Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/d7d04c-3175-43ad-9e3d-10a4e537226e/1/04UtCRKmnd_zqaB9JSDIhuMu6-c.roa
File:                     04UtCRKmnd_zqaB9JSDIhuMu6-c.roa (raw, json)
Hash identifier:          MHx9VihJ3tRAH9qkBnHY1OUCMdbdArmj+HCj/Z9W2Rg=
Subject key identifier:   D3:85:2D:09:12:A6:9D:DF:F3:A9:A0:7D:25:20:C8:86:E3:2E:EB:E7
Certificate issuer:       /CN=1af91dcedfdefdce59bdb05002b1cb6c52f0c5d3
Certificate serial:       018CC9BC54003BC2B4D5F91103B707395A5F
Authority key identifier: 1A:F9:1D:CE:DF:DE:FD:CE:59:BD:B0:50:02:B1:CB:6C:52:F0:C5:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gvkdzt_e_c5ZvbBQArHLbFLwxdM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/d7d04c-3175-43ad-9e3d-10a4e537226e/1/04UtCRKmnd_zqaB9JSDIhuMu6-c.roa
Signing time:             Tue 02 Jan 2024 10:33:31 +0000
ROA not before:           Tue 02 Jan 2024 10:33:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34270
IP address blocks:        85.91.224.0/19 maxlen: 19
                          2a01:3f8::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/d7d04c-3175-43ad-9e3d-10a4e537226e/1/Gvkdzt_e_c5ZvbBQArHLbFLwxdM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/d7d04c-3175-43ad-9e3d-10a4e537226e/1/Gvkdzt_e_c5ZvbBQArHLbFLwxdM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gvkdzt_e_c5ZvbBQArHLbFLwxdM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:54:00:3b:c2:b4:d5:f9:11:03:b7:07:39:5a:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1af91dcedfdefdce59bdb05002b1cb6c52f0c5d3
        Validity
            Not Before: Jan  2 10:33:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3852d0912a69ddff3a9a07d2520c886e32eebe7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f3:12:1b:a7:bc:a5:69:04:88:0b:ba:e9:66:
                    a3:a1:9a:5d:3e:36:7d:e2:e7:20:12:c0:4c:d3:b7:
                    7c:84:92:f4:bc:d0:c8:e9:d6:d5:f8:30:52:8c:9d:
                    1f:8b:b1:8a:ed:80:f6:b4:e3:e5:d6:2c:ae:10:bc:
                    80:ec:bb:c7:da:a8:14:06:85:c1:7d:16:bb:9c:a6:
                    68:bc:a9:83:f0:19:5b:f6:cb:ae:53:ce:49:52:8b:
                    de:4b:12:09:fd:bb:ec:53:a5:c6:d8:fb:77:10:dc:
                    cf:01:87:6d:bf:20:d1:ea:29:1d:86:0b:48:33:3c:
                    bf:c1:71:c4:01:bd:2a:21:8c:29:53:b5:38:25:bc:
                    a7:c1:ee:a6:3b:de:f4:d4:27:33:db:e8:b5:e5:93:
                    be:e0:71:b8:ac:8c:b4:29:4d:38:c4:b9:3f:96:16:
                    1a:55:02:29:f8:40:b1:c6:ff:ae:a0:cf:66:50:b8:
                    c5:5a:d7:1a:82:52:a1:55:df:f3:17:ec:e2:53:75:
                    92:0c:fd:c0:cf:5e:54:6e:42:62:b6:ae:33:e9:7a:
                    65:bb:89:03:12:4a:8c:42:9e:17:09:4a:7c:ef:30:
                    c0:b9:52:17:3e:5c:51:ca:71:fe:fc:ac:49:b7:cc:
                    a3:a1:7b:00:4a:f1:11:93:89:21:cb:b9:47:9b:88:
                    ff:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:85:2D:09:12:A6:9D:DF:F3:A9:A0:7D:25:20:C8:86:E3:2E:EB:E7
            X509v3 Authority Key Identifier:
