Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/bBg87APjDYZsh_vVwNd8St1GATA.roa
File:                     bBg87APjDYZsh_vVwNd8St1GATA.roa (raw, json)
Hash identifier:          ph3gzanUfKJM/aYDf0ZzD7JQtXlReg/xbf2sXT3IBW4=
Subject key identifier:   6C:18:3C:EC:03:E3:0D:86:6C:87:FB:D5:C0:D7:7C:4A:DD:46:01:30
Certificate issuer:       /CN=50980fb6ade858f2652e736993126c85759f06d9
Certificate serial:       018CC72726D249BA869F9B5BE9A766321958
Authority key identifier: 50:98:0F:B6:AD:E8:58:F2:65:2E:73:69:93:12:6C:85:75:9F:06:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UJgPtq3oWPJlLnNpkxJshXWfBtk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/bBg87APjDYZsh_vVwNd8St1GATA.roa
Signing time:             Mon 01 Jan 2024 22:31:20 +0000
ROA not before:           Mon 01 Jan 2024 22:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59729
IP address blocks:        91.232.8.0/22 maxlen: 24
                          91.218.176.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/UJgPtq3oWPJlLnNpkxJshXWfBtk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/UJgPtq3oWPJlLnNpkxJshXWfBtk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UJgPtq3oWPJlLnNpkxJshXWfBtk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:26:d2:49:ba:86:9f:9b:5b:e9:a7:66:32:19:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50980fb6ade858f2652e736993126c85759f06d9
        Validity
            Not Before: Jan  1 22:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c183cec03e30d866c87fbd5c0d77c4add460130
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:b9:9a:1e:5d:99:fa:1f:5f:66:7e:fe:94:22:
                    2f:00:8a:a1:f6:7e:cd:e0:c8:6c:10:7c:58:d5:95:
                    f4:49:2f:41:7f:70:c7:7b:aa:36:eb:6a:3b:df:55:
                    5e:99:78:cf:4a:e2:1e:95:55:c2:03:c4:81:29:03:
                    d9:36:b3:9e:20:05:a4:90:51:c8:a5:88:4c:27:b7:
                    4e:e5:5c:cc:9d:19:2a:0a:21:da:43:02:be:c2:94:
                    34:e6:8d:c0:43:ca:94:c3:20:8d:a7:4c:a7:fe:10:
                    70:79:c6:3a:17:28:6d:ce:68:7d:68:ba:43:23:9c:
                    27:90:bf:40:06:c2:2c:c3:53:3c:72:bc:12:76:4f:
                    d1:f8:8b:c3:b7:98:31:44:db:89:d6:6c:54:a7:2f:
                    06:37:34:f6:f2:c3:f8:6b:1b:7a:b1:ee:3e:1b:51:
                    0f:d9:9e:89:50:c6:ba:c6:45:f4:de:d3:64:61:c9:
                    4c:5b:72:6f:b5:97:d8:aa:e9:54:af:d3:78:fe:65:
                    55:cf:9d:04:0e:a3:e5:35:bb:78:17:7b:f9:f4:7b:
                    9d:8a:75:a1:57:b9:5f:f6:20:ff:b7:00:84:cc:b0:
                    ab:b0:08:c3:8d:91:c7:e0:f5:4d:1e:df:f2:73:dc:
                    4e:12:ee:5d:0e:0f:2d:3a:33:47:38:69:d9:cf:2f:
                    76:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:18:3C:EC:03:E3:0D:86:6C:87:FB:D5:C0:D7:7C:4A:DD:46:01:30
            X509v3 Authority Key Identifier:
