Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/008f91-aee3-4408-8393-14b76b76f2bb/1/wIe0dyT7VfORLYLw3ycjcNYbduw.roa
File:                     wIe0dyT7VfORLYLw3ycjcNYbduw.roa (raw, json)
Hash identifier:          PyDaHWlkT/BDExaznChsp7vDajv3HlnZkmOtHLRK06M=
Subject key identifier:   C0:87:B4:77:24:FB:55:F3:91:2D:82:F0:DF:27:23:70:D6:1B:76:EC
Certificate issuer:       /CN=aa679589c1c48897d09b2d4fed7a66044a876ea3
Certificate serial:       018CC86EFDADDBD85B62744C96818B18618F
Authority key identifier: AA:67:95:89:C1:C4:88:97:D0:9B:2D:4F:ED:7A:66:04:4A:87:6E:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qmeVicHEiJfQmy1P7XpmBEqHbqM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/008f91-aee3-4408-8393-14b76b76f2bb/1/wIe0dyT7VfORLYLw3ycjcNYbduw.roa
Signing time:             Tue 02 Jan 2024 04:29:26 +0000
ROA not before:           Tue 02 Jan 2024 04:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47810
IP address blocks:        91.239.206.0/23 maxlen: 23
                          91.208.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/008f91-aee3-4408-8393-14b76b76f2bb/1/qmeVicHEiJfQmy1P7XpmBEqHbqM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/008f91-aee3-4408-8393-14b76b76f2bb/1/qmeVicHEiJfQmy1P7XpmBEqHbqM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qmeVicHEiJfQmy1P7XpmBEqHbqM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 13:30:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:fd:ad:db:d8:5b:62:74:4c:96:81:8b:18:61:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa679589c1c48897d09b2d4fed7a66044a876ea3
        Validity
            Not Before: Jan  2 04:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c087b47724fb55f3912d82f0df272370d61b76ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ae:19:61:a7:af:ef:c6:26:b4:00:d1:58:4e:
                    32:6b:99:fa:b2:db:d8:88:e5:74:3c:34:da:b7:8e:
                    07:30:27:d2:84:8f:81:d3:86:38:43:bf:34:b5:43:
                    03:25:f5:b9:bb:60:86:23:da:f6:95:d5:43:77:ee:
                    ea:5e:2f:08:7b:60:f0:6f:a6:d5:29:1e:7c:0b:f8:
                    8b:c9:ed:66:d1:8c:f9:4b:3d:91:0b:2b:81:4a:2e:
                    c5:71:83:41:b6:a7:8f:d0:0a:f1:95:93:88:73:0f:
                    a3:b7:d7:ad:ff:ed:8d:13:3e:ce:43:4f:ec:49:91:
                    a6:17:48:28:d0:56:72:d2:eb:bf:d2:31:df:ee:bf:
                    ec:8f:48:1f:3e:6b:be:b5:ab:6f:bd:4d:1f:ff:57:
                    48:60:77:d9:8c:50:b0:1e:26:8f:1d:c1:32:b9:47:
                    ff:d0:54:c2:59:02:80:d9:b0:11:55:f3:19:7e:de:
                    e6:fd:71:64:41:0e:e0:95:9e:fa:1c:ce:bb:62:a2:
                    40:ab:24:04:7c:58:76:07:19:12:85:ef:1c:0d:75:
                    9a:cd:41:26:cc:fb:3b:f3:66:09:63:42:6a:b1:33:
                    81:a6:09:2f:b8:d4:9c:7b:9a:48:d2:a1:2e:72:4b:
                    a5:6e:e0:d7:57:22:a3:0b:b7:e7:88:a8:b0:4d:a2:
                    32:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:87:B4:77:24:FB:55:F3:91:2D:82:F0:DF:27:23:70:D6:1B:76:EC
            X509v3 Authority Key Identifier:
                keyid:AA:67:95:89:C1:C4:88:97:D0:9B:2D:4F:ED:7A:66:04:4A:87:6E:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qmeVicHEiJfQmy1P7XpmBEqHbqM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/008f91-aee3-4408-8393-14b76b76f2bb/1/wIe0dyT7VfORLYLw3ycjcNYbduw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/008f91-aee3-4408-8393-14b76b76f2bb/1/qmeVicHEiJfQmy1P7XpmBEqHbqM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.144.0/24
                  91.239.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:89:6b:ec:75:d2:2e:ef:2c:ba:15:f3:8e:13:85:2a:50:db:
         c9:b7:be:7b:c4:3b:b9:13:db:e0:c9:41:f4:0f:48:de:aa:91:
         42:61:aa:03:3b:29:e5:7f:7a:80:6d:e3:ce:ac:76:67:35:ab:
         3d:75:2b:de:a4:48:2c:25:0b:66:fb:90:d9:8f:19:fd:4b:56:
         39:0d:74:cc:ad:b6:cb:41:0e:c9:a7:27:d3:c6:79:31:04:82:
         38:99:65:1c:bc:87:23:f1:bc:a7:19:3c:ee:8a:46:2d:2e:e3:
         96:71:21:0e:d7:f1:62:fe:67:69:99:e3:a7:03:7b:67:99:4c:
         ea:89:77:28:84:f0:a4:ad:65:ac:6e:c0:55:4c:29:90:15:ae:
         0d:46:7a:38:c6:54:e7:ac:0b:4a:a6:a3:2c:04:3d:4d:39:52:
         fc:0f:86:5b:29:c9:6f:90:bd:e1:0f:65:11:2f:62:fe:77:5f:
         5d:f7:77:ce:4e:4f:d5:60:2a:29:0c:b2:8c:eb:d8:16:4c:53:
         14:f7:9f:b5:b2:83:87:16:f9:74:2d:1a:45:a7:6b:9b:aa:af:
         a1:0e:61:0a:4c:3d:df:03:3c:19:77:7d:0a:62:74:78:52:57:
         e1:dc:7a:65:4f:bd:30:ed:1a:32:d4:85:4d:0d:26:3a:fa:6d:
         f7:8e:6f:aa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIbv2t29hbYnRMloGLGGGPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNjc5NTg5YzFjNDg4OTdkMDliMmQ0ZmVkN2E2NjA0NGE4
NzZlYTMwHhcNMjQwMTAyMDQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDg3YjQ3NzI0ZmI1NWYzOTEyZDgyZjBkZjI3MjM3MGQ2MWI3NmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAla4ZYaev78YmtADRWE4ya5n6stvY
iOV0PDTat44HMCfShI+B04Y4Q780tUMDJfW5u2CGI9r2ldVDd+7qXi8Ie2Dwb6bV
KR58C/iLye1m0Yz5Sz2RCyuBSi7FcYNBtqeP0ArxlZOIcw+jt9et/+2NEz7OQ0/s
SZGmF0go0FZy0uu/0jHf7r/sj0gfPmu+tatvvU0f/1dIYHfZjFCwHiaPHcEyuUf/
0FTCWQKA2bARVfMZft7m/XFkQQ7glZ76HM67YqJAqyQEfFh2BxkShe8cDXWazUEm
zPs782YJY0JqsTOBpgkvuNSce5pI0qEuckulbuDXVyKjC7fniKiwTaIyZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMCHtHck+1XzkS2C8N8nI3DWG3bsMB8GA1UdIwQY
MBaAFKpnlYnBxIiX0JstT+16ZgRKh26jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW1lVmljSEVpSmZRbXkxUDdYcG1CRXFIYnFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8wMDhmOTEtYWVlMy00NDA4LTgzOTMt
MTRiNzZiNzZmMmJiLzEvd0llMGR5VDdWZk9STFlMdzN5Y2pjTlliZHV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8wMDhmOTEtYWVlMy00NDA4LTgzOTMtMTRiNzZiNzZmMmJi
LzEvcW1lVmljSEVpSmZRbXkxUDdYcG1CRXFIYnFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9CQAwQB
W+/OMA0GCSqGSIb3DQEBCwUAA4IBAQBhiWvsddIu7yy6FfOOE4UqUNvJt757xDu5
E9vgyUH0D0jeqpFCYaoDOynlf3qAbePOrHZnNas9dSvepEgsJQtm+5DZjxn9S1Y5
DXTMrbbLQQ7JpyfTxnkxBII4mWUcvIcj8bynGTzuikYtLuOWcSEO1/Fi/mdpmeOn
A3tnmUzqiXcohPCkrWWsbsBVTCmQFa4NRno4xlTnrAtKpqMsBD1NOVL8D4ZbKclv
kL3hD2URL2L+d19d93fOTk/VYCopDLKM69gWTFMU95+1soOHFvl0LRpFp2ubqq+h
DmEKTD3fAzwZd30KYnR4Ulfh3HplT70w7Roy1IVNDSY6+m33jm+q
-----END CERTIFICATE-----