Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/3ad43e-a4db-4465-82b5-ffae20700e93/1/gQ_d1ve665AM1WWD3Mwn-MQlR4M.roa
File:                     gQ_d1ve665AM1WWD3Mwn-MQlR4M.roa (raw, json)
Hash identifier:          qPSIfPq1hEoY7V0+PiKRL/TflDaH36gAD1cQVZuQmdM=
Subject key identifier:   81:0F:DD:D6:F7:BA:EB:90:0C:D5:65:83:DC:CC:27:F8:C4:25:47:83
Certificate issuer:       /CN=bc635876af1c7ef82411b404a70d88b7916509f6
Certificate serial:       0192542ADFE69107D125F60964B0CC448340
Authority key identifier: BC:63:58:76:AF:1C:7E:F8:24:11:B4:04:A7:0D:88:B7:91:65:09:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vGNYdq8cfvgkEbQEpw2It5FlCfY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/3ad43e-a4db-4465-82b5-ffae20700e93/1/gQ_d1ve665AM1WWD3Mwn-MQlR4M.roa
Signing time:             Thu 03 Oct 2024 20:55:48 +0000
ROA not before:           Thu 03 Oct 2024 20:55:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207388
IP address blocks:        91.237.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/3ad43e-a4db-4465-82b5-ffae20700e93/1/vGNYdq8cfvgkEbQEpw2It5FlCfY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/3ad43e-a4db-4465-82b5-ffae20700e93/1/vGNYdq8cfvgkEbQEpw2It5FlCfY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vGNYdq8cfvgkEbQEpw2It5FlCfY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:54:2a:df:e6:91:07:d1:25:f6:09:64:b0:cc:44:83:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc635876af1c7ef82411b404a70d88b7916509f6
        Validity
            Not Before: Oct  3 20:55:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=810fddd6f7baeb900cd56583dccc27f8c4254783
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:5b:f3:5d:59:45:0e:34:3a:34:15:53:7b:4c:
                    a3:fc:1e:f5:2a:00:68:d1:62:f2:3e:64:a2:b4:52:
                    1c:fe:ea:b3:10:51:62:16:51:88:39:82:50:06:22:
                    e2:c2:dc:b8:44:81:9d:ca:7a:a5:37:b3:a0:7e:b5:
                    48:56:85:2d:60:38:52:23:5d:9d:b0:d0:bf:1d:5a:
                    8a:58:9e:3e:5c:f2:8f:cd:88:57:04:15:25:17:2b:
                    a5:21:c7:e6:12:02:fe:4d:e9:27:50:9f:6c:fb:d3:
                    e8:65:37:4e:13:e2:a2:fc:ce:5f:b1:23:92:43:d7:
                    fc:c8:88:73:c3:7a:42:6f:92:6c:97:62:96:00:43:
                    67:6d:aa:8a:b1:4b:30:4b:0a:54:b0:a6:72:cd:22:
                    af:2d:f0:51:9e:4a:cc:b3:95:dc:1b:c9:35:7a:a5:
                    83:cc:4c:0f:97:a8:4f:b9:3c:4d:be:2a:01:34:8b:
                    d2:e4:3e:de:50:da:56:6e:36:56:ca:87:f3:08:fd:
                    08:e0:28:f8:86:73:88:4b:52:ae:b5:a6:55:07:a6:
                    7f:c6:c7:55:40:de:a2:7c:da:f2:91:e8:2c:fa:e2:
                    56:96:e1:47:d8:20:e0:63:76:c4:ac:b6:d6:c0:48:
                    18:6b:fd:6d:c8:81:78:2a:5c:8f:f9:79:73:86:24:
                    1d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:0F:DD:D6:F7:BA:EB:90:0C:D5:65:83:DC:CC:27:F8:C4:25:47:83
            X509v3 Authority Key Identifier:
