Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/98dffa-810b-49b5-addd-061fc1aeb158/1/Brdv9X-XpO5jb3M-7rpbOcvnsEw.roa
File:                     Brdv9X-XpO5jb3M-7rpbOcvnsEw.roa (raw, json)
Hash identifier:          ju7s39zJx7ZbO6U20Gjd/sz8Wfwb+8uH1XuzxS/vsKE=
Subject key identifier:   06:B7:6F:F5:7F:97:A4:EE:63:6F:73:3E:EE:BA:5B:39:CB:E7:B0:4C
Certificate issuer:       /CN=6f85a4d564283a7fddf6345697d6bc3373a32246
Certificate serial:       018CC3489CACD675E84AD44F5388AECF4149
Authority key identifier: 6F:85:A4:D5:64:28:3A:7F:DD:F6:34:56:97:D6:BC:33:73:A3:22:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Wk1WQoOn_d9jRWl9a8M3OjIkY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/98dffa-810b-49b5-addd-061fc1aeb158/1/Brdv9X-XpO5jb3M-7rpbOcvnsEw.roa
Signing time:             Mon 01 Jan 2024 04:29:24 +0000
ROA not before:           Mon 01 Jan 2024 04:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8315
IP address blocks:        91.223.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/98dffa-810b-49b5-addd-061fc1aeb158/1/b4Wk1WQoOn_d9jRWl9a8M3OjIkY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/98dffa-810b-49b5-addd-061fc1aeb158/1/b4Wk1WQoOn_d9jRWl9a8M3OjIkY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Wk1WQoOn_d9jRWl9a8M3OjIkY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:9c:ac:d6:75:e8:4a:d4:4f:53:88:ae:cf:41:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f85a4d564283a7fddf6345697d6bc3373a32246
        Validity
            Not Before: Jan  1 04:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06b76ff57f97a4ee636f733eeeba5b39cbe7b04c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:22:55:30:68:7c:77:87:9d:7a:3e:dd:41:97:
                    87:65:ae:19:f9:b0:83:99:1d:1d:89:07:a0:f9:bd:
                    30:75:39:40:28:1b:25:46:08:e1:5b:55:97:3b:2e:
                    58:a1:8a:1f:94:80:bd:04:74:a8:17:17:a8:fc:72:
                    11:83:66:62:b7:85:28:bc:c1:f1:ee:23:57:f3:6f:
                    40:81:07:f5:9b:f6:d5:d2:d5:11:fe:9a:d0:53:9f:
                    9a:90:d4:da:03:1f:ad:19:2a:52:cd:54:c1:22:63:
                    3c:ab:18:6b:23:8d:6b:cf:e2:f2:a5:5f:9e:40:56:
                    4c:c9:46:8c:49:cf:67:52:10:d8:8f:87:ed:df:b2:
                    8f:71:5c:ce:ba:8c:c5:2f:48:d3:f6:ae:91:23:70:
                    e2:fb:34:ba:49:18:bf:1d:c9:19:0c:37:cc:06:dd:
                    e2:e8:30:7f:37:6c:b7:2b:9f:5e:83:51:2f:d0:cb:
                    a6:b2:95:b5:da:de:a0:b6:a4:ba:a4:9b:ad:20:d2:
                    78:c9:57:a3:ba:af:46:e9:18:b8:38:96:a1:4a:d1:
                    80:09:27:e7:79:d7:f5:15:03:d5:d6:b3:87:48:c5:
                    e6:83:c7:86:e4:ac:7e:9c:8e:16:6a:f2:93:3e:18:
                    85:cc:68:9a:19:73:90:2c:96:9c:ba:fa:c2:8f:0d:
                    cc:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:B7:6F:F5:7F:97:A4:EE:63:6F:73:3E:EE:BA:5B:39:CB:E7:B0:4C
            X509v3 Authority Key Identifier:
