Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/4f6f43-85f4-401a-a32f-e1e39f956081/1/BsWRkwvBY6BkDJGJHPVOhDCEw-Y.roa
File:                     BsWRkwvBY6BkDJGJHPVOhDCEw-Y.roa (raw, json)
Hash identifier:          M9yCRip2jvrSQZMWJ2CAQa3vU6j9jgf8kRiwClpQjOA=
Subject key identifier:   06:C5:91:93:0B:C1:63:A0:64:0C:91:89:1C:F5:4E:84:30:84:C3:E6
Certificate issuer:       /CN=c8c1e9e0bc5f5da18e324a18125b427801a807f1
Certificate serial:       018D2101A337E9756AD3D6E58790623C52CC
Authority key identifier: C8:C1:E9:E0:BC:5F:5D:A1:8E:32:4A:18:12:5B:42:78:01:A8:07:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yMHp4LxfXaGOMkoYEltCeAGoB_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/4f6f43-85f4-401a-a32f-e1e39f956081/1/BsWRkwvBY6BkDJGJHPVOhDCEw-Y.roa
Signing time:             Fri 19 Jan 2024 09:16:11 +0000
ROA not before:           Fri 19 Jan 2024 09:16:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202480
IP address blocks:        91.217.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/4f6f43-85f4-401a-a32f-e1e39f956081/1/yMHp4LxfXaGOMkoYEltCeAGoB_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/4f6f43-85f4-401a-a32f-e1e39f956081/1/yMHp4LxfXaGOMkoYEltCeAGoB_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yMHp4LxfXaGOMkoYEltCeAGoB_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:21:01:a3:37:e9:75:6a:d3:d6:e5:87:90:62:3c:52:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8c1e9e0bc5f5da18e324a18125b427801a807f1
        Validity
            Not Before: Jan 19 09:16:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06c591930bc163a0640c91891cf54e843084c3e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:a2:12:69:95:db:bf:a7:93:91:49:ae:5c:13:
                    ca:64:04:bd:51:3c:96:be:ec:cd:48:cc:e3:76:8d:
                    93:fa:93:b9:36:11:08:69:33:97:2c:3c:26:6e:c9:
                    fc:24:af:46:b2:83:69:45:51:73:45:ec:7c:bd:d3:
                    c1:63:39:24:4a:41:03:38:32:99:ef:79:82:3a:ec:
                    3e:96:64:04:ab:f6:f3:f4:df:0b:a4:71:d5:c0:cb:
                    87:59:37:c3:31:8b:32:8a:45:b0:c2:2b:8a:bc:3d:
                    56:cf:88:36:f1:b6:c8:f4:44:da:7f:99:bd:cf:cf:
                    0a:0b:a5:c0:b4:08:96:9c:13:e9:5a:36:89:0e:27:
                    c1:77:22:40:9d:fa:1b:d2:a2:6e:4f:7d:d2:1d:0d:
                    0a:ce:38:a6:9a:c8:88:27:66:08:88:2d:4b:1b:39:
                    d3:24:70:68:1f:4b:ee:d3:6c:e8:a2:e9:2b:6e:7f:
                    70:b8:13:c0:63:e8:89:b3:1d:73:00:c7:31:14:cb:
                    fd:8b:4d:a0:e8:85:e2:20:82:62:a6:ba:de:c5:fa:
                    62:4c:73:7b:a7:c7:ed:84:98:ac:dd:1e:d8:a8:07:
                    07:19:dd:e5:ba:1a:53:d8:af:05:4b:ca:6e:cf:e4:
                    19:72:b0:5a:94:54:04:3a:4a:b9:0e:ca:59:05:d7:
                    70:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:C5:91:93:0B:C1:63:A0:64:0C:91:89:1C:F5:4E:84:30:84:C3:E6
            X509v3 Authority Key Identifier:
                keyid:C8:C1:E9:E0:BC:5F:5D:A1:8E:32:4A:18:12:5B:42:78:01:A8:07:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yMHp4LxfXaGOMkoYEltCeAGoB_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/4f6f43-85f4-401a-a32f-e1e39f956081/1/BsWRkwvBY6BkDJGJHPVOhDCEw-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/4f6f43-85f4-401a-a32f-e1e39f956081/1/yMHp4LxfXaGOMkoYEltCeAGoB_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:44:ee:0f:1a:17:3c:01:14:b5:8f:4e:44:d5:8c:58:86:95:
         fd:90:29:1b:be:f7:8d:61:2a:ad:c8:71:80:d1:38:69:42:62:
         b2:7a:06:cf:14:30:2d:77:2b:0c:65:e7:6d:b6:69:1a:51:e2:
         e1:26:e9:59:d8:dc:03:77:14:1a:83:ac:f0:ff:69:d2:73:3d:
         fc:c3:a3:47:a1:74:57:a1:8b:ea:bf:26:ab:bf:e0:81:52:85:
         6c:59:c3:59:ad:76:83:29:d4:d7:61:0b:fc:3b:2e:0b:15:28:
         a7:83:31:f9:91:85:f0:73:fb:10:16:89:77:a9:2c:e6:86:d3:
         86:f1:e3:81:c5:b9:1c:65:d6:c7:a7:13:e5:95:cb:b3:3c:a7:
         2d:de:12:b2:87:45:c4:50:c9:14:9d:4e:b7:69:e9:b5:d9:67:
         78:b1:90:cb:28:be:d4:48:a4:49:f9:ce:b6:bd:1b:38:b2:0a:
         e2:73:54:19:cc:9c:e4:29:64:dc:48:cb:f6:1b:b8:6a:52:c5:
         c8:97:ee:27:e5:96:f4:e8:8a:31:da:9a:32:03:e8:56:c1:42:
         ef:bb:0d:e0:bc:87:9b:ce:60:43:c2:69:e2:7a:60:29:06:bf:
         fd:c9:5c:b8:d9:71:b2:d0:75:ab:c8:19:e6:97:29:09:6b:7d:
         44:73:ca:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0hAaM36XVq09blh5BiPFLMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4YzFlOWUwYmM1ZjVkYTE4ZTMyNGExODEyNWI0Mjc4MDFh
ODA3ZjEwHhcNMjQwMTE5MDkxNjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmM1OTE5MzBiYzE2M2EwNjQwYzkxODkxY2Y1NGU4NDMwODRjM2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgKISaZXbv6eTkUmuXBPKZAS9UTyW
vuzNSMzjdo2T+pO5NhEIaTOXLDwmbsn8JK9GsoNpRVFzRex8vdPBYzkkSkEDODKZ
73mCOuw+lmQEq/bz9N8LpHHVwMuHWTfDMYsyikWwwiuKvD1Wz4g28bbI9ETaf5m9
z88KC6XAtAiWnBPpWjaJDifBdyJAnfob0qJuT33SHQ0KzjimmsiIJ2YIiC1LGznT
JHBoH0vu02zooukrbn9wuBPAY+iJsx1zAMcxFMv9i02g6IXiIIJiprrexfpiTHN7
p8fthJis3R7YqAcHGd3luhpT2K8FS8puz+QZcrBalFQEOkq5DspZBddwyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAbFkZMLwWOgZAyRiRz1ToQwhMPmMB8GA1UdIwQY
MBaAFMjB6eC8X12hjjJKGBJbQngBqAfxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU1IcDRMeGZYYUdPTWtvWUVsdENlQUdvQl9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS80ZjZmNDMtODVmNC00MDFhLWEzMmYt
ZTFlMzlmOTU2MDgxLzEvQnNXUmt3dkJZNkJrREpHSkhQVk9oRENFdy1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS80ZjZmNDMtODVmNC00MDFhLWEzMmYtZTFlMzlmOTU2MDgx
LzEveU1IcDRMeGZYYUdPTWtvWUVsdENlQUdvQl9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9kyMA0G
CSqGSIb3DQEBCwUAA4IBAQBLRO4PGhc8ARS1j05E1YxYhpX9kCkbvveNYSqtyHGA
0ThpQmKyegbPFDAtdysMZedttmkaUeLhJulZ2NwDdxQag6zw/2nScz38w6NHoXRX
oYvqvyarv+CBUoVsWcNZrXaDKdTXYQv8Oy4LFSingzH5kYXwc/sQFol3qSzmhtOG
8eOBxbkcZdbHpxPllcuzPKct3hKyh0XEUMkUnU63aem12Wd4sZDLKL7USKRJ+c62
vRs4sgric1QZzJzkKWTcSMv2G7hqUsXIl+4n5Zb06Iox2poyA+hWwULvuw3gvIeb
zmBDwmniemApBr/9yVy42XGy0HWryBnmlykJa31Ec8r5
-----END CERTIFICATE-----