Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/c23b96-aeb4-4934-a550-4db984e1c831/1/359pMWmpbijOHiRBISAV74r-lhM.roa
File:                     359pMWmpbijOHiRBISAV74r-lhM.roa (raw, json)
Hash identifier:          UpgWcfYxvy2uR0VWiIlnjUMZpUNBGuUvKhsb1pqww9g=
Subject key identifier:   DF:9F:69:31:69:A9:6E:28:CE:1E:24:41:21:20:15:EF:8A:FE:96:13
Certificate issuer:       /CN=02324e6aa588329eac7a938fb9878d132f2a85af
Certificate serial:       018CC3493F5D3B5319A578B5BF888644CB01
Authority key identifier: 02:32:4E:6A:A5:88:32:9E:AC:7A:93:8F:B9:87:8D:13:2F:2A:85:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AjJOaqWIMp6sepOPuYeNEy8qha8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/c23b96-aeb4-4934-a550-4db984e1c831/1/359pMWmpbijOHiRBISAV74r-lhM.roa
Signing time:             Mon 01 Jan 2024 04:30:06 +0000
ROA not before:           Mon 01 Jan 2024 04:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41249
IP address blocks:        91.227.128.0/24 maxlen: 24
                          91.227.129.0/24 maxlen: 24
                          2001:67c:2260::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/c23b96-aeb4-4934-a550-4db984e1c831/1/AjJOaqWIMp6sepOPuYeNEy8qha8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/c23b96-aeb4-4934-a550-4db984e1c831/1/AjJOaqWIMp6sepOPuYeNEy8qha8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AjJOaqWIMp6sepOPuYeNEy8qha8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:3f:5d:3b:53:19:a5:78:b5:bf:88:86:44:cb:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02324e6aa588329eac7a938fb9878d132f2a85af
        Validity
            Not Before: Jan  1 04:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df9f693169a96e28ce1e2441212015ef8afe9613
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:e1:4f:5c:01:32:6f:af:d0:14:02:84:b0:75:
                    d2:65:81:ba:a2:91:00:44:e4:95:b7:b1:d8:29:49:
                    7d:43:14:15:39:ba:c2:c3:f9:aa:46:5a:01:f0:ee:
                    dd:87:73:db:d9:c0:23:46:8a:2f:49:2e:ca:40:fd:
                    48:38:0b:3f:09:78:eb:df:b2:ab:5c:bf:fc:e8:38:
                    c3:f9:4d:17:ef:7e:a7:58:13:36:d7:52:09:34:67:
                    69:40:c4:6a:fa:f9:48:e9:6d:54:f4:f5:dd:28:26:
                    c1:8f:18:82:45:77:bf:bb:ea:61:94:1c:0f:d6:c4:
                    5e:56:5e:c0:c8:4e:0e:d0:72:1d:42:cf:b5:02:1a:
                    d2:15:7d:42:e1:60:2f:e3:c2:65:8b:fa:ab:4b:3f:
                    87:ce:54:6e:f2:8e:77:77:dd:13:9b:08:9b:7a:a5:
                    9c:1b:02:13:dd:42:ec:4e:6c:60:0c:2d:40:33:c1:
                    ff:00:ae:e3:14:46:4c:e3:75:54:60:e4:60:cb:c1:
                    cc:7b:60:58:8c:6b:61:a7:52:e0:2e:8a:bb:b0:e1:
                    d9:ed:28:88:dc:78:f7:96:04:40:30:e1:cf:75:df:
                    27:20:8e:69:ef:a7:d9:ca:92:1e:30:40:ab:35:38:
                    95:21:8f:67:62:60:5e:66:c9:97:07:13:af:cb:30:
                    12:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:9F:69:31:69:A9:6E:28:CE:1E:24:41:21:20:15:EF:8A:FE:96:13
            X509v3 Authority Key Identifier:
                keyid:02:32:4E:6A:A5:88:32:9E:AC:7A:93:8F:B9:87:8D:13:2F:2A:85:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AjJOaqWIMp6sepOPuYeNEy8qha8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/c23b96-aeb4-4934-a550-4db984e1c831/1/359pMWmpbijOHiRBISAV74r-lhM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/c23b96-aeb4-4934-a550-4db984e1c831/1/AjJOaqWIMp6sepOPuYeNEy8qha8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.128.0/23
                IPv6:
                  2001:67c:2260::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:21:73:c8:30:03:6a:59:8d:fe:11:e2:54:e7:9a:6e:85:64:
         38:49:52:70:b6:d1:24:6c:8c:99:6c:73:58:fb:c3:c5:40:9a:
         d9:9a:d9:5f:8f:27:99:54:ef:74:dc:c2:3b:9b:43:ab:3c:f2:
         16:77:9f:6a:a1:b7:5d:62:1b:99:e0:c5:0b:b2:e1:f4:ad:18:
         5e:69:a7:26:b4:f2:a9:fb:5f:0c:40:d5:3d:e6:b2:27:5c:6d:
         65:d5:97:82:6e:1b:25:38:62:1f:65:f5:6f:70:1b:2e:d6:f3:
         ce:cb:93:74:29:d8:c3:d0:b4:9a:e4:e9:04:d5:b2:fc:d2:f8:
         32:b3:b8:41:62:cc:7a:b1:df:ff:63:7a:fd:53:19:e4:fe:a3:
         e4:82:b9:56:38:45:76:14:4d:95:d5:46:de:3f:d6:73:f9:ab:
         5d:b2:38:7a:cd:4d:c2:9d:99:ab:b5:1f:6a:e0:7c:c3:ca:00:
         20:7a:b1:b6:0f:6a:f6:a2:85:46:2f:36:98:7c:5a:91:3e:ba:
         c9:ad:c7:2d:35:95:82:e8:01:ef:53:d0:b9:8f:f8:b1:cf:d1:
         51:38:10:61:8a:07:74:18:f0:7d:4c:ff:7f:cc:a1:0f:24:f0:
         14:ac:ea:9d:28:44:34:49:12:02:06:69:98:bc:46:7a:db:4a:
         7a:36:d7:f0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDST9dO1MZpXi1v4iGRMsBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyMzI0ZTZhYTU4ODMyOWVhYzdhOTM4ZmI5ODc4ZDEzMmYy
YTg1YWYwHhcNMjQwMTAxMDQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjlmNjkzMTY5YTk2ZTI4Y2UxZTI0NDEyMTIwMTVlZjhhZmU5NjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4+FPXAEyb6/QFAKEsHXSZYG6opEA
ROSVt7HYKUl9QxQVObrCw/mqRloB8O7dh3Pb2cAjRoovSS7KQP1IOAs/CXjr37Kr
XL/86DjD+U0X736nWBM211IJNGdpQMRq+vlI6W1U9PXdKCbBjxiCRXe/u+phlBwP
1sReVl7AyE4O0HIdQs+1AhrSFX1C4WAv48Jli/qrSz+HzlRu8o53d90TmwibeqWc
GwIT3ULsTmxgDC1AM8H/AK7jFEZM43VUYORgy8HMe2BYjGthp1LgLoq7sOHZ7SiI
3Hj3lgRAMOHPdd8nII5p76fZypIeMECrNTiVIY9nYmBeZsmXBxOvyzASHQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN+faTFpqW4ozh4kQSEgFe+K/pYTMB8GA1UdIwQY
MBaAFAIyTmqliDKerHqTj7mHjRMvKoWvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWpKT2FxV0lNcDZzZXBPUHVZZU5FeThxaGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9jMjNiOTYtYWViNC00OTM0LWE1NTAt
NGRiOTg0ZTFjODMxLzEvMzU5cE1XbXBiaWpPSGlSQklTQVY3NHItbGhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi9jMjNiOTYtYWViNC00OTM0LWE1NTAtNGRiOTg0ZTFjODMx
LzEvQWpKT2FxV0lNcDZzZXBPUHVZZU5FeThxaGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBW+OAMA8E
AgACMAkDBwAgAQZ8ImAwDQYJKoZIhvcNAQELBQADggEBAG0hc8gwA2pZjf4R4lTn
mm6FZDhJUnC20SRsjJlsc1j7w8VAmtma2V+PJ5lU73TcwjubQ6s88hZ3n2qht11i
G5ngxQuy4fStGF5ppya08qn7XwxA1T3msidcbWXVl4JuGyU4Yh9l9W9wGy7W887L
k3Qp2MPQtJrk6QTVsvzS+DKzuEFizHqx3/9jev1TGeT+o+SCuVY4RXYUTZXVRt4/
1nP5q12yOHrNTcKdmau1H2rgfMPKACB6sbYPavaihUYvNph8WpE+usmtxy01lYLo
Ae9T0LmP+LHP0VE4EGGKB3QY8H1M/3/MoQ8k8BSs6p0oRDRJEgIGaZi8RnrbSno2
1/A=
-----END CERTIFICATE-----