    87:05:17:6f:d5:6f:52:55:c0:fc:36:fb:b5:ee:dd:
                    bf:d8:f0:35:6e:f2:b3:80:bf:a9:65:eb:16:34:b3:
                    58:6e:2a:0b:d1:02:b4:b5:84:a9:c4:f2:ad:e3:37:
                    fd:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:9F:DD:52:1E:93:A4:6B:4C:50:38:A4:35:E3:8E:73:96:47:0F:E4
            X509v3 Authority Key Identifier:
                keyid:56:1C:7C:CC:52:37:67:87:37:40:92:EA:FA:C2:62:3E:05:71:A8:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vhx8zFI3Z4c3QJLq-sJiPgVxqB4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/dca257-d163-4ed9-94ad-c170091283eb/1/0J_dUh6TpGtMUDikNeOOc5ZHD-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/dca257-d163-4ed9-94ad-c170091283eb/1/Vhx8zFI3Z4c3QJLq-sJiPgVxqB4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.183.0/24
                IPv6:
                  2a09:f140::/29
                  2a0d:c140::/29

    Signature Algorithm: sha256WithRSAEncryption
         29:f5:07:7e:05:84:96:3f:b4:09:df:2e:16:74:fe:0e:20:d5:
         b8:2b:b6:4d:6f:aa:12:73:37:06:c8:56:b6:33:26:54:e9:f4:
         26:fc:a5:b8:bd:c5:54:2c:d8:af:46:45:8e:f6:79:20:0b:8a:
         05:50:2c:45:7c:b8:36:22:41:ab:32:4a:23:63:72:07:d5:d8:
         8e:3f:d3:4f:e5:8e:a7:a5:ad:6c:46:75:57:bd:e8:e3:9b:19:
         36:f1:37:2f:f3:a9:6e:08:04:97:b9:d2:4c:65:e2:b5:9f:5e:
         0f:eb:b2:04:17:c0:b9:d7:fc:9e:af:73:94:a1:e1:22:f1:79:
         81:f9:74:98:5e:da:5b:e2:fb:e1:2f:1e:fb:35:a9:e5:b4:ea:
         b9:a2:e5:05:43:8a:a8:91:a3:53:5b:d9:c7:d1:eb:7d:a8:9d:
         37:fa:fa:eb:8d:38:07:a7:5c:66:9d:d9:f8:4f:75:5a:66:20:
         a1:bf:a9:a2:54:23:01:8c:9e:3e:9e:99:90:fa:8d:84:10:54:
         83:6b:2f:e7:68:ac:04:ae:e3:b3:74:c6:36:27:d9:09:e2:34:
         20:ee:a8:45:49:2e:9b:a8:8d:4e:a5:cf:87:5e:45:97:6b:cc:
         01:68:5c:8c:09:ad:c4:ef:ed:09:70:fa:3e:88:30:da:c5:83:
         d8:cc:c0:d7
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzJTisACfk1YXBnElCcfIBcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2MWM3Y2NjNTIzNzY3ODczNzQwOTJlYWZhYzI2MjNlMDU3
MWE4MWUwHhcNMjQwMTAyMDgzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDlmZGQ1MjFlOTNhNDZiNGM1MDM4YTQzNWUzOGU3Mzk2NDcwZmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgof5od5GofVNOAA1vm9zKUlzjxRd
mC23pjo9qiD5aJhLPmR4A2w0vdExYzuRJgKaAcV+BOxZlkz/Oq+WRUoki3zJ5c3f
jpAkzAGuVL7c8ZF0kL0/zQHv8SHjgGi7x+pEIpZ7V3cdvDrYH9YHIj4fO/Mqn8ew
v9RIPd9fUju065Dwnbb9DAJN/ICeamT4ftQFyesgG30N3sACOf9ajR03r20zjLX/
UnmIADDMATvFu3Pvp8/gs2T9MfnLsoa2T8ssNj2N59Qeanj15a4PGrerkaSHBRdv
1W9SVcD8Nvu17t2/2PA1bvKzgL+pZesWNLNYbioL0QK0tYSpxPKt4zf9sQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFNCf3VIek6RrTFA4pDXjjnOWRw/kMB8GA1UdIwQY
MBaAFFYcfMxSN2eHN0CS6vrCYj4FcageMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmh4OHpGSTNaNGMzUUpMcS1zSmlQZ1Z4cUI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9kY2EyNTctZDE2My00ZWQ5LTk0YWQt
YzE3MDA5MTI4M2ViLzEvMEpfZFVoNlRwR3RNVURpa05lT09jNVpIRC1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9kY2EyNTctZDE2My00ZWQ5LTk0YWQtYzE3MDA5MTI4M2Vi
LzEvVmh4OHpGSTNaNGMzUUpMcS1zSmlQZ1Z4cUI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQAW+m3MBQE
AgACMA4DBQMqCfFAAwUDKg3BQDANBgkqhkiG9w0BAQsFAAOCAQEAKfUHfgWElj+0
Cd8uFnT+DiDVuCu2TW+qEnM3BshWtjMmVOn0JvyluL3FVCzYr0ZFjvZ5IAuKBVAs
RXy4NiJBqzJKI2NyB9XYjj/TT+WOp6WtbEZ1V73o45sZNvE3L/OpbggEl7nSTGXi
tZ9eD+uyBBfAudf8nq9zlKHhIvF5gfl0mF7aW+L74S8e+zWp5bTquaLlBUOKqJGj
U1vZx9HrfaidN/r66404B6dcZp3Z+E91WmYgob+polQjAYyePp6ZkPqNhBBUg2sv
52isBK7js3TGNifZCeI0IO6oRUkum6iNTqXPh15Fl2vMAWhcjAmtxO/tCXD6Pogw
2sWD2MzA1w==
-----END CERTIFICATE-----