Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/2b9a72-6186-4154-ae3b-01521e658e99/1/x05BDDKFf2E4LOCuhf1onbKujT8.roa
File:                     x05BDDKFf2E4LOCuhf1onbKujT8.roa (raw, json)
Hash identifier:          DLbJFukw25YlkjM4PHdFR6iLTFbC8PECqkA7lYa/Ffo=
Subject key identifier:   C7:4E:41:0C:32:85:7F:61:38:2C:E0:AE:85:FD:68:9D:B2:AE:8D:3F
Certificate issuer:       /CN=346474a33c051d17152b21322ccf4ff3808b4270
Certificate serial:       018EEB9F3F5CEEEA8F2E5852B88DAE541619
Authority key identifier: 34:64:74:A3:3C:05:1D:17:15:2B:21:32:2C:CF:4F:F3:80:8B:42:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NGR0ozwFHRcVKyEyLM9P84CLQnA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/2b9a72-6186-4154-ae3b-01521e658e99/1/x05BDDKFf2E4LOCuhf1onbKujT8.roa
Signing time:             Wed 17 Apr 2024 10:34:25 +0000
ROA not before:           Wed 17 Apr 2024 10:34:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215307
IP address blocks:        91.234.11.0/24 maxlen: 24
                          2a14:1f40::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/2b9a72-6186-4154-ae3b-01521e658e99/1/NGR0ozwFHRcVKyEyLM9P84CLQnA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/2b9a72-6186-4154-ae3b-01521e658e99/1/NGR0ozwFHRcVKyEyLM9P84CLQnA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NGR0ozwFHRcVKyEyLM9P84CLQnA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:eb:9f:3f:5c:ee:ea:8f:2e:58:52:b8:8d:ae:54:16:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=346474a33c051d17152b21322ccf4ff3808b4270
        Validity
            Not Before: Apr 17 10:34:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c74e410c32857f61382ce0ae85fd689db2ae8d3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:c5:31:35:7a:ff:9c:d4:20:5c:4a:e7:6e:b8:
                    ca:f8:22:1d:e8:2a:18:ff:9f:3f:5e:bc:aa:ba:c4:
                    38:c8:f2:c2:46:4a:3d:f3:b8:33:0e:46:24:4a:8b:
                    99:4d:a4:4e:49:24:18:ee:22:fe:dd:78:52:0e:bc:
                    96:97:69:96:d0:77:14:39:79:85:cb:b8:c2:98:ac:
                    e8:5c:74:dc:96:c9:b7:5e:3c:75:72:10:36:23:ec:
                    b6:7a:06:bb:58:47:53:4b:82:3b:12:4c:8c:0c:90:
                    a8:f8:f6:f7:33:18:8b:e7:df:55:93:82:7d:b1:fc:
                    00:5f:1a:0a:67:5d:48:8d:f3:e4:5d:e4:0d:b5:56:
                    7a:43:46:3e:00:aa:3c:af:8c:3e:19:69:80:11:ee:
                    32:98:11:53:fa:a7:98:74:06:88:83:82:1c:e7:07:
                    9c:0c:c5:bf:86:72:9f:f0:2b:8a:a2:2a:ce:bc:5d:
                    d0:de:e4:63:bd:d2:5b:e8:d2:6d:61:c6:2b:af:82:
                    0c:fe:d1:95:a1:53:e9:5e:53:ba:d9:30:2f:5a:00:
                    5b:e5:10:ab:b7:11:96:ac:d9:e4:23:a2:ab:26:71:
                    74:c4:93:05:76:cf:92:db:96:fe:84:4e:4b:d8:6d:
                    6a:f9:97:e8:de:6e:6b:03:fa:e8:4e:bb:45:77:4b:
                    16:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:4E:41:0C:32:85:7F:61:38:2C:E0:AE:85:FD:68:9D:B2:AE:8D:3F
            X509v3 Authority Key Identifier:
                keyid:34:64:74:A3:3C:05:1D:17:15:2B:21:32:2C:CF:4F:F3:80:8B:42:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NGR0ozwFHRcVKyEyLM9P84CLQnA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/2b9a72-6186-4154-ae3b-01521e658e99/1/x05BDDKFf2E4LOCuhf1onbKujT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/2b9a72-6186-4154-ae3b-01521e658e99/1/NGR0ozwFHRcVKyEyLM9P84CLQnA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.11.0/24
                IPv6:
                  2a14:1f40::/32

    Signature Algorithm: sha256WithRSAEncryption
         31:24:2b:c7:81:1d:f2:63:04:3d:5d:9f:fd:39:5a:13:e6:fc:
         cd:2a:7e:16:3c:81:4a:16:63:d2:1f:0a:7b:06:5b:da:3d:9e:
         4d:da:bb:89:9a:3c:fe:28:66:4b:20:09:14:37:f7:7e:b6:79:
         06:ff:7a:cf:d5:0f:39:72:a1:3b:da:5c:e2:19:20:d0:75:38:
         5f:54:3f:d4:51:85:ea:4d:c2:e2:f6:e3:57:aa:e4:12:e4:68:
         a1:ec:ec:60:05:e6:34:0d:4e:fe:6e:b4:e6:ea:8f:8b:03:98:
         ac:3a:ec:53:d4:16:18:64:c4:c4:40:2a:66:eb:df:c8:3c:5e:
         ab:1b:76:7e:3d:7a:72:58:d0:ae:b3:31:63:d0:d3:e8:cb:1e:
         57:1b:35:9a:36:98:42:5c:47:14:12:b0:24:d8:7c:61:47:4a:
         58:3b:83:1a:18:c7:54:29:ca:74:93:d3:e1:75:18:1b:6b:8a:
         3e:e7:69:41:15:8e:ab:ce:47:15:39:0f:7f:30:44:2c:ae:73:
         ed:be:33:7a:b3:45:0c:cc:4f:b7:6c:31:fc:b3:17:3f:7e:dd:
         b3:1a:fc:5b:ff:0b:00:ab:95:4f:cd:09:3c:d7:85:80:81:fc:
         80:60:9d:85:53:5b:b5:1d:91:f7:cf:df:b7:d4:09:36:3c:58:
         15:2c:8c:4f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY7rnz9c7uqPLlhSuI2uVBYZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NjQ3NGEzM2MwNTFkMTcxNTJiMjEzMjJjY2Y0ZmYzODA4
YjQyNzAwHhcNMjQwNDE3MTAzNDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzRlNDEwYzMyODU3ZjYxMzgyY2UwYWU4NWZkNjg5ZGIyYWU4ZDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMUxNXr/nNQgXErnbrjK+CId6CoY
/58/XryqusQ4yPLCRko987gzDkYkSouZTaROSSQY7iL+3XhSDryWl2mW0HcUOXmF
y7jCmKzoXHTclsm3Xjx1chA2I+y2ega7WEdTS4I7EkyMDJCo+Pb3MxiL599Vk4J9
sfwAXxoKZ11IjfPkXeQNtVZ6Q0Y+AKo8r4w+GWmAEe4ymBFT+qeYdAaIg4Ic5wec
DMW/hnKf8CuKoirOvF3Q3uRjvdJb6NJtYcYrr4IM/tGVoVPpXlO62TAvWgBb5RCr
txGWrNnkI6KrJnF0xJMFds+S25b+hE5L2G1q+Zfo3m5rA/roTrtFd0sWgwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMdOQQwyhX9hOCzgroX9aJ2yro0/MB8GA1UdIwQY
MBaAFDRkdKM8BR0XFSshMizPT/OAi0JwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkdSMG96d0ZIUmNWS3lFeUxNOVA4NENMUW5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8yYjlhNzItNjE4Ni00MTU0LWFlM2It
MDE1MjFlNjU4ZTk5LzEveDA1QkRES0ZmMkU0TE9DdWhmMW9uYkt1alQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8yYjlhNzItNjE4Ni00MTU0LWFlM2ItMDE1MjFlNjU4ZTk5
LzEvTkdSMG96d0ZIUmNWS3lFeUxNOVA4NENMUW5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW+oLMA0E
AgACMAcDBQAqFB9AMA0GCSqGSIb3DQEBCwUAA4IBAQAxJCvHgR3yYwQ9XZ/9OVoT
5vzNKn4WPIFKFmPSHwp7BlvaPZ5N2ruJmjz+KGZLIAkUN/d+tnkG/3rP1Q85cqE7
2lziGSDQdThfVD/UUYXqTcLi9uNXquQS5Gih7OxgBeY0DU7+brTm6o+LA5isOuxT
1BYYZMTEQCpm69/IPF6rG3Z+PXpyWNCuszFj0NPoyx5XGzWaNphCXEcUErAk2Hxh
R0pYO4MaGMdUKcp0k9PhdRgba4o+52lBFY6rzkcVOQ9/MEQsrnPtvjN6s0UMzE+3
bDH8sxc/ft2zGvxb/wsAq5VPzQk814WAgfyAYJ2FU1u1HZH3z9+31Ak2PFgVLIxP
-----END CERTIFICATE-----