                keyid:1A:F9:1D:CE:DF:DE:FD:CE:59:BD:B0:50:02:B1:CB:6C:52:F0:C5:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gvkdzt_e_c5ZvbBQArHLbFLwxdM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/d7d04c-3175-43ad-9e3d-10a4e537226e/1/04UtCRKmnd_zqaB9JSDIhuMu6-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/d7d04c-3175-43ad-9e3d-10a4e537226e/1/Gvkdzt_e_c5ZvbBQArHLbFLwxdM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.91.224.0/19
                IPv6:
                  2a01:3f8::/32

    Signature Algorithm: sha256WithRSAEncryption
         8c:9e:e9:a0:78:0b:4d:ac:62:62:c7:30:75:16:61:28:da:ee:
         56:06:42:95:9a:46:80:15:1a:36:fa:1d:82:ad:59:1e:7d:12:
         95:c4:2e:9f:e8:d9:9d:a7:2d:6e:a9:1d:57:db:cc:63:23:9f:
         8a:d0:44:f5:e1:89:7d:70:50:ca:d6:81:51:52:fb:08:8f:10:
         11:c0:75:78:a2:c4:9f:e2:67:07:d0:b8:a9:e2:d7:aa:f6:c4:
         7e:cc:07:7f:d9:82:5a:68:a8:3f:56:33:56:20:8a:ab:04:3d:
         da:6b:f9:7b:77:52:d7:91:f4:4c:a9:07:93:0c:92:43:14:67:
         4d:7d:df:7b:f0:04:a8:fc:2e:fb:b5:38:1c:97:fb:aa:a7:99:
         3b:f6:59:dd:15:89:b7:f4:98:c8:b8:e0:15:44:1f:8a:ba:80:
         f6:8f:a8:b7:df:71:7a:84:c6:87:33:eb:c2:3f:96:27:25:3d:
         09:d9:6d:a5:30:e3:5c:16:cc:07:fa:48:96:9e:84:f2:45:00:
         e2:ae:0c:47:9c:aa:23:01:df:46:ac:f4:be:47:75:d3:87:89:
         f8:9d:87:eb:a6:9c:6d:fa:79:64:04:8e:65:16:4d:04:fa:c8:
         18:41:53:77:16:ba:21:47:6e:de:9c:2b:66:42:c0:64:70:1b:
         4c:9f:94:17
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvFQAO8K01fkRA7cHOVpfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhZjkxZGNlZGZkZWZkY2U1OWJkYjA1MDAyYjFjYjZjNTJm
MGM1ZDMwHhcNMjQwMTAyMTAzMzMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzg1MmQwOTEyYTY5ZGRmZjNhOWEwN2QyNTIwYzg4NmUzMmVlYmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPMSG6e8pWkEiAu66WajoZpdPjZ9
4ucgEsBM07d8hJL0vNDI6dbV+DBSjJ0fi7GK7YD2tOPl1iyuELyA7LvH2qgUBoXB
fRa7nKZovKmD8Blb9suuU85JUoveSxIJ/bvsU6XG2Pt3ENzPAYdtvyDR6ikdhgtI
Mzy/wXHEAb0qIYwpU7U4Jbynwe6mO9701Ccz2+i15ZO+4HG4rIy0KU04xLk/lhYa
VQIp+ECxxv+uoM9mULjFWtcaglKhVd/zF+ziU3WSDP3Az15UbkJitq4z6Xplu4kD
EkqMQp4XCUp87zDAuVIXPlxRynH+/KxJt8yjoXsASvERk4khy7lHm4j/gQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNOFLQkSpp3f86mgfSUgyIbjLuvnMB8GA1UdIwQY
MBaAFBr5Hc7f3v3OWb2wUAKxy2xS8MXTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3ZrZHp0X2VfYzVadmJCUUFySExiRkx3eGRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9kN2QwNGMtMzE3NS00M2FkLTllM2Qt
MTBhNGU1MzcyMjZlLzEvMDRVdENSS21uZF96cWFCOUpTRElodU11Ni1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9kN2QwNGMtMzE3NS00M2FkLTllM2QtMTBhNGU1MzcyMjZl
LzEvR3ZrZHp0X2VfYzVadmJCUUFySExiRkx3eGRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFVVvgMA0E
AgACMAcDBQAqAQP4MA0GCSqGSIb3DQEBCwUAA4IBAQCMnumgeAtNrGJixzB1FmEo
2u5WBkKVmkaAFRo2+h2CrVkefRKVxC6f6Nmdpy1uqR1X28xjI5+K0ET14Yl9cFDK
1oFRUvsIjxARwHV4osSf4mcH0Lip4teq9sR+zAd/2YJaaKg/VjNWIIqrBD3aa/l7
d1LXkfRMqQeTDJJDFGdNfd978ASo/C77tTgcl/uqp5k79lndFYm39JjIuOAVRB+K
uoD2j6i333F6hMaHM+vCP5YnJT0J2W2lMONcFswH+kiWnoTyRQDirgxHnKojAd9G
rPS+R3XTh4n4nYfrppxt+nlkBI5lFk0E+sgYQVN3FrohR27enCtmQsBkcBtMn5QX
-----END CERTIFICATE-----