Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/4963ec-576f-4167-993c-99f182213d4f/1/By2DGO8mAKRwvilovsE7V_h9B_E.roa
File:                     By2DGO8mAKRwvilovsE7V_h9B_E.roa (raw, json)
Hash identifier:          wX+9hOVDj8DxNXRQFf1WcfLUxNIfChBE+36SraWm1b8=
Subject key identifier:   07:2D:83:18:EF:26:00:A4:70:BE:29:68:BE:C1:3B:57:F8:7D:07:F1
Certificate issuer:       /CN=d1de07a1a1f65bd116e11f9f1108604b6e95ccfd
Certificate serial:       018CCA29FF5AD11D2B48FB39BEFFBE12B00E
Authority key identifier: D1:DE:07:A1:A1:F6:5B:D1:16:E1:1F:9F:11:08:60:4B:6E:95:CC:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0d4HoaH2W9EW4R-fEQhgS26VzP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/4963ec-576f-4167-993c-99f182213d4f/1/By2DGO8mAKRwvilovsE7V_h9B_E.roa
Signing time:             Tue 02 Jan 2024 12:33:19 +0000
ROA not before:           Tue 02 Jan 2024 12:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61335
IP address blocks:        91.242.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/4963ec-576f-4167-993c-99f182213d4f/1/0d4HoaH2W9EW4R-fEQhgS26VzP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/4963ec-576f-4167-993c-99f182213d4f/1/0d4HoaH2W9EW4R-fEQhgS26VzP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0d4HoaH2W9EW4R-fEQhgS26VzP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:ff:5a:d1:1d:2b:48:fb:39:be:ff:be:12:b0:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1de07a1a1f65bd116e11f9f1108604b6e95ccfd
        Validity
            Not Before: Jan  2 12:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=072d8318ef2600a470be2968bec13b57f87d07f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:30:46:ab:48:38:09:d0:d8:eb:81:39:ae:3b:
                    df:20:ee:56:a2:80:a0:42:da:53:43:f0:22:f9:bb:
                    12:c2:93:60:b5:56:ee:fa:c4:47:23:c9:17:cf:bc:
                    3d:5d:3a:2b:96:3b:ef:08:68:a4:df:e6:b9:31:d2:
                    d1:92:90:16:2c:79:1d:7f:c7:03:ad:b8:78:0e:0e:
                    51:5b:1b:a5:f1:2b:1b:44:c7:92:b6:bb:69:30:f8:
                    08:88:f6:79:c0:4e:22:25:69:d1:8e:53:b1:d1:12:
                    64:ca:82:dc:ce:31:a5:dd:42:6d:ea:06:e5:1e:73:
                    79:00:6d:fc:6e:58:81:19:b1:0a:8f:55:1c:16:01:
                    63:40:74:8a:c7:87:b2:72:fd:67:87:8b:e4:6b:c8:
                    16:49:94:f3:20:6c:15:f3:3c:42:62:6f:d1:a0:3a:
                    ac:f9:f1:02:82:00:14:78:c2:2a:8e:21:ec:b2:03:
                    0e:a0:54:8b:ad:fe:3e:3f:31:dc:e7:45:b2:35:e7:
                    8f:60:c4:0d:42:bd:65:b7:ba:85:1f:be:db:2e:de:
                    27:71:a2:94:f4:26:1e:1a:79:34:b0:81:25:18:a5:
                    ac:50:99:3d:5a:0b:92:04:86:c1:7e:1c:6d:7b:0e:
                    65:fd:54:af:74:d3:94:ac:f7:fc:fe:dc:eb:d7:18:
                    b8:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:2D:83:18:EF:26:00:A4:70:BE:29:68:BE:C1:3B:57:F8:7D:07:F1
            X509v3 Authority Key Identifier:
                keyid:D1:DE:07:A1:A1:F6:5B:D1:16:E1:1F:9F:11:08:60:4B:6E:95:CC:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d4HoaH2W9EW4R-fEQhgS26VzP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/4963ec-576f-4167-993c-99f182213d4f/1/By2DGO8mAKRwvilovsE7V_h9B_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/4963ec-576f-4167-993c-99f182213d4f/1/0d4HoaH2W9EW4R-fEQhgS26VzP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:d7:77:2c:c1:0e:d9:5e:1b:35:14:8c:87:b2:cc:b6:5e:fe:
         af:49:0a:83:1d:94:41:2e:76:ca:ba:10:aa:a7:da:95:49:9e:
         bc:3a:69:c9:b4:53:25:46:f7:16:61:04:17:5a:8a:bc:31:6b:
         ec:a1:62:60:a6:b6:38:f6:e8:6c:0a:35:27:3e:6a:ad:a8:12:
         8e:a4:c2:46:f7:78:64:70:46:4b:90:d7:01:9f:3f:86:89:ae:
         c9:5d:2b:a3:73:43:e8:cc:d8:7d:a0:77:fb:b3:42:25:b6:3a:
         27:0a:89:23:45:c8:25:98:49:9b:6c:70:0e:f3:87:ce:65:16:
         5f:a0:7f:fb:9c:79:61:31:f8:83:51:6e:0a:15:a1:36:ee:3d:
         25:b1:f7:26:c6:3e:db:d6:31:76:cd:28:cb:c1:b9:33:9c:ba:
         f8:5f:71:4f:87:39:a6:06:01:b5:a0:1e:0d:80:9b:31:aa:2e:
         93:43:4b:7b:54:fc:47:65:4c:6c:dc:3f:1d:bc:aa:95:c7:1e:
         2e:92:76:dd:55:bf:16:46:ba:d4:96:93:dd:48:91:87:ef:d6:
         0b:9c:ba:0e:2a:1c:e1:9c:45:07:6f:47:9a:b9:d9:ed:e7:29:
         52:4d:c9:5e:a5:2e:7d:f2:12:68:a1:4a:ab:96:5c:96:58:ae:
         7a:1c:2c:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKf9a0R0rSPs5vv++ErAOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZGUwN2ExYTFmNjViZDExNmUxMWY5ZjExMDg2MDRiNmU5
NWNjZmQwHhcNMjQwMTAyMTIzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzJkODMxOGVmMjYwMGE0NzBiZTI5NjhiZWMxM2I1N2Y4N2QwN2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDBGq0g4CdDY64E5rjvfIO5WooCg
QtpTQ/Ai+bsSwpNgtVbu+sRHI8kXz7w9XTorljvvCGik3+a5MdLRkpAWLHkdf8cD
rbh4Dg5RWxul8SsbRMeStrtpMPgIiPZ5wE4iJWnRjlOx0RJkyoLczjGl3UJt6gbl
HnN5AG38bliBGbEKj1UcFgFjQHSKx4eycv1nh4vka8gWSZTzIGwV8zxCYm/RoDqs
+fECggAUeMIqjiHssgMOoFSLrf4+PzHc50WyNeePYMQNQr1lt7qFH77bLt4ncaKU
9CYeGnk0sIElGKWsUJk9WguSBIbBfhxtew5l/VSvdNOUrPf8/tzr1xi4vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFActgxjvJgCkcL4paL7BO1f4fQfxMB8GA1UdIwQY
MBaAFNHeB6Gh9lvRFuEfnxEIYEtulcz9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGQ0SG9hSDJXOUVXNFItZkVRaGdTMjZWelAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy80OTYzZWMtNTc2Zi00MTY3LTk5M2Mt
OTlmMTgyMjEzZDRmLzEvQnkyREdPOG1BS1J3dmlsb3ZzRTdWX2g5Ql9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy80OTYzZWMtNTc2Zi00MTY3LTk5M2MtOTlmMTgyMjEzZDRm
LzEvMGQ0SG9hSDJXOUVXNFItZkVRaGdTMjZWelAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/KjMA0G
CSqGSIb3DQEBCwUAA4IBAQAB13cswQ7ZXhs1FIyHssy2Xv6vSQqDHZRBLnbKuhCq
p9qVSZ68OmnJtFMlRvcWYQQXWoq8MWvsoWJgprY49uhsCjUnPmqtqBKOpMJG93hk
cEZLkNcBnz+Gia7JXSujc0PozNh9oHf7s0IltjonCokjRcglmEmbbHAO84fOZRZf
oH/7nHlhMfiDUW4KFaE27j0lsfcmxj7b1jF2zSjLwbkznLr4X3FPhzmmBgG1oB4N
gJsxqi6TQ0t7VPxHZUxs3D8dvKqVxx4uknbdVb8WRrrUlpPdSJGH79YLnLoOKhzh
nEUHb0eaudnt5ylSTclepS598hJooUqrllyWWK56HCxv
-----END CERTIFICATE-----