Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/3bc553-0ee0-4b72-b93e-938ab96454e9/1/wWgm0ytoOaL1Ee7wWaFN5Lv5W8A.roa
File:                     wWgm0ytoOaL1Ee7wWaFN5Lv5W8A.roa (raw, json)
Hash identifier:          YG9tkvoK4LnKk1n1uumcCyB2Yy7zFVpLUXAA3CGtZGE=
Subject key identifier:   C1:68:26:D3:2B:68:39:A2:F5:11:EE:F0:59:A1:4D:E4:BB:F9:5B:C0
Certificate issuer:       /CN=b804c197444594b11ec599d205656f64e4d1fc61
Certificate serial:       01900B994E0402069B102B98739D7E374F05
Authority key identifier: B8:04:C1:97:44:45:94:B1:1E:C5:99:D2:05:65:6F:64:E4:D1:FC:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uATBl0RFlLEexZnSBWVvZOTR_GE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/3bc553-0ee0-4b72-b93e-938ab96454e9/1/wWgm0ytoOaL1Ee7wWaFN5Lv5W8A.roa
Signing time:             Wed 12 Jun 2024 08:38:34 +0000
ROA not before:           Wed 12 Jun 2024 08:38:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199978
IP address blocks:        91.231.74.0/23 maxlen: 23
                          185.155.40.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/3bc553-0ee0-4b72-b93e-938ab96454e9/1/uATBl0RFlLEexZnSBWVvZOTR_GE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/3bc553-0ee0-4b72-b93e-938ab96454e9/1/uATBl0RFlLEexZnSBWVvZOTR_GE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uATBl0RFlLEexZnSBWVvZOTR_GE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 14:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:0b:99:4e:04:02:06:9b:10:2b:98:73:9d:7e:37:4f:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b804c197444594b11ec599d205656f64e4d1fc61
        Validity
            Not Before: Jun 12 08:38:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c16826d32b6839a2f511eef059a14de4bbf95bc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f0:45:e1:5e:a3:5b:3b:83:4b:8d:c7:ea:fa:
                    59:cd:39:32:a9:5e:22:de:6a:15:44:11:8a:58:7f:
                    27:8a:63:03:ae:59:a0:0c:6d:45:d1:0a:55:ba:47:
                    17:cf:cb:cc:01:7a:2d:29:97:51:0b:46:af:86:c2:
                    eb:1a:48:ee:b4:e4:79:45:47:69:57:10:07:0a:ba:
                    dc:04:63:6b:4a:25:7e:bb:7d:03:cf:85:53:64:69:
                    0f:47:9e:17:fd:28:00:4e:18:f7:cd:be:9c:ae:ff:
                    be:e4:04:fa:c4:49:51:a5:1e:0e:ce:1b:f6:78:98:
                    65:5d:79:64:73:d2:60:ce:3d:50:0d:d9:2e:31:60:
                    42:fe:04:b3:fd:4d:ec:18:bf:80:99:85:2f:70:d2:
                    df:ca:da:e1:16:d0:42:70:81:4f:3f:5e:74:bc:10:
                    0f:2d:74:0d:37:41:43:0c:40:fb:9d:ec:fa:37:36:
                    9f:0a:79:f7:45:61:9f:21:62:9b:19:94:a0:d2:37:
                    e0:e6:3c:c9:0b:df:b7:88:90:d1:b9:f3:0f:dc:b6:
                    19:bc:9c:6d:72:52:5f:c4:ad:c7:89:99:e9:0f:ae:
                    1d:da:bf:51:50:51:4d:09:18:3b:ff:f0:9b:ed:8c:
                    13:1d:1e:9e:ba:54:6d:72:15:c6:3f:e0:f0:54:b9:
                    1b:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:68:26:D3:2B:68:39:A2:F5:11:EE:F0:59:A1:4D:E4:BB:F9:5B:C0
            X509v3 Authority Key Identifier:
