Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/89f0f6-a5ac-467b-a4ad-be218cef4a11/1/PbR7wflNeRDw9Prl3CXwTpZueZM.roa
File:                     PbR7wflNeRDw9Prl3CXwTpZueZM.roa (raw, json)
Hash identifier:          2znk2PZl1lHp8+5tRPqvUhzhWLaz5vn9IgAiXU1+a58=
Subject key identifier:   3D:B4:7B:C1:F9:4D:79:10:F0:F4:FA:E5:DC:25:F0:4E:96:6E:79:93
Certificate issuer:       /CN=46d713ada8dabcf77681c0ca42d9969e447c8ea7
Certificate serial:       01905AAF07C3F5DF30A811E376F93843AC3B
Authority key identifier: 46:D7:13:AD:A8:DA:BC:F7:76:81:C0:CA:42:D9:96:9E:44:7C:8E:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RtcTrajavPd2gcDKQtmWnkR8jqc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/89f0f6-a5ac-467b-a4ad-be218cef4a11/1/PbR7wflNeRDw9Prl3CXwTpZueZM.roa
Signing time:             Thu 27 Jun 2024 17:12:18 +0000
ROA not before:           Thu 27 Jun 2024 17:12:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39673
IP address blocks:        91.209.50.0/24 maxlen: 24
                          2a0f:5fc0:dead::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/89f0f6-a5ac-467b-a4ad-be218cef4a11/1/RtcTrajavPd2gcDKQtmWnkR8jqc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/89f0f6-a5ac-467b-a4ad-be218cef4a11/1/RtcTrajavPd2gcDKQtmWnkR8jqc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RtcTrajavPd2gcDKQtmWnkR8jqc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5a:af:07:c3:f5:df:30:a8:11:e3:76:f9:38:43:ac:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46d713ada8dabcf77681c0ca42d9969e447c8ea7
        Validity
            Not Before: Jun 27 17:12:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3db47bc1f94d7910f0f4fae5dc25f04e966e7993
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:69:8a:ab:2a:2b:b6:42:06:81:ac:cb:eb:3b:
                    63:85:3b:c3:fb:c5:11:40:43:8b:8e:59:45:bb:53:
                    b3:4a:f5:1c:43:79:60:1f:a7:80:c4:7c:c8:d4:8c:
                    95:ea:c5:9a:d3:3d:88:eb:47:c0:e5:52:ba:1f:35:
                    77:33:1c:91:05:85:ff:c1:64:86:08:91:dc:ca:ae:
                    71:9c:ff:a2:76:22:e2:cc:0f:a6:4c:fb:c3:3e:f6:
                    fe:ca:c4:43:f9:73:9e:79:8f:41:04:37:a7:49:25:
                    d2:f1:9c:ff:ea:b3:71:9b:db:6a:d9:7f:14:4b:eb:
                    f4:6a:4a:86:1e:59:bb:cf:55:6e:65:88:48:a4:95:
                    f6:47:62:35:43:9f:ef:2e:b9:f9:da:7f:b9:8e:64:
                    5c:a7:e2:79:d3:fd:55:fe:ad:83:f0:67:20:f4:81:
                    5d:a3:82:57:a3:78:e4:6f:a3:b8:d3:52:ab:c9:7c:
                    f6:fc:44:bc:c4:f3:c4:87:c1:eb:19:71:d3:b2:09:
                    0b:1e:8e:df:68:92:ef:5d:fd:d7:54:0a:70:06:c0:
                    e5:c5:11:5c:87:f3:50:be:d8:67:cd:9d:64:f6:02:
                    f7:08:ba:f8:4e:e9:27:bf:45:70:de:e1:3d:d7:20:
                    73:b3:a7:22:9d:c5:5a:44:7f:15:9f:69:e6:4f:d9:
                    1f:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:B4:7B:C1:F9:4D:79:10:F0:F4:FA:E5:DC:25:F0:4E:96:6E:79:93
            X509v3 Authority Key Identifier:
                keyid:46:D7:13:AD:A8:DA:BC:F7:76:81:C0:CA:42:D9:96:9E:44:7C:8E:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RtcTrajavPd2gcDKQtmWnkR8jqc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/89f0f6-a5ac-467b-a4ad-be218cef4a11/1/PbR7wflNeRDw9Prl3CXwTpZueZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/89f0f6-a5ac-467b-a4ad-be218cef4a11/1/RtcTrajavPd2gcDKQtmWnkR8jqc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.50.0/24
                IPv6:
                  2a0f:5fc0:dead::/48

    Signature Algorithm: sha256WithRSAEncryption
         4f:3d:d3:72:65:2a:4c:37:75:90:d4:59:03:3f:30:13:25:08:
         02:89:73:b0:49:dd:63:9c:6b:11:2f:6e:9b:86:1d:ac:91:db:
         e9:de:fc:53:1b:1d:b8:23:f5:89:d4:ef:79:10:74:8f:a8:55:
         58:b2:8e:61:da:2b:89:4c:72:17:67:a8:8b:c5:ed:12:ef:1f:
         2d:48:82:fd:ef:3f:8d:fe:f1:49:4f:8b:5c:05:b6:82:d9:13:
         da:a9:0f:de:dc:c7:79:cd:70:58:e4:ee:cf:e6:c7:c5:72:7f:
         00:0b:6b:1c:0a:32:0a:46:8f:27:ad:f2:60:54:a4:35:96:17:
         44:a9:d1:9f:38:a9:4a:5b:09:22:5f:57:50:f6:d3:ae:f8:93:
         50:b6:7c:3a:2e:3e:e1:51:d9:bf:18:c7:73:25:46:22:ef:d9:
         45:6f:58:02:80:66:c4:6c:eb:24:46:13:71:53:88:cd:77:f4:
         4e:14:42:06:10:de:3d:24:1c:c8:89:87:37:f4:63:26:18:90:
         b8:fb:41:da:96:03:36:e3:87:86:d3:b4:8a:8c:b6:82:65:53:
         99:27:4a:3e:f4:f7:75:4a:82:f0:07:8c:38:16:a2:9a:bd:47:
         f2:3c:26:9e:0d:ab:12:97:b6:94:f0:d5:a3:a3:17:c4:67:c2:
         f1:c1:f2:1b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZBarwfD9d8wqBHjdvk4Q6w7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ZDcxM2FkYThkYWJjZjc3NjgxYzBjYTQyZDk5NjllNDQ3
YzhlYTcwHhcNMjQwNjI3MTcxMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGI0N2JjMWY5NGQ3OTEwZjBmNGZhZTVkYzI1ZjA0ZTk2NmU3OTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWmKqyortkIGgazL6ztjhTvD+8UR
QEOLjllFu1OzSvUcQ3lgH6eAxHzI1IyV6sWa0z2I60fA5VK6HzV3MxyRBYX/wWSG
CJHcyq5xnP+idiLizA+mTPvDPvb+ysRD+XOeeY9BBDenSSXS8Zz/6rNxm9tq2X8U
S+v0akqGHlm7z1VuZYhIpJX2R2I1Q5/vLrn52n+5jmRcp+J50/1V/q2D8Gcg9IFd
o4JXo3jkb6O401KryXz2/ES8xPPEh8HrGXHTsgkLHo7faJLvXf3XVApwBsDlxRFc
h/NQvthnzZ1k9gL3CLr4Tuknv0Vw3uE91yBzs6cincVaRH8Vn2nmT9kf/QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD20e8H5TXkQ8PT65dwl8E6WbnmTMB8GA1UdIwQY
MBaAFEbXE62o2rz3doHAykLZlp5EfI6nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnRjVHJhamF2UGQyZ2NES1F0bVdua1I4anFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS84OWYwZjYtYTVhYy00NjdiLWE0YWQt
YmUyMThjZWY0YTExLzEvUGJSN3dmbE5lUkR3OVBybDNDWHdUcFp1ZVpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS84OWYwZjYtYTVhYy00NjdiLWE0YWQtYmUyMThjZWY0YTEx
LzEvUnRjVHJhamF2UGQyZ2NES1F0bVdua1I4anFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9EyMA8E
AgACMAkDBwAqD1/A3q0wDQYJKoZIhvcNAQELBQADggEBAE8903JlKkw3dZDUWQM/
MBMlCAKJc7BJ3WOcaxEvbpuGHayR2+ne/FMbHbgj9YnU73kQdI+oVViyjmHaK4lM
chdnqIvF7RLvHy1Igv3vP43+8UlPi1wFtoLZE9qpD97cx3nNcFjk7s/mx8VyfwAL
axwKMgpGjyet8mBUpDWWF0Sp0Z84qUpbCSJfV1D20674k1C2fDouPuFR2b8Yx3Ml
RiLv2UVvWAKAZsRs6yRGE3FTiM139E4UQgYQ3j0kHMiJhzf0YyYYkLj7QdqWAzbj
h4bTtIqMtoJlU5knSj7093VKgvAHjDgWopq9R/I8Jp4NqxKXtpTw1aOjF8RnwvHB
8hs=
-----END CERTIFICATE-----