Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/00dcdf-ec9d-4446-905e-556347a5f056/1/0QXJBLKyOd-ZI0g8nHb7U-kpdrQ.roa
File:                     0QXJBLKyOd-ZI0g8nHb7U-kpdrQ.roa (raw, json)
Hash identifier:          7gpAlSfanZv57qjD3+hyqBtgfGo/+Y0oIk0BcysEQEw=
Subject key identifier:   D1:05:C9:04:B2:B2:39:DF:99:23:48:3C:9C:76:FB:53:E9:29:76:B4
Certificate issuer:       /CN=b1c3ec539f23ee031aa396ac5ced42563884b7b3
Certificate serial:       018CC6B830AD3BAC4ECBBAF7FC522D99718B
Authority key identifier: B1:C3:EC:53:9F:23:EE:03:1A:A3:96:AC:5C:ED:42:56:38:84:B7:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/scPsU58j7gMao5asXO1CVjiEt7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/00dcdf-ec9d-4446-905e-556347a5f056/1/0QXJBLKyOd-ZI0g8nHb7U-kpdrQ.roa
Signing time:             Mon 01 Jan 2024 20:30:08 +0000
ROA not before:           Mon 01 Jan 2024 20:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207366
IP address blocks:        91.220.231.0/24 maxlen: 24
                          2a0a:ed80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/00dcdf-ec9d-4446-905e-556347a5f056/1/scPsU58j7gMao5asXO1CVjiEt7M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/00dcdf-ec9d-4446-905e-556347a5f056/1/scPsU58j7gMao5asXO1CVjiEt7M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/scPsU58j7gMao5asXO1CVjiEt7M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:30:ad:3b:ac:4e:cb:ba:f7:fc:52:2d:99:71:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1c3ec539f23ee031aa396ac5ced42563884b7b3
        Validity
            Not Before: Jan  1 20:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d105c904b2b239df9923483c9c76fb53e92976b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:aa:cc:f7:19:28:0a:75:52:46:b5:c0:fd:ac:
                    30:6d:91:0c:78:92:d3:36:ca:7d:ff:1a:e7:2b:58:
                    dc:a7:0d:b6:c3:df:25:54:74:f3:d3:e1:d4:73:b1:
                    98:2a:7e:ec:5b:a6:ed:93:54:36:36:a8:ba:d8:60:
                    71:6f:62:ef:b0:82:20:8e:1a:90:c9:60:8f:f0:24:
                    54:bb:2c:c7:7e:c3:bb:6a:54:3e:4d:8b:7c:8a:4d:
                    7a:4a:66:03:d4:d8:be:fe:94:4d:d6:63:40:50:c6:
                    8f:a8:3b:8e:63:41:4b:bc:e1:74:05:3f:36:60:9d:
                    f4:12:66:f4:d7:21:2b:ea:05:56:73:9d:c3:93:ce:
                    cf:ba:c4:15:14:ec:6a:ca:ef:8c:cf:76:ed:4d:b9:
                    80:0b:96:f5:62:1c:1a:68:0c:17:d7:e9:09:92:af:
                    0f:2c:46:fb:d1:ea:97:e1:0f:de:ed:27:87:84:cd:
                    2c:74:62:b0:8a:3d:c7:66:10:43:1f:52:2c:15:60:
                    d6:4c:f8:78:4c:f4:92:23:ce:e1:0c:03:e1:d1:79:
                    22:69:3f:e9:ee:79:5c:bb:f3:cf:69:51:2e:22:5d:
                    be:c4:9e:5b:25:f6:ec:d1:7b:f3:77:d5:de:0f:2e:
                    2b:6b:70:55:5e:ee:cd:2d:da:f2:11:d6:b6:9f:a0:
                    36:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:05:C9:04:B2:B2:39:DF:99:23:48:3C:9C:76:FB:53:E9:29:76:B4
            X509v3 Authority Key Identifier:
                keyid:B1:C3:EC:53:9F:23:EE:03:1A:A3:96:AC:5C:ED:42:56:38:84:B7:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/scPsU58j7gMao5asXO1CVjiEt7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/00dcdf-ec9d-4446-905e-556347a5f056/1/0QXJBLKyOd-ZI0g8nHb7U-kpdrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/00dcdf-ec9d-4446-905e-556347a5f056/1/scPsU58j7gMao5asXO1CVjiEt7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.231.0/24
                IPv6:
                  2a0a:ed80::/29

    Signature Algorithm: sha256WithRSAEncryption
         9e:c6:12:6c:e5:0f:eb:6c:fe:57:a3:4e:70:99:b1:e3:1c:6c:
         03:e8:26:a8:08:1c:92:f7:3b:97:d6:3c:16:47:8b:28:10:27:
         bd:64:5e:ee:4f:28:65:3a:fb:5f:6e:c5:e7:69:3b:76:f3:51:
         60:bf:5e:d9:fb:3b:93:64:85:33:f0:be:8c:e1:53:60:82:e4:
         20:43:8b:4e:5a:c1:0c:45:8f:43:5d:f6:52:ff:0d:2e:e0:8d:
         ec:1d:49:86:6c:fd:de:48:7e:be:09:76:f6:cd:92:a8:03:27:
         a1:dc:cb:c7:98:8f:b8:64:63:9e:d4:91:b7:da:6f:11:27:f8:
         8a:f7:e5:45:ac:9f:50:6b:03:6c:87:19:3d:55:3b:ba:f4:01:
         79:62:a7:60:a0:a5:5f:a6:a3:44:e9:95:e1:bd:0c:b0:0a:07:
         96:c1:ff:f1:14:94:f3:bc:77:bf:d1:d9:a0:f5:fb:50:f5:36:
         d3:b0:9e:50:8a:3e:19:3b:92:c7:53:01:dc:bc:3c:e0:ee:a1:
         92:b0:f7:05:e1:18:0e:ce:64:15:1d:87:32:cc:d8:65:c3:7c:
         af:b2:03:1d:5d:e1:5a:e6:07:f7:aa:27:18:0c:e4:44:dd:82:
         af:09:30:60:83:b1:b8:de:04:78:06:a1:a5:89:87:85:a0:45:
         3d:fa:e9:91
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuDCtO6xOy7r3/FItmXGLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYzNlYzUzOWYyM2VlMDMxYWEzOTZhYzVjZWQ0MjU2Mzg4
NGI3YjMwHhcNMjQwMTAxMjAzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTA1YzkwNGIyYjIzOWRmOTkyMzQ4M2M5Yzc2ZmI1M2U5Mjk3NmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgqrM9xkoCnVSRrXA/awwbZEMeJLT
Nsp9/xrnK1jcpw22w98lVHTz0+HUc7GYKn7sW6btk1Q2Nqi62GBxb2LvsIIgjhqQ
yWCP8CRUuyzHfsO7alQ+TYt8ik16SmYD1Ni+/pRN1mNAUMaPqDuOY0FLvOF0BT82
YJ30Emb01yEr6gVWc53Dk87PusQVFOxqyu+Mz3btTbmAC5b1YhwaaAwX1+kJkq8P
LEb70eqX4Q/e7SeHhM0sdGKwij3HZhBDH1IsFWDWTPh4TPSSI87hDAPh0XkiaT/p
7nlcu/PPaVEuIl2+xJ5bJfbs0Xvzd9XeDy4ra3BVXu7NLdryEda2n6A2ZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNEFyQSysjnfmSNIPJx2+1PpKXa0MB8GA1UdIwQY
MBaAFLHD7FOfI+4DGqOWrFztQlY4hLezMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2NQc1U1OGo3Z01hbzVhc1hPMUNWamlFdDdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8wMGRjZGYtZWM5ZC00NDQ2LTkwNWUt
NTU2MzQ3YTVmMDU2LzEvMFFYSkJMS3lPZC1aSTBnOG5IYjdVLWtwZHJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8wMGRjZGYtZWM5ZC00NDQ2LTkwNWUtNTU2MzQ3YTVmMDU2
LzEvc2NQc1U1OGo3Z01hbzVhc1hPMUNWamlFdDdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW9znMA0E
AgACMAcDBQMqCu2AMA0GCSqGSIb3DQEBCwUAA4IBAQCexhJs5Q/rbP5Xo05wmbHj
HGwD6CaoCByS9zuX1jwWR4soECe9ZF7uTyhlOvtfbsXnaTt281Fgv17Z+zuTZIUz
8L6M4VNgguQgQ4tOWsEMRY9DXfZS/w0u4I3sHUmGbP3eSH6+CXb2zZKoAyeh3MvH
mI+4ZGOe1JG32m8RJ/iK9+VFrJ9QawNshxk9VTu69AF5YqdgoKVfpqNE6ZXhvQyw
CgeWwf/xFJTzvHe/0dmg9ftQ9TbTsJ5Qij4ZO5LHUwHcvDzg7qGSsPcF4RgOzmQV
HYcyzNhlw3yvsgMdXeFa5gf3qicYDORE3YKvCTBgg7G43gR4BqGliYeFoEU9+umR
-----END CERTIFICATE-----