Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/0d2344-99d7-4313-b1b6-7c4247ae5c1b/1/GG5qqaTRrpGVNS0-nzsQT6YZYPs.roa
File:                     GG5qqaTRrpGVNS0-nzsQT6YZYPs.roa (raw, json)
Hash identifier:          E+FMqJBNxSz9JyrQ9MPwUYzePFSB03Uy6LoaMbCYyl0=
Subject key identifier:   18:6E:6A:A9:A4:D1:AE:91:95:35:2D:3E:9F:3B:10:4F:A6:19:60:FB
Certificate issuer:       /CN=f2bc11e6ecd3a0af3ee4394dcbb7b3ef90187d30
Certificate serial:       018CC5DBF210D31AA6E09995D5B0B1ED6891
Authority key identifier: F2:BC:11:E6:EC:D3:A0:AF:3E:E4:39:4D:CB:B7:B3:EF:90:18:7D:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8rwR5uzToK8-5DlNy7ez75AYfTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/0d2344-99d7-4313-b1b6-7c4247ae5c1b/1/GG5qqaTRrpGVNS0-nzsQT6YZYPs.roa
Signing time:             Mon 01 Jan 2024 16:29:35 +0000
ROA not before:           Mon 01 Jan 2024 16:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34491
IP address blocks:        91.234.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/0d2344-99d7-4313-b1b6-7c4247ae5c1b/1/8rwR5uzToK8-5DlNy7ez75AYfTA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/0d2344-99d7-4313-b1b6-7c4247ae5c1b/1/8rwR5uzToK8-5DlNy7ez75AYfTA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8rwR5uzToK8-5DlNy7ez75AYfTA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:f2:10:d3:1a:a6:e0:99:95:d5:b0:b1:ed:68:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2bc11e6ecd3a0af3ee4394dcbb7b3ef90187d30
        Validity
            Not Before: Jan  1 16:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=186e6aa9a4d1ae9195352d3e9f3b104fa61960fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:85:14:00:95:fe:6e:01:f8:cf:e7:bf:17:19:
                    b9:ee:32:5f:f5:d2:10:bd:71:ab:e5:85:7c:ef:8e:
                    ad:c7:c7:b7:3e:b4:36:b5:bc:0e:ed:0d:0b:aa:59:
                    b1:d5:8d:03:a5:c7:41:92:b6:bd:e8:02:70:8f:ff:
                    f7:83:99:0b:a4:74:e1:1f:23:2a:9b:ae:8c:db:5f:
                    43:ae:17:d6:b0:20:2f:54:c5:ae:c3:1b:cf:fb:0f:
                    53:5a:b4:cb:be:b9:c5:7f:64:f7:f6:de:05:20:20:
                    01:6b:76:9f:aa:cf:35:a1:be:ff:e0:75:f7:80:83:
                    77:5c:fc:5d:a4:ba:24:f7:df:77:df:96:d7:ce:14:
                    fe:53:35:ac:66:ec:64:3a:78:c5:8a:ad:8f:9b:91:
                    57:af:c7:e6:20:ac:c0:5f:41:5e:49:6b:61:30:b4:
                    da:a3:60:6c:c4:29:29:fa:d2:8a:e9:0f:ea:8c:17:
                    fe:d4:33:8a:49:10:90:6c:34:91:5b:0b:fc:56:81:
                    a2:05:71:8f:04:1c:6b:24:61:4a:a1:e7:78:19:51:
                    53:5b:51:f8:83:91:d1:4f:d1:0a:ac:d3:ae:2e:02:
                    b9:49:35:2c:d6:48:3d:18:9f:1a:35:18:03:5a:76:
                    f5:a6:ff:e3:41:1f:4e:eb:5c:e4:67:41:f1:f2:64:
                    33:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:6E:6A:A9:A4:D1:AE:91:95:35:2D:3E:9F:3B:10:4F:A6:19:60:FB
            X509v3 Authority Key Identifier:
                keyid:F2:BC:11:E6:EC:D3:A0:AF:3E:E4:39:4D:CB:B7:B3:EF:90:18:7D:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8rwR5uzToK8-5DlNy7ez75AYfTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/0d2344-99d7-4313-b1b6-7c4247ae5c1b/1/GG5qqaTRrpGVNS0-nzsQT6YZYPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/0d2344-99d7-4313-b1b6-7c4247ae5c1b/1/8rwR5uzToK8-5DlNy7ez75AYfTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:73:f1:aa:d9:9f:0e:74:fd:c1:25:2e:a3:32:97:5b:e0:9e:
         b7:d7:ad:8e:3a:d3:a2:cd:cf:3c:b2:2d:06:bb:95:12:3c:66:
         01:a2:b4:2c:27:dc:bb:d2:ee:b3:3d:37:7f:2f:d4:15:ff:7c:
         3f:20:56:7e:17:03:4d:67:e5:1f:60:43:1b:af:8a:ea:90:d0:
         9b:33:33:bb:6a:53:2b:14:36:9a:a0:84:10:4d:f8:b3:6d:32:
         76:f5:25:31:c0:c4:21:dd:f3:8a:c8:8b:db:f2:58:58:7c:79:
         b8:45:3c:74:89:1c:85:06:51:f7:95:20:fe:f9:6c:a0:cd:c3:
         72:5c:43:ac:a9:2d:7a:b4:8c:c8:57:4b:51:3c:77:c7:65:6b:
         08:e7:1c:c3:fb:73:30:63:ed:79:57:50:72:6d:20:1f:6f:c2:
         9a:84:e8:ef:e7:83:2d:61:4c:70:b6:af:a3:b1:fa:f9:4e:ff:
         0b:4e:c6:19:d7:a2:ef:b6:f6:e4:f6:b0:d1:85:8f:a9:ca:a0:
         b7:d6:1b:b2:23:1e:eb:73:fd:99:15:e2:97:5c:84:d1:99:37:
         b4:aa:55:13:bc:e0:c1:40:c2:9f:6a:23:4b:89:ee:82:80:01:
         ec:d3:66:9e:25:64:a3:47:72:1a:0a:b6:79:ca:b7:f9:73:56:
         7e:2f:76:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/IQ0xqm4JmV1bCx7WiRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyYmMxMWU2ZWNkM2EwYWYzZWU0Mzk0ZGNiYjdiM2VmOTAx
ODdkMzAwHhcNMjQwMTAxMTYyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODZlNmFhOWE0ZDFhZTkxOTUzNTJkM2U5ZjNiMTA0ZmE2MTk2MGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiIUUAJX+bgH4z+e/Fxm57jJf9dIQ
vXGr5YV8746tx8e3PrQ2tbwO7Q0Lqlmx1Y0DpcdBkra96AJwj//3g5kLpHThHyMq
m66M219DrhfWsCAvVMWuwxvP+w9TWrTLvrnFf2T39t4FICABa3afqs81ob7/4HX3
gIN3XPxdpLok999335bXzhT+UzWsZuxkOnjFiq2Pm5FXr8fmIKzAX0FeSWthMLTa
o2BsxCkp+tKK6Q/qjBf+1DOKSRCQbDSRWwv8VoGiBXGPBBxrJGFKoed4GVFTW1H4
g5HRT9EKrNOuLgK5STUs1kg9GJ8aNRgDWnb1pv/jQR9O61zkZ0Hx8mQzmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBhuaqmk0a6RlTUtPp87EE+mGWD7MB8GA1UdIwQY
MBaAFPK8Eebs06CvPuQ5Tcu3s++QGH0wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHJ3UjV1elRvSzgtNURsTnk3ZXo3NUFZZlRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy8wZDIzNDQtOTlkNy00MzEzLWIxYjYt
N2M0MjQ3YWU1YzFiLzEvR0c1cXFhVFJycEdWTlMwLW56c1FUNllaWVBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy8wZDIzNDQtOTlkNy00MzEzLWIxYjYtN2M0MjQ3YWU1YzFi
LzEvOHJ3UjV1elRvSzgtNURsTnk3ZXