Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/v6gS8zPvP8H3jqU4gO5TIz2cy3w.roa
File:                     v6gS8zPvP8H3jqU4gO5TIz2cy3w.roa (raw, json)
Hash identifier:          hYmTUOC57Bn2H3DotGVsZqr+vXI8dVd1MdA2yEqwLhs=
Subject key identifier:   BF:A8:12:F3:33:EF:3F:C1:F7:8E:A5:38:80:EE:53:23:3D:9C:CB:7C
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       0191FFCD9679391911C2E64DB5FB06081051
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/v6gS8zPvP8H3jqU4gO5TIz2cy3w.roa
Signing time:             Tue 17 Sep 2024 11:45:48 +0000
ROA not before:           Tue 17 Sep 2024 11:45:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214177
IP address blocks:        91.148.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:ff:cd:96:79:39:19:11:c2:e6:4d:b5:fb:06:08:10:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Sep 17 11:45:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfa812f333ef3fc1f78ea53880ee53233d9ccb7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:c2:63:e4:64:c8:1b:fd:ba:99:b9:bb:49:52:
                    4d:01:0b:e9:78:43:f1:d5:7d:20:ef:1e:6d:52:77:
                    f5:3b:3f:a8:57:30:14:51:6e:a3:bb:f3:12:af:d0:
                    16:33:58:cb:50:ad:dc:77:28:08:8b:d6:61:40:c4:
                    e1:23:8f:d3:57:df:6f:05:20:ea:18:c6:94:2b:2d:
                    21:b2:81:8f:c5:f6:a4:84:e7:a9:d9:bf:f4:e5:a4:
                    9a:30:37:0f:52:39:55:f0:f7:da:86:4d:ea:1c:4a:
                    43:01:03:ca:5f:a3:2f:b0:8c:13:df:9a:c3:f7:8e:
                    46:da:6a:79:50:26:7f:cb:22:b3:5b:11:49:67:1f:
                    3e:94:67:b2:ac:e0:7a:ab:08:57:ca:db:a5:1b:7e:
                    e8:d3:2b:23:ee:be:bb:d0:97:ff:ec:31:9a:cf:ee:
                    d5:84:b7:ab:3f:d1:ab:81:db:3c:b6:0d:55:46:fe:
                    0d:d2:bf:59:a5:b7:08:4a:a7:34:85:6e:79:03:9a:
                    50:eb:cc:5e:a1:5a:d5:e3:be:eb:a9:43:73:18:6b:
                    54:7a:d7:d0:3c:55:ba:2f:d5:6e:c6:a7:d6:22:3c:
                    b1:c6:a2:55:f9:c1:e4:82:e8:de:fd:90:d0:82:4e:
                    a0:ad:ab:f3:8c:f2:37:84:dc:3e:14:86:20:cd:d9:
                    f0:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:A8:12:F3:33:EF:3F:C1:F7:8E:A5:38:80:EE:53:23:3D:9C:CB:7C
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/v6gS8zPvP8H3jqU4gO5TIz2cy3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.148.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:c1:cc:67:06:08:93:8c:38:ec:12:50:91:4e:bc:39:92:d0:
         96:3e:d0:32:4c:eb:6f:b9:bf:de:a5:60:44:83:c2:ee:62:23:
         71:ab:2d:00:b9:d1:9c:1d:17:e0:2d:03:c3:86:d1:3b:8c:3d:
         42:8f:f3:b8:0b:c4:36:d8:05:93:0d:5b:0a:bb:32:cb:7e:2c:
         43:19:b1:78:cd:f0:b4:a4:e0:4c:fa:87:8e:5c:dd:ad:8b:af:
         a4:21:0b:aa:ae:54:cb:41:84:26:8b:87:53:74:99:c4:1c:32:
         a3:54:db:42:a4:58:84:f0:db:02:8e:48:d1:e8:25:9b:37:15:
         6a:3a:a8:f3:28:67:a0:85:e9:7c:6d:b3:74:2b:b6:9a:5f:6e:
         32:10:67:fc:06:65:71:e9:da:fc:f0:60:8f:5b:a4:a8:3f:14:
         72:87:c5:66:8e:5d:df:bd:a0:d3:64:a8:bd:24:c6:22:7b:21:
         54:62:35:0d:2b:72:5e:0c:5a:5b:24:9f:89:82:f9:f8:61:59:
         5b:2b:93:35:46:b1:fc:38:75:16:59:fa:91:28:6f:34:d6:e0:
         ab:37:b2:bd:57:56:b9:92:ea:6b:fa:93:df:3f:71:3e:02:b7:
         a0:50:63:e3:f1:97:30:ce:ae:40:2e:cb:23:c7:b1:c9:3d:0c:
         1d:c8:3a:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZH/zZZ5ORkRwuZNtfsGCBBRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQwOTE3MTE0NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmE4MTJmMzMzZWYzZmMxZjc4ZWE1Mzg4MGVlNTMyMzNkOWNjYjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlMJj5GTIG/26mbm7SVJNAQvpeEPx
1X0g7x5tUnf1Oz+oVzAUUW6ju/MSr9AWM1jLUK3cdygIi9ZhQMThI4/TV99vBSDq
GMaUKy0hsoGPxfakhOep2b/05aSaMDcPUjlV8Pfahk3qHEpDAQPKX6MvsIwT35rD
945G2mp5UCZ/yyKzWxFJZx8+lGeyrOB6qwhXytulG37o0ysj7r670Jf/7DGaz+7V
hLerP9Grgds8tg1VRv4N0r9ZpbcISqc0hW55A5pQ68xeoVrV477rqUNzGGtUetfQ
PFW6L9VuxqfWIjyxxqJV+cHkguje/ZDQgk6gravzjPI3hNw+FIYgzdnwwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL+oEvMz7z/B946lOIDuUyM9nMt8MB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvdjZnUzh6UHZQOEgzanFVNGdPNVRJejJjeTN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW5SnMA0G
CSqGSIb3DQEBCwUAA4IBAQBYwcxnBgiTjDjsElCRTrw5ktCWPtAyTOtvub/epWBE
g8LuYiNxqy0AudGcHRfgLQPDhtE7jD1Cj/O4C8Q22AWTDVsKuzLLfixDGbF4zfC0
pOBM+oeOXN2ti6+kIQuqrlTLQYQmi4dTdJnEHDKjVNtCpFiE8NsCjkjR6CWbNxVq
OqjzKGeghel8bbN0K7aaX24yEGf8BmVx6dr88GCPW6SoPxRyh8Vmjl3fvaDTZKi9
JMYieyFUYjUNK3JeDFpbJJ+Jgvn4YVlbK5M1RrH8OHUWWfqRKG801uCrN7K9V1a5
kupr+pPfP3E+AregUGPj8Zcwzq5ALssjx7HJPQwdyDo0
-----END CERTIFICATE-----