                keyid:BC:63:58:76:AF:1C:7E:F8:24:11:B4:04:A7:0D:88:B7:91:65:09:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vGNYdq8cfvgkEbQEpw2It5FlCfY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/3ad43e-a4db-4465-82b5-ffae20700e93/1/gQ_d1ve665AM1WWD3Mwn-MQlR4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/3ad43e-a4db-4465-82b5-ffae20700e93/1/vGNYdq8cfvgkEbQEpw2It5FlCfY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:85:71:58:95:a5:50:39:35:70:db:c8:77:b8:f0:f6:cc:ef:
         fa:23:1d:c9:eb:f9:89:0a:cb:a8:28:3a:f1:ff:21:c8:2c:fe:
         60:2e:84:f0:af:1a:c5:b8:dd:f6:5f:b1:52:a2:c8:fb:76:f2:
         e1:8f:8d:23:47:00:da:c7:48:f0:94:6d:34:6d:30:8e:a4:a1:
         39:e8:69:96:5f:f5:22:04:2d:22:a1:f8:10:19:69:39:eb:47:
         b5:1d:ba:70:51:bb:c8:dc:b6:be:c0:11:a0:15:6d:c4:46:ce:
         07:9f:b4:94:4f:ef:dc:05:b1:f6:13:5c:08:c8:a5:56:91:11:
         f5:df:04:6e:07:32:20:21:ab:56:8c:ac:ff:fe:60:09:5a:47:
         fb:c1:41:05:d1:95:0e:36:48:bc:a8:44:d6:1d:f0:b5:97:7c:
         29:03:b5:3a:61:67:36:cc:a3:dd:4f:a0:da:35:0f:a7:df:6f:
         8d:4d:0c:74:8e:ff:53:35:ef:e7:28:58:4c:82:d6:93:a0:c0:
         1e:2c:e7:f2:f6:e2:4f:28:78:2d:4c:92:d2:41:8a:41:23:be:
         63:8b:22:66:2f:66:a3:38:88:ce:67:46:7d:b0:58:e9:4d:72:
         ba:0b:1e:b3:1a:5b:ba:b3:66:6f:4b:36:f9:2d:c6:58:4f:0b:
         af:47:c9:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJUKt/mkQfRJfYJZLDMRINAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNjM1ODc2YWYxYzdlZjgyNDExYjQwNGE3MGQ4OGI3OTE2
NTA5ZjYwHhcNMjQxMDAzMjA1NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTBmZGRkNmY3YmFlYjkwMGNkNTY1ODNkY2NjMjdmOGM0MjU0NzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1vzXVlFDjQ6NBVTe0yj/B71KgBo
0WLyPmSitFIc/uqzEFFiFlGIOYJQBiLiwty4RIGdynqlN7OgfrVIVoUtYDhSI12d
sNC/HVqKWJ4+XPKPzYhXBBUlFyulIcfmEgL+TeknUJ9s+9PoZTdOE+Ki/M5fsSOS
Q9f8yIhzw3pCb5Jsl2KWAENnbaqKsUswSwpUsKZyzSKvLfBRnkrMs5XcG8k1eqWD
zEwPl6hPuTxNvioBNIvS5D7eUNpWbjZWyofzCP0I4Cj4hnOIS1KutaZVB6Z/xsdV
QN6ifNrykegs+uJWluFH2CDgY3bErLbWwEgYa/1tyIF4KlyP+XlzhiQdgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIEP3db3uuuQDNVlg9zMJ/jEJUeDMB8GA1UdIwQY
MBaAFLxjWHavHH74JBG0BKcNiLeRZQn2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkdOWWRxOGNmdmdrRWJRRXB3Mkl0NUZsQ2ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8zYWQ0M2UtYTRkYi00NDY1LTgyYjUt
ZmZhZTIwNzAwZTkzLzEvZ1FfZDF2ZTY2NUFNMVdXRDNNd24tTVFsUjRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8zYWQ0M2UtYTRkYi00NDY1LTgyYjUtZmZhZTIwNzAwZTkz
LzEvdkdOWWRxOGNmdmdrRWJRRXB3Mkl0NUZsQ2ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+2PMA0G
CSqGSIb3DQEBCwUAA4IBAQAGhXFYlaVQOTVw28h3uPD2zO/6Ix3J6/mJCsuoKDrx
/yHILP5gLoTwrxrFuN32X7FSosj7dvLhj40jRwDax0jwlG00bTCOpKE56GmWX/Ui
BC0iofgQGWk560e1HbpwUbvI3La+wBGgFW3ERs4Hn7SUT+/cBbH2E1wIyKVWkRH1
3wRuBzIgIatWjKz//mAJWkf7wUEF0ZUONki8qETWHfC1l3wpA7U6YWc2zKPdT6Da
NQ+n32+NTQx0jv9TNe/nKFhMgtaToMAeLOfy9uJPKHgtTJLSQYpBI75jiyJmL2aj
OIjOZ0Z9sFjpTXK6Cx6zGlu6s2ZvSzb5LcZYTwuvR8l+
-----END CERTIFICATE-----