Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/36b098-e9ac-4910-a6f5-8e5d9eefaf91/1/Ifui4PQbndse730lSZO3lCfkioY.roa
File:                     Ifui4PQbndse730lSZO3lCfkioY.roa (raw, json)
Hash identifier:          D7nCViVTcLQTl0eYTC8UiUGnFlIt90jpYP7MJq7/kAA=
Subject key identifier:   21:FB:A2:E0:F4:1B:9D:DB:1E:EF:7D:25:49:93:B7:94:27:E4:8A:86
Certificate issuer:       /CN=339e0f5e654393ceda22db44978f273e789e2341
Certificate serial:       018CC6B904E0894372CF1110C059D7888FAD
Authority key identifier: 33:9E:0F:5E:65:43:93:CE:DA:22:DB:44:97:8F:27:3E:78:9E:23:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M54PXmVDk87aIttEl48nPnieI0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/36b098-e9ac-4910-a6f5-8e5d9eefaf91/1/Ifui4PQbndse730lSZO3lCfkioY.roa
Signing time:             Mon 01 Jan 2024 20:31:03 +0000
ROA not before:           Mon 01 Jan 2024 20:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48019
IP address blocks:        194.105.136.0/23 maxlen: 23
                          91.207.66.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/36b098-e9ac-4910-a6f5-8e5d9eefaf91/1/M54PXmVDk87aIttEl48nPnieI0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/36b098-e9ac-4910-a6f5-8e5d9eefaf91/1/M54PXmVDk87aIttEl48nPnieI0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M54PXmVDk87aIttEl48nPnieI0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:04:e0:89:43:72:cf:11:10:c0:59:d7:88:8f:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=339e0f5e654393ceda22db44978f273e789e2341
        Validity
            Not Before: Jan  1 20:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21fba2e0f41b9ddb1eef7d254993b79427e48a86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:0a:b0:84:f8:2e:bc:0e:de:16:ad:8d:69:92:
                    b6:13:1f:cf:45:e6:44:ca:75:b6:a0:23:84:e3:3c:
                    6e:a1:61:11:ad:0a:7b:b7:6e:9d:be:ed:40:d8:f1:
                    9c:a3:90:d8:84:46:38:8d:34:5b:bd:10:fa:87:f7:
                    e0:f6:cc:06:b1:bb:77:a9:b0:be:4a:ad:d6:ad:9d:
                    23:b9:a7:99:f5:95:64:05:f6:31:62:c5:12:7c:d9:
                    2a:6f:f6:fa:6b:07:4f:29:7e:b4:65:d0:7f:4b:62:
                    b5:bc:8a:19:93:2c:46:42:e7:ec:5a:24:c7:43:d6:
                    37:cd:2b:66:09:61:90:34:cc:12:01:bf:64:74:80:
                    39:08:cb:9c:bb:68:96:55:ca:56:2c:35:91:a2:79:
                    66:6c:51:4e:3d:df:f6:92:d9:5d:ff:2c:93:3a:32:
                    43:6d:a8:07:28:83:f5:15:ab:41:ac:4b:64:06:29:
                    62:4a:0c:89:00:0e:5b:7e:d4:f3:80:b2:48:c4:a7:
                    6d:7e:77:e6:a4:d8:94:46:f2:7a:fd:f6:3f:13:36:
                    45:eb:e8:41:2b:94:f3:63:e6:9b:8a:a7:53:ae:45:
                    c3:a3:8b:4b:42:11:6d:a7:96:cf:f0:c4:e0:f5:98:
                    0d:07:6a:4a:03:27:3c:cb:01:75:76:b6:c7:d5:ac:
                    63:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:FB:A2:E0:F4:1B:9D:DB:1E:EF:7D:25:49:93:B7:94:27:E4:8A:86
            X509v3 Authority Key Identifier:
                keyid:33:9E:0F:5E:65:43:93:CE:DA:22:DB:44:97:8F:27:3E:78:9E:23:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M54PXmVDk87aIttEl48nPnieI0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/36b098-e9ac-4910-a6f5-8e5d9eefaf91/1/Ifui4PQbndse730lSZO3lCfkioY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/36b098-e9ac-4910-a6f5-8e5d9eefaf91/1/M54PXmVDk87aIttEl48nPnieI0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.66.0/23
                  194.105.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:a4:18:76:58:41:62:f0:a5:ae:52:63:4a:a1:84:0f:25:b4:
         e9:0a:4f:d8:69:49:ae:8b:7f:f1:38:e5:9a:b7:d4:4e:f2:ad:
         b6:2f:79:7b:62:b3:0b:db:5e:54:81:5d:6e:82:4e:f3:3b:65:
         7f:cc:62:29:3e:64:2b:8e:c9:fc:dc:d1:fc:1f:df:35:a5:02:
         79:14:78:f4:82:ba:64:c2:af:62:95:cf:c7:10:82:a8:af:ca:
         ea:69:2e:2c:9d:9f:94:ea:c6:f0:f6:16:18:c5:11:e8:68:e0:
         70:9c:53:2e:48:ae:28:9b:b3:f4:6d:e0:0b:92:47:05:67:ce:
         2e:22:a5:10:59:71:82:c8:56:13:63:3a:98:a6:79:e0:77:5d:
         84:8c:3b:da:ab:7e:c1:14:90:ab:7b:bd:ed:f1:7c:a6:3d:c2:
         e5:6b:69:b8:a7:48:cb:19:ad:d4:7e:d4:ff:52:46:97:5c:2b:
         c0:b5:1d:39:46:26:e0:0b:84:0d:ba:59:66:5a:65:c2:b9:9b:
         f5:dc:9d:3b:74:a2:3b:2e:ba:83:99:e3:2a:6c:4b:4a:0f:32:
         4e:8b:94:24:65:ca:26:c8:92:8f:1c:fd:44:cb:97:c3:9f:71:
         43:90:48:21:19:1f:bb:28:8f:a9:7f:eb:e4:b0:90:ac:eb:a7:
         9f:81:99:be
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuQTgiUNyzxEQwFnXiI+tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzOWUwZjVlNjU0MzkzY2VkYTIyZGI0NDk3OGYyNzNlNzg5
ZTIzNDEwHhcNMjQwMTAxMjAzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWZiYTJlMGY0MWI5ZGRiMWVlZjdkMjU0OTkzYjc5NDI3ZTQ4YTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0AqwhPguvA7eFq2NaZK2Ex/PReZE
ynW2oCOE4zxuoWERrQp7t26dvu1A2PGco5DYhEY4jTRbvRD6h/fg9swGsbt3qbC+
Sq3WrZ0juaeZ9ZVkBfYxYsUSfNkqb/b6awdPKX60ZdB/S2K1vIoZkyxGQufsWiTH
Q9Y3zStmCWGQNMwSAb9kdIA5CMucu2iWVcpWLDWRonlmbFFOPd/2ktld/yyTOjJD
bagHKIP1FatBrEtkBiliSgyJAA5bftTzgLJIxKdtfnfmpNiURvJ6/fY/EzZF6+hB
K5TzY+abiqdTrkXDo4tLQhFtp5bP8MTg9ZgNB2pKAyc8ywF1drbH1axj2QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCH7ouD0G53bHu99JUmTt5Qn5IqGMB8GA1UdIwQY
MBaAFDOeD15lQ5PO2iLbRJePJz54niNBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTU0UFhtVkRrODdhSXR0RWw0OG5QbmllSTBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8zNmIwOTgtZTlhYy00OTEwLWE2ZjUt
OGU1ZDllZWZhZjkxLzEvSWZ1aTRQUWJuZHNlNzMwbFNaTzNsQ2ZraW9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8zNmIwOTgtZTlhYy00OTEwLWE2ZjUtOGU1ZDllZWZhZjkx
LzEvTTU0UFhtVkRrODdhSXR0RWw0OG5QbmllSTBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW89CAwQB
wmmIMA0GCSqGSIb3DQEBCwUAA4IBAQAdpBh2WEFi8KWuUmNKoYQPJbTpCk/YaUmu
i3/xOOWat9RO8q22L3l7YrML215UgV1ugk7zO2V/zGIpPmQrjsn83NH8H981pQJ5
FHj0grpkwq9ilc/HEIKor8rqaS4snZ+U6sbw9hYYxRHoaOBwnFMuSK4om7P0beAL
kkcFZ84uIqUQWXGCyFYTYzqYpnngd12EjDvaq37BFJCre73t8XymPcLla2m4p0jL
Ga3UftT/UkaXXCvAtR05RibgC4QNullmWmXCuZv13J07dKI7LrqDmeMqbEtKDzJO
i5QkZcomyJKPHP1Ey5fDn3FDkEghGR+7KI+pf+vksJCs66efgZm+
-----END CERTIFICATE-----