Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/1-YO6Attdtx5xSs_j2q1NRX2VZ5Q.roa
File:                     1-YO6Attdtx5xSs_j2q1NRX2VZ5Q.roa (raw, json)
Hash identifier:          Gpiju3Z6ngE1F05AjTSYdcmftfpO2uuW5ocYIMpzxkg=
Subject key identifier:   F9:83:BA:02:DB:5D:B7:1E:71:4A:CF:E3:DA:AD:4D:45:7D:95:67:94
Certificate issuer:       /CN=2bc8695772f0e64f3b9a1621733cc02506f74702
Certificate serial:       018CC56E458F9176C834FB01F65CB33F897E
Authority key identifier: 2B:C8:69:57:72:F0:E6:4F:3B:9A:16:21:73:3C:C0:25:06:F7:47:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K8hpV3Lw5k87mhYhczzAJQb3RwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/1-YO6Attdtx5xSs_j2q1NRX2VZ5Q.roa
Signing time:             Mon 01 Jan 2024 14:29:47 +0000
ROA not before:           Mon 01 Jan 2024 14:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39402
IP address blocks:        91.188.211.0/24 maxlen: 24
                          91.188.210.0/24 maxlen: 24
                          91.188.208.0/24 maxlen: 24
                          91.188.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/K8hpV3Lw5k87mhYhczzAJQb3RwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/K8hpV3Lw5k87mhYhczzAJQb3RwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K8hpV3Lw5k87mhYhczzAJQb3RwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:45:8f:91:76:c8:34:fb:01:f6:5c:b3:3f:89:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2bc8695772f0e64f3b9a1621733cc02506f74702
        Validity
            Not Before: Jan  1 14:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f983ba02db5db71e714acfe3daad4d457d956794
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:99:c1:83:61:2c:70:05:03:bc:76:fd:4a:55:
                    37:26:89:86:19:92:97:a0:06:97:75:6b:51:86:9d:
                    22:c9:df:8a:13:26:5f:74:aa:16:27:76:d6:0a:65:
                    9b:82:1a:1e:fc:3c:cf:6c:a7:60:d4:73:76:3c:74:
                    c3:81:b8:ef:64:1d:38:ed:9d:e1:62:50:46:df:b6:
                    66:24:e3:86:f5:cb:8b:83:af:31:ce:e1:6d:de:6a:
                    ea:a6:b5:7c:6c:54:3d:52:52:d6:80:93:43:25:66:
                    4c:3c:af:25:a2:00:51:30:6f:fd:8c:57:24:4b:34:
                    14:74:65:68:91:a0:9b:4d:50:ef:d8:6b:29:4f:6c:
                    4b:de:58:59:99:75:0d:df:43:7e:aa:0a:fe:05:10:
                    8d:72:ad:c1:9f:d0:0d:31:70:70:d6:65:d1:4a:83:
                    bc:21:09:12:5c:f0:20:df:05:09:e7:4c:f2:1f:eb:
                    df:c1:a2:71:61:10:9d:b9:a0:50:d2:ab:36:c5:63:
                    15:36:0c:3d:5c:57:57:87:cf:66:66:da:50:85:49:
                    bc:36:33:47:55:e6:03:c0:d8:91:83:4c:fc:8e:11:
                    7c:0b:c2:35:e2:a8:f3:60:5a:24:8a:ec:00:9c:0d:
                    68:8e:22:e1:c3:40:21:d5:ac:42:77:81:6c:1c:62:
                    c6:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:83:BA:02:DB:5D:B7:1E:71:4A:CF:E3:DA:AD:4D:45:7D:95:67:94
            X509v3 Authority Key Identifier:
                keyid:2B:C8:69:57:72:F0:E6:4F:3B:9A:16:21:73:3C:C0:25:06:F7:47:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K8hpV3Lw5k87mhYhczzAJQb3RwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/1-YO6Attdtx5xSs_j2q1NRX2VZ5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/K8hpV3Lw5k87mhYhczzAJQb3RwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.188.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:f0:a9:4a:59:ef:7b:95:72:d4:19:a8:b2:64:ad:b3:da:27:
         5a:84:2e:b3:dd:28:60:af:b2:ea:05:ac:3d:37:a4:62:4e:d4:
         9a:b5:e6:04:7a:31:1b:a3:f4:eb:e2:dc:f6:56:70:ba:5f:e2:
         ed:65:68:9e:fb:e5:86:54:af:56:a3:62:99:ac:dc:cf:3b:bf:
         b6:ce:b2:d6:db:38:38:df:4c:05:40:65:21:10:e6:36:a3:6d:
         90:8a:45:15:8a:0a:80:fe:7f:a6:cb:df:ab:41:f3:f2:d7:c4:
         d6:69:51:3b:16:21:42:a6:b4:9f:47:01:27:f8:d7:55:37:bc:
         8f:15:4c:ee:26:5a:17:88:5d:e2:44:1c:9f:4c:b0:05:c4:21:
         cf:05:af:4e:20:82:5b:1b:72:2e:ad:c5:9f:ea:94:ee:9a:29:
         2e:6a:56:f7:d1:a0:c9:9a:99:27:6b:a4:c7:1c:8c:4f:8c:78:
         ef:7c:a0:fc:bf:ff:d1:97:f4:b7:8d:50:63:fd:db:46:6a:4e:
         d4:46:b2:41:71:f6:37:64:ee:b9:d7:4f:5e:a2:09:34:91:54:
         e5:21:12:b3:5b:25:8a:fb:d6:a4:05:92:a6:33:9d:15:1a:df:
         0d:13:74:e0:c9:69:74:b0:f9:ab:ce:cb:1f:df:44:6e:f3:3c:
         47:43:d6:7b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFbkWPkXbINPsB9lyzP4l+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiYzg2OTU3NzJmMGU2NGYzYjlhMTYyMTczM2NjMDI1MDZm
NzQ3MDIwHhcNMjQwMTAxMTQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTgzYmEwMmRiNWRiNzFlNzE0YWNmZTNkYWFkNGQ0NTdkOTU2Nzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJnBg2EscAUDvHb9SlU3JomGGZKX
oAaXdWtRhp0iyd+KEyZfdKoWJ3bWCmWbghoe/DzPbKdg1HN2PHTDgbjvZB047Z3h
YlBG37ZmJOOG9cuLg68xzuFt3mrqprV8bFQ9UlLWgJNDJWZMPK8logBRMG/9jFck
SzQUdGVokaCbTVDv2GspT2xL3lhZmXUN30N+qgr+BRCNcq3Bn9ANMXBw1mXRSoO8
IQkSXPAg3wUJ50zyH+vfwaJxYRCduaBQ0qs2xWMVNgw9XFdXh89mZtpQhUm8NjNH
VeYDwNiRg0z8jhF8C8I14qjzYFokiuwAnA1ojiLhw0Ah1axCd4FsHGLGqwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPmDugLbXbcecUrP49qtTUV9lWeUMB8GA1UdIwQY
MBaAFCvIaVdy8OZPO5oWIXM8wCUG90cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzhocFYzTHc1azg3bWhZaGN6ekFKUWIzUndJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9jYmZhOWItMDI5MS00OGUzLTgwNWMt
NDNkNjZhMDMzMWVjLzEvMS1ZTzZBdHRkdHg1eFNzX2oycTFOUlgyVlo1US5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTkvY2JmYTliLTAyOTEtNDhlMy04MDVjLTQzZDY2YTAzMzFl
Yy8xL0s4aHBWM0x3NWs4N21oWWhjenpBSlFiM1J3SS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlu80DAN
BgkqhkiG9w0BAQsFAAOCAQEAAPCpSlnve5Vy1BmosmSts9onWoQus90oYK+y6gWs
PTekYk7UmrXmBHoxG6P06+Lc9lZwul/i7WVonvvlhlSvVqNimazczzu/ts6y1ts4
ON9MBUBlIRDmNqNtkIpFFYoKgP5/psvfq0Hz8tfE1mlROxYhQqa0n0cBJ/jXVTe8
jxVM7iZaF4hd4kQcn0ywBcQhzwWvTiCCWxtyLq3Fn+qU7popLmpW99GgyZqZJ2uk
xxyMT4x473yg/L//0Zf0t41QY/3bRmpO1EayQXH2N2TuuddPXqIJNJFU5SESs1sl
ivvWpAWSpjOdFRrfDRN04MlpdLD5q87LH99EbvM8R0PWew==
-----END CERTIFICATE-----