                keyid:6F:85:A4:D5:64:28:3A:7F:DD:F6:34:56:97:D6:BC:33:73:A3:22:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Wk1WQoOn_d9jRWl9a8M3OjIkY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/98dffa-810b-49b5-addd-061fc1aeb158/1/Brdv9X-XpO5jb3M-7rpbOcvnsEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/98dffa-810b-49b5-addd-061fc1aeb158/1/b4Wk1WQoOn_d9jRWl9a8M3OjIkY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:2f:a5:40:d2:02:9b:aa:05:c4:18:c7:2e:61:7f:bb:55:47:
         4b:21:d4:7d:9b:3d:b6:5e:fd:c4:6f:ed:0d:cc:f2:ec:c4:71:
         c5:34:8c:de:7f:53:d5:b8:d0:e8:db:04:67:97:b7:b4:3e:fb:
         8e:a5:2b:9c:f4:17:96:67:14:b2:cc:d0:97:44:9a:b4:7a:fa:
         99:ca:f0:0d:ab:ef:46:c7:2b:ee:34:be:e9:40:d8:d8:9d:b6:
         68:68:a5:25:04:56:6f:3f:84:1b:cc:ec:ee:ac:68:18:69:58:
         72:44:ab:77:38:15:ca:8e:d7:ab:6e:35:a6:5c:cb:f8:68:ba:
         75:f4:35:71:12:e5:61:d0:a9:52:94:19:d5:87:9f:f0:7e:59:
         e8:c9:b4:dd:d2:cb:46:13:9f:bd:9a:ad:95:5d:ec:70:b9:4a:
         64:ae:01:0c:08:01:d1:b6:50:b5:27:f7:5f:51:5d:ac:cf:76:
         4d:56:2c:1d:2a:99:08:92:78:d7:4b:11:4b:a2:a3:5b:20:67:
         7b:3c:c3:13:1c:cd:98:79:57:0c:bb:d0:08:a3:52:4a:85:e7:
         a4:7d:2b:54:94:b5:ab:58:23:44:ee:8c:80:05:76:09:e9:fa:
         d5:ad:51:87:19:5f:a8:e0:87:c5:61:ae:7a:6a:f2:68:1a:8d:
         77:25:63:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSJys1nXoStRPU4iuz0FJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODVhNGQ1NjQyODNhN2ZkZGY2MzQ1Njk3ZDZiYzMzNzNh
MzIyNDYwHhcNMjQwMTAxMDQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmI3NmZmNTdmOTdhNGVlNjM2ZjczM2VlZWJhNWIzOWNiZTdiMDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCJVMGh8d4edej7dQZeHZa4Z+bCD
mR0diQeg+b0wdTlAKBslRgjhW1WXOy5YoYoflIC9BHSoFxeo/HIRg2Zit4UovMHx
7iNX829AgQf1m/bV0tUR/prQU5+akNTaAx+tGSpSzVTBImM8qxhrI41rz+LypV+e
QFZMyUaMSc9nUhDYj4ft37KPcVzOuozFL0jT9q6RI3Di+zS6SRi/HckZDDfMBt3i
6DB/N2y3K59eg1Ev0MumspW12t6gtqS6pJutINJ4yVejuq9G6Ri4OJahStGACSfn
edf1FQPV1rOHSMXmg8eG5Kx+nI4WavKTPhiFzGiaGXOQLJacuvrCjw3MwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAa3b/V/l6TuY29zPu66WznL57BMMB8GA1UdIwQY
MBaAFG+FpNVkKDp/3fY0VpfWvDNzoyJGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRXazFXUW9Pbl9kOWpSV2w5YThNM09qSWtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC85OGRmZmEtODEwYi00OWI1LWFkZGQt
MDYxZmMxYWViMTU4LzEvQnJkdjlYLVhwTzVqYjNNLTdycGJPY3Zuc0V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC85OGRmZmEtODEwYi00OWI1LWFkZGQtMDYxZmMxYWViMTU4
LzEvYjRXazFXUW9Pbl9kOWpSV2w5YThNM09qSWtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW998MA0G
CSqGSIb3DQEBCwUAA4IBAQCjL6VA0gKbqgXEGMcuYX+7VUdLIdR9mz22Xv3Eb+0N
zPLsxHHFNIzef1PVuNDo2wRnl7e0PvuOpSuc9BeWZxSyzNCXRJq0evqZyvANq+9G
xyvuNL7pQNjYnbZoaKUlBFZvP4QbzOzurGgYaVhyRKt3OBXKjterbjWmXMv4aLp1
9DVxEuVh0KlSlBnVh5/wflnoybTd0stGE5+9mq2VXexwuUpkrgEMCAHRtlC1J/df
UV2sz3ZNViwdKpkIknjXSxFLoqNbIGd7PMMTHM2YeVcMu9AIo1JKheekfStUlLWr
WCNE7oyABXYJ6frVrVGHGV+o4IfFYa56avJoGo13JWNF
-----END CERTIFICATE-----