Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/36cb82-0399-436c-b952-9eda57c23edf/1/82UkyvKrYHJN1R4bBvOPzg1xk0w.roa
File:                     82UkyvKrYHJN1R4bBvOPzg1xk0w.roa (raw, json)
Hash identifier:          V0KUh5EKL1cFNhLQl5CU1TDdjxET9DyCFpcyAuqxhVA=
Subject key identifier:   F3:65:24:CA:F2:AB:60:72:4D:D5:1E:1B:06:F3:8F:CE:0D:71:93:4C
Certificate issuer:       /CN=0c2f9b2e8a30508d39192afd5b34ee56f775979e
Certificate serial:       018CC6B8E667FAA146356B213927ABDA3C2C
Authority key identifier: 0C:2F:9B:2E:8A:30:50:8D:39:19:2A:FD:5B:34:EE:56:F7:75:97:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DC-bLoowUI05GSr9WzTuVvd1l54.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/36cb82-0399-436c-b952-9eda57c23edf/1/82UkyvKrYHJN1R4bBvOPzg1xk0w.roa
Signing time:             Mon 01 Jan 2024 20:30:55 +0000
ROA not before:           Mon 01 Jan 2024 20:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62254
IP address blocks:        91.233.141.0/24 maxlen: 24
                          2a0e:e180::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/36cb82-0399-436c-b952-9eda57c23edf/1/DC-bLoowUI05GSr9WzTuVvd1l54.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/36cb82-0399-436c-b952-9eda57c23edf/1/DC-bLoowUI05GSr9WzTuVvd1l54.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DC-bLoowUI05GSr9WzTuVvd1l54.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 19:02:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:e6:67:fa:a1:46:35:6b:21:39:27:ab:da:3c:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c2f9b2e8a30508d39192afd5b34ee56f775979e
        Validity
            Not Before: Jan  1 20:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f36524caf2ab60724dd51e1b06f38fce0d71934c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:36:4b:c3:ee:fd:99:e9:8f:e4:d3:11:08:82:
                    b5:65:40:16:76:0f:4b:e8:fa:fb:63:79:7b:8b:73:
                    63:71:59:b2:6a:af:e8:49:89:7b:03:3a:d8:02:73:
                    b2:1c:5e:b0:91:90:1d:46:33:ec:65:c7:3a:a4:b6:
                    ec:5c:80:7f:46:28:f8:52:c0:57:c9:7c:cb:53:32:
                    d9:62:0d:65:91:6b:77:dd:e1:f2:eb:13:b5:bd:dd:
                    00:af:ba:f7:ca:fd:ee:a0:46:5b:23:02:7f:1f:a7:
                    ff:e9:b8:75:e8:41:81:2b:13:30:dd:1d:7f:01:e8:
                    dd:75:44:bc:e6:7c:0e:a8:6d:f2:37:7d:e1:45:7e:
                    d3:50:e7:70:71:4e:26:7a:45:7d:c8:77:75:11:0b:
                    ad:35:2b:62:cc:6e:ce:f6:6c:f3:c8:b2:af:a9:f0:
                    63:16:99:49:32:a8:98:b1:dd:b0:35:7b:7f:e0:7d:
                    46:09:c6:61:a8:8e:21:58:88:6a:65:c2:f4:cf:96:
                    3a:09:01:df:be:97:c7:ec:f3:53:d8:7a:d1:fe:e6:
                    0c:39:11:e7:8e:d4:26:83:ad:b1:36:a0:c7:3e:17:
                    f9:da:a0:2f:8f:2d:f5:93:db:6d:3c:37:06:e7:dd:
                    32:51:02:30:dd:47:87:51:db:1a:7d:64:99:2a:53:
                    63:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:65:24:CA:F2:AB:60:72:4D:D5:1E:1B:06:F3:8F:CE:0D:71:93:4C
            X509v3 Authority Key Identifier:
                keyid:0C:2F:9B:2E:8A:30:50:8D:39:19:2A:FD:5B:34:EE:56:F7:75:97:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DC-bLoowUI05GSr9WzTuVvd1l54.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/36cb82-0399-436c-b952-9eda57c23edf/1/82UkyvKrYHJN1R4bBvOPzg1xk0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/36cb82-0399-436c-b952-9eda57c23edf/1/DC-bLoowUI05GSr9WzTuVvd1l54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.141.0/24
                IPv6:
                  2a0e:e180::/29

    Signature Algorithm: sha256WithRSAEncryption
         a2:22:e8:6a:80:ad:37:83:f0:01:41:d9:1b:e9:68:01:a9:8b:
         63:57:17:a5:0b:99:1c:ac:43:a6:e3:49:a6:bb:b6:c7:a6:d0:
         80:2e:a7:0a:8d:70:1b:f8:3a:20:4e:55:01:60:87:b0:e7:13:
         5c:46:79:e7:4b:46:49:b0:76:39:55:e9:90:e0:c7:54:49:83:
         4b:27:51:93:f3:59:55:3a:39:09:de:2a:89:0e:f2:04:e5:86:
         a3:85:d4:42:a7:77:a5:4f:6e:bd:1c:82:c8:1c:f4:c4:1a:88:
         75:dd:89:88:88:ce:17:66:e1:e6:95:7c:c0:ae:d5:2e:27:7e:
         c8:ee:36:16:d9:df:b2:e9:22:a2:75:0d:70:f4:a0:12:27:56:
         49:54:12:07:fe:b2:53:32:4e:60:73:8f:9f:30:24:d2:bc:39:
         d9:34:7d:71:c9:6f:20:39:19:0a:17:b7:00:2e:4b:67:77:68:
         97:0f:14:ca:81:52:c1:9e:2c:41:2a:f4:03:63:79:03:7b:57:
         71:78:fe:85:3b:bb:e2:c0:83:12:14:ab:2e:1e:91:00:d2:15:
         72:03:de:af:c8:ae:d5:d0:40:c5:fa:6a:e8:ce:bf:1e:d2:e1:
         3b:c7:68:ce:19:d5:66:b9:a4:ad:58:62:12:66:b2:c3:c8:13:
         6b:b3:81:8b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuOZn+qFGNWshOSer2jwsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMmY5YjJlOGEzMDUwOGQzOTE5MmFmZDViMzRlZTU2Zjc3
NTk3OWUwHhcNMjQwMTAxMjAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzY1MjRjYWYyYWI2MDcyNGRkNTFlMWIwNmYzOGZjZTBkNzE5MzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDZLw+79memP5NMRCIK1ZUAWdg9L
6Pr7Y3l7i3NjcVmyaq/oSYl7AzrYAnOyHF6wkZAdRjPsZcc6pLbsXIB/Rij4UsBX
yXzLUzLZYg1lkWt33eHy6xO1vd0Ar7r3yv3uoEZbIwJ/H6f/6bh16EGBKxMw3R1/
AejddUS85nwOqG3yN33hRX7TUOdwcU4mekV9yHd1EQutNStizG7O9mzzyLKvqfBj
FplJMqiYsd2wNXt/4H1GCcZhqI4hWIhqZcL0z5Y6CQHfvpfH7PNT2HrR/uYMORHn
jtQmg62xNqDHPhf52qAvjy31k9ttPDcG590yUQIw3UeHUdsafWSZKlNjtQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPNlJMryq2ByTdUeGwbzj84NcZNMMB8GA1UdIwQY
MBaAFAwvmy6KMFCNORkq/Vs07lb3dZeeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREMtYkxvb3dVSTA1R1NyOVd6VHVWdmQxbDU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8zNmNiODItMDM5OS00MzZjLWI5NTIt
OWVkYTU3YzIzZWRmLzEvODJVa3l2S3JZSEpOMVI0YkJ2T1B6ZzF4azB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8zNmNiODItMDM5OS00MzZjLWI5NTItOWVkYTU3YzIzZWRm
LzEvREMtYkxvb3dVSTA1R1NyOVd6VHVWdmQxbDU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW+mNMA0E
AgACMAcDBQMqDuGAMA0GCSqGSIb3DQEBCwUAA4IBAQCiIuhqgK03g/ABQdkb6WgB
qYtjVxelC5kcrEOm40mmu7bHptCALqcKjXAb+DogTlUBYIew5xNcRnnnS0ZJsHY5
VemQ4MdUSYNLJ1GT81lVOjkJ3iqJDvIE5YajhdRCp3elT269HILIHPTEGoh13YmI
iM4XZuHmlXzArtUuJ37I7jYW2d+y6SKidQ1w9KASJ1ZJVBIH/rJTMk5gc4+fMCTS
vDnZNH1xyW8gORkKF7cALktnd2iXDxTKgVLBnixBKvQDY3kDe1dxeP6FO7viwIMS
FKsuHpEA0hVyA96vyK7V0EDF+mrozr8e0uE7x2jOGdVmuaStWGISZrLDyBNrs4GL
-----END CERTIFICATE-----