Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/c70fd3-dfc0-45fb-860f-fdd6741fcca3/1/gxWsZbZs3yBOUPyTnlJ2bSV--DA.roa
File:                     gxWsZbZs3yBOUPyTnlJ2bSV--DA.roa (raw, json)
Hash identifier:          ViYsR8Uz2Ep2vYB67CFFz4Jl5IXysZwBuJ+hP5niy+Q=
Subject key identifier:   83:15:AC:65:B6:6C:DF:20:4E:50:FC:93:9E:52:76:6D:25:7E:F8:30
Certificate issuer:       /CN=c4842f8262febd23d013d40a314d88e254b2a542
Certificate serial:       018E0F4B0F4DD3C92AC285FF46C5D3D48EE6
Authority key identifier: C4:84:2F:82:62:FE:BD:23:D0:13:D4:0A:31:4D:88:E2:54:B2:A5:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xIQvgmL-vSPQE9QKMU2I4lSypUI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/c70fd3-dfc0-45fb-860f-fdd6741fcca3/1/gxWsZbZs3yBOUPyTnlJ2bSV--DA.roa
Signing time:             Tue 05 Mar 2024 15:46:01 +0000
ROA not before:           Tue 05 Mar 2024 15:46:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215658
IP address blocks:        91.239.24.0/24 maxlen: 24
                          2a07:ad80::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/c70fd3-dfc0-45fb-860f-fdd6741fcca3/1/xIQvgmL-vSPQE9QKMU2I4lSypUI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/c70fd3-dfc0-45fb-860f-fdd6741fcca3/1/xIQvgmL-vSPQE9QKMU2I4lSypUI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xIQvgmL-vSPQE9QKMU2I4lSypUI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0f:4b:0f:4d:d3:c9:2a:c2:85:ff:46:c5:d3:d4:8e:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4842f8262febd23d013d40a314d88e254b2a542
        Validity
            Not Before: Mar  5 15:46:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8315ac65b66cdf204e50fc939e52766d257ef830
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:54:5f:89:98:3f:0e:49:4b:3c:64:e3:d9:75:
                    58:c6:ed:34:1e:ff:58:da:7c:5f:5e:45:06:55:c0:
                    d3:cc:71:04:14:49:f7:6b:be:ea:ab:c9:c7:95:5c:
                    4b:ec:1e:9c:97:b3:76:57:f5:05:dd:b5:61:91:9a:
                    e5:55:ee:ca:98:2d:33:62:1c:a9:20:98:f1:6f:9f:
                    06:86:9d:f7:5f:23:bc:db:72:68:1b:46:d2:4e:96:
                    91:df:66:f6:25:93:42:e0:d9:3d:55:4a:1b:49:fb:
                    e7:85:8c:21:71:3b:3f:25:e1:46:e2:af:77:e5:8a:
                    e0:ad:ed:17:a6:10:4a:f9:cb:31:63:ef:d6:3a:6a:
                    d6:9c:69:94:9b:b5:af:f0:7e:a6:e1:6f:f6:f0:c7:
                    f0:a7:2d:b2:8e:68:25:3e:f5:11:3c:ef:f6:d4:29:
                    6c:53:3a:94:3d:69:86:24:ed:c2:26:3e:64:de:8d:
                    f3:88:c0:8d:41:85:b7:bd:bb:8f:02:24:33:46:98:
                    b5:21:d7:90:33:06:29:e9:cf:01:34:79:82:8b:68:
                    81:4b:fb:4a:d0:ec:a9:b1:ee:85:78:a2:76:67:cd:
                    49:88:95:a9:1a:f9:c2:3d:39:5a:38:80:f9:6f:48:
                    e3:6f:e4:6a:87:31:4d:f8:cf:28:20:77:c7:c4:6d:
                    1b:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:15:AC:65:B6:6C:DF:20:4E:50:FC:93:9E:52:76:6D:25:7E:F8:30
            X509v3 Authority Key Identifier:
                keyid:C4:84:2F:82:62:FE:BD:23:D0:13:D4:0A:31:4D:88:E2:54:B2:A5:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xIQvgmL-vSPQE9QKMU2I4lSypUI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/c70fd3-dfc0-45fb-860f-fdd6741fcca3/1/gxWsZbZs3yBOUPyTnlJ2bSV--DA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/c70fd3-dfc0-45fb-860f-fdd6741fcca3/1/xIQvgmL-vSPQE9QKMU2I4lSypUI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.24.0/24
                IPv6:
                  2a07:ad80::/29

    Signature Algorithm: sha256WithRSAEncryption
         52:f7:fb:d0:47:55:03:09:55:1e:e6:1a:e6:1f:f7:07:19:28:
         e6:a8:55:b1:cb:94:26:a8:1f:66:60:45:47:e0:f4:a4:5d:e7:
         48:4d:40:38:ae:62:c2:50:8d:63:cd:73:7a:42:7c:31:5f:32:
         ba:5e:2c:66:9f:80:bc:37:bb:18:9f:fb:ad:61:9a:68:20:60:
         d6:e0:34:95:56:df:76:85:55:e1:39:e9:0e:f7:95:e7:ac:d8:
         7e:af:02:64:eb:52:bc:b8:c8:b4:f5:ec:54:7a:d0:9b:84:95:
         8d:9a:9b:2a:1b:91:49:c8:e0:99:25:cd:40:70:fb:aa:3a:ae:
         6f:70:2c:7a:4e:a7:15:f5:b4:5f:c6:80:c8:2e:c8:6e:3c:2c:
         1a:9d:8d:93:6f:f5:13:75:32:15:a7:47:58:c7:c6:15:b9:72:
         56:58:d5:dd:80:ce:5a:cb:30:e3:bc:ac:19:c3:46:46:be:6d:
         ba:85:60:0e:87:43:99:45:f7:49:fe:0c:e8:57:2a:fe:dc:6c:
         3d:30:6c:a8:25:1b:68:ac:c3:c1:ea:a7:8f:5a:78:4b:1c:1f:
         9a:b0:3b:f9:9a:ca:4f:e0:5c:92:01:54:d6:74:ec:5f:50:70:
         7f:3f:26:12:1f:99:36:64:cc:b2:67:cb:3b:c6:bf:17:18:80:
         2b:ed:3c:e4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY4PSw9N08kqwoX/RsXT1I7mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ODQyZjgyNjJmZWJkMjNkMDEzZDQwYTMxNGQ4OGUyNTRi
MmE1NDIwHhcNMjQwMzA1MTU0NjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzE1YWM2NWI2NmNkZjIwNGU1MGZjOTM5ZTUyNzY2ZDI1N2VmODMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVRfiZg/DklLPGTj2XVYxu00Hv9Y
2nxfXkUGVcDTzHEEFEn3a77qq8nHlVxL7B6cl7N2V/UF3bVhkZrlVe7KmC0zYhyp
IJjxb58Ghp33XyO823JoG0bSTpaR32b2JZNC4Nk9VUobSfvnhYwhcTs/JeFG4q93
5Yrgre0XphBK+csxY+/WOmrWnGmUm7Wv8H6m4W/28Mfwpy2yjmglPvURPO/21Cls
UzqUPWmGJO3CJj5k3o3ziMCNQYW3vbuPAiQzRpi1IdeQMwYp6c8BNHmCi2iBS/tK
0Oypse6FeKJ2Z81JiJWpGvnCPTlaOID5b0jjb+RqhzFN+M8oIHfHxG0biQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIMVrGW2bN8gTlD8k55Sdm0lfvgwMB8GA1UdIwQY
MBaAFMSEL4Ji/r0j0BPUCjFNiOJUsqVCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveElRdmdtTC12U1BRRTlRS01VMkk0bFN5cFVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9jNzBmZDMtZGZjMC00NWZiLTg2MGYt
ZmRkNjc0MWZjY2EzLzEvZ3hXc1piWnMzeUJPVVB5VG5sSjJiU1YtLURBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9jNzBmZDMtZGZjMC00NWZiLTg2MGYtZmRkNjc0MWZjY2Ez
LzEveElRdmdtTC12U1BRRTlRS01VMkk0bFN5cFVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW+8YMA0E
AgACMAcDBQMqB62AMA0GCSqGSIb3DQEBCwUAA4IBAQBS9/vQR1UDCVUe5hrmH/cH
GSjmqFWxy5QmqB9mYEVH4PSkXedITUA4rmLCUI1jzXN6QnwxXzK6Xixmn4C8N7sY
n/utYZpoIGDW4DSVVt92hVXhOekO95XnrNh+rwJk61K8uMi09exUetCbhJWNmpsq
G5FJyOCZJc1AcPuqOq5vcCx6TqcV9bRfxoDILshuPCwanY2Tb/UTdTIVp0dYx8YV
uXJWWNXdgM5ayzDjvKwZw0ZGvm26hWAOh0OZRfdJ/gzoVyr+3Gw9MGyoJRtorMPB
6qePWnhLHB+asDv5mspP4FySAVTWdOxfUHB/PyYSH5k2ZMyyZ8s7xr8XGIAr7Tzk
-----END CERTIFICATE-----