Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/3f27b3-7110-4d8c-a0d8-03109c15510d/1/iNceDSdpaiQUoMzgtG9pp1ducas.roa
File:                     iNceDSdpaiQUoMzgtG9pp1ducas.roa (raw, json)
Hash identifier:          n3QPtyZ6PKNMBZWE0I+8yEeprhqRdNErkD7c5BxCwrU=
Subject key identifier:   88:D7:1E:0D:27:69:6A:24:14:A0:CC:E0:B4:6F:69:A7:57:6E:71:AB
Certificate issuer:       /CN=60599373b0b6f04319d08becb5ad5792a13bda92
Certificate serial:       018CC8DE20F97EF5F1BC6A72D9C0A3162F89
Authority key identifier: 60:59:93:73:B0:B6:F0:43:19:D0:8B:EC:B5:AD:57:92:A1:3B:DA:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFmTc7C28EMZ0Ivsta1XkqE72pI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/3f27b3-7110-4d8c-a0d8-03109c15510d/1/iNceDSdpaiQUoMzgtG9pp1ducas.roa
Signing time:             Tue 02 Jan 2024 06:30:49 +0000
ROA not before:           Tue 02 Jan 2024 06:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31463
IP address blocks:        91.199.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/3f27b3-7110-4d8c-a0d8-03109c15510d/1/YFmTc7C28EMZ0Ivsta1XkqE72pI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/3f27b3-7110-4d8c-a0d8-03109c15510d/1/YFmTc7C28EMZ0Ivsta1XkqE72pI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFmTc7C28EMZ0Ivsta1XkqE72pI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 17:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:20:f9:7e:f5:f1:bc:6a:72:d9:c0:a3:16:2f:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60599373b0b6f04319d08becb5ad5792a13bda92
        Validity
            Not Before: Jan  2 06:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88d71e0d27696a2414a0cce0b46f69a7576e71ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f3:69:82:3d:0d:ef:57:b9:23:29:11:54:5d:
                    8f:67:62:e5:2c:1e:52:88:6c:62:0e:69:c2:2e:a7:
                    a1:5f:6a:da:83:21:ee:b4:50:87:ff:52:d8:4f:ae:
                    ad:e2:c7:c4:74:11:1b:39:aa:48:66:54:5b:04:1a:
                    fe:ff:2c:cf:61:a4:43:10:cb:b7:54:a7:89:43:fa:
                    f6:e8:11:aa:f3:5a:4a:e2:88:cc:e9:ab:4b:93:dd:
                    9d:08:b0:0a:31:33:ec:57:ad:c2:2f:c4:86:70:ee:
                    fe:de:7a:e8:26:d5:1c:3c:2b:89:27:ca:56:4c:e3:
                    5b:dc:9f:44:c5:64:63:13:68:1e:b1:38:2f:8c:fc:
                    ad:fc:e9:cb:e7:9b:67:73:e7:7d:2e:2b:fc:c5:21:
                    0a:09:90:f5:02:42:c9:eb:c4:ff:dc:e6:a1:f6:ce:
                    f8:fc:b5:22:ba:90:20:88:e5:b5:53:09:20:98:0d:
                    2f:40:ed:4e:2c:78:8e:9b:9c:b7:e6:97:99:0f:a2:
                    3f:84:72:b8:fd:06:78:c0:aa:98:77:cf:03:09:db:
                    14:30:20:94:3b:be:c3:77:48:ae:1d:ef:b9:70:4d:
                    2a:a6:f1:fd:a3:9a:0c:76:17:b9:b7:82:de:bf:4b:
                    65:3e:95:11:3e:26:81:bd:3c:6c:f9:2c:57:ea:03:
                    ab:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:D7:1E:0D:27:69:6A:24:14:A0:CC:E0:B4:6F:69:A7:57:6E:71:AB
            X509v3 Authority Key Identifier:
