Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/14f9f5-25d7-45e8-bc24-9a688080a579/1/_1o-GhtBZFcAgbhScAoD5vEasmQ.roa
File:                     _1o-GhtBZFcAgbhScAoD5vEasmQ.roa (raw, json)
Hash identifier:          hliosRBkZ7AL4CNN84jAwrq4t8AZqql2Jlh0fzMSX8E=
Subject key identifier:   FF:5A:3E:1A:1B:41:64:57:00:81:B8:52:70:0A:03:E6:F1:1A:B2:64
Certificate issuer:       /CN=34cb956ec3a14f6f5e4b76d54342fa98d59c77a6
Certificate serial:       018CC94AC61AE7692D8719316289AF499E66
Authority key identifier: 34:CB:95:6E:C3:A1:4F:6F:5E:4B:76:D5:43:42:FA:98:D5:9C:77:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NMuVbsOhT29eS3bVQ0L6mNWcd6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/14f9f5-25d7-45e8-bc24-9a688080a579/1/_1o-GhtBZFcAgbhScAoD5vEasmQ.roa
Signing time:             Tue 02 Jan 2024 08:29:29 +0000
ROA not before:           Tue 02 Jan 2024 08:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211600
IP address blocks:        91.195.150.0/23 maxlen: 24
                          2001:678:2e0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/14f9f5-25d7-45e8-bc24-9a688080a579/1/NMuVbsOhT29eS3bVQ0L6mNWcd6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/14f9f5-25d7-45e8-bc24-9a688080a579/1/NMuVbsOhT29eS3bVQ0L6mNWcd6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NMuVbsOhT29eS3bVQ0L6mNWcd6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:c6:1a:e7:69:2d:87:19:31:62:89:af:49:9e:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34cb956ec3a14f6f5e4b76d54342fa98d59c77a6
        Validity
            Not Before: Jan  2 08:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff5a3e1a1b4164570081b852700a03e6f11ab264
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:7e:4c:73:47:17:9e:bd:17:19:da:d6:fc:d1:
                    88:d1:45:a9:0a:5d:77:13:bb:b8:72:9b:96:f1:fc:
                    90:71:e6:b3:24:4f:fc:39:d4:06:16:f8:92:bb:3e:
                    71:e5:1f:96:ab:bb:a7:3f:cf:cd:d4:a9:1c:3f:2c:
                    43:c4:b4:71:e7:d4:6c:9b:c0:fc:e5:cf:26:48:a5:
                    50:fa:1d:78:b3:9c:ee:a1:48:c4:f3:e1:5d:a6:85:
                    70:f7:f1:c8:51:ad:9d:73:50:72:50:b5:53:e3:41:
                    1d:d1:4f:aa:3c:9f:8d:41:23:78:01:d2:82:b6:91:
                    d9:ac:af:1c:50:4c:6e:4b:ed:fd:58:40:68:09:6b:
                    41:a4:58:14:5b:ad:46:9d:f7:ae:4d:35:24:be:9c:
                    83:2a:65:4f:cd:02:a8:de:64:0e:04:83:75:60:13:
                    59:f5:a5:0e:41:dc:83:5a:18:69:0a:65:da:99:78:
                    4b:c0:9b:09:db:99:30:75:68:a5:32:e2:e9:44:b9:
                    f7:8a:d8:a2:1a:49:78:1a:ed:af:ab:71:f8:37:1c:
                    a0:4a:3f:41:14:55:3e:ad:58:05:fc:da:e6:cd:89:
                    1a:e4:2a:84:ba:7e:47:75:6b:66:cc:48:05:a7:c9:
                    74:f0:63:e9:7c:c2:f3:d6:f8:f1:6f:df:1a:ff:6c:
                    c3:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:5A:3E:1A:1B:41:64:57:00:81:B8:52:70:0A:03:E6:F1:1A:B2:64
            X509v3 Authority Key Identifier:
