Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/o-uQlsnJrHGIWLBNMpiLVn7bm54.roa
File:                     o-uQlsnJrHGIWLBNMpiLVn7bm54.roa (raw, json)
Hash identifier:          x02oh3RHmQszYWaVgKV/BGqgzF80+kOF1fX1gQazNlQ=
Subject key identifier:   A3:EB:90:96:C9:C9:AC:71:88:58:B0:4D:32:98:8B:56:7E:DB:9B:9E
Certificate issuer:       /CN=361adf57c8dcb7bfd34e9aecd83e36342ec3a3c9
Certificate serial:       018CC794FA8F3791609F13F94986BFD16A9A
Authority key identifier: 36:1A:DF:57:C8:DC:B7:BF:D3:4E:9A:EC:D8:3E:36:34:2E:C3:A3:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NhrfV8jct7_TTprs2D42NC7Do8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/o-uQlsnJrHGIWLBNMpiLVn7bm54.roa
Signing time:             Tue 02 Jan 2024 00:31:18 +0000
ROA not before:           Tue 02 Jan 2024 00:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209975
IP address blocks:        91.239.147.0/24 maxlen: 24
                          2001:67c:1240::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/NhrfV8jct7_TTprs2D42NC7Do8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/NhrfV8jct7_TTprs2D42NC7Do8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NhrfV8jct7_TTprs2D42NC7Do8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:fa:8f:37:91:60:9f:13:f9:49:86:bf:d1:6a:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=361adf57c8dcb7bfd34e9aecd83e36342ec3a3c9
        Validity
            Not Before: Jan  2 00:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3eb9096c9c9ac718858b04d32988b567edb9b9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:27:82:d3:9c:b0:c0:67:a1:61:3f:fb:b9:e5:
                    93:ac:89:6c:20:21:37:d4:e4:3c:ff:82:b7:cb:a3:
                    32:e1:66:c2:83:99:4e:70:d9:66:20:ae:0c:05:1f:
                    bc:c6:cd:07:21:ce:79:05:a1:33:90:28:d9:09:65:
                    25:26:14:5d:db:d9:9f:84:a0:e2:02:23:3a:96:70:
                    12:78:ff:89:34:15:67:58:31:82:e5:01:fd:73:24:
                    a9:d4:78:d2:de:b6:37:f6:14:1e:30:d3:e7:60:e6:
                    fd:f2:78:a4:2e:2d:b6:7a:1e:36:7c:44:d5:99:b0:
                    41:12:04:71:bd:6d:ac:c1:4e:94:f9:26:c9:1d:fe:
                    73:de:26:e3:95:a5:5d:26:b4:cb:f7:92:46:18:13:
                    67:58:f5:5d:9d:58:43:f2:54:1b:ad:64:fa:b3:e3:
                    bd:21:13:d8:37:fd:a5:be:2b:6f:4c:0e:7e:34:2f:
                    16:7c:c1:da:65:10:1f:2b:44:c7:f7:87:18:c9:6b:
                    d8:dc:2c:f6:03:9e:b7:63:66:ed:5e:67:83:12:48:
                    d2:4f:96:da:c6:a4:47:0a:0b:e3:db:5c:5a:2a:76:
                    3f:5d:9c:e8:f8:48:23:fc:c6:21:d4:b6:7e:fc:6a:
                    13:b5:57:64:40:bb:a0:25:f9:9f:87:54:4d:4c:35:
                    2d:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:EB:90:96:C9:C9:AC:71:88:58:B0:4D:32:98:8B:56:7E:DB:9B:9E
            X509v3 Authority Key Identifier:
                keyid:36:1A:DF:57:C8:DC:B7:BF:D3:4E:9A:EC:D8:3E:36:34:2E:C3:A3:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NhrfV8jct7_TTprs2D42NC7Do8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/o-uQlsnJrHGIWLBNMpiLVn7bm54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/NhrfV8jct7_TTprs2D42NC7Do8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.147.0/24
                IPv6:
                  2001:67c:1240::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:55:cb:59:58:91:db:1a:b1:de:78:c3:88:aa:43:f7:40:c1:
         98:00:fa:24:e9:f9:30:ab:6d:59:0a:14:6a:ed:a4:f3:9f:13:
         58:5b:39:6b:9a:02:91:54:68:05:f6:79:89:0e:47:81:8a:ff:
         d6:ac:3c:3e:77:68:96:b7:72:32:d1:5d:e2:57:09:98:e6:a0:
         09:c3:e7:bb:d2:e4:7a:79:74:e2:cd:8a:06:ca:75:e8:fe:a5:
         22:ff:78:66:6e:2d:61:0c:11:5f:02:4b:fb:80:1e:da:ae:78:
         a5:cc:e1:ef:4c:03:7a:f9:8c:2b:79:dc:35:e2:27:56:df:d8:
         2c:c0:0b:47:d9:65:54:b7:5c:62:89:a8:ad:0a:58:b7:c3:dc:
         98:53:ee:7e:16:e9:59:5a:2c:09:6e:c8:5e:26:6e:54:98:79:
         68:a0:57:46:f8:76:bf:7e:1c:e1:46:0b:1f:f5:61:8f:de:06:
         fc:43:e4:0b:da:1d:16:d1:94:06:50:3d:63:f1:7b:03:dd:c6:
         48:b8:32:71:07:83:0b:ab:8b:0f:c7:9a:b0:f7:bb:ef:68:69:
         c2:65:39:02:12:d1:1c:19:a4:71:0f:99:d7:af:c8:9d:da:71:
         6b:53:99:ce:63:c4:42:81:fe:fe:13:87:a1:6b:af:3f:52:12:
         39:1c:7c:f4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHlPqPN5FgnxP5SYa/0WqaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MWFkZjU3YzhkY2I3YmZkMzRlOWFlY2Q4M2UzNjM0MmVj
M2EzYzkwHhcNMjQwMTAyMDAzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2ViOTA5NmM5YzlhYzcxODg1OGIwNGQzMjk4OGI1NjdlZGI5YjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSeC05ywwGehYT/7ueWTrIlsICE3
1OQ8/4K3y6My4WbCg5lOcNlmIK4MBR+8xs0HIc55BaEzkCjZCWUlJhRd29mfhKDi
AiM6lnASeP+JNBVnWDGC5QH9cySp1HjS3rY39hQeMNPnYOb98nikLi22eh42fETV
mbBBEgRxvW2swU6U+SbJHf5z3ibjlaVdJrTL95JGGBNnWPVdnVhD8lQbrWT6s+O9
IRPYN/2lvitvTA5+NC8WfMHaZRAfK0TH94cYyWvY3Cz2A563Y2btXmeDEkjST5ba
xqRHCgvj21xaKnY/XZzo+Egj/MYh1LZ+/GoTtVdkQLugJfmfh1RNTDUtmwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKPrkJbJyaxxiFiwTTKYi1Z+25ueMB8GA1UdIwQY
MBaAFDYa31fI3Le/006a7Ng+NjQuw6PJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmhyZlY4amN0N19UVHByczJENDJOQzdEbzhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9lMGY4YzYtYWFkYy00YzMxLWI5MmIt
MWExODczOGI0NzQxLzEvby11UWxzbkpySEdJV0xCTk1waUxWbjdibTU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9lMGY4YzYtYWFkYy00YzMxLWI5MmItMWExODczOGI0NzQx
LzEvTmhyZlY4amN0N19UVHByczJENDJOQzdEbzhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW++TMA8E
AgACMAkDBwAgAQZ8EkAwDQYJKoZIhvcNAQELBQADggEBAHVVy1lYkdsasd54w4iq
Q/dAwZgA+iTp+TCrbVkKFGrtpPOfE1hbOWuaApFUaAX2eYkOR4GK/9asPD53aJa3
cjLRXeJXCZjmoAnD57vS5Hp5dOLNigbKdej+pSL/eGZuLWEMEV8CS/uAHtqueKXM
4e9MA3r5jCt53DXiJ1bf2CzAC0fZZVS3XGKJqK0KWLfD3JhT7n4W6VlaLAluyF4m
blSYeWigV0b4dr9+HOFGCx/1YY/eBvxD5AvaHRbRlAZQPWPxewPdxki4MnEHgwur
iw/HmrD3u+9oacJlOQIS0RwZpHEPmdevyJ3acWtTmc5jxEKB/v4Th6Frrz9SEjkc
fPQ=
-----END CERTIFICATE-----