Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/1de86c-5f1e-402e-9ef4-637b261ab179/1/bhGzDCheos3H2iP6oNq8jb5C2Rk.roa
File:                     bhGzDCheos3H2iP6oNq8jb5C2Rk.roa (raw, json)
Hash identifier:          mpU6psn+keAkm77Zl4VhZBF0xnlyfVY/xcCzF3MoGfc=
Subject key identifier:   6E:11:B3:0C:28:5E:A2:CD:C7:DA:23:FA:A0:DA:BC:8D:BE:42:D9:19
Certificate issuer:       /CN=93a989c17b2da0c5143155820ebc56bfe73a3adf
Certificate serial:       018DC693A258ED4551CC059D63935FDC6900
Authority key identifier: 93:A9:89:C1:7B:2D:A0:C5:14:31:55:82:0E:BC:56:BF:E7:3A:3A:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k6mJwXstoMUUMVWCDrxWv-c6Ot8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/1de86c-5f1e-402e-9ef4-637b261ab179/1/bhGzDCheos3H2iP6oNq8jb5C2Rk.roa
Signing time:             Tue 20 Feb 2024 12:53:00 +0000
ROA not before:           Tue 20 Feb 2024 12:53:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201884
IP address blocks:        91.103.248.0/24 maxlen: 24
                          91.103.249.0/24 maxlen: 24
                          91.103.250.0/24 maxlen: 24
                          91.103.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/1de86c-5f1e-402e-9ef4-637b261ab179/1/k6mJwXstoMUUMVWCDrxWv-c6Ot8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/1de86c-5f1e-402e-9ef4-637b261ab179/1/k6mJwXstoMUUMVWCDrxWv-c6Ot8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k6mJwXstoMUUMVWCDrxWv-c6Ot8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 21:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c6:93:a2:58:ed:45:51:cc:05:9d:63:93:5f:dc:69:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93a989c17b2da0c5143155820ebc56bfe73a3adf
        Validity
            Not Before: Feb 20 12:53:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e11b30c285ea2cdc7da23faa0dabc8dbe42d919
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:1d:e8:8d:f6:64:e7:c0:1a:a7:f9:c3:4c:56:
                    49:71:fe:d5:ad:24:de:bb:19:97:19:aa:61:6c:a9:
                    82:b5:07:70:fd:08:de:ad:e9:de:5e:32:69:0c:44:
                    bb:ee:d8:12:16:bb:47:7c:c0:3c:bd:3d:58:fa:02:
                    98:d0:f8:bc:49:3d:0a:e6:22:f0:99:dc:7d:b8:ad:
                    4f:c0:1a:f5:3d:a0:c5:25:5c:35:8e:5f:8e:f7:8b:
                    32:db:5b:eb:04:f4:f4:7e:36:a2:6a:39:47:53:70:
                    0e:1e:06:ee:4c:6a:d6:2a:3c:33:37:59:fa:f3:0d:
                    fe:6b:bc:1b:ef:18:8f:1c:0a:79:72:67:98:63:71:
                    d7:81:04:fc:f9:91:a5:28:75:18:af:89:0e:7b:20:
                    13:12:a8:56:bd:ff:2f:41:9a:ce:5c:30:64:f1:7d:
                    4c:a9:01:4f:4e:11:ae:65:e5:8b:b8:63:c7:61:7f:
                    a9:16:25:e6:29:35:c6:b0:a6:3e:b6:49:27:43:32:
                    66:f6:34:17:b3:26:88:92:05:b7:d7:10:b3:4d:76:
                    36:32:b4:0d:f5:93:e5:89:dc:ce:3d:97:f8:0f:cc:
                    a4:22:8e:56:07:d3:a7:98:60:c0:fd:b5:12:a3:8c:
                    d9:6a:ab:58:4f:33:bc:6e:9a:01:8f:86:b0:3f:79:
                    26:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:11:B3:0C:28:5E:A2:CD:C7:DA:23:FA:A0:DA:BC:8D:BE:42:D9:19
