Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/b66125-6844-4a87-9bb5-af42623ea431/1/qKZAVI9QCBNieJgtBNaqruNjG88.roa
File:                     qKZAVI9QCBNieJgtBNaqruNjG88.roa (raw, json)
Hash identifier:          jIU8ABHGgNre6ILPxymbVfelH0Vt1kHjTwvc8ryT44I=
Subject key identifier:   A8:A6:40:54:8F:50:08:13:62:78:98:2D:04:D6:AA:AE:E3:63:1B:CF
Certificate issuer:       /CN=ba7d4ac1344ec38dce99768d78a114ebf7f17d85
Certificate serial:       018CC64B79BFB388FF79AEBF4CD1C5613850
Authority key identifier: BA:7D:4A:C1:34:4E:C3:8D:CE:99:76:8D:78:A1:14:EB:F7:F1:7D:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/un1KwTROw43OmXaNeKEU6_fxfYU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/b66125-6844-4a87-9bb5-af42623ea431/1/qKZAVI9QCBNieJgtBNaqruNjG88.roa
Signing time:             Mon 01 Jan 2024 18:31:24 +0000
ROA not before:           Mon 01 Jan 2024 18:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198851
IP address blocks:        91.239.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/b66125-6844-4a87-9bb5-af42623ea431/1/un1KwTROw43OmXaNeKEU6_fxfYU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/b66125-6844-4a87-9bb5-af42623ea431/1/un1KwTROw43OmXaNeKEU6_fxfYU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/un1KwTROw43OmXaNeKEU6_fxfYU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:79:bf:b3:88:ff:79:ae:bf:4c:d1:c5:61:38:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba7d4ac1344ec38dce99768d78a114ebf7f17d85
        Validity
            Not Before: Jan  1 18:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8a640548f5008136278982d04d6aaaee3631bcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:2e:49:79:d2:51:32:71:6d:fe:39:21:f4:71:
                    c9:da:31:08:2b:3c:81:e2:18:9a:70:f4:19:8c:7c:
                    ea:66:19:a5:f9:45:37:84:66:ce:49:1f:0b:7c:82:
                    7d:86:00:7d:ab:ee:9b:7b:14:93:04:dc:f8:3f:c8:
                    dd:b0:df:ec:30:60:b0:23:a5:9b:62:7c:cf:d3:48:
                    6d:27:33:c8:83:50:4b:54:67:3e:73:d9:ed:a5:d2:
                    55:1e:d1:c9:73:4b:7e:53:ac:a4:65:8e:53:56:fc:
                    64:31:15:78:15:1d:28:96:bf:19:bf:5d:fe:ec:33:
                    b0:15:be:41:93:4c:6d:c8:d1:ee:57:26:43:24:39:
                    49:6c:03:da:89:1f:7e:c1:8a:a6:39:58:d2:9e:f7:
                    1b:e4:a0:17:6b:1e:ef:da:5f:3f:6f:db:a8:77:32:
                    61:01:89:9c:fb:58:e6:79:44:62:41:75:79:cf:5a:
                    55:b9:c5:cf:93:1e:ee:e7:9a:54:61:2a:12:09:ab:
                    92:5e:e8:8f:b7:87:17:ef:b1:9c:93:d8:18:92:8c:
                    f5:e5:e5:e1:f5:36:8f:3c:6d:5e:95:b5:c6:83:fd:
                    d1:fe:bb:d8:5e:21:90:db:4c:6d:d1:f5:9e:db:9b:
                    20:46:9e:e3:21:57:55:46:c3:3d:dc:cd:47:f0:ed:
                    0e:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:A6:40:54:8F:50:08:13:62:78:98:2D:04:D6:AA:AE:E3:63:1B:CF
            X509v3 Authority Key Identifier:
                keyid:BA:7D:4A:C1:34:4E:C3:8D:CE:99:76:8D:78:A1:14:EB:F7:F1:7D:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/un1KwTROw43OmXaNeKEU6_fxfYU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b66125-6844-4a87-9bb5-af42623ea431/1/qKZAVI9QCBNieJgtBNaqruNjG88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b66125-6844-4a87-9bb5-af42623ea431/1/un1KwTROw43OmXaNeKEU6_fxfYU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:7d:f6:8e:6e:1c:d1:b3:5b:67:e9:5d:b9:94:dd:47:2b:c6:
         ba:d4:d1:6e:fb:73:04:3c:80:ed:cf:b3:3b:ac:f7:d2:3e:5b:
         01:5f:8a:a1:b1:ff:b2:e7:fe:39:b1:ee:c2:a5:ea:8d:05:b2:
         01:dc:b1:cf:61:28:3b:a2:97:06:a0:5a:bc:e4:cf:e4:61:21:
         70:69:81:d7:9f:c4:96:21:42:b3:1b:02:d5:04:74:bd:38:0d:
         16:11:f1:76:19:b2:88:2e:89:a2:ce:f7:f1:ec:ed:3b:68:cb:
         e2:94:b5:f6:78:25:6b:88:73:d2:21:41:f0:08:88:fb:1e:8d:
         27:ec:87:a1:71:80:f9:c1:cf:11:8c:c8:3c:30:e1:d7:59:19:
         9c:5d:87:5e:c2:30:20:a6:ee:06:dc:3e:23:f5:cd:ff:bf:58:
         ed:0b:f4:b2:87:9c:ac:23:39:64:bd:ac:27:fb:a2:49:74:ab:
         f8:e8:80:4b:39:3b:91:e4:2e:62:f6:84:d2:27:a6:96:7e:38:
         9c:4c:6d:fb:09:29:aa:85:5a:a2:fa:51:c4:17:ca:5c:4e:90:
         66:5b:d9:5e:67:4f:ef:2c:1e:6d:a7:ad:9c:46:94:a7:85:28:
         7b:d5:48:b3:ce:28:55:54:b2:4f:81:c5:39:ad:2b:5b:c3:dc:
         c2:b0:10:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS3m/s4j/ea6/TNHFYThQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhN2Q0YWMxMzQ0ZWMzOGRjZTk5NzY4ZDc4YTExNGViZjdm
MTdkODUwHhcNMjQwMTAxMTgzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGE2NDA1NDhmNTAwODEzNjI3ODk4MmQwNGQ2YWFhZWUzNjMxYmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnC5JedJRMnFt/jkh9HHJ2jEIKzyB
4hiacPQZjHzqZhml+UU3hGbOSR8LfIJ9hgB9q+6bexSTBNz4P8jdsN/sMGCwI6Wb
YnzP00htJzPIg1BLVGc+c9ntpdJVHtHJc0t+U6ykZY5TVvxkMRV4FR0olr8Zv13+
7DOwFb5Bk0xtyNHuVyZDJDlJbAPaiR9+wYqmOVjSnvcb5KAXax7v2l8/b9uodzJh
AYmc+1jmeURiQXV5z1pVucXPkx7u55pUYSoSCauSXuiPt4cX77Gck9gYkoz15eXh
9TaPPG1elbXGg/3R/rvYXiGQ20xt0fWe25sgRp7jIVdVRsM93M1H8O0OzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKimQFSPUAgTYniYLQTWqq7jYxvPMB8GA1UdIwQY
MBaAFLp9SsE0TsONzpl2jXihFOv38X2FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW4xS3dUUk93NDNPbVhhTmVLRVU2X2Z4ZllVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9iNjYxMjUtNjg0NC00YTg3LTliYjUt
YWY0MjYyM2VhNDMxLzEvcUtaQVZJOVFDQk5pZUpndEJOYXFydU5qRzg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9iNjYxMjUtNjg0NC00YTg3LTliYjUtYWY0MjYyM2VhNDMx
LzEvdW4xS3dUUk93NDNPbVhhTmVLRVU2X2Z4ZllVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+/+MA0G
CSqGSIb3DQEBCwUAA4IBAQCQffaObhzRs1tn6V25lN1HK8a61NFu+3MEPIDtz7M7
rPfSPlsBX4qhsf+y5/45se7CpeqNBbIB3LHPYSg7opcGoFq85M/kYSFwaYHXn8SW
IUKzGwLVBHS9OA0WEfF2GbKILomizvfx7O07aMvilLX2eCVriHPSIUHwCIj7Ho0n
7IehcYD5wc8RjMg8MOHXWRmcXYdewjAgpu4G3D4j9c3/v1jtC/Syh5ysIzlkvawn
+6JJdKv46IBLOTuR5C5i9oTSJ6aWfjicTG37CSmqhVqi+lHEF8pcTpBmW9leZ0/v
LB5tp62cRpSnhSh71UizzihVVLJPgcU5rStbw9zCsBCH
-----END CERTIFICATE-----