Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/d1v2CHvikDBvxn31lDoRmZs4I5M.roa
File:                     d1v2CHvikDBvxn31lDoRmZs4I5M.roa (raw, json)
Hash identifier:          DsAOAaY3CgouWSAGRmU67v2O3BPsxSVq8H3Z9iqaIjs=
Subject key identifier:   77:5B:F6:08:7B:E2:90:30:6F:C6:7D:F5:94:3A:11:99:9B:38:23:93
Certificate issuer:       /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial:       018D3BDFFDCBB1028BA4EECE442A6A8219E2
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/d1v2CHvikDBvxn31lDoRmZs4I5M.roa
Signing time:             Wed 24 Jan 2024 14:29:11 +0000
ROA not before:           Wed 24 Jan 2024 14:29:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43201
IP address blocks:        91.213.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3b:df:fd:cb:b1:02:8b:a4:ee:ce:44:2a:6a:82:19:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
        Validity
            Not Before: Jan 24 14:29:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=775bf6087be290306fc67df5943a11999b382393
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:e7:da:1d:9c:11:99:c4:8e:a2:ea:9e:50:c1:
                    d0:f2:31:77:8d:2b:f1:30:4b:9f:0f:ce:c5:61:31:
                    04:a1:66:40:32:60:5c:d5:35:76:30:6a:1a:a4:87:
                    1a:54:ca:fc:e4:96:f2:3f:0a:cd:f7:72:fc:05:66:
                    93:45:f3:49:c0:fb:0c:a3:e9:59:1f:eb:54:90:f5:
                    aa:90:f3:68:3d:c1:ed:0b:ea:b1:a1:58:49:d9:6a:
                    7e:10:51:1a:a8:cd:d1:11:d9:a9:1d:83:12:de:db:
                    aa:ac:c0:56:b9:9c:20:78:bd:7b:10:a8:83:ec:e1:
                    d4:50:72:f0:75:75:20:1c:7a:54:c0:89:c5:36:92:
                    52:1e:50:ab:44:ae:b0:4e:15:66:68:c7:d4:9c:e8:
                    0f:b9:19:80:29:55:c7:ab:1a:13:4a:59:de:7b:c3:
                    e6:89:f5:d4:5e:23:b8:28:ec:ea:22:8a:90:ec:f7:
                    47:57:1e:8f:b0:86:ff:59:08:a9:49:28:36:4d:08:
                    7f:0a:23:d8:07:93:43:35:f5:4c:79:93:16:23:94:
                    58:a6:72:cb:c8:4e:cd:f8:ab:dd:93:a9:a9:ef:fd:
                    f9:3c:08:6b:97:cc:d8:1b:4b:eb:a2:8f:c6:0b:15:
                    5e:69:35:ea:e0:cd:47:d1:cb:b5:f4:5a:11:e8:6f:
                    5a:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:5B:F6:08:7B:E2:90:30:6F:C6:7D:F5:94:3A:11:99:9B:38:23:93
            X509v3 Authority Key Identifier:
                keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/d1v2CHvikDBvxn31lDoRmZs4I5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:42:64:8e:92:92:b5:39:d4:7f:ea:57:ea:d9:62:19:44:2a:
         56:c5:d7:7a:9e:6b:54:ed:18:dd:ea:33:dd:49:8a:1b:6d:ee:
         a4:75:48:bf:cd:6c:20:84:77:60:14:c6:09:17:c4:35:69:fb:
         8a:b8:03:af:36:7c:8f:a3:7e:ed:08:60:d6:bf:8b:29:a8:2b:
         a1:6f:4b:2c:91:1d:0a:ff:ec:97:15:88:f2:1c:f7:00:d6:bd:
         a2:30:c5:2e:8c:8b:a7:f7:b4:90:78:0d:e5:fb:42:b7:8c:f5:
         77:78:0c:5d:ec:24:d4:4f:3e:4a:b8:86:a8:43:51:58:f2:10:
         bf:e2:c4:14:3d:0b:88:1d:e4:17:46:4d:a0:bf:e4:f2:00:5f:
         d9:dc:64:c5:bd:d8:1e:18:d9:cb:44:35:7d:b6:ca:46:c2:e0:
         f9:72:64:65:4d:54:67:d1:73:b0:4e:16:e5:32:a9:2e:95:75:
         a4:41:de:51:89:d0:2c:9a:20:d9:37:d3:98:ec:f3:41:66:4b:
         7c:ff:25:d2:89:0c:e5:22:31:eb:54:7c:e4:16:3b:4f:ca:0c:
         cf:05:84:01:8b:d5:22:43:d9:d5:dd:a4:7f:6e:70:97:21:d8:
         42:5a:69:ec:d8:9d:41:c1:ed:76:83:01:56:e4:ac:71:db:6c:
         12:73:04:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY073/3LsQKLpO7ORCpqghniMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjQwMTI0MTQyOTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzViZjYwODdiZTI5MDMwNmZjNjdkZjU5NDNhMTE5OTliMzgyMzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgufaHZwRmcSOouqeUMHQ8jF3jSvx
MEufD87FYTEEoWZAMmBc1TV2MGoapIcaVMr85JbyPwrN93L8BWaTRfNJwPsMo+lZ
H+tUkPWqkPNoPcHtC+qxoVhJ2Wp+EFEaqM3REdmpHYMS3tuqrMBWuZwgeL17EKiD
7OHUUHLwdXUgHHpUwInFNpJSHlCrRK6wThVmaMfUnOgPuRmAKVXHqxoTSlnee8Pm
ifXUXiO4KOzqIoqQ7PdHVx6PsIb/WQipSSg2TQh/CiPYB5NDNfVMeZMWI5RYpnLL
yE7N+Kvdk6mp7/35PAhrl8zYG0vroo/GCxVeaTXq4M1H0cu19FoR6G9aNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHdb9gh74pAwb8Z99ZQ6EZmbOCOTMB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvZDF2MkNIdmlrREJ2eG4zMWxEb1JtWnM0STVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9WbMA0G
CSqGSIb3DQEBCwUAA4IBAQAnQmSOkpK1OdR/6lfq2WIZRCpWxdd6nmtU7Rjd6jPd
SYobbe6kdUi/zWwghHdgFMYJF8Q1afuKuAOvNnyPo37tCGDWv4spqCuhb0sskR0K
/+yXFYjyHPcA1r2iMMUujIun97SQeA3l+0K3jPV3eAxd7CTUTz5KuIaoQ1FY8hC/
4sQUPQuIHeQXRk2gv+TyAF/Z3GTFvdgeGNnLRDV9tspGwuD5cmRlTVRn0XOwThbl
MqkulXWkQd5RidAsmiDZN9OY7PNBZkt8/yXSiQzlIjHrVHzkFjtPygzPBYQBi9Ui
Q9nV3aR/bnCXIdhCWmns2J1Bwe12gwFW5Kxx22wScwTT
-----END CERTIFICATE-----