Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/12fc9e-ea3b-41c0-950e-4475a9bf250e/1/bFoKkuLA76zUpA5Sw4IhX5-00zw.roa
File:                     bFoKkuLA76zUpA5Sw4IhX5-00zw.roa (raw, json)
Hash identifier:          lcRqyT6yCgCzGFtEnrhv2gHOMH8QGsSM/dbFZCqKZa8=
Subject key identifier:   6C:5A:0A:92:E2:C0:EF:AC:D4:A4:0E:52:C3:82:21:5F:9F:B4:D3:3C
Certificate issuer:       /CN=593b53fb9306346f272494928d77839cbaf9ddc7
Certificate serial:       018CC34938F3B09F293A947A98F6183B8E27
Authority key identifier: 59:3B:53:FB:93:06:34:6F:27:24:94:92:8D:77:83:9C:BA:F9:DD:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WTtT-5MGNG8nJJSSjXeDnLr53cc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/12fc9e-ea3b-41c0-950e-4475a9bf250e/1/bFoKkuLA76zUpA5Sw4IhX5-00zw.roa
Signing time:             Mon 01 Jan 2024 04:30:04 +0000
ROA not before:           Mon 01 Jan 2024 04:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198785
IP address blocks:        91.234.46.0/24 maxlen: 24
                          178.218.160.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/12fc9e-ea3b-41c0-950e-4475a9bf250e/1/WTtT-5MGNG8nJJSSjXeDnLr53cc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/12fc9e-ea3b-41c0-950e-4475a9bf250e/1/WTtT-5MGNG8nJJSSjXeDnLr53cc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WTtT-5MGNG8nJJSSjXeDnLr53cc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 19:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:38:f3:b0:9f:29:3a:94:7a:98:f6:18:3b:8e:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=593b53fb9306346f272494928d77839cbaf9ddc7
        Validity
            Not Before: Jan  1 04:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c5a0a92e2c0efacd4a40e52c382215f9fb4d33c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e8:9f:0b:20:f6:f0:9b:4c:3f:bd:43:13:9e:
                    63:99:64:fd:e7:f3:25:4a:b9:df:01:61:22:b1:3f:
                    6d:6a:ae:42:7c:45:82:e4:00:e4:1e:8c:42:ad:34:
                    e9:86:05:67:dc:0e:98:05:b6:1e:dd:c7:e7:ad:7a:
                    f2:17:80:fb:0d:87:63:4b:01:25:c4:7e:41:48:65:
                    e1:ca:df:66:3b:45:5b:48:d1:2c:fe:50:0b:d2:b9:
                    51:00:35:79:f4:5b:44:da:88:30:f5:ce:23:3b:51:
                    e5:e1:b3:c7:90:91:38:94:ef:53:55:1f:2b:d2:de:
                    a8:55:01:74:90:a3:a4:04:bc:ff:d0:6f:52:c5:db:
                    87:92:5a:38:8d:12:3f:b3:6d:32:e6:9f:e1:1e:3c:
                    fd:aa:82:cb:4a:4a:bd:3d:79:73:fa:bf:cc:64:c7:
                    69:b8:ec:ec:1d:a9:ae:0d:d1:2e:a5:a6:d1:ab:e6:
                    e0:f8:c2:fc:41:6f:ab:5c:4e:14:94:cf:d8:e1:83:
                    32:9c:0f:85:78:d0:3b:fa:66:d1:19:e9:54:cf:90:
                    b6:9f:fe:87:db:ea:a2:9e:d2:8c:79:4f:cc:ad:84:
                    75:96:e6:d8:e6:ee:7f:2f:d9:63:92:e0:24:3e:a0:
                    ae:e2:53:a2:9b:85:a8:ec:6e:e3:29:2a:ee:bb:42:
                    5b:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:5A:0A:92:E2:C0:EF:AC:D4:A4:0E:52:C3:82:21:5F:9F:B4:D3:3C
            X509v3 Authority Key Identifier:
                keyid:59:3B:53:FB:93:06:34:6F:27:24:94:92:8D:77:83:9C:BA:F9:DD:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WTtT-5MGNG8nJJSSjXeDnLr53cc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/12fc9e-ea3b-41c0-950e-4475a9bf250e/1/bFoKkuLA76zUpA5Sw4IhX5-00zw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/12fc9e-ea3b-41c0-950e-4475a9bf250e/1/WTtT-5MGNG8nJJSSjXeDnLr53cc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.46.0/24
                  178.218.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         0d:40:41:6f:4b:30:16:1b:49:5b:6e:93:61:b5:57:19:09:ac:
         ec:60:6f:ee:e0:ad:e2:65:6b:e7:77:a0:e3:7c:99:ed:af:d7:
         e2:9f:ef:40:36:2f:8f:e6:65:15:30:bb:96:8a:7d:af:35:bf:
         8c:d2:e3:c0:ed:e8:c3:f0:d0:c8:27:66:76:25:d4:cd:de:e1:
         c7:2c:8b:b2:2a:be:ff:d7:32:46:40:2f:f6:d4:54:28:b4:f3:
         53:ec:d0:14:d9:67:8f:2c:4d:f7:51:30:13:58:f2:2e:f7:d9:
         9b:c9:5c:bd:33:97:3a:fc:ca:16:2d:32:1d:e9:c3:a5:96:d5:
         5a:f7:20:88:6c:fe:18:44:b1:a8:71:8c:03:8b:87:a0:a0:1f:
         0d:b6:a0:c0:4a:9e:4b:a8:8b:27:2b:90:d3:42:ae:94:e3:0b:
         89:8c:dc:97:be:1b:a8:c2:7d:41:64:c8:02:ec:43:aa:ed:49:
         8e:57:98:37:19:30:b7:13:01:44:51:09:40:4b:e5:57:e3:79:
         f5:94:0e:91:ef:8c:fd:de:38:86:ed:a9:69:f4:7d:a3:38:87:
         ad:f0:34:0e:25:97:65:ad:82:74:db:54:5c:70:a9:3d:37:7d:
         fe:61:6d:b2:be:c8:56:5d:1c:50:ff:6f:24:66:bc:c5:9e:5d:
         07:41:58:c2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSTjzsJ8pOpR6mPYYO44nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5M2I1M2ZiOTMwNjM0NmYyNzI0OTQ5MjhkNzc4MzljYmFm
OWRkYzcwHhcNMjQwMTAxMDQzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzVhMGE5MmUyYzBlZmFjZDRhNDBlNTJjMzgyMjE1ZjlmYjRkMzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuifCyD28JtMP71DE55jmWT95/Ml
SrnfAWEisT9taq5CfEWC5ADkHoxCrTTphgVn3A6YBbYe3cfnrXryF4D7DYdjSwEl
xH5BSGXhyt9mO0VbSNEs/lAL0rlRADV59FtE2ogw9c4jO1Hl4bPHkJE4lO9TVR8r
0t6oVQF0kKOkBLz/0G9SxduHklo4jRI/s20y5p/hHjz9qoLLSkq9PXlz+r/MZMdp
uOzsHamuDdEupabRq+bg+ML8QW+rXE4UlM/Y4YMynA+FeNA7+mbRGelUz5C2n/6H
2+qintKMeU/MrYR1lubY5u5/L9ljkuAkPqCu4lOim4Wo7G7jKSruu0Jb1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGxaCpLiwO+s1KQOUsOCIV+ftNM8MB8GA1UdIwQY
MBaAFFk7U/uTBjRvJySUko13g5y6+d3HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1R0VC01TUdORzhuSkpTU2pYZURuTHI1M2NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8xMmZjOWUtZWEzYi00MWMwLTk1MGUt
NDQ3NWE5YmYyNTBlLzEvYkZvS2t1TEE3NnpVcEE1U3c0SWhYNS0wMHp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8xMmZjOWUtZWEzYi00MWMwLTk1MGUtNDQ3NWE5YmYyNTBl
LzEvV1R0VC01TUdORzhuSkpTU2pYZURuTHI1M2NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+ouAwQE
stqgMA0GCSqGSIb3DQEBCwUAA4IBAQANQEFvSzAWG0lbbpNhtVcZCazsYG/u4K3i
ZWvnd6DjfJntr9fin+9ANi+P5mUVMLuWin2vNb+M0uPA7ejD8NDIJ2Z2JdTN3uHH
LIuyKr7/1zJGQC/21FQotPNT7NAU2WePLE33UTATWPIu99mbyVy9M5c6/MoWLTId
6cOlltVa9yCIbP4YRLGocYwDi4egoB8NtqDASp5LqIsnK5DTQq6U4wuJjNyXvhuo
wn1BZMgC7EOq7UmOV5g3GTC3EwFEUQlAS+VX43n1lA6R74z93jiG7alp9H2jOIet
8DQOJZdlrYJ021RccKk9N33+YW2yvshWXRxQ/28kZrzFnl0HQVjC
-----END CERTIFICATE-----