Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/0b87ee-1064-4137-8490-02fa218d14f8/1/30C9T3ht2svgAAKuydIMrAemeAg.roa
File:                     30C9T3ht2svgAAKuydIMrAemeAg.roa (raw, json)
Hash identifier:          nS/dzBSFIH4d7V4ECjKPT03vRBd52Y+IHjvsu10eeLc=
Subject key identifier:   DF:40:BD:4F:78:6D:DA:CB:E0:00:02:AE:C9:D2:0C:AC:07:A6:78:08
Certificate issuer:       /CN=75bbc89ad0420de7b5bc2dd32fea3b979fade027
Certificate serial:       018CC64A3BF364157136BF6F95C84B9D08DB
Authority key identifier: 75:BB:C8:9A:D0:42:0D:E7:B5:BC:2D:D3:2F:EA:3B:97:9F:AD:E0:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dbvImtBCDee1vC3TL-o7l5-t4Cc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/0b87ee-1064-4137-8490-02fa218d14f8/1/30C9T3ht2svgAAKuydIMrAemeAg.roa
Signing time:             Mon 01 Jan 2024 18:30:02 +0000
ROA not before:           Mon 01 Jan 2024 18:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50883
IP address blocks:        91.216.6.0/24 maxlen: 24
                          178.216.112.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/0b87ee-1064-4137-8490-02fa218d14f8/1/dbvImtBCDee1vC3TL-o7l5-t4Cc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/0b87ee-1064-4137-8490-02fa218d14f8/1/dbvImtBCDee1vC3TL-o7l5-t4Cc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dbvImtBCDee1vC3TL-o7l5-t4Cc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:3b:f3:64:15:71:36:bf:6f:95:c8:4b:9d:08:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75bbc89ad0420de7b5bc2dd32fea3b979fade027
        Validity
            Not Before: Jan  1 18:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df40bd4f786ddacbe00002aec9d20cac07a67808
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:a1:3b:af:f7:c7:ff:56:35:0a:04:74:93:25:
                    50:7e:5b:d2:88:05:51:49:f3:ff:92:63:b1:f9:d6:
                    26:82:3d:b7:09:1d:26:65:8f:26:0b:54:d5:eb:c3:
                    9f:d9:35:e2:31:ac:8d:8a:a0:78:58:dd:87:71:d4:
                    28:73:93:22:12:c6:1d:8c:58:3c:da:66:18:cd:41:
                    e3:e7:eb:10:38:ae:1b:a5:0e:dc:43:20:5d:04:a7:
                    8c:d9:e3:d8:3d:99:17:8a:af:42:64:1e:36:f5:63:
                    c6:74:83:8e:a4:36:f4:9d:03:78:16:e6:51:c8:4f:
                    b4:d8:75:b7:8f:d8:78:56:83:d4:9a:ed:d9:b0:5b:
                    c1:db:99:dc:d8:40:b0:9d:eb:75:55:e5:1a:b1:4e:
                    82:64:31:bc:08:87:03:be:17:c3:d9:19:97:12:cd:
                    c7:ab:49:59:3e:85:1b:d8:89:6a:86:7d:fb:88:e5:
                    ff:a7:74:b5:96:82:dc:65:19:56:97:4d:c1:b1:a0:
                    51:6d:6c:96:05:0e:66:c9:36:bb:9b:9e:e0:0e:0f:
                    51:de:0e:e2:b7:de:8b:4e:dd:81:ef:33:c3:fe:0e:
                    9e:3d:a9:95:f4:6d:7f:8c:5a:95:d5:c5:e6:31:49:
                    1d:c6:ea:75:29:93:07:95:ea:78:6b:13:75:43:a7:
                    31:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:40:BD:4F:78:6D:DA:CB:E0:00:02:AE:C9:D2:0C:AC:07:A6:78:08
            X509v3 Authority Key Identifier:
                keyid:75:BB:C8:9A:D0:42:0D:E7:B5:BC:2D:D3:2F:EA:3B:97:9F:AD:E0:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dbvImtBCDee1vC3TL-o7l5-t4Cc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/0b87ee-1064-4137-8490-02fa218d14f8/1/30C9T3ht2svgAAKuydIMrAemeAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/0b87ee-1064-4137-8490-02fa218d14f8/1/dbvImtBCDee1vC3TL-o7l5-t4Cc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.6.0/24
                  178.216.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         95:ba:87:7f:68:fa:5c:1f:50:cf:41:1f:85:d5:94:78:c0:09:
         84:ac:33:1f:73:26:50:49:5a:c8:ac:ca:43:e8:cd:4d:6e:f9:
         5b:53:18:8c:b8:a2:e6:e2:11:e2:57:4a:27:fc:07:62:5a:a8:
         c7:87:38:ea:47:90:da:37:8d:1a:43:97:2b:14:11:b8:e3:49:
         fc:62:07:da:ca:99:be:e0:b7:3f:70:6d:ba:7c:0f:45:f0:6e:
         6a:f5:af:5f:36:ef:48:46:02:4b:b4:eb:f3:9e:6f:9f:ad:34:
         30:e0:2e:e8:78:a5:d8:81:e3:7c:f3:58:18:98:9c:47:76:31:
         84:c5:4c:68:56:d8:f2:1c:6e:b6:a8:be:c1:38:cc:03:db:f5:
         be:e2:8a:0f:d0:3d:b8:3c:86:65:81:e6:e5:90:96:0d:74:ba:
         7f:7e:67:ed:d5:0f:eb:e7:7d:47:60:b4:97:d3:ea:b2:97:02:
         e8:ec:4e:11:91:16:f5:0e:88:46:13:a3:80:e6:af:18:8a:f9:
         2e:20:96:35:c0:d1:55:92:b3:0f:c6:59:81:22:73:57:cd:fa:
         d0:e2:eb:a3:ec:f4:d3:f8:ab:0e:9f:74:43:34:a1:f4:69:0e:
         c2:07:25:b3:6d:1f:3b:30:56:17:a5:3d:d6:12:5f:da:bb:a7:
         01:ec:80:07
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSjvzZBVxNr9vlchLnQjbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1YmJjODlhZDA0MjBkZTdiNWJjMmRkMzJmZWEzYjk3OWZh
ZGUwMjcwHhcNMjQwMTAxMTgzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjQwYmQ0Zjc4NmRkYWNiZTAwMDAyYWVjOWQyMGNhYzA3YTY3ODA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qE7r/fH/1Y1CgR0kyVQflvSiAVR
SfP/kmOx+dYmgj23CR0mZY8mC1TV68Of2TXiMayNiqB4WN2HcdQoc5MiEsYdjFg8
2mYYzUHj5+sQOK4bpQ7cQyBdBKeM2ePYPZkXiq9CZB429WPGdIOOpDb0nQN4FuZR
yE+02HW3j9h4VoPUmu3ZsFvB25nc2ECwnet1VeUasU6CZDG8CIcDvhfD2RmXEs3H
q0lZPoUb2Ilqhn37iOX/p3S1loLcZRlWl03BsaBRbWyWBQ5myTa7m57gDg9R3g7i
t96LTt2B7zPD/g6ePamV9G1/jFqV1cXmMUkdxup1KZMHlep4axN1Q6cxDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN9AvU94bdrL4AACrsnSDKwHpngIMB8GA1UdIwQY
MBaAFHW7yJrQQg3ntbwt0y/qO5efreAnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGJ2SW10QkNEZWUxdkMzVEwtbzdsNS10NENjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8wYjg3ZWUtMTA2NC00MTM3LTg0OTAt
MDJmYTIxOGQxNGY4LzEvMzBDOVQzaHQyc3ZnQUFLdXlkSU1yQWVtZUFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8wYjg3ZWUtMTA2NC00MTM3LTg0OTAtMDJmYTIxOGQxNGY4
LzEvZGJ2SW10QkNEZWUxdkMzVEwtbzdsNS10NENjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9gGAwQD
sthwMA0GCSqGSIb3DQEBCwUAA4IBAQCVuod/aPpcH1DPQR+F1ZR4wAmErDMfcyZQ
SVrIrMpD6M1NbvlbUxiMuKLm4hHiV0on/AdiWqjHhzjqR5DaN40aQ5crFBG440n8
Ygfaypm+4Lc/cG26fA9F8G5q9a9fNu9IRgJLtOvznm+frTQw4C7oeKXYgeN881gY
mJxHdjGExUxoVtjyHG62qL7BOMwD2/W+4ooP0D24PIZlgeblkJYNdLp/fmft1Q/r
531HYLSX0+qylwLo7E4RkRb1DohGE6OA5q8YivkuIJY1wNFVkrMPxlmBInNXzfrQ
4uuj7PTT+KsOn3RDNKH0aQ7CByWzbR87MFYXpT3WEl/au6cB7IAH
-----END CERTIFICATE-----