                keyid:50:98:0F:B6:AD:E8:58:F2:65:2E:73:69:93:12:6C:85:75:9F:06:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UJgPtq3oWPJlLnNpkxJshXWfBtk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/bBg87APjDYZsh_vVwNd8St1GATA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/UJgPtq3oWPJlLnNpkxJshXWfBtk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.218.176.0/22
                  91.232.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:4e:00:1d:5a:85:2a:ee:e6:35:03:88:59:56:ee:e3:15:42:
         de:f4:7c:83:7e:6d:55:95:a9:b3:32:06:1f:e4:f2:7f:1e:80:
         3b:19:a1:1f:13:23:74:23:7d:d1:18:c4:32:17:70:92:0e:3c:
         e7:fb:b7:16:05:70:71:3c:67:36:06:e7:ce:44:ae:d8:4c:ff:
         fb:de:94:9f:48:48:a3:eb:29:e5:15:a2:0d:f4:03:cd:e4:27:
         27:6b:71:b2:06:5d:b0:ab:c7:e0:c7:17:08:22:87:74:c8:b0:
         eb:15:97:39:09:01:1e:1b:f8:a9:09:1e:b6:67:26:a4:db:a5:
         36:49:ed:87:13:bb:a7:2e:6a:d4:ca:cb:ba:71:bd:9b:a9:95:
         1a:ef:10:b2:19:06:53:10:ca:63:89:c2:8f:9f:dc:56:bb:5f:
         3f:00:87:1e:d6:ea:9c:29:42:bb:22:be:a2:ce:f6:68:4e:8e:
         2c:0b:1d:a8:2a:3e:90:73:8b:64:1a:79:dc:a3:d0:28:50:dc:
         25:39:f0:a3:2e:8e:cb:7c:f6:7e:78:d7:fa:6a:a8:67:5e:2c:
         9d:f2:6c:e5:9e:71:43:70:bd:15:71:fc:09:c3:68:e4:f7:46:
         10:3b:9d:93:7c:a5:c9:ee:d7:0a:02:dd:11:7f:fc:29:3c:37:
         24:ca:97:bf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJybSSbqGn5tb6admMhlYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwOTgwZmI2YWRlODU4ZjI2NTJlNzM2OTkzMTI2Yzg1NzU5
ZjA2ZDkwHhcNMjQwMTAxMjIzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzE4M2NlYzAzZTMwZDg2NmM4N2ZiZDVjMGQ3N2M0YWRkNDYwMTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmrmaHl2Z+h9fZn7+lCIvAIqh9n7N
4MhsEHxY1ZX0SS9Bf3DHe6o262o731VemXjPSuIelVXCA8SBKQPZNrOeIAWkkFHI
pYhMJ7dO5VzMnRkqCiHaQwK+wpQ05o3AQ8qUwyCNp0yn/hBwecY6Fyhtzmh9aLpD
I5wnkL9ABsIsw1M8crwSdk/R+IvDt5gxRNuJ1mxUpy8GNzT28sP4axt6se4+G1EP
2Z6JUMa6xkX03tNkYclMW3JvtZfYqulUr9N4/mVVz50EDqPlNbt4F3v59HudinWh
V7lf9iD/twCEzLCrsAjDjZHH4PVNHt/yc9xOEu5dDg8tOjNHOGnZzy92BwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGwYPOwD4w2GbIf71cDXfErdRgEwMB8GA1UdIwQY
MBaAFFCYD7at6FjyZS5zaZMSbIV1nwbZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUpnUHRxM29XUEpsTG5OcGt4SnNoWFdmQnRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8zYzdhZjYtZjQ2Ni00ZDg3LWI5ZjEt
Y2NhNzlhNjk4MjBhLzEvYkJnODdBUGpEWVpzaF92VndOZDhTdDFHQVRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8zYzdhZjYtZjQ2Ni00ZDg3LWI5ZjEtY2NhNzlhNjk4MjBh
LzEvVUpnUHRxM29XUEpsTG5OcGt4SnNoWFdmQnRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW9qwAwQC
W+gIMA0GCSqGSIb3DQEBCwUAA4IBAQCNTgAdWoUq7uY1A4hZVu7jFULe9HyDfm1V
lamzMgYf5PJ/HoA7GaEfEyN0I33RGMQyF3CSDjzn+7cWBXBxPGc2BufORK7YTP/7
3pSfSEij6ynlFaIN9APN5Ccna3GyBl2wq8fgxxcIIod0yLDrFZc5CQEeG/ipCR62
Zyak26U2Se2HE7unLmrUysu6cb2bqZUa7xCyGQZTEMpjicKPn9xWu18/AIce1uqc
KUK7Ir6izvZoTo4sCx2oKj6Qc4tkGnnco9AoUNwlOfCjLo7LfPZ+eNf6aqhnXiyd
8mzlnnFDcL0VcfwJw2jk90YQO52TfKXJ7tcKAt0Rf/wpPDckype/
-----END CERTIFICATE-----