Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/c98b87-1857-44bd-8b0c-78d833e4146a/1/RnvGmnup0S1s46jnEYfY4VK86Mw.roa
File:                     RnvGmnup0S1s46jnEYfY4VK86Mw.roa (raw, json)
Hash identifier:          tQ+t9CUXc9PzCfIy1qg5r7bsWYPHHCH56G3kORtV4zQ=
Subject key identifier:   46:7B:C6:9A:7B:A9:D1:2D:6C:E3:A8:E7:11:87:D8:E1:52:BC:E8:CC
Certificate issuer:       /CN=a1411f56875b4cb7a58cee6cb607ee251cbdf980
Certificate serial:       018CC3B71B298A7D35A95325BAA390132AA5
Authority key identifier: A1:41:1F:56:87:5B:4C:B7:A5:8C:EE:6C:B6:07:EE:25:1C:BD:F9:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oUEfVodbTLeljO5stgfuJRy9-YA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/c98b87-1857-44bd-8b0c-78d833e4146a/1/RnvGmnup0S1s46jnEYfY4VK86Mw.roa
Signing time:             Mon 01 Jan 2024 06:30:06 +0000
ROA not before:           Mon 01 Jan 2024 06:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21430
IP address blocks:        91.234.162.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/c98b87-1857-44bd-8b0c-78d833e4146a/1/oUEfVodbTLeljO5stgfuJRy9-YA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/c98b87-1857-44bd-8b0c-78d833e4146a/1/oUEfVodbTLeljO5stgfuJRy9-YA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oUEfVodbTLeljO5stgfuJRy9-YA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1b:29:8a:7d:35:a9:53:25:ba:a3:90:13:2a:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1411f56875b4cb7a58cee6cb607ee251cbdf980
        Validity
            Not Before: Jan  1 06:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=467bc69a7ba9d12d6ce3a8e71187d8e152bce8cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:92:67:fa:9b:ab:a7:1e:1b:14:43:09:c0:37:
                    97:45:bd:c5:fc:01:54:89:94:10:80:dc:15:0c:eb:
                    c4:bd:18:c0:92:b4:71:b8:e6:5b:af:04:34:66:57:
                    aa:0e:4a:d9:1f:4e:4a:93:80:d1:99:86:7f:7a:f5:
                    3a:57:47:56:c4:43:ed:0c:3d:0f:af:7f:59:c5:d2:
                    70:50:59:c3:48:44:29:2b:04:d1:d2:71:c3:03:3f:
                    18:3b:e8:87:d7:63:8f:fa:30:73:70:12:bb:24:1f:
                    3f:72:5f:d5:bb:a0:17:8b:f9:64:c0:c7:78:fc:12:
                    f0:9b:3a:b2:a1:94:68:ef:f2:f8:9d:86:ee:b6:02:
                    35:9a:ce:e5:f8:a5:49:a2:d4:d4:a2:13:23:aa:f4:
                    3a:e9:90:7a:fa:6a:bd:29:96:56:d2:43:44:f6:96:
                    74:22:04:6c:9a:8b:82:73:11:8a:20:a7:65:24:a0:
                    e1:64:61:22:d6:8e:d6:f2:aa:d8:72:53:ef:90:3b:
                    1d:9a:45:06:02:7a:5d:7a:19:03:3e:64:95:34:11:
                    fd:67:f1:f0:19:d8:fc:94:1f:d3:40:64:df:d6:85:
                    0d:dc:e6:78:66:bb:e4:70:84:44:60:b9:27:04:69:
                    85:94:68:15:55:61:8a:cb:e3:a6:df:83:9d:53:5e:
                    1f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:7B:C6:9A:7B:A9:D1:2D:6C:E3:A8:E7:11:87:D8:E1:52:BC:E8:CC
            X509v3 Authority Key Identifier:
