Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/6f6758-c233-4ac0-99b0-5a922a62c571/1/O3TeINLvvE2zM1eBb9bh2XdL-BU.roa
File:                     O3TeINLvvE2zM1eBb9bh2XdL-BU.roa (raw, json)
Hash identifier:          a0/GAYYLERK73R20L7gZVP84aNDXQN2emwPPNwxn70g=
Subject key identifier:   3B:74:DE:20:D2:EF:BC:4D:B3:33:57:81:6F:D6:E1:D9:77:4B:F8:15
Certificate issuer:       /CN=cf2c30f34493c452a173e4de0c462c83a711c338
Certificate serial:       018CC94CC9AB3BA99F9B7E11B93735E88C2F
Authority key identifier: CF:2C:30:F3:44:93:C4:52:A1:73:E4:DE:0C:46:2C:83:A7:11:C3:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zyww80STxFKhc-TeDEYsg6cRwzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/6f6758-c233-4ac0-99b0-5a922a62c571/1/O3TeINLvvE2zM1eBb9bh2XdL-BU.roa
Signing time:             Tue 02 Jan 2024 08:31:41 +0000
ROA not before:           Tue 02 Jan 2024 08:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200966
IP address blocks:        91.215.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/6f6758-c233-4ac0-99b0-5a922a62c571/1/zyww80STxFKhc-TeDEYsg6cRwzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/6f6758-c233-4ac0-99b0-5a922a62c571/1/zyww80STxFKhc-TeDEYsg6cRwzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zyww80STxFKhc-TeDEYsg6cRwzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:c9:ab:3b:a9:9f:9b:7e:11:b9:37:35:e8:8c:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf2c30f34493c452a173e4de0c462c83a711c338
        Validity
            Not Before: Jan  2 08:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b74de20d2efbc4db33357816fd6e1d9774bf815
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:5c:1c:db:6a:6c:8d:46:1b:26:a0:16:fa:c2:
                    5f:52:cf:02:88:19:54:95:24:17:a1:a4:02:6e:8d:
                    79:3c:c8:66:56:2d:80:ae:6b:a8:f3:9f:40:8c:5b:
                    f8:1f:77:d4:d9:bb:c7:48:70:60:63:da:20:60:bb:
                    5e:93:47:5f:1f:ee:a3:7d:05:12:27:e0:ef:26:96:
                    a7:67:e2:32:3d:d7:68:b2:70:4a:17:95:af:05:42:
                    97:2f:e8:40:03:ec:47:ff:ec:96:24:3e:75:91:6b:
                    ba:60:96:d2:97:0f:67:2d:fd:9a:1c:9c:eb:81:fc:
                    96:67:bd:00:b0:75:85:cd:97:ba:b5:33:c5:90:db:
                    6e:a0:f7:8c:c2:fc:b9:99:14:17:40:20:46:16:70:
                    92:7c:13:ea:33:88:62:db:f7:34:3f:bb:67:ac:2d:
                    f7:11:a3:78:c3:68:57:c2:97:fd:fd:64:cf:1b:e1:
                    93:e2:78:32:32:a1:93:83:e9:9a:b3:7d:e2:ad:65:
                    e6:2a:32:48:d9:c2:21:f9:37:52:96:4f:25:be:1e:
                    40:a8:73:0f:77:23:7b:42:c2:41:99:9b:48:d3:fb:
                    fc:80:63:5c:a3:fe:59:de:ac:f9:a9:76:47:ed:44:
                    e5:8b:7c:10:27:b0:93:7d:7a:1e:e6:07:40:23:aa:
                    68:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:74:DE:20:D2:EF:BC:4D:B3:33:57:81:6F:D6:E1:D9:77:4B:F8:15
            X509v3 Authority Key Identifier:
