Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/bSmtq7espHhTsEGGi_C78pdLan0.roa
File:                     bSmtq7espHhTsEGGi_C78pdLan0.roa (raw, json)
Hash identifier:          SrkZZfZNiV0q9W22vcj1JtjqHn/8E+qtkFM+G/pVIlQ=
Subject key identifier:   6D:29:AD:AB:B7:AC:A4:78:53:B0:41:86:8B:F0:BB:F2:97:4B:6A:7D
Certificate issuer:       /CN=c378bc3bd350eedc4f377c224556b250da6dde6f
Certificate serial:       01907A52B31A4A77A0983440073593C2AD8A
Authority key identifier: C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/bSmtq7espHhTsEGGi_C78pdLan0.roa
Signing time:             Wed 03 Jul 2024 20:39:18 +0000
ROA not before:           Wed 03 Jul 2024 20:39:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        91.108.88.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:7a:52:b3:1a:4a:77:a0:98:34:40:07:35:93:c2:ad:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c378bc3bd350eedc4f377c224556b250da6dde6f
        Validity
            Not Before: Jul  3 20:39:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d29adabb7aca47853b041868bf0bbf2974b6a7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:d9:58:9f:16:f0:ce:33:fa:8e:39:f7:a6:90:
                    b0:76:93:0d:2e:a0:ad:92:4f:73:43:79:2e:0a:18:
                    b7:95:3d:5f:f2:57:ec:e7:e6:6b:61:d7:e6:d5:c0:
                    27:2e:b2:09:80:87:84:d8:23:22:a6:18:c2:05:fc:
                    11:63:ac:33:16:ac:16:16:88:ac:ce:ef:a1:c2:f2:
                    48:32:e6:6b:d9:d8:51:08:75:00:fb:ca:b7:8e:6f:
                    1f:dd:19:06:d7:26:56:67:65:43:c6:fd:c9:7a:30:
                    fd:e4:1b:1a:25:7b:19:91:0a:6f:7c:82:92:16:ee:
                    10:f7:38:5a:40:fb:1c:32:49:ff:f8:2f:7b:57:6a:
                    f3:c8:7a:ae:9c:c7:e9:22:e3:32:71:c9:a7:1d:2f:
                    07:02:ac:5d:38:d3:d7:32:12:33:19:bd:64:b5:a3:
                    bc:8a:83:15:26:6f:6c:4b:57:05:2c:41:ff:57:b8:
                    08:69:f6:a1:68:e3:b7:fa:06:78:2b:79:48:74:8c:
                    9b:49:04:c7:1c:0a:c9:2e:3c:ad:76:45:e8:ae:b9:
                    6e:50:d2:46:37:ca:44:f0:f9:65:fe:44:87:39:70:
                    e7:e1:3a:4e:71:c6:f1:1c:03:4d:ed:72:59:7f:77:
                    0c:b6:d9:6e:89:94:1c:19:de:c6:95:e6:b8:9f:f6:
                    9b:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:29:AD:AB:B7:AC:A4:78:53:B0:41:86:8B:F0:BB:F2:97:4B:6A:7D
            X509v3 Authority Key Identifier:
                keyid:C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/bSmtq7espHhTsEGGi_C78pdLan0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         d4:f6:b5:a0:5d:dd:f1:e3:19:da:51:15:f2:12:dd:78:ac:89:
         ec:66:9b:03:86:cc:d0:b4:5d:9c:4e:1b:d5:ce:00:5c:ed:09:
         dc:74:1a:70:50:c4:b4:29:ef:a7:18:7e:05:07:1a:62:79:4e:
         08:36:af:2d:80:29:c6:be:82:a9:86:f0:e4:75:d8:ea:f9:aa:
         c6:80:6e:59:c9:f4:8c:8d:0c:d4:a3:c5:48:f4:b7:55:2c:d0:
         cc:5e:d8:25:0c:1c:66:cc:43:0e:9e:85:df:96:15:df:fd:35:
         b5:00:5a:fb:d6:64:41:90:25:d1:27:75:76:2e:80:38:3e:15:
         de:d3:05:d0:ca:d2:4b:10:3a:91:03:5a:8e:5d:ac:3d:4e:bb:
         36:b9:8b:fb:42:db:b6:ad:7e:e3:81:16:c9:6f:40:d5:06:8b:
         e9:a9:e7:17:2f:e0:1c:90:02:df:29:f2:3f:ed:8e:20:66:7b:
         37:fa:2c:94:2b:ca:32:be:ad:bc:2a:68:4e:64:3c:46:f8:7a:
         05:68:54:ba:ed:56:98:a8:01:7b:ce:ed:ae:ba:83:d6:1f:bb:
         f4:cb:cd:2c:99:ca:b6:ee:42:76:40:df:b8:42:03:d6:97:84:
         36:93:6f:45:b5:27:5f:9b:f7:b2:d2:cd:a7:e9:fd:ea:4f:c4:
         aa:15:16:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZB6UrMaSnegmDRABzWTwq2KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNzhiYzNiZDM1MGVlZGM0ZjM3N2MyMjQ1NTZiMjUwZGE2
ZGRlNmYwHhcNMjQwNzAzMjAzOTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDI5YWRhYmI3YWNhNDc4NTNiMDQxODY4YmYwYmJmMjk3NGI2YTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz9lYnxbwzjP6jjn3ppCwdpMNLqCt
kk9zQ3kuChi3lT1f8lfs5+ZrYdfm1cAnLrIJgIeE2CMiphjCBfwRY6wzFqwWFois
zu+hwvJIMuZr2dhRCHUA+8q3jm8f3RkG1yZWZ2VDxv3JejD95BsaJXsZkQpvfIKS
Fu4Q9zhaQPscMkn/+C97V2rzyHqunMfpIuMyccmnHS8HAqxdONPXMhIzGb1ktaO8
ioMVJm9sS1cFLEH/V7gIafahaOO3+gZ4K3lIdIybSQTHHArJLjytdkXorrluUNJG
N8pE8Pll/kSHOXDn4TpOccbxHANN7XJZf3cMttluiZQcGd7Glea4n/abgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0prau3rKR4U7BBhovwu/KXS2p9MB8GA1UdIwQY
MBaAFMN4vDvTUO7cTzd8IkVWslDabd5vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYt
NDQxNDU1OGZkY2JiLzEvYlNtdHE3ZXNwSGhUc0VHR2lfQzc4cGRMYW4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYtNDQxNDU1OGZkY2Ji
LzEvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDW2xYMA0G
CSqGSIb3DQEBCwUAA4IBAQDU9rWgXd3x4xnaURXyEt14rInsZpsDhszQtF2cThvV
zgBc7QncdBpwUMS0Ke+nGH4FBxpieU4INq8tgCnGvoKphvDkddjq+arGgG5ZyfSM
jQzUo8VI9LdVLNDMXtglDBxmzEMOnoXflhXf/TW1AFr71mRBkCXRJ3V2LoA4PhXe
0wXQytJLEDqRA1qOXaw9Trs2uYv7Qtu2rX7jgRbJb0DVBovpqecXL+AckALfKfI/
7Y4gZns3+iyUK8oyvq28KmhOZDxG+HoFaFS67VaYqAF7zu2uuoPWH7v0y80smcq2
7kJ2QN+4QgPWl4Q2k29FtSdfm/ey0s2n6f3qT8SqFRZQ
-----END CERTIFICATE-----