Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/44d603-fbf5-459b-a0ba-d2763c007752/1/wDmRfmMe_1QS-UxEMQhvHBV-rrs.roa
File:                     wDmRfmMe_1QS-UxEMQhvHBV-rrs.roa (raw, json)
Hash identifier:          qvgFCqUWyf/RNhL1t19kSAbm+ilpIbqGau1GzTgdg74=
Subject key identifier:   C0:39:91:7E:63:1E:FF:54:12:F9:4C:44:31:08:6F:1C:15:7E:AE:BB
Certificate issuer:       /CN=6603ed4c78454250116f105eb6961dc29e1dbc6c
Certificate serial:       018CC3491622A1257D7D42D88AA781DF3973
Authority key identifier: 66:03:ED:4C:78:45:42:50:11:6F:10:5E:B6:96:1D:C2:9E:1D:BC:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZgPtTHhFQlARbxBetpYdwp4dvGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/44d603-fbf5-459b-a0ba-d2763c007752/1/wDmRfmMe_1QS-UxEMQhvHBV-rrs.roa
Signing time:             Mon 01 Jan 2024 04:29:56 +0000
ROA not before:           Mon 01 Jan 2024 04:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49266
IP address blocks:        91.207.216.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/44d603-fbf5-459b-a0ba-d2763c007752/1/ZgPtTHhFQlARbxBetpYdwp4dvGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/44d603-fbf5-459b-a0ba-d2763c007752/1/ZgPtTHhFQlARbxBetpYdwp4dvGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZgPtTHhFQlARbxBetpYdwp4dvGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:16:22:a1:25:7d:7d:42:d8:8a:a7:81:df:39:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6603ed4c78454250116f105eb6961dc29e1dbc6c
        Validity
            Not Before: Jan  1 04:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c039917e631eff5412f94c4431086f1c157eaebb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:51:b3:28:83:92:09:15:b6:76:ea:4c:d5:67:
                    d0:5f:24:0b:7e:85:86:9e:ea:b0:e4:bf:01:f2:b8:
                    c2:d6:ad:f7:27:41:71:66:17:f8:ce:61:b6:78:53:
                    a4:a3:82:39:77:ab:6b:dc:b9:ff:5d:d9:8f:28:a1:
                    05:1f:66:f0:bf:2b:66:53:1c:e8:87:ee:e9:46:1a:
                    21:5b:39:b6:58:32:b4:1a:78:b8:5f:f9:4b:ca:f8:
                    5b:bf:c2:40:81:15:d3:55:4a:2e:79:c2:e8:b8:b4:
                    c2:51:f4:bf:b2:b5:00:d9:e2:d5:47:dc:42:e4:a6:
                    06:64:5e:c1:6b:d0:a5:77:f7:d8:cf:e6:0b:f0:8c:
                    8a:5d:cf:38:db:93:be:96:99:dd:0b:ee:cf:5f:c4:
                    04:b9:b1:01:0a:87:06:ad:e1:64:b7:79:1d:58:81:
                    61:a5:7c:3d:40:27:db:2e:be:68:61:77:a8:6c:85:
                    ea:d9:6a:cd:22:46:7d:14:f2:21:6c:43:b7:40:85:
                    3b:aa:8b:33:87:9b:b9:86:31:48:6e:20:66:66:1d:
                    b9:f8:0d:41:84:5e:d0:51:56:94:d0:d6:08:9c:45:
                    f0:18:9b:64:2d:13:67:c5:48:aa:8d:65:c9:02:3f:
                    9b:4a:26:39:74:e4:df:1a:06:3e:18:20:aa:1b:e7:
                    7f:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:39:91:7E:63:1E:FF:54:12:F9:4C:44:31:08:6F:1C:15:7E:AE:BB
            X509v3 Authority Key Identifier:
                keyid:66:03:ED:4C:78:45:42:50:11:6F:10:5E:B6:96:1D:C2:9E:1D:BC:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZgPtTHhFQlARbxBetpYdwp4dvGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/44d603-fbf5-459b-a0ba-d2763c007752/1/wDmRfmMe_1QS-UxEMQhvHBV-rrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/44d603-fbf5-459b-a0ba-d2763c007752/1/ZgPtTHhFQlARbxBetpYdwp4dvGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         99:af:f3:76:34:57:d7:8f:e0:19:43:e5:9f:a1:0b:de:be:6d:
         51:c5:3b:d8:c8:c9:ab:db:22:f7:65:b6:1e:23:a3:ee:ed:33:
         7c:25:51:08:e1:bb:32:b3:8f:e4:64:36:ce:8c:86:c4:8f:fb:
         4c:cd:08:2b:eb:84:59:c8:2e:67:c9:60:d2:98:bd:d9:01:5b:
         c7:de:ed:60:85:94:2e:80:0c:7a:3c:eb:ee:ae:05:4a:d4:59:
         28:eb:da:29:8d:bd:1e:9b:c1:cf:06:8a:2c:06:78:8a:01:f5:
         0e:20:6b:33:b7:e8:18:20:c3:98:d8:3f:ff:56:4d:20:c4:2b:
         5b:2e:87:1b:3f:d9:cd:36:ad:1e:ae:bc:a4:96:69:08:70:db:
         3b:64:e8:d1:b2:46:48:01:87:4b:78:bb:8f:2f:b6:c6:3c:ed:
         23:51:04:8b:2c:b6:b6:df:2c:a4:94:22:d4:2b:db:af:3c:d0:
         81:b5:26:fa:ef:d4:8f:87:7d:16:09:a1:ae:51:bb:48:2f:63:
         28:ec:3c:2e:fe:18:61:69:41:61:c6:27:a8:bc:9a:c7:a3:54:
         cf:2e:82:fe:ff:11:88:3f:86:8c:92:cd:0f:a1:8f:3c:32:d9:
         4f:e7:46:c7:5f:f1:d0:51:11:a7:79:de:84:94:43:29:c4:05:
         59:13:f6:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSRYioSV9fULYiqeB3zlzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2MDNlZDRjNzg0NTQyNTAxMTZmMTA1ZWI2OTYxZGMyOWUx
ZGJjNmMwHhcNMjQwMTAxMDQyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDM5OTE3ZTYzMWVmZjU0MTJmOTRjNDQzMTA4NmYxYzE1N2VhZWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVGzKIOSCRW2dupM1WfQXyQLfoWG
nuqw5L8B8rjC1q33J0FxZhf4zmG2eFOko4I5d6tr3Ln/XdmPKKEFH2bwvytmUxzo
h+7pRhohWzm2WDK0Gni4X/lLyvhbv8JAgRXTVUouecLouLTCUfS/srUA2eLVR9xC
5KYGZF7Ba9Cld/fYz+YL8IyKXc8425O+lpndC+7PX8QEubEBCocGreFkt3kdWIFh
pXw9QCfbLr5oYXeobIXq2WrNIkZ9FPIhbEO3QIU7qoszh5u5hjFIbiBmZh25+A1B
hF7QUVaU0NYInEXwGJtkLRNnxUiqjWXJAj+bSiY5dOTfGgY+GCCqG+d/FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMA5kX5jHv9UEvlMRDEIbxwVfq67MB8GA1UdIwQY
MBaAFGYD7Ux4RUJQEW8QXraWHcKeHbxsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmdQdFRIaEZRbEFSYnhCZXRwWWR3cDRkdkd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS80NGQ2MDMtZmJmNS00NTliLWEwYmEt
ZDI3NjNjMDA3NzUyLzEvd0RtUmZtTWVfMVFTLVV4RU1RaHZIQlYtcnJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS80NGQ2MDMtZmJmNS00NTliLWEwYmEtZDI3NjNjMDA3NzUy
LzEvWmdQdFRIaEZRbEFSYnhCZXRwWWR3cDRkdkd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8/YMA0G
CSqGSIb3DQEBCwUAA4IBAQCZr/N2NFfXj+AZQ+WfoQvevm1RxTvYyMmr2yL3ZbYe
I6Pu7TN8JVEI4bsys4/kZDbOjIbEj/tMzQgr64RZyC5nyWDSmL3ZAVvH3u1ghZQu
gAx6POvurgVK1Fko69opjb0em8HPBoosBniKAfUOIGszt+gYIMOY2D//Vk0gxCtb
LocbP9nNNq0erryklmkIcNs7ZOjRskZIAYdLeLuPL7bGPO0jUQSLLLa23yyklCLU
K9uvPNCBtSb679SPh30WCaGuUbtIL2Mo7Dwu/hhhaUFhxieovJrHo1TPLoL+/xGI
P4aMks0PoY88MtlP50bHX/HQURGned6ElEMpxAVZE/Z+
-----END CERTIFICATE-----