                keyid:34:CB:95:6E:C3:A1:4F:6F:5E:4B:76:D5:43:42:FA:98:D5:9C:77:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NMuVbsOhT29eS3bVQ0L6mNWcd6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/14f9f5-25d7-45e8-bc24-9a688080a579/1/_1o-GhtBZFcAgbhScAoD5vEasmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/14f9f5-25d7-45e8-bc24-9a688080a579/1/NMuVbsOhT29eS3bVQ0L6mNWcd6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.150.0/23
                IPv6:
                  2001:678:2e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:33:75:8a:89:d7:93:a8:6f:3c:29:e3:05:ae:14:f2:5b:28:
         02:88:b1:36:df:3b:d6:e4:ea:b6:7d:e4:4e:49:6d:7c:a3:4a:
         2a:9a:79:a2:b3:9e:e6:8e:3e:cd:5d:2d:08:0f:28:13:79:da:
         c3:ca:0a:26:9d:6c:b4:75:51:f9:f9:97:6a:01:4f:2b:77:ec:
         27:a1:f4:0a:0a:55:67:f0:da:c6:ac:59:b0:62:33:a8:40:ab:
         f8:20:72:31:f8:e7:b4:10:1e:59:5c:24:1d:a3:bc:08:14:db:
         9c:3c:a0:32:50:ba:a0:07:2d:dd:30:5c:6e:87:50:e8:49:cf:
         ed:8e:f0:a0:71:6b:45:f1:9b:f0:7f:55:21:0a:cb:02:94:ab:
         14:5c:aa:6f:48:42:a1:96:99:46:08:40:4b:73:63:ca:a8:dd:
         d0:14:73:b6:6c:ef:c8:57:21:e8:bf:45:f8:28:ac:3a:86:00:
         d6:34:9c:e7:9f:23:9b:e9:5f:40:b0:de:ca:d8:d0:08:cc:2b:
         dd:ba:e0:f3:68:9c:05:ad:44:44:66:4b:e6:7b:88:28:aa:41:
         11:f4:3b:93:ac:41:8c:70:76:e6:8b:37:34:a4:1a:33:d5:8b:
         cf:ba:d1:e5:f5:1e:f3:53:68:a1:09:02:be:f7:2e:1a:09:f2:
         d9:19:84:5b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJSsYa52kthxkxYomvSZ5mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0Y2I5NTZlYzNhMTRmNmY1ZTRiNzZkNTQzNDJmYTk4ZDU5
Yzc3YTYwHhcNMjQwMTAyMDgyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjVhM2UxYTFiNDE2NDU3MDA4MWI4NTI3MDBhMDNlNmYxMWFiMjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH5Mc0cXnr0XGdrW/NGI0UWpCl13
E7u4cpuW8fyQceazJE/8OdQGFviSuz5x5R+Wq7unP8/N1KkcPyxDxLRx59Rsm8D8
5c8mSKVQ+h14s5zuoUjE8+FdpoVw9/HIUa2dc1ByULVT40Ed0U+qPJ+NQSN4AdKC
tpHZrK8cUExuS+39WEBoCWtBpFgUW61GnfeuTTUkvpyDKmVPzQKo3mQOBIN1YBNZ
9aUOQdyDWhhpCmXamXhLwJsJ25kwdWilMuLpRLn3itiiGkl4Gu2vq3H4NxygSj9B
FFU+rVgF/NrmzYka5CqEun5HdWtmzEgFp8l08GPpfMLz1vjxb98a/2zDbQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFP9aPhobQWRXAIG4UnAKA+bxGrJkMB8GA1UdIwQY
MBaAFDTLlW7DoU9vXkt21UNC+pjVnHemMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTk11VmJzT2hUMjllUzNiVlEwTDZtTldjZDZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xNGY5ZjUtMjVkNy00NWU4LWJjMjQt
OWE2ODgwODBhNTc5LzEvXzFvLUdodEJaRmNBZ2JoU2NBb0Q1dkVhc21RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xNGY5ZjUtMjVkNy00NWU4LWJjMjQtOWE2ODgwODBhNTc5
LzEvTk11VmJzT2hUMjllUzNiVlEwTDZtTldjZDZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBW8OWMA8E
AgACMAkDBwAgAQZ4AuAwDQYJKoZIhvcNAQELBQADggEBADEzdYqJ15Oobzwp4wWu
FPJbKAKIsTbfO9bk6rZ95E5JbXyjSiqaeaKznuaOPs1dLQgPKBN52sPKCiadbLR1
Ufn5l2oBTyt37Ceh9AoKVWfw2sasWbBiM6hAq/ggcjH457QQHllcJB2jvAgU25w8
oDJQuqAHLd0wXG6HUOhJz+2O8KBxa0Xxm/B/VSEKywKUqxRcqm9IQqGWmUYIQEtz
Y8qo3dAUc7Zs78hXIei/RfgorDqGANY0nOefI5vpX0Cw3srY0AjMK9264PNonAWt
RERmS+Z7iCiqQRH0O5OsQYxwduaLNzSkGjPVi8+60eX1HvNTaKEJAr73LhoJ8tkZ
hFs=
-----END CERTIFICATE-----