            X509v3 Authority Key Identifier:
                keyid:93:A9:89:C1:7B:2D:A0:C5:14:31:55:82:0E:BC:56:BF:E7:3A:3A:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k6mJwXstoMUUMVWCDrxWv-c6Ot8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/1de86c-5f1e-402e-9ef4-637b261ab179/1/bhGzDCheos3H2iP6oNq8jb5C2Rk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/1de86c-5f1e-402e-9ef4-637b261ab179/1/k6mJwXstoMUUMVWCDrxWv-c6Ot8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.103.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:74:e8:26:1c:25:80:03:d2:6a:13:67:a1:05:fc:6c:c5:f3:
         a5:14:8f:64:4b:80:69:b1:cb:aa:ca:91:ea:9b:a1:94:e3:a8:
         b4:a2:db:f8:f6:28:f1:3a:a6:75:51:00:04:80:1f:b6:88:ce:
         a7:2b:6f:8b:11:fd:4d:15:ca:c0:0a:d0:3f:17:6d:a5:8d:12:
         34:d7:6d:23:12:f0:72:d8:97:95:f3:b7:09:26:b5:1a:0a:21:
         04:52:0a:be:47:e5:8e:fe:f3:d8:28:39:86:6a:74:31:3d:58:
         c8:80:ae:ee:08:ef:65:cb:28:c1:46:f9:cc:de:b6:03:8f:ea:
         17:65:a2:85:fb:ae:78:77:cf:7e:53:29:81:bb:ae:78:b4:94:
         53:03:d2:24:18:7f:80:25:63:e9:5a:a1:20:31:99:2c:f1:2a:
         aa:4b:71:a0:25:b0:84:a8:30:0e:68:a8:17:4d:10:26:aa:05:
         a9:7f:35:ce:e8:19:81:5f:2b:d5:79:df:c0:df:c1:18:dc:d6:
         93:09:22:9b:b2:95:bb:80:1f:58:9e:43:c9:f3:e3:a6:e4:3f:
         a8:19:5d:02:84:7c:dc:f5:f2:67:18:82:60:e7:f9:55:ef:d2:
         2e:90:76:21:db:92:58:de:f4:f0:7e:ba:4c:1d:9f:23:db:04:
         b9:9d:6d:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3Gk6JY7UVRzAWdY5Nf3GkAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzYTk4OWMxN2IyZGEwYzUxNDMxNTU4MjBlYmM1NmJmZTcz
YTNhZGYwHhcNMjQwMjIwMTI1MzAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTExYjMwYzI4NWVhMmNkYzdkYTIzZmFhMGRhYmM4ZGJlNDJkOTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhx3ojfZk58Aap/nDTFZJcf7VrSTe
uxmXGaphbKmCtQdw/QjereneXjJpDES77tgSFrtHfMA8vT1Y+gKY0Pi8ST0K5iLw
mdx9uK1PwBr1PaDFJVw1jl+O94sy21vrBPT0fjaiajlHU3AOHgbuTGrWKjwzN1n6
8w3+a7wb7xiPHAp5cmeYY3HXgQT8+ZGlKHUYr4kOeyATEqhWvf8vQZrOXDBk8X1M
qQFPThGuZeWLuGPHYX+pFiXmKTXGsKY+tkknQzJm9jQXsyaIkgW31xCzTXY2MrQN
9ZPlidzOPZf4D8ykIo5WB9OnmGDA/bUSo4zZaqtYTzO8bpoBj4awP3kmwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG4RswwoXqLNx9oj+qDavI2+QtkZMB8GA1UdIwQY
MBaAFJOpicF7LaDFFDFVgg68Vr/nOjrfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazZtSndYc3RvTVVVTVZXQ0RyeFd2LWM2T3Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8xZGU4NmMtNWYxZS00MDJlLTllZjQt
NjM3YjI2MWFiMTc5LzEvYmhHekRDaGVvczNIMmlQNm9OcThqYjVDMlJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8xZGU4NmMtNWYxZS00MDJlLTllZjQtNjM3YjI2MWFiMTc5
LzEvazZtSndYc3RvTVVVTVZXQ0RyeFd2LWM2T3Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW2f4MA0G
CSqGSIb3DQEBCwUAA4IBAQCedOgmHCWAA9JqE2ehBfxsxfOlFI9kS4BpscuqypHq
m6GU46i0otv49ijxOqZ1UQAEgB+2iM6nK2+LEf1NFcrACtA/F22ljRI0120jEvBy
2JeV87cJJrUaCiEEUgq+R+WO/vPYKDmGanQxPVjIgK7uCO9lyyjBRvnM3rYDj+oX
ZaKF+654d89+UymBu654tJRTA9IkGH+AJWPpWqEgMZks8SqqS3GgJbCEqDAOaKgX
TRAmqgWpfzXO6BmBXyvVed/A38EY3NaTCSKbspW7gB9YnkPJ8+Om5D+oGV0ChHzc
9fJnGIJg5/lV79IukHYh25JY3vTwfrpMHZ8j2wS5nW3U
-----END CERTIFICATE-----