Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/eaeb83-a20c-4fd8-9314-25d30ebcfcad/1/nII3pZwQDU7j1fij2uYYFJylgMk.roa
File:                     nII3pZwQDU7j1fij2uYYFJylgMk.roa (raw, json)
Hash identifier:          cwmNAtyDJwjgsjaTPG6eEoLJLHxYgkQ6MZBYpvCELZk=
Subject key identifier:   9C:82:37:A5:9C:10:0D:4E:E3:D5:F8:A3:DA:E6:18:14:9C:A5:80:C9
Certificate issuer:       /CN=32afdffacf9c3698ef7a36b2e60be77b80e62d01
Certificate serial:       018CCA99D551C3344A3300D689A3C46A2ED7
Authority key identifier: 32:AF:DF:FA:CF:9C:36:98:EF:7A:36:B2:E6:0B:E7:7B:80:E6:2D:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mq_f-s-cNpjvejay5gvne4DmLQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/eaeb83-a20c-4fd8-9314-25d30ebcfcad/1/nII3pZwQDU7j1fij2uYYFJylgMk.roa
Signing time:             Tue 02 Jan 2024 14:35:28 +0000
ROA not before:           Tue 02 Jan 2024 14:35:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8447
IP address blocks:        91.230.142.0/24 maxlen: 24
                          2001:67c:238c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/eaeb83-a20c-4fd8-9314-25d30ebcfcad/1/Mq_f-s-cNpjvejay5gvne4DmLQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/eaeb83-a20c-4fd8-9314-25d30ebcfcad/1/Mq_f-s-cNpjvejay5gvne4DmLQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mq_f-s-cNpjvejay5gvne4DmLQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:d5:51:c3:34:4a:33:00:d6:89:a3:c4:6a:2e:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32afdffacf9c3698ef7a36b2e60be77b80e62d01
        Validity
            Not Before: Jan  2 14:35:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c8237a59c100d4ee3d5f8a3dae618149ca580c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:64:d6:dd:06:a4:04:a9:7e:ee:6d:52:88:a6:
                    f1:d0:b9:6a:4b:ee:fb:ab:54:ce:e6:74:87:17:1e:
                    2c:fb:0e:2c:75:7a:6c:71:3e:60:2e:bb:5e:d8:64:
                    b2:47:2c:b6:a8:a1:3e:de:14:61:15:cc:4b:6d:ca:
                    2d:22:3d:c7:99:f7:58:e2:cf:a2:48:c7:4a:92:f4:
                    d6:01:2b:d6:06:ce:99:5b:79:8a:fb:7c:13:8b:61:
                    6b:f6:47:ed:b6:a2:a3:7e:24:a4:fb:cf:e8:ad:a2:
                    10:b3:29:4e:c6:68:91:52:29:6f:f0:0e:eb:0c:15:
                    97:87:c9:f4:07:a2:34:ac:43:45:52:f2:20:83:7a:
                    47:c0:68:bb:03:c3:a8:ac:5b:7f:7f:31:65:d1:cf:
                    b6:3d:f6:33:56:a0:da:f2:8d:4a:c6:8c:68:dd:4f:
                    ef:e8:ac:4d:cd:1c:ed:7a:56:41:32:05:e6:f3:6d:
                    0d:4a:c3:3a:bc:53:75:0d:87:d5:e1:2e:17:0b:1c:
                    b7:85:72:93:91:dc:81:49:f0:4b:ef:18:28:10:b5:
                    0c:59:f6:4a:c5:1f:d6:45:27:bd:80:cb:06:02:ad:
                    44:ac:44:e9:f5:e2:df:7d:51:02:94:c5:32:d5:e1:
                    57:a0:26:b3:5c:35:17:d0:cf:67:2c:c5:a4:c1:1c:
                    cc:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:82:37:A5:9C:10:0D:4E:E3:D5:F8:A3:DA:E6:18:14:9C:A5:80:C9
            X509v3 Authority Key Identifier:
                keyid:32:AF:DF:FA:CF:9C:36:98:EF:7A:36:B2:E6:0B:E7:7B:80:E6:2D:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mq_f-s-cNpjvejay5gvne4DmLQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/eaeb83-a20c-4fd8-9314-25d30ebcfcad/1/nII3pZwQDU7j1fij2uYYFJylgMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/eaeb83-a20c-4fd8-9314-25d30ebcfcad/1/Mq_f-s-cNpjvejay5gvne4DmLQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.142.0/24
                IPv6:
                  2001:67c:238c::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:c0:e4:b9:aa:6c:af:ae:51:6b:48:f9:a2:34:49:52:be:f9:
         dd:d0:f9:64:8d:0d:56:09:b2:4d:c5:a2:1e:27:95:b9:d9:23:
         42:f8:57:97:58:b8:17:0d:d5:b0:d2:1e:c0:73:2f:4c:61:bc:
         75:5f:92:21:b0:2a:ed:c3:20:31:d9:04:d7:5b:74:6b:5d:4d:
         e2:3e:9e:f4:ae:a7:c5:1a:a2:87:48:ec:ee:98:da:84:72:0a:
         7b:aa:0b:de:6e:ad:ec:15:b2:0d:a0:80:8b:c1:95:03:8f:80:
         95:27:8e:c8:da:d8:ea:35:d0:e3:87:0b:5c:66:26:b5:7b:95:
         6f:e5:93:e4:12:13:d4:ac:69:71:67:fe:95:a2:66:b8:e5:29:
         99:b3:45:35:ab:92:e5:7c:2a:39:c0:73:45:73:b9:2c:f2:37:
         ca:f6:c7:6e:18:e1:85:46:91:53:98:41:50:82:2f:71:04:bc:
         15:48:02:48:33:13:80:80:31:09:5a:22:8e:ea:83:70:46:ab:
         20:5d:8c:2e:d2:38:8a:bf:cf:5b:97:09:8f:0e:25:89:e1:77:
         42:24:be:39:bb:45:27:44:38:a3:9a:75:f7:14:32:36:00:a6:
         17:23:b1:2a:46:54:ba:fb:77:05:d2:66:8e:a0:16:6d:f4:97:
         b7:5d:a1:7c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKmdVRwzRKMwDWiaPEai7XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYWZkZmZhY2Y5YzM2OThlZjdhMzZiMmU2MGJlNzdiODBl
NjJkMDEwHhcNMjQwMTAyMTQzNTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzgyMzdhNTljMTAwZDRlZTNkNWY4YTNkYWU2MTgxNDljYTU4MGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0WTW3QakBKl+7m1SiKbx0LlqS+77
q1TO5nSHFx4s+w4sdXpscT5gLrte2GSyRyy2qKE+3hRhFcxLbcotIj3HmfdY4s+i
SMdKkvTWASvWBs6ZW3mK+3wTi2Fr9kfttqKjfiSk+8/oraIQsylOxmiRUilv8A7r
DBWXh8n0B6I0rENFUvIgg3pHwGi7A8OorFt/fzFl0c+2PfYzVqDa8o1Kxoxo3U/v
6KxNzRztelZBMgXm820NSsM6vFN1DYfV4S4XCxy3hXKTkdyBSfBL7xgoELUMWfZK
xR/WRSe9gMsGAq1ErETp9eLffVEClMUy1eFXoCazXDUX0M9nLMWkwRzMYwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJyCN6WcEA1O49X4o9rmGBScpYDJMB8GA1UdIwQY
MBaAFDKv3/rPnDaY73o2suYL53uA5i0BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXFfZi1zLWNOcGp2ZWpheTVndm5lNERtTFFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9lYWViODMtYTIwYy00ZmQ4LTkzMTQt
MjVkMzBlYmNmY2FkLzEvbklJM3Bad1FEVTdqMWZpajJ1WVlGSnlsZ01rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9lYWViODMtYTIwYy00ZmQ4LTkzMTQtMjVkMzBlYmNmY2Fk
LzEvTXFfZi1zLWNOcGp2ZWpheTVndm5lNERtTFFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW+aOMA8E
AgACMAkDBwAgAQZ8I4wwDQYJKoZIhvcNAQELBQADggEBAJnA5LmqbK+uUWtI+aI0
SVK++d3Q+WSNDVYJsk3Foh4nlbnZI0L4V5dYuBcN1bDSHsBzL0xhvHVfkiGwKu3D
IDHZBNdbdGtdTeI+nvSup8UaoodI7O6Y2oRyCnuqC95urewVsg2ggIvBlQOPgJUn
jsja2Oo10OOHC1xmJrV7lW/lk+QSE9SsaXFn/pWiZrjlKZmzRTWrkuV8KjnAc0Vz
uSzyN8r2x24Y4YVGkVOYQVCCL3EEvBVIAkgzE4CAMQlaIo7qg3BGqyBdjC7SOIq/
z1uXCY8OJYnhd0Ikvjm7RSdEOKOadfcUMjYAphcjsSpGVLr7dwXSZo6gFm30l7dd
oXw=
-----END CERTIFICATE-----