Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2db08-c845-41ab-a08a-3375617d4efd/1/bw82Is93DXXwca_SzwJw1bu6Mo4.roa
File:                     bw82Is93DXXwca_SzwJw1bu6Mo4.roa (raw, json)
Hash identifier:          QZKaoG11wwLmQIaJiWt6tFVrtWlM0jh28kXpQEG12ZQ=
Subject key identifier:   6F:0F:36:22:CF:77:0D:75:F0:71:AF:D2:CF:02:70:D5:BB:BA:32:8E
Certificate issuer:       /CN=e2c5861210dc38bdbaeb477d6da719664a84a6bc
Certificate serial:       018CC8DECFA9014E4E0DAAFA33700D52D212
Authority key identifier: E2:C5:86:12:10:DC:38:BD:BA:EB:47:7D:6D:A7:19:66:4A:84:A6:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sWGEhDcOL2660d9bacZZkqEprw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2db08-c845-41ab-a08a-3375617d4efd/1/bw82Is93DXXwca_SzwJw1bu6Mo4.roa
Signing time:             Tue 02 Jan 2024 06:31:34 +0000
ROA not before:           Tue 02 Jan 2024 06:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197772
IP address blocks:        91.226.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2db08-c845-41ab-a08a-3375617d4efd/1/4sWGEhDcOL2660d9bacZZkqEprw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2db08-c845-41ab-a08a-3375617d4efd/1/4sWGEhDcOL2660d9bacZZkqEprw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sWGEhDcOL2660d9bacZZkqEprw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:cf:a9:01:4e:4e:0d:aa:fa:33:70:0d:52:d2:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c5861210dc38bdbaeb477d6da719664a84a6bc
        Validity
            Not Before: Jan  2 06:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f0f3622cf770d75f071afd2cf0270d5bbba328e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:45:97:f2:ca:68:76:31:2b:39:09:f0:9d:86:
                    02:f3:4c:80:20:da:04:ca:26:2e:a6:e4:a9:c8:66:
                    b3:2b:82:82:2c:07:be:a3:88:f6:50:58:63:d9:10:
                    53:19:57:e6:ab:8a:d9:51:49:00:b4:33:49:01:e4:
                    2a:73:b2:66:26:8c:aa:5c:cf:59:f0:97:d5:94:38:
                    2c:3e:f2:b3:05:b2:9c:63:47:48:6d:f5:72:1a:11:
                    c3:2d:11:43:ca:da:a6:0f:f8:ec:5c:d4:8b:7b:26:
                    f5:2e:1c:c6:ef:77:6b:72:5c:00:84:e4:f9:e7:4b:
                    e3:50:ee:7e:f6:9c:3d:a0:3d:d6:eb:14:2c:46:5f:
                    96:7b:cf:51:d7:06:9c:0e:4c:92:83:1c:eb:f7:da:
                    38:d6:26:62:1f:c3:e7:7c:39:e8:97:48:9d:f4:c1:
                    62:59:16:04:e6:e2:6f:d6:7f:e3:17:89:7a:6e:a5:
                    0f:8f:09:0a:bf:01:50:dd:56:95:b9:fe:91:e8:09:
                    22:91:fc:72:66:d0:ff:b3:20:60:8a:41:08:ed:32:
                    ac:55:6b:09:f9:3c:54:3f:ca:a3:07:d2:0b:20:a6:
                    07:39:24:ee:79:01:dd:5f:58:f1:c3:60:02:33:73:
                    6f:00:33:48:c3:dc:07:f7:14:fd:6a:e0:98:d4:65:
                    ff:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:0F:36:22:CF:77:0D:75:F0:71:AF:D2:CF:02:70:D5:BB:BA:32:8E
            X509v3 Authority Key Identifier:
                keyid:E2:C5:86:12:10:DC:38:BD:BA:EB:47:7D:6D:A7:19:66:4A:84:A6:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sWGEhDcOL2660d9bacZZkqEprw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2db08-c845-41ab-a08a-3375617d4efd/1/bw82Is93DXXwca_SzwJw1bu6Mo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2db08-c845-41ab-a08a-3375617d4efd/1/4sWGEhDcOL2660d9bacZZkqEprw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:93:19:ba:b0:f0:26:9f:12:d3:d1:f0:60:19:99:1b:3d:0c:
         5c:33:d0:a4:8d:f3:f9:44:55:d0:fd:2d:ac:a5:c2:39:12:7e:
         05:8b:8f:fa:c8:cd:ed:37:06:8f:5e:b7:b3:f8:0d:89:e3:22:
         33:99:6f:68:26:d9:f3:b3:0b:a5:19:a5:5f:4f:cb:75:2e:21:
         dc:9b:6c:a8:d6:08:aa:1c:93:3d:5b:1e:4d:c8:32:ce:df:f5:
         40:e0:b6:44:fc:46:09:43:13:1e:4d:70:14:5d:f3:78:37:5d:
         2b:26:9d:75:1e:32:bc:cb:ee:d7:c2:b0:c8:4c:7a:1b:56:e2:
         59:67:de:3b:1d:e8:cd:ea:a1:fa:ea:db:95:2f:95:c6:d0:11:
         92:37:05:d8:e7:26:fc:e9:51:87:39:ac:ea:dd:ed:d4:aa:72:
         41:53:3b:38:30:39:8f:b7:23:ef:95:13:23:37:38:81:67:b9:
         09:f7:18:25:f2:76:71:49:92:38:2f:f4:f1:63:fe:48:23:7b:
         e0:f3:2d:db:6b:49:a7:31:ba:3c:18:57:6e:df:f2:74:c6:cb:
         30:85:08:7f:ad:0d:6d:c4:71:1e:ea:42:fe:e4:b7:60:49:7c:
         6b:12:b6:8f:5a:14:65:d1:98:74:ce:5d:f1:00:86:10:7b:22:
         af:10:58:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3s+pAU5ODar6M3ANUtISMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzU4NjEyMTBkYzM4YmRiYWViNDc3ZDZkYTcxOTY2NGE4
NGE2YmMwHhcNMjQwMTAyMDYzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjBmMzYyMmNmNzcwZDc1ZjA3MWFmZDJjZjAyNzBkNWJiYmEzMjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5UWX8spodjErOQnwnYYC80yAINoE
yiYupuSpyGazK4KCLAe+o4j2UFhj2RBTGVfmq4rZUUkAtDNJAeQqc7JmJoyqXM9Z
8JfVlDgsPvKzBbKcY0dIbfVyGhHDLRFDytqmD/jsXNSLeyb1LhzG73drclwAhOT5
50vjUO5+9pw9oD3W6xQsRl+We89R1wacDkySgxzr99o41iZiH8PnfDnol0id9MFi
WRYE5uJv1n/jF4l6bqUPjwkKvwFQ3VaVuf6R6AkikfxyZtD/syBgikEI7TKsVWsJ
+TxUP8qjB9ILIKYHOSTueQHdX1jxw2ACM3NvADNIw9wH9xT9auCY1GX/0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG8PNiLPdw118HGv0s8CcNW7ujKOMB8GA1UdIwQY
MBaAFOLFhhIQ3Di9uutHfW2nGWZKhKa8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNXR0VoRGNPTDI2NjBkOWJhY1paa3FFcHJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmRiMDgtYzg0NS00MWFiLWEwOGEt
MzM3NTYxN2Q0ZWZkLzEvYnc4MklzOTNEWFh3Y2FfU3p3SncxYnU2TW80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmRiMDgtYzg0NS00MWFiLWEwOGEtMzM3NTYxN2Q0ZWZk
LzEvNHNXR0VoRGNPTDI2NjBkOWJhY1paa3FFcHJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+KwMA0G
CSqGSIb3DQEBCwUAA4IBAQAakxm6sPAmnxLT0fBgGZkbPQxcM9CkjfP5RFXQ/S2s
pcI5En4Fi4/6yM3tNwaPXrez+A2J4yIzmW9oJtnzswulGaVfT8t1LiHcm2yo1giq
HJM9Wx5NyDLO3/VA4LZE/EYJQxMeTXAUXfN4N10rJp11HjK8y+7XwrDITHobVuJZ
Z947HejN6qH66tuVL5XG0BGSNwXY5yb86VGHOazq3e3UqnJBUzs4MDmPtyPvlRMj
NziBZ7kJ9xgl8nZxSZI4L/TxY/5II3vg8y3ba0mnMbo8GFdu3/J0xsswhQh/rQ1t
xHEe6kL+5LdgSXxrEraPWhRl0Zh0zl3xAIYQeyKvEFjr
-----END CERTIFICATE-----