                keyid:A1:41:1F:56:87:5B:4C:B7:A5:8C:EE:6C:B6:07:EE:25:1C:BD:F9:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oUEfVodbTLeljO5stgfuJRy9-YA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/c98b87-1857-44bd-8b0c-78d833e4146a/1/RnvGmnup0S1s46jnEYfY4VK86Mw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/c98b87-1857-44bd-8b0c-78d833e4146a/1/oUEfVodbTLeljO5stgfuJRy9-YA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2f:76:c5:49:6b:4c:1a:af:49:da:b0:20:dd:df:85:d5:0d:12:
         47:89:8d:cd:17:71:79:2f:9c:9a:5a:c7:0b:83:8b:d1:7f:a7:
         f2:47:71:58:f5:4f:c1:81:ba:0e:3f:4b:ed:e7:94:f3:6a:8f:
         cc:b7:5b:db:d7:67:ac:90:46:da:40:ad:c9:cf:ec:36:71:69:
         e5:b2:52:b5:c1:f7:f9:6f:58:ef:ee:1b:52:d2:53:3c:fb:64:
         c3:0c:38:69:66:98:53:6e:1a:b1:fd:43:61:ac:9c:87:42:f8:
         9b:d8:c3:2f:25:b1:32:6f:fd:8c:c3:b4:27:9a:e3:a6:af:13:
         77:ce:08:30:e4:81:91:e4:55:da:f3:5d:b9:e9:04:20:a7:18:
         fc:69:55:4e:a1:4e:b5:f8:f4:ba:b6:4f:20:1e:d0:ca:ba:a5:
         88:e7:86:87:47:e8:90:63:78:7a:76:cd:48:85:12:a0:6e:af:
         79:f5:84:c7:d0:6e:0b:32:c0:8a:dd:25:6d:31:ea:70:61:3b:
         6e:fc:26:ee:fa:5a:76:29:06:d2:5d:3e:a9:d5:82:86:58:08:
         fb:80:d2:4d:7a:ef:35:8a:f4:d6:8f:7b:a3:42:2c:4a:d5:81:
         17:eb:ea:ca:41:94:42:d7:ad:8f:ff:fe:9e:b0:09:59:cf:62:
         3b:e9:1a:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtxspin01qVMluqOQEyqlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNDExZjU2ODc1YjRjYjdhNThjZWU2Y2I2MDdlZTI1MWNi
ZGY5ODAwHhcNMjQwMTAxMDYzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjdiYzY5YTdiYTlkMTJkNmNlM2E4ZTcxMTg3ZDhlMTUyYmNlOGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJJn+purpx4bFEMJwDeXRb3F/AFU
iZQQgNwVDOvEvRjAkrRxuOZbrwQ0ZleqDkrZH05Kk4DRmYZ/evU6V0dWxEPtDD0P
r39ZxdJwUFnDSEQpKwTR0nHDAz8YO+iH12OP+jBzcBK7JB8/cl/Vu6AXi/lkwMd4
/BLwmzqyoZRo7/L4nYbutgI1ms7l+KVJotTUohMjqvQ66ZB6+mq9KZZW0kNE9pZ0
IgRsmouCcxGKIKdlJKDhZGEi1o7W8qrYclPvkDsdmkUGAnpdehkDPmSVNBH9Z/Hw
Gdj8lB/TQGTf1oUN3OZ4ZrvkcIREYLknBGmFlGgVVWGKy+Om34OdU14fIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEZ7xpp7qdEtbOOo5xGH2OFSvOjMMB8GA1UdIwQY
MBaAFKFBH1aHW0y3pYzubLYH7iUcvfmAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1VFZlZvZGJUTGVsak81c3RnZnVKUnk5LVlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9jOThiODctMTg1Ny00NGJkLThiMGMt
NzhkODMzZTQxNDZhLzEvUm52R21udXAwUzFzNDZqbkVZZlk0Vks4Nk13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9jOThiODctMTg1Ny00NGJkLThiMGMtNzhkODMzZTQxNDZh
LzEvb1VFZlZvZGJUTGVsak81c3RnZnVKUnk5LVlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+qiMA0G
CSqGSIb3DQEBCwUAA4IBAQAvdsVJa0war0nasCDd34XVDRJHiY3NF3F5L5yaWscL
g4vRf6fyR3FY9U/BgboOP0vt55Tzao/Mt1vb12eskEbaQK3Jz+w2cWnlslK1wff5
b1jv7htS0lM8+2TDDDhpZphTbhqx/UNhrJyHQvib2MMvJbEyb/2Mw7QnmuOmrxN3
zggw5IGR5FXa81256QQgpxj8aVVOoU61+PS6tk8gHtDKuqWI54aHR+iQY3h6ds1I
hRKgbq959YTH0G4LMsCK3SVtMepwYTtu/Cbu+lp2KQbSXT6p1YKGWAj7gNJNeu81
ivTWj3ujQixK1YEX6+rKQZRC162P//6esAlZz2I76RqO
-----END CERTIFICATE-----