                keyid:60:59:93:73:B0:B6:F0:43:19:D0:8B:EC:B5:AD:57:92:A1:3B:DA:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFmTc7C28EMZ0Ivsta1XkqE72pI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/3f27b3-7110-4d8c-a0d8-03109c15510d/1/iNceDSdpaiQUoMzgtG9pp1ducas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/3f27b3-7110-4d8c-a0d8-03109c15510d/1/YFmTc7C28EMZ0Ivsta1XkqE72pI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:46:d0:f8:47:90:13:f2:6c:8d:ba:03:99:d5:50:d6:e2:51:
         17:a3:f5:c5:e0:67:1e:ff:af:02:c6:44:5b:0d:1a:17:97:33:
         15:02:99:f7:40:4d:f3:9f:90:45:85:4f:d3:77:b3:02:96:e3:
         88:7b:d8:22:b3:85:45:0f:6d:69:f6:5a:27:30:41:b0:7b:4d:
         3d:c1:da:8d:25:27:5f:dd:1d:87:5f:ac:db:f8:26:ee:e4:99:
         ff:e7:dd:40:5a:52:ef:0f:d7:9f:99:e8:6a:cb:d7:dc:89:ba:
         a7:1f:09:68:31:99:89:b7:b2:8c:fd:35:36:90:5c:1f:54:7e:
         5c:3f:36:af:fb:c5:3a:59:56:ee:a7:50:d8:ad:f6:5c:54:37:
         f5:ad:b5:00:9a:5c:14:bb:24:04:2d:1e:59:2f:bd:2f:28:1e:
         d0:5b:ee:a7:c2:c4:7d:0b:a7:8f:50:f1:d0:c9:f3:3c:c9:63:
         3d:af:3f:15:29:51:1c:b7:0a:7c:25:6c:e7:b2:d2:0d:3a:52:
         e3:65:45:f7:3a:30:3f:be:b0:18:5c:c7:db:e8:08:7b:1a:8c:
         60:da:0d:b4:61:9f:f9:4c:30:ce:4e:57:5e:81:e8:0c:16:0e:
         56:8b:28:f4:d4:c4:eb:d4:bd:df:14:80:3d:8b:e4:5a:f2:06:
         2b:53:5b:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3iD5fvXxvGpy2cCjFi+JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTk5MzczYjBiNmYwNDMxOWQwOGJlY2I1YWQ1NzkyYTEz
YmRhOTIwHhcNMjQwMTAyMDYzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGQ3MWUwZDI3Njk2YTI0MTRhMGNjZTBiNDZmNjlhNzU3NmU3MWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/Npgj0N71e5IykRVF2PZ2LlLB5S
iGxiDmnCLqehX2ragyHutFCH/1LYT66t4sfEdBEbOapIZlRbBBr+/yzPYaRDEMu3
VKeJQ/r26BGq81pK4ojM6atLk92dCLAKMTPsV63CL8SGcO7+3nroJtUcPCuJJ8pW
TONb3J9ExWRjE2gesTgvjPyt/OnL55tnc+d9Liv8xSEKCZD1AkLJ68T/3Oah9s74
/LUiupAgiOW1UwkgmA0vQO1OLHiOm5y35peZD6I/hHK4/QZ4wKqYd88DCdsUMCCU
O77Dd0iuHe+5cE0qpvH9o5oMdhe5t4Lev0tlPpURPiaBvTxs+SxX6gOrWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIjXHg0naWokFKDM4LRvaadXbnGrMB8GA1UdIwQY
MBaAFGBZk3OwtvBDGdCL7LWtV5KhO9qSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZtVGM3QzI4RU1aMEl2c3RhMVhrcUU3MnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi8zZjI3YjMtNzExMC00ZDhjLWEwZDgt
MDMxMDljMTU1MTBkLzEvaU5jZURTZHBhaVFVb016Z3RHOXBwMWR1Y2FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi8zZjI3YjMtNzExMC00ZDhjLWEwZDgtMDMxMDljMTU1MTBk
LzEvWUZtVGM3QzI4RU1aMEl2c3RhMVhrcUU3MnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8f8MA0G
CSqGSIb3DQEBCwUAA4IBAQAmRtD4R5AT8myNugOZ1VDW4lEXo/XF4Gce/68CxkRb
DRoXlzMVApn3QE3zn5BFhU/Td7MCluOIe9gis4VFD21p9lonMEGwe009wdqNJSdf
3R2HX6zb+Cbu5Jn/591AWlLvD9efmehqy9fcibqnHwloMZmJt7KM/TU2kFwfVH5c
Pzav+8U6WVbup1DYrfZcVDf1rbUAmlwUuyQELR5ZL70vKB7QW+6nwsR9C6ePUPHQ
yfM8yWM9rz8VKVEctwp8JWznstINOlLjZUX3OjA/vrAYXMfb6Ah7Goxg2g20YZ/5
TDDOTldegegMFg5Wiyj01MTr1L3fFIA9i+Ra8gYrU1sk
-----END CERTIFICATE-----