Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/311508-d5a2-4dc5-bc93-50e746424630/1/AC2HT1R7kNEsf_BtqA7RfGKurZg.roa
File:                     AC2HT1R7kNEsf_BtqA7RfGKurZg.roa (raw, json)
Hash identifier:          qAd/J0LpMFbj1VqjnOwQRHFK6vG0TKQ2ShgxDLdz8+A=
Subject key identifier:   00:2D:87:4F:54:7B:90:D1:2C:7F:F0:6D:A8:0E:D1:7C:62:AE:AD:98
Certificate issuer:       /CN=6ef4874994de7a14e4b584f6d2b96b2d991b1e91
Certificate serial:       018CC2DAFAB4664B4988E418C7964D073D51
Authority key identifier: 6E:F4:87:49:94:DE:7A:14:E4:B5:84:F6:D2:B9:6B:2D:99:1B:1E:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bvSHSZTeehTktYT20rlrLZkbHpE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/311508-d5a2-4dc5-bc93-50e746424630/1/AC2HT1R7kNEsf_BtqA7RfGKurZg.roa
Signing time:             Mon 01 Jan 2024 02:29:40 +0000
ROA not before:           Mon 01 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210165
IP address blocks:        91.225.1.0/24 maxlen: 24
                          2a12:3440::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/311508-d5a2-4dc5-bc93-50e746424630/1/bvSHSZTeehTktYT20rlrLZkbHpE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/311508-d5a2-4dc5-bc93-50e746424630/1/bvSHSZTeehTktYT20rlrLZkbHpE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bvSHSZTeehTktYT20rlrLZkbHpE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:fa:b4:66:4b:49:88:e4:18:c7:96:4d:07:3d:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ef4874994de7a14e4b584f6d2b96b2d991b1e91
        Validity
            Not Before: Jan  1 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=002d874f547b90d12c7ff06da80ed17c62aead98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:6b:05:2f:88:9b:5f:96:87:33:26:6a:01:ba:
                    a1:ec:2d:03:bf:76:c6:25:ba:28:73:2b:39:fb:07:
                    e0:d5:3b:b7:db:4f:17:31:f1:0c:b1:da:82:ae:af:
                    40:9d:db:ed:2c:94:2b:91:1d:99:23:8d:a1:da:2c:
                    b5:2d:fb:f5:60:2c:dd:9c:2b:7b:fd:98:ee:43:3e:
                    b3:86:aa:1c:3f:43:61:b9:0d:f0:21:e6:86:96:d4:
                    d6:a1:d7:56:18:74:2c:21:a7:6b:4b:25:c4:e0:58:
                    dc:f6:a5:ed:21:df:fe:97:9f:94:59:85:13:86:79:
                    cd:67:7f:72:2e:06:40:35:ea:55:36:c4:ae:41:c3:
                    ad:68:72:65:13:c6:4e:d1:c6:95:a7:a9:ec:0a:82:
                    1c:98:bb:3b:c3:d0:e2:f5:5b:8d:79:c0:58:af:0c:
                    13:f9:66:01:df:cf:3d:bc:93:53:0a:a4:e0:d5:1b:
                    42:c2:31:84:ea:fd:d8:d3:c8:b7:1d:7f:f7:fc:3e:
                    be:d0:b9:e7:90:3b:66:f0:2f:32:73:a4:dc:da:1f:
                    a9:de:95:eb:3b:03:6f:36:76:3b:ac:b2:59:e9:af:
                    e1:71:b1:81:78:26:12:0a:c7:26:6d:14:5f:4a:5d:
                    dc:b8:13:23:96:ee:60:85:15:80:89:32:f4:8e:83:
                    31:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:2D:87:4F:54:7B:90:D1:2C:7F:F0:6D:A8:0E:D1:7C:62:AE:AD:98
            X509v3 Authority Key Identifier:
                keyid:6E:F4:87:49:94:DE:7A:14:E4:B5:84:F6:D2:B9:6B:2D:99:1B:1E:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bvSHSZTeehTktYT20rlrLZkbHpE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/311508-d5a2-4dc5-bc93-50e746424630/1/AC2HT1R7kNEsf_BtqA7RfGKurZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/311508-d5a2-4dc5-bc93-50e746424630/1/bvSHSZTeehTktYT20rlrLZkbHpE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.225.1.0/24
                IPv6:
                  2a12:3440::/29

    Signature Algorithm: sha256WithRSAEncryption
         9a:6d:b5:b3:b9:82:3a:8f:0d:4c:05:d6:1c:ab:3d:0a:ec:1e:
         5f:01:fb:ce:a1:e3:f0:70:ad:91:99:72:bc:e8:08:c9:40:fb:
         e4:ad:c2:a5:ca:cd:d9:e1:a9:8d:e6:92:c3:73:ce:56:93:4f:
         d4:0c:66:bd:10:21:01:3e:18:8d:f6:1e:be:66:ea:92:00:79:
         17:d4:7a:5e:23:9c:4d:b5:1d:db:90:d0:be:b4:dd:4e:f4:a8:
         6a:82:7b:60:42:d2:f4:e4:aa:e3:ae:ae:55:9c:ae:c1:ec:56:
         93:09:b0:ec:3b:19:6c:ad:39:4f:3c:a7:6b:d6:a3:d0:a8:3f:
         c5:76:5e:c5:45:11:58:d7:87:2c:fd:6d:95:df:2a:d7:66:1d:
         d6:2d:4f:83:9b:14:5f:bf:1c:dc:ba:4d:69:e3:7b:13:4c:86:
         df:64:c1:a7:12:4c:cd:0f:48:20:3e:a4:10:60:d9:f5:00:35:
         c9:49:f9:ab:10:8d:4e:c1:6c:77:41:90:51:3d:a2:cc:3b:59:
         8a:13:c2:71:0c:3d:07:f9:48:c1:e6:6d:0b:cd:ab:51:c0:64:
         0d:2b:74:18:41:e3:36:a4:c0:ce:aa:e7:6b:07:ff:c8:b0:c2:
         b3:e6:80:c3:19:cb:69:a0:bc:ed:52:b2:6b:71:d5:2a:1a:08:
         a2:50:74:3c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2vq0ZktJiOQYx5ZNBz1RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlZjQ4NzQ5OTRkZTdhMTRlNGI1ODRmNmQyYjk2YjJkOTkx
YjFlOTEwHhcNMjQwMTAxMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDJkODc0ZjU0N2I5MGQxMmM3ZmYwNmRhODBlZDE3YzYyYWVhZDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGsFL4ibX5aHMyZqAbqh7C0Dv3bG
Jboocys5+wfg1Tu3208XMfEMsdqCrq9AndvtLJQrkR2ZI42h2iy1Lfv1YCzdnCt7
/ZjuQz6zhqocP0NhuQ3wIeaGltTWoddWGHQsIadrSyXE4Fjc9qXtId/+l5+UWYUT
hnnNZ39yLgZANepVNsSuQcOtaHJlE8ZO0caVp6nsCoIcmLs7w9Di9VuNecBYrwwT
+WYB3889vJNTCqTg1RtCwjGE6v3Y08i3HX/3/D6+0LnnkDtm8C8yc6Tc2h+p3pXr
OwNvNnY7rLJZ6a/hcbGBeCYSCscmbRRfSl3cuBMjlu5ghRWAiTL0joMxtQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAAth09Ue5DRLH/wbagO0Xxirq2YMB8GA1UdIwQY
MBaAFG70h0mU3noU5LWE9tK5ay2ZGx6RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnZTSFNaVGVlaFRrdFlUMjBybHJMWmtiSHBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8zMTE1MDgtZDVhMi00ZGM1LWJjOTMt
NTBlNzQ2NDI0NjMwLzEvQUMySFQxUjdrTkVzZl9CdHFBN1JmR0t1clpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8zMTE1MDgtZDVhMi00ZGM1LWJjOTMtNTBlNzQ2NDI0NjMw
LzEvYnZTSFNaVGVlaFRrdFlUMjBybHJMWmtiSHBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW+EBMA0E
AgACMAcDBQMqEjRAMA0GCSqGSIb3DQEBCwUAA4IBAQCabbWzuYI6jw1MBdYcqz0K
7B5fAfvOoePwcK2RmXK86AjJQPvkrcKlys3Z4amN5pLDc85Wk0/UDGa9ECEBPhiN
9h6+ZuqSAHkX1HpeI5xNtR3bkNC+tN1O9KhqgntgQtL05Krjrq5VnK7B7FaTCbDs
OxlsrTlPPKdr1qPQqD/Fdl7FRRFY14cs/W2V3yrXZh3WLU+DmxRfvxzcuk1p43sT
TIbfZMGnEkzND0ggPqQQYNn1ADXJSfmrEI1OwWx3QZBRPaLMO1mKE8JxDD0H+UjB
5m0LzatRwGQNK3QYQeM2pMDOqudrB//IsMKz5oDDGctpoLztUrJrcdUqGgiiUHQ8
-----END CERTIFICATE-----