Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/02ce6f-1429-40ad-b753-0db88ec7342c/1/bPqXkCRYDIABElBKbRKTMiLCx88.roa
File:                     bPqXkCRYDIABElBKbRKTMiLCx88.roa (raw, json)
Hash identifier:          8BYfb3zhUDJBU1bys/5ttCgt1LCRtw4QVrsBnK7430Q=
Subject key identifier:   6C:FA:97:90:24:58:0C:80:01:12:50:4A:6D:12:93:32:22:C2:C7:CF
Certificate issuer:       /CN=e0012bcb9e6e747237724781a4c919fc5c941965
Certificate serial:       018CC5000EF479ACC3CCE487FCC4030477BB
Authority key identifier: E0:01:2B:CB:9E:6E:74:72:37:72:47:81:A4:C9:19:FC:5C:94:19:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4AEry55udHI3ckeBpMkZ_FyUGWU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/02ce6f-1429-40ad-b753-0db88ec7342c/1/bPqXkCRYDIABElBKbRKTMiLCx88.roa
Signing time:             Mon 01 Jan 2024 12:29:24 +0000
ROA not before:           Mon 01 Jan 2024 12:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57645
IP address blocks:        91.234.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/02ce6f-1429-40ad-b753-0db88ec7342c/1/4AEry55udHI3ckeBpMkZ_FyUGWU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/02ce6f-1429-40ad-b753-0db88ec7342c/1/4AEry55udHI3ckeBpMkZ_FyUGWU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4AEry55udHI3ckeBpMkZ_FyUGWU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:0e:f4:79:ac:c3:cc:e4:87:fc:c4:03:04:77:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0012bcb9e6e747237724781a4c919fc5c941965
        Validity
            Not Before: Jan  1 12:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6cfa979024580c800112504a6d12933222c2c7cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:7b:7c:35:d0:5d:9f:6b:45:8a:a7:e2:67:64:
                    ea:7e:df:3f:2b:cc:91:fd:04:56:b2:d5:10:fb:1b:
                    7e:c9:4f:7c:a6:cc:6b:16:c9:55:f9:1f:6a:05:d9:
                    c1:98:40:56:b0:ef:3a:e4:6e:c7:04:db:4f:17:bd:
                    ad:50:ae:7f:ff:15:69:b3:a2:41:7c:f2:e9:60:8c:
                    4e:3c:22:82:7e:65:42:2e:f0:4e:e2:12:ca:5c:5b:
                    00:f7:05:93:95:58:3e:3b:7d:f6:28:31:0c:60:c3:
                    a4:e3:70:10:cf:17:6b:fb:08:3d:2b:b1:3e:23:08:
                    59:f5:6a:31:0e:11:7d:51:8f:fe:ab:b3:83:97:33:
                    6c:8d:2c:32:0c:f2:44:cd:1d:4a:b1:be:50:ad:5f:
                    3b:08:8c:35:fb:38:1e:71:87:2d:c3:6c:d0:3d:6e:
                    d2:25:22:f6:b8:ff:57:d9:75:66:ad:ab:71:87:aa:
                    4f:3d:c1:a1:81:83:c7:a4:66:79:5d:9d:7f:b3:3e:
                    48:a7:8b:d6:e9:ea:aa:3e:b8:c2:b2:0c:52:03:98:
                    ed:ec:17:7a:7f:3a:8a:0e:43:f3:82:8a:0c:38:9c:
                    40:f9:1e:fa:cf:d1:14:09:03:6a:ac:b1:55:75:1f:
                    eb:e1:42:08:a6:23:d1:25:7a:af:6e:bf:06:3c:fd:
                    34:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:FA:97:90:24:58:0C:80:01:12:50:4A:6D:12:93:32:22:C2:C7:CF
            X509v3 Authority Key Identifier:
                keyid:E0:01:2B:CB:9E:6E:74:72:37:72:47:81:A4:C9:19:FC:5C:94:19:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4AEry55udHI3ckeBpMkZ_FyUGWU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/02ce6f-1429-40ad-b753-0db88ec7342c/1/bPqXkCRYDIABElBKbRKTMiLCx88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/02ce6f-1429-40ad-b753-0db88ec7342c/1/4AEry55udHI3ckeBpMkZ_FyUGWU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:7f:35:b2:96:7f:81:46:03:9a:a8:92:74:52:f7:70:bd:08:
         70:13:98:8f:93:8c:07:f5:4e:50:00:6f:66:6e:48:92:e5:17:
         bb:16:7e:69:18:b2:f0:3f:64:1d:3d:d0:18:d0:f4:cc:ef:b7:
         aa:8e:c6:52:83:96:d7:73:f3:32:98:0f:cf:d0:56:08:f5:a0:
         2c:8c:da:95:a1:47:59:fa:b4:7d:e5:c6:27:68:6b:1f:60:09:
         68:39:8d:b9:9a:6c:f0:b8:57:7c:27:c4:ca:d6:b8:da:b7:07:
         ad:4a:cc:28:95:d0:be:54:17:56:53:29:05:d7:e9:c1:6b:ee:
         00:d7:31:cb:d6:44:bf:3b:72:7d:08:45:f8:f1:fe:68:66:f5:
         9d:89:de:bd:b3:e3:c6:40:e3:26:9a:62:04:c5:0a:84:33:c1:
         47:4b:d8:8e:fe:1e:cb:e9:9d:72:82:20:77:75:2b:c1:e4:fe:
         c9:e6:0d:86:a5:73:d7:ca:94:d3:93:1a:15:1d:71:4b:79:94:
         94:f6:37:89:68:fc:41:02:ae:7d:d3:1a:a9:f9:e3:53:cc:e0:
         6e:7e:14:1f:7f:cd:b8:8e:ab:de:c2:4c:b0:0e:c7:11:1d:b9:
         db:b7:17:ed:ef:80:ec:d3:3b:c9:b2:2a:46:0c:c9:23:5d:a2:
         ef:28:fa:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAA70eazDzOSH/MQDBHe7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwMDEyYmNiOWU2ZTc0NzIzNzcyNDc4MWE0YzkxOWZjNWM5
NDE5NjUwHhcNMjQwMTAxMTIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2ZhOTc5MDI0NTgwYzgwMDExMjUwNGE2ZDEyOTMzMjIyYzJjN2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXt8NdBdn2tFiqfiZ2Tqft8/K8yR
/QRWstUQ+xt+yU98psxrFslV+R9qBdnBmEBWsO865G7HBNtPF72tUK5//xVps6JB
fPLpYIxOPCKCfmVCLvBO4hLKXFsA9wWTlVg+O332KDEMYMOk43AQzxdr+wg9K7E+
IwhZ9WoxDhF9UY/+q7ODlzNsjSwyDPJEzR1Ksb5QrV87CIw1+zgecYctw2zQPW7S
JSL2uP9X2XVmratxh6pPPcGhgYPHpGZ5XZ1/sz5Ip4vW6eqqPrjCsgxSA5jt7Bd6
fzqKDkPzgooMOJxA+R76z9EUCQNqrLFVdR/r4UIIpiPRJXqvbr8GPP00NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGz6l5AkWAyAARJQSm0SkzIiwsfPMB8GA1UdIwQY
MBaAFOABK8uebnRyN3JHgaTJGfxclBllMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEFFcnk1NXVkSEkzY2tlQnBNa1pfRnlVR1dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS8wMmNlNmYtMTQyOS00MGFkLWI3NTMt
MGRiODhlYzczNDJjLzEvYlBxWGtDUllESUFCRWxCS2JSS1RNaUxDeDg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS8wMmNlNmYtMTQyOS00MGFkLWI3NTMtMGRiODhlYzczNDJj
LzEvNEFFcnk1NXVkSEkzY2tlQnBNa1pfRnlVR1dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+oQMA0G
CSqGSIb3DQEBCwUAA4IBAQCJfzWyln+BRgOaqJJ0UvdwvQhwE5iPk4wH9U5QAG9m
bkiS5Re7Fn5pGLLwP2QdPdAY0PTM77eqjsZSg5bXc/MymA/P0FYI9aAsjNqVoUdZ
+rR95cYnaGsfYAloOY25mmzwuFd8J8TK1rjatwetSswoldC+VBdWUykF1+nBa+4A
1zHL1kS/O3J9CEX48f5oZvWdid69s+PGQOMmmmIExQqEM8FHS9iO/h7L6Z1ygiB3
dSvB5P7J5g2GpXPXypTTkxoVHXFLeZSU9jeJaPxBAq590xqp+eNTzOBufhQff824
jqvewkywDscRHbnbtxft74Ds0zvJsipGDMkjXaLvKPre
-----END CERTIFICATE-----