Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/a715ce-410d-4390-8e8c-8b2379eba13e/1/bfmSkSw1zJNkRa6RNroEKcoZI5A.roa
File:                     bfmSkSw1zJNkRa6RNroEKcoZI5A.roa (raw, json)
Hash identifier:          W8jno/lYdv1lS1IUaMsMzpzqZWvoWYmyN1U0+Wk4pe0=
Subject key identifier:   6D:F9:92:91:2C:35:CC:93:64:45:AE:91:36:BA:04:29:CA:19:23:90
Certificate issuer:       /CN=de3e0167bf582cece48d6c6d029a82cde272a9d5
Certificate serial:       018CC6B7E1B5269FABC65C177B0A94C53AD6
Authority key identifier: DE:3E:01:67:BF:58:2C:EC:E4:8D:6C:6D:02:9A:82:CD:E2:72:A9:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3j4BZ79YLOzkjWxtApqCzeJyqdU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/a715ce-410d-4390-8e8c-8b2379eba13e/1/bfmSkSw1zJNkRa6RNroEKcoZI5A.roa
Signing time:             Mon 01 Jan 2024 20:29:48 +0000
ROA not before:           Mon 01 Jan 2024 20:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15598
IP address blocks:        91.206.152.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/a715ce-410d-4390-8e8c-8b2379eba13e/1/3j4BZ79YLOzkjWxtApqCzeJyqdU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/a715ce-410d-4390-8e8c-8b2379eba13e/1/3j4BZ79YLOzkjWxtApqCzeJyqdU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3j4BZ79YLOzkjWxtApqCzeJyqdU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:e1:b5:26:9f:ab:c6:5c:17:7b:0a:94:c5:3a:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de3e0167bf582cece48d6c6d029a82cde272a9d5
        Validity
            Not Before: Jan  1 20:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6df992912c35cc936445ae9136ba0429ca192390
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:0a:94:d2:6a:b4:e9:68:ac:85:3d:4e:54:6d:
                    f7:17:6b:1d:59:ac:e5:b0:6e:b8:ef:bb:35:5a:e4:
                    bb:21:d3:1b:5e:39:7c:07:48:0e:c3:43:32:87:d7:
                    2a:8f:97:0a:10:91:bf:af:61:2a:44:42:da:4f:8c:
                    bb:42:02:ea:21:8c:b9:c3:97:23:c2:1d:ab:20:18:
                    07:cc:42:ec:8e:e8:38:f7:f0:fb:a0:57:1c:26:03:
                    7d:0b:73:9d:72:06:65:4c:38:91:9c:46:76:dc:9b:
                    0e:3d:21:16:53:72:3c:40:6c:51:20:b1:72:2d:58:
                    3a:24:c1:8c:f1:85:78:a0:d0:04:80:f4:88:6e:32:
                    84:cd:54:80:f3:8d:63:ba:cd:02:94:ce:dd:60:51:
                    72:86:f1:4c:f4:04:f6:44:b8:e4:02:d3:db:4b:5c:
                    9d:17:6e:61:57:c6:62:b3:5a:f8:8b:74:57:84:f8:
                    2c:92:2e:49:a5:2c:2b:0c:83:45:c7:62:ff:c6:43:
                    9a:fc:07:16:09:54:a8:b9:13:85:d0:78:14:de:be:
                    a1:8a:98:2d:68:72:d0:10:29:ef:c1:4a:6e:e5:b9:
                    47:c7:20:b8:d7:32:8a:28:7c:2f:02:6f:67:c8:67:
                    a2:60:da:a2:bd:27:a4:0c:5d:bc:df:ac:8c:9f:a7:
                    a0:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:F9:92:91:2C:35:CC:93:64:45:AE:91:36:BA:04:29:CA:19:23:90
            X509v3 Authority Key Identifier:
                keyid:DE:3E:01:67:BF:58:2C:EC:E4:8D:6C:6D:02:9A:82:CD:E2:72:A9:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3j4BZ79YLOzkjWxtApqCzeJyqdU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/a715ce-410d-4390-8e8c-8b2379eba13e/1/bfmSkSw1zJNkRa6RNroEKcoZI5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/a715ce-410d-4390-8e8c-8b2379eba13e/1/3j4BZ79YLOzkjWxtApqCzeJyqdU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         58:76:52:fd:ef:36:83:d8:26:6e:ce:d3:b3:e2:8f:f2:e6:c5:
         cb:26:25:ce:75:57:b6:93:fc:1c:f0:a5:a8:e3:7b:43:73:f8:
         05:13:4b:16:3b:fe:95:2d:5e:29:86:94:9e:a6:2c:b7:d8:2e:
         9d:7e:89:c5:09:fb:02:36:ee:60:af:a8:83:1c:50:00:1c:ab:
         52:29:4c:53:02:1d:ad:df:ed:62:91:ee:32:b1:27:8b:46:77:
         5d:65:8d:3b:c1:f2:a8:ac:8f:de:ca:9e:81:93:3e:1a:8a:59:
         e5:ca:42:c2:a9:42:00:db:36:c4:dd:5c:b7:4b:40:81:ce:d0:
         fa:57:de:ab:cf:a1:cb:a6:00:77:ea:ad:97:ea:d5:99:68:09:
         35:10:44:e0:8f:70:7b:f4:3f:20:73:5e:90:a0:ad:a5:c3:4a:
         70:a9:74:f5:9f:a2:e9:1f:24:26:c1:39:3e:ba:6a:23:83:e6:
         7b:1a:42:ff:62:61:e1:a6:53:43:55:0c:5c:c0:8f:0e:ca:58:
         ec:02:05:34:5f:52:02:a7:3a:87:f3:e2:62:02:39:66:38:d3:
         51:e4:20:fe:22:f4:49:a1:1e:f5:49:b7:52:6c:06:54:0e:71:
         a6:7c:af:4b:6b:6b:12:fa:ea:c6:5b:e8:c9:4c:78:68:c8:a9:
         f7:2a:05:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt+G1Jp+rxlwXewqUxTrWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlM2UwMTY3YmY1ODJjZWNlNDhkNmM2ZDAyOWE4MmNkZTI3
MmE5ZDUwHhcNMjQwMTAxMjAyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGY5OTI5MTJjMzVjYzkzNjQ0NWFlOTEzNmJhMDQyOWNhMTkyMzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwqU0mq06WishT1OVG33F2sdWazl
sG6477s1WuS7IdMbXjl8B0gOw0Myh9cqj5cKEJG/r2EqRELaT4y7QgLqIYy5w5cj
wh2rIBgHzELsjug49/D7oFccJgN9C3OdcgZlTDiRnEZ23JsOPSEWU3I8QGxRILFy
LVg6JMGM8YV4oNAEgPSIbjKEzVSA841jus0ClM7dYFFyhvFM9AT2RLjkAtPbS1yd
F25hV8Zis1r4i3RXhPgski5JpSwrDINFx2L/xkOa/AcWCVSouROF0HgU3r6hipgt
aHLQECnvwUpu5blHxyC41zKKKHwvAm9nyGeiYNqivSekDF2836yMn6egxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG35kpEsNcyTZEWukTa6BCnKGSOQMB8GA1UdIwQY
MBaAFN4+AWe/WCzs5I1sbQKags3icqnVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2o0Qlo3OVlMT3prald4dEFwcUN6ZUp5cWRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS9hNzE1Y2UtNDEwZC00MzkwLThlOGMt
OGIyMzc5ZWJhMTNlLzEvYmZtU2tTdzF6Sk5rUmE2Uk5yb0VLY29aSTVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS9hNzE1Y2UtNDEwZC00MzkwLThlOGMtOGIyMzc5ZWJhMTNl
LzEvM2o0Qlo3OVlMT3prald4dEFwcUN6ZUp5cWRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW86YMA0G
CSqGSIb3DQEBCwUAA4IBAQBYdlL97zaD2CZuztOz4o/y5sXLJiXOdVe2k/wc8KWo
43tDc/gFE0sWO/6VLV4phpSepiy32C6dfonFCfsCNu5gr6iDHFAAHKtSKUxTAh2t
3+1ike4ysSeLRnddZY07wfKorI/eyp6Bkz4ailnlykLCqUIA2zbE3Vy3S0CBztD6
V96rz6HLpgB36q2X6tWZaAk1EETgj3B79D8gc16QoK2lw0pwqXT1n6LpHyQmwTk+
umojg+Z7GkL/YmHhplNDVQxcwI8OyljsAgU0X1ICpzqH8+JiAjlmONNR5CD+IvRJ
oR71SbdSbAZUDnGmfK9La2sS+urGW+jJTHhoyKn3KgVd
-----END CERTIFICATE-----