                keyid:B8:04:C1:97:44:45:94:B1:1E:C5:99:D2:05:65:6F:64:E4:D1:FC:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uATBl0RFlLEexZnSBWVvZOTR_GE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/3bc553-0ee0-4b72-b93e-938ab96454e9/1/wWgm0ytoOaL1Ee7wWaFN5Lv5W8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/3bc553-0ee0-4b72-b93e-938ab96454e9/1/uATBl0RFlLEexZnSBWVvZOTR_GE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.74.0/23
                  185.155.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:6d:30:80:e6:1b:07:94:0a:64:1e:d4:fa:ba:f4:f3:c0:68:
         9f:ea:e3:2c:d0:e1:ea:c2:c5:56:cb:15:cd:71:01:16:71:e5:
         0d:4d:3b:06:c7:94:80:0d:0b:41:c7:75:23:5d:f1:57:b4:03:
         43:b5:16:0c:cc:d0:02:f6:70:32:5f:d7:06:75:a5:e4:09:1a:
         7f:d5:ba:73:65:89:98:13:23:e6:6a:b9:2a:7c:fe:5b:27:82:
         d7:7a:51:06:f3:2e:e8:27:e3:29:9f:b0:16:0d:46:91:05:b8:
         e7:ff:0f:30:49:0e:af:d1:52:31:f2:97:28:83:e4:cc:8b:e5:
         1a:5e:93:35:27:32:09:9d:5c:e8:3d:39:79:74:39:35:7d:a7:
         0a:c0:a0:96:9f:e0:16:99:1e:d0:44:91:6c:db:4b:51:65:fb:
         83:cc:99:ac:54:c9:66:0d:12:2a:91:79:fb:da:78:ba:e3:9b:
         c2:90:fc:56:eb:39:b7:75:a6:cb:c6:7b:01:eb:d1:be:dc:94:
         06:fa:a1:01:f0:f1:33:00:5f:d4:9e:db:cb:04:09:a5:5b:5c:
         7f:dd:bd:a1:4a:e9:93:37:1a:b1:35:1a:04:6d:14:0e:01:fc:
         b3:68:8d:8d:9e:10:f2:63:e7:eb:a7:30:f4:27:d1:27:06:c1:
         a7:df:a6:8e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZALmU4EAgabECuYc51+N08FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDRjMTk3NDQ0NTk0YjExZWM1OTlkMjA1NjU2ZjY0ZTRk
MWZjNjEwHhcNMjQwNjEyMDgzODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTY4MjZkMzJiNjgzOWEyZjUxMWVlZjA1OWExNGRlNGJiZjk1YmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfBF4V6jWzuDS43H6vpZzTkyqV4i
3moVRBGKWH8nimMDrlmgDG1F0QpVukcXz8vMAXotKZdRC0avhsLrGkjutOR5RUdp
VxAHCrrcBGNrSiV+u30Dz4VTZGkPR54X/SgAThj3zb6crv++5AT6xElRpR4Ozhv2
eJhlXXlkc9Jgzj1QDdkuMWBC/gSz/U3sGL+AmYUvcNLfytrhFtBCcIFPP150vBAP
LXQNN0FDDED7nez6NzafCnn3RWGfIWKbGZSg0jfg5jzJC9+3iJDRufMP3LYZvJxt
clJfxK3HiZnpD64d2r9RUFFNCRg7//Cb7YwTHR6eulRtchXGP+DwVLkb5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMFoJtMraDmi9RHu8FmhTeS7+VvAMB8GA1UdIwQY
MBaAFLgEwZdERZSxHsWZ0gVlb2Tk0fxhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFUQmwwUkZsTEVleFpuU0JXVnZaT1RSX0dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy8zYmM1NTMtMGVlMC00YjcyLWI5M2Ut
OTM4YWI5NjQ1NGU5LzEvd1dnbTB5dG9PYUwxRWU3d1dhRk41THY1VzhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy8zYmM1NTMtMGVlMC00YjcyLWI5M2UtOTM4YWI5NjQ1NGU5
LzEvdUFUQmwwUkZsTEVleFpuU0JXVnZaT1RSX0dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+dKAwQC
uZsoMA0GCSqGSIb3DQEBCwUAA4IBAQBPbTCA5hsHlApkHtT6uvTzwGif6uMs0OHq
wsVWyxXNcQEWceUNTTsGx5SADQtBx3UjXfFXtANDtRYMzNAC9nAyX9cGdaXkCRp/
1bpzZYmYEyPmarkqfP5bJ4LXelEG8y7oJ+Mpn7AWDUaRBbjn/w8wSQ6v0VIx8pco
g+TMi+UaXpM1JzIJnVzoPTl5dDk1facKwKCWn+AWmR7QRJFs20tRZfuDzJmsVMlm
DRIqkXn72ni645vCkPxW6zm3dabLxnsB69G+3JQG+qEB8PEzAF/UntvLBAmlW1x/
3b2hSumTNxqxNRoEbRQOAfyzaI2NnhDyY+frpzD0J9EnBsGn36aO
-----END CERTIFICATE-----