Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/0817cb-6dd2-4f75-8bb5-abcca2b44e9f/1/lF1iyyTecMer-VEWz6HQbJ1h-9c.roa
File:                     lF1iyyTecMer-VEWz6HQbJ1h-9c.roa (raw, json)
Hash identifier:          nLmObfbfkjWCUPDsHMsXFEfQy+o26JLPtuqfyjE0XtY=
Subject key identifier:   94:5D:62:CB:24:DE:70:C7:AB:F9:51:16:CF:A1:D0:6C:9D:61:FB:D7
Certificate issuer:       /CN=a1b81756b6110f2a75495c74c820e0e734ee8a6c
Certificate serial:       018CC727286F75D106963D04E6B1D614FFC7
Authority key identifier: A1:B8:17:56:B6:11:0F:2A:75:49:5C:74:C8:20:E0:E7:34:EE:8A:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/obgXVrYRDyp1SVx0yCDg5zTuimw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/0817cb-6dd2-4f75-8bb5-abcca2b44e9f/1/lF1iyyTecMer-VEWz6HQbJ1h-9c.roa
Signing time:             Mon 01 Jan 2024 22:31:21 +0000
ROA not before:           Mon 01 Jan 2024 22:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6830
IP address blocks:        91.238.60.0/24 maxlen: 24
                          91.247.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/0817cb-6dd2-4f75-8bb5-abcca2b44e9f/1/obgXVrYRDyp1SVx0yCDg5zTuimw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/0817cb-6dd2-4f75-8bb5-abcca2b44e9f/1/obgXVrYRDyp1SVx0yCDg5zTuimw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/obgXVrYRDyp1SVx0yCDg5zTuimw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:28:6f:75:d1:06:96:3d:04:e6:b1:d6:14:ff:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1b81756b6110f2a75495c74c820e0e734ee8a6c
        Validity
            Not Before: Jan  1 22:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=945d62cb24de70c7abf95116cfa1d06c9d61fbd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:3b:3c:13:18:7e:3a:c3:f7:7c:32:24:68:4e:
                    69:9f:e1:52:ab:de:35:d1:25:ac:67:d2:bf:e7:b8:
                    30:ff:bb:39:7b:1a:2a:e6:70:63:a1:ca:d7:ed:0a:
                    4e:2f:f2:ea:8c:16:62:7e:ac:97:86:f0:30:d0:66:
                    88:94:99:60:71:4a:33:49:9c:6d:25:5c:ae:a5:b0:
                    36:b3:81:7f:19:fa:9d:69:d0:b0:29:72:43:02:38:
                    84:3f:a4:1c:9a:aa:21:ae:00:25:17:24:85:3f:eb:
                    23:12:65:09:e1:8d:88:23:af:76:57:52:4e:2a:c8:
                    9b:41:c3:ff:65:4c:5e:f9:52:b0:76:03:be:33:d9:
                    b9:59:df:54:67:07:c0:1a:6e:c4:a0:8e:12:aa:38:
                    a0:3e:42:a6:b7:a2:8a:a9:01:20:d8:67:e3:16:95:
                    3b:21:d3:19:89:2e:7b:ed:7d:2e:d0:9a:fd:f3:22:
                    64:02:86:b7:39:de:ef:f9:02:26:be:8a:45:78:5e:
                    bd:8d:f1:6b:59:41:50:cd:3c:ef:73:8c:38:2d:ad:
                    a3:54:8f:4c:88:d5:96:d7:1f:02:bf:a3:58:1a:ba:
                    b7:fc:cb:10:89:4c:82:7e:ce:bf:fd:c4:20:07:e2:
                    34:4d:04:08:3e:ef:53:06:12:7e:3d:2f:56:cd:14:
                    18:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:5D:62:CB:24:DE:70:C7:AB:F9:51:16:CF:A1:D0:6C:9D:61:FB:D7
            X509v3 Authority Key Identifier:
                keyid:A1:B8:17:56:B6:11:0F:2A:75:49:5C:74:C8:20:E0:E7:34:EE:8A:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/obgXVrYRDyp1SVx0yCDg5zTuimw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/0817cb-6dd2-4f75-8bb5-abcca2b44e9f/1/lF1iyyTecMer-VEWz6HQbJ1h-9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/0817cb-6dd2-4f75-8bb5-abcca2b44e9f/1/obgXVrYRDyp1SVx0yCDg5zTuimw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.60.0/24
                  91.247.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:a8:8d:e0:29:97:cf:7c:69:58:8f:ed:f9:53:b5:65:b7:2c:
         ea:e2:ca:9f:72:5c:cb:37:6d:fb:b0:12:56:f4:07:c1:32:a4:
         e3:d5:b3:bc:e4:1b:70:d0:4f:83:60:12:bb:07:a6:fd:8d:7e:
         b4:90:75:17:6a:bd:0a:14:b7:ed:0f:3c:6a:b7:7c:33:73:88:
         2b:2e:dd:54:4f:02:da:cf:3b:34:fb:18:64:6c:88:df:e9:55:
         30:da:84:e7:fb:0c:e3:85:46:61:0f:e0:6c:67:04:7a:d2:35:
         23:65:f8:c7:75:a0:f3:46:a1:db:50:b2:98:fd:8e:b7:fa:a1:
         64:8a:81:8c:22:5f:7a:65:76:3b:a0:12:30:7a:f1:05:bc:a5:
         47:35:c4:0c:37:72:6c:e0:70:7f:8f:ce:05:95:65:4e:0b:ad:
         a8:dc:77:25:9f:35:c5:04:f1:99:aa:bf:41:a7:11:86:3a:c4:
         cc:70:e4:ff:e3:d0:f4:7c:90:6e:10:42:89:eb:8b:41:53:e8:
         e1:53:20:ab:8f:92:c9:3c:62:17:58:4b:6f:b1:e4:1f:4f:f3:
         d4:68:f4:15:b3:93:9c:3f:a3:0d:09:06:de:d3:91:a1:13:22:
         ff:83:64:06:8c:26:7e:8f:04:94:bc:38:ed:c9:67:6a:3b:fd:
         14:13:fb:11
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJyhvddEGlj0E5rHWFP/HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExYjgxNzU2YjYxMTBmMmE3NTQ5NWM3NGM4MjBlMGU3MzRl
ZThhNmMwHhcNMjQwMTAxMjIzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDVkNjJjYjI0ZGU3MGM3YWJmOTUxMTZjZmExZDA2YzlkNjFmYmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDs8Exh+OsP3fDIkaE5pn+FSq941
0SWsZ9K/57gw/7s5exoq5nBjocrX7QpOL/LqjBZifqyXhvAw0GaIlJlgcUozSZxt
JVyupbA2s4F/GfqdadCwKXJDAjiEP6QcmqohrgAlFySFP+sjEmUJ4Y2II692V1JO
KsibQcP/ZUxe+VKwdgO+M9m5Wd9UZwfAGm7EoI4SqjigPkKmt6KKqQEg2GfjFpU7
IdMZiS577X0u0Jr98yJkAoa3Od7v+QImvopFeF69jfFrWUFQzTzvc4w4La2jVI9M
iNWW1x8Cv6NYGrq3/MsQiUyCfs6//cQgB+I0TQQIPu9TBhJ+PS9WzRQYWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJRdYssk3nDHq/lRFs+h0GydYfvXMB8GA1UdIwQY
MBaAFKG4F1a2EQ8qdUlcdMgg4Oc07opsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2JnWFZyWVJEeXAxU1Z4MHlDRGc1elR1aW13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8wODE3Y2ItNmRkMi00Zjc1LThiYjUt
YWJjY2EyYjQ0ZTlmLzEvbEYxaXl5VGVjTWVyLVZFV3o2SFFiSjFoLTljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8wODE3Y2ItNmRkMi00Zjc1LThiYjUtYWJjY2EyYjQ0ZTlm
LzEvb2JnWFZyWVJEeXAxU1Z4MHlDRGc1elR1aW13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+48AwQA
W/eTMA0GCSqGSIb3DQEBCwUAA4IBAQAiqI3gKZfPfGlYj+35U7Vltyzq4sqfclzL
N237sBJW9AfBMqTj1bO85Btw0E+DYBK7B6b9jX60kHUXar0KFLftDzxqt3wzc4gr
Lt1UTwLazzs0+xhkbIjf6VUw2oTn+wzjhUZhD+BsZwR60jUjZfjHdaDzRqHbULKY
/Y63+qFkioGMIl96ZXY7oBIwevEFvKVHNcQMN3Js4HB/j84FlWVOC62o3HclnzXF
BPGZqr9BpxGGOsTMcOT/49D0fJBuEEKJ64tBU+jhUyCrj5LJPGIXWEtvseQfT/PU
aPQVs5OcP6MNCQbe05GhEyL/g2QGjCZ+jwSUvDjtyWdqO/0UE/sR
-----END CERTIFICATE-----