Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/50f7e1-6cbc-4f5a-b2eb-b062e9725b1d/1/PWKAcP-ocXVxOYgRT0N8beuRFMM.roa
File:                     PWKAcP-ocXVxOYgRT0N8beuRFMM.roa (raw, json)
Hash identifier:          2elzE/yqRn8Kcc20oVetLU7bt8JGR2llKZHsQOQhSfs=
Subject key identifier:   3D:62:80:70:FF:A8:71:75:71:39:88:11:4F:43:7C:6D:EB:91:14:C3
Certificate issuer:       /CN=df512010611f91b16296728a94d1a665b4ab7570
Certificate serial:       018CC64AC8715F81C2D2F4416F7BEBEE2A6B
Authority key identifier: DF:51:20:10:61:1F:91:B1:62:96:72:8A:94:D1:A6:65:B4:AB:75:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/31EgEGEfkbFilnKKlNGmZbSrdXA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/50f7e1-6cbc-4f5a-b2eb-b062e9725b1d/1/PWKAcP-ocXVxOYgRT0N8beuRFMM.roa
Signing time:             Mon 01 Jan 2024 18:30:38 +0000
ROA not before:           Mon 01 Jan 2024 18:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24961
IP address blocks:        91.194.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/50f7e1-6cbc-4f5a-b2eb-b062e9725b1d/1/31EgEGEfkbFilnKKlNGmZbSrdXA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/50f7e1-6cbc-4f5a-b2eb-b062e9725b1d/1/31EgEGEfkbFilnKKlNGmZbSrdXA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/31EgEGEfkbFilnKKlNGmZbSrdXA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:c8:71:5f:81:c2:d2:f4:41:6f:7b:eb:ee:2a:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df512010611f91b16296728a94d1a665b4ab7570
        Validity
            Not Before: Jan  1 18:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d628070ffa87175713988114f437c6deb9114c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:83:a3:d7:2d:02:6d:05:ee:df:b2:b8:11:2e:
                    84:72:04:4b:ea:f5:bc:79:65:8f:d8:48:d5:98:a9:
                    27:b5:e2:c3:1f:d6:d5:ec:92:d6:98:79:60:b2:4a:
                    1f:c6:26:53:3c:5c:8d:62:85:71:53:e5:c3:5b:fa:
                    cc:7a:57:2f:38:c4:9b:15:51:2d:91:b6:31:61:56:
                    9c:6c:b2:5e:87:f8:cd:fd:e5:d2:a2:35:07:e0:fc:
                    47:76:f2:fd:83:a7:09:cd:a3:27:d5:ab:17:d0:dd:
                    0c:0c:0a:a8:4e:93:f2:6c:e3:c1:6a:21:55:ca:0d:
                    7c:32:a0:c0:f5:4c:0f:10:f0:10:f9:c5:82:3c:c7:
                    97:79:c6:7a:c6:ef:37:13:f9:25:ae:bf:06:ec:24:
                    0b:37:b3:dc:ba:72:b7:3e:a2:77:00:ab:aa:75:46:
                    27:53:e2:28:c2:c3:95:9a:3a:f3:3f:f4:35:58:4a:
                    1c:8b:ff:55:57:7a:86:af:22:24:8b:e4:7a:68:1b:
                    69:12:25:eb:6e:82:3a:97:b0:fe:70:48:bb:ae:d2:
                    d0:cc:d5:0e:0d:fa:d7:26:33:b0:8c:b5:06:43:40:
                    ff:3c:62:98:90:9d:df:05:91:26:38:fd:32:65:6e:
                    6d:78:d7:de:cd:76:ca:52:3d:e0:bd:2d:d0:38:f2:
                    eb:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:62:80:70:FF:A8:71:75:71:39:88:11:4F:43:7C:6D:EB:91:14:C3
            X509v3 Authority Key Identifier:
                keyid:DF:51:20:10:61:1F:91:B1:62:96:72:8A:94:D1:A6:65:B4:AB:75:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/31EgEGEfkbFilnKKlNGmZbSrdXA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/50f7e1-6cbc-4f5a-b2eb-b062e9725b1d/1/PWKAcP-ocXVxOYgRT0N8beuRFMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/50f7e1-6cbc-4f5a-b2eb-b062e9725b1d/1/31EgEGEfkbFilnKKlNGmZbSrdXA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:d2:39:00:5f:9b:b4:c4:29:d3:98:9a:f3:6f:da:77:a2:dc:
         dd:56:32:32:93:83:86:cc:e0:6f:39:13:e5:b4:b5:4e:5b:1b:
         db:d0:d5:8b:ea:f4:41:ac:3c:1d:16:41:f8:cf:c1:54:c0:a8:
         77:4f:55:72:09:85:ac:53:42:c9:79:5c:c1:23:ab:af:74:3b:
         7c:3a:ad:a8:ec:f5:a1:e8:e6:47:ae:1c:4a:47:3e:cc:2d:0e:
         e5:c9:0f:7c:94:0a:ca:91:ee:85:84:92:db:82:7e:7b:38:65:
         cd:46:b6:95:05:5b:ea:91:73:fb:a9:70:4b:00:b8:9e:47:8d:
         f5:3e:12:7d:7d:3d:14:e1:8d:29:1d:4f:86:f0:6c:23:d2:76:
         d6:d3:06:f1:ef:4b:98:b3:38:de:a4:2b:09:2c:4c:f9:f5:1b:
         7d:b6:82:ef:e7:15:f7:69:b4:6c:71:3d:77:5f:bd:4b:2e:d6:
         25:81:25:5b:85:c6:3e:9b:d4:9b:2a:99:d5:6a:f3:f5:45:7b:
         18:55:18:6e:0f:ec:ba:bb:fe:2c:c4:c7:1b:53:7e:a9:8f:45:
         54:b2:a2:a1:ac:d5:81:ba:90:fc:ee:66:2c:05:19:7f:76:c0:
         e6:5d:c5:09:05:17:c8:b5:c4:2b:3c:b7:89:cd:98:79:3c:10:
         82:22:36:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSshxX4HC0vRBb3vr7iprMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmNTEyMDEwNjExZjkxYjE2Mjk2NzI4YTk0ZDFhNjY1YjRh
Yjc1NzAwHhcNMjQwMTAxMTgzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDYyODA3MGZmYTg3MTc1NzEzOTg4MTE0ZjQzN2M2ZGViOTExNGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4Oj1y0CbQXu37K4ES6EcgRL6vW8
eWWP2EjVmKknteLDH9bV7JLWmHlgskofxiZTPFyNYoVxU+XDW/rMelcvOMSbFVEt
kbYxYVacbLJeh/jN/eXSojUH4PxHdvL9g6cJzaMn1asX0N0MDAqoTpPybOPBaiFV
yg18MqDA9UwPEPAQ+cWCPMeXecZ6xu83E/klrr8G7CQLN7PcunK3PqJ3AKuqdUYn
U+IowsOVmjrzP/Q1WEoci/9VV3qGryIki+R6aBtpEiXrboI6l7D+cEi7rtLQzNUO
DfrXJjOwjLUGQ0D/PGKYkJ3fBZEmOP0yZW5teNfezXbKUj3gvS3QOPLrEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD1igHD/qHF1cTmIEU9DfG3rkRTDMB8GA1UdIwQY
MBaAFN9RIBBhH5GxYpZyipTRpmW0q3VwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzFFZ0VHRWZrYkZpbG5LS2xOR21aYlNyZFhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy81MGY3ZTEtNmNiYy00ZjVhLWIyZWIt
YjA2MmU5NzI1YjFkLzEvUFdLQWNQLW9jWFZ4T1lnUlQwTjhiZXVSRk1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy81MGY3ZTEtNmNiYy00ZjVhLWIyZWItYjA2MmU5NzI1YjFk
LzEvMzFFZ0VHRWZrYkZpbG5LS2xOR21aYlNyZFhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8JVMA0G
CSqGSIb3DQEBCwUAA4IBAQCp0jkAX5u0xCnTmJrzb9p3otzdVjIyk4OGzOBvORPl
tLVOWxvb0NWL6vRBrDwdFkH4z8FUwKh3T1VyCYWsU0LJeVzBI6uvdDt8Oq2o7PWh
6OZHrhxKRz7MLQ7lyQ98lArKke6FhJLbgn57OGXNRraVBVvqkXP7qXBLALieR431
PhJ9fT0U4Y0pHU+G8Gwj0nbW0wbx70uYszjepCsJLEz59Rt9toLv5xX3abRscT13
X71LLtYlgSVbhcY+m9SbKpnVavP1RXsYVRhuD+y6u/4sxMcbU36pj0VUsqKhrNWB
upD87mYsBRl/dsDmXcUJBRfItcQrPLeJzZh5PBCCIjZj
-----END CERTIFICATE-----