                keyid:CF:2C:30:F3:44:93:C4:52:A1:73:E4:DE:0C:46:2C:83:A7:11:C3:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zyww80STxFKhc-TeDEYsg6cRwzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/6f6758-c233-4ac0-99b0-5a922a62c571/1/O3TeINLvvE2zM1eBb9bh2XdL-BU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/6f6758-c233-4ac0-99b0-5a922a62c571/1/zyww80STxFKhc-TeDEYsg6cRwzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.215.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:53:a5:8e:c1:d9:5b:20:98:8e:f3:f2:29:8c:70:b1:b1:09:
         6c:c6:5f:49:08:b7:b3:fa:9a:d5:39:e0:c5:a3:52:34:df:0e:
         1f:72:f5:2f:c7:c7:6c:fe:fd:ce:d7:e2:6e:e5:b5:63:bd:ca:
         80:17:9d:46:c1:b3:eb:82:29:99:01:97:c3:7d:07:e4:1a:ae:
         68:19:0f:3d:a9:cc:3c:0a:c3:73:db:eb:f0:85:66:bc:fd:c3:
         28:5a:db:32:e8:a6:5a:d0:2c:6c:d7:0e:42:7c:e8:49:37:46:
         ad:c6:66:fd:9d:81:8f:d2:ff:6c:39:13:02:07:5c:18:91:05:
         44:06:e2:8e:7e:6c:58:ee:10:a8:00:5b:07:86:00:d2:4a:fc:
         1b:53:f4:59:2c:4e:94:cc:cd:78:b6:83:51:3f:78:23:70:b9:
         58:49:9e:b4:21:93:85:0c:ac:a5:5b:3a:d1:8b:65:39:64:00:
         80:28:2d:52:b0:78:b4:bb:a8:62:f2:71:35:e7:45:38:6e:a4:
         cb:d0:d0:79:86:5b:9f:0a:a2:5c:ee:e2:fe:da:29:0a:52:31:
         a4:42:3a:84:2f:27:63:c9:db:6a:22:67:7b:5f:ba:4a:af:22:
         6f:c5:af:f9:3e:6c:03:85:e2:da:dc:01:b2:8b:5d:a1:2b:4b:
         ad:fa:1b:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTMmrO6mfm34RuTc16IwvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMmMzMGYzNDQ5M2M0NTJhMTczZTRkZTBjNDYyYzgzYTcx
MWMzMzgwHhcNMjQwMTAyMDgzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjc0ZGUyMGQyZWZiYzRkYjMzMzU3ODE2ZmQ2ZTFkOTc3NGJmODE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1wc22psjUYbJqAW+sJfUs8CiBlU
lSQXoaQCbo15PMhmVi2Armuo859AjFv4H3fU2bvHSHBgY9ogYLtek0dfH+6jfQUS
J+DvJpanZ+IyPddosnBKF5WvBUKXL+hAA+xH/+yWJD51kWu6YJbSlw9nLf2aHJzr
gfyWZ70AsHWFzZe6tTPFkNtuoPeMwvy5mRQXQCBGFnCSfBPqM4hi2/c0P7tnrC33
EaN4w2hXwpf9/WTPG+GT4ngyMqGTg+mas33irWXmKjJI2cIh+TdSlk8lvh5AqHMP
dyN7QsJBmZtI0/v8gGNco/5Z3qz5qXZH7UTli3wQJ7CTfXoe5gdAI6poGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDt03iDS77xNszNXgW/W4dl3S/gVMB8GA1UdIwQY
MBaAFM8sMPNEk8RSoXPk3gxGLIOnEcM4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenl3dzgwU1R4RktoYy1UZURFWXNnNmNSd3pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi82ZjY3NTgtYzIzMy00YWMwLTk5YjAt
NWE5MjJhNjJjNTcxLzEvTzNUZUlOTHZ2RTJ6TTFlQmI5YmgyWGRMLUJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi82ZjY3NTgtYzIzMy00YWMwLTk5YjAtNWE5MjJhNjJjNTcx
LzEvenl3dzgwU1R4RktoYy1UZURFWXNnNmNSd3pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9dXMA0G
CSqGSIb3DQEBCwUAA4IBAQCVU6WOwdlbIJiO8/IpjHCxsQlsxl9JCLez+prVOeDF
o1I03w4fcvUvx8ds/v3O1+Ju5bVjvcqAF51GwbPrgimZAZfDfQfkGq5oGQ89qcw8
CsNz2+vwhWa8/cMoWtsy6KZa0Cxs1w5CfOhJN0atxmb9nYGP0v9sORMCB1wYkQVE
BuKOfmxY7hCoAFsHhgDSSvwbU/RZLE6UzM14toNRP3gjcLlYSZ60IZOFDKylWzrR
i2U5ZACAKC1SsHi0u6hi8nE150U4bqTL0NB5hlufCqJc7uL+2ikKUjGkQjqELydj
ydtqImd7X7pKryJvxa/5PmwDheLa3AGyi12hK0ut+ht1
-----END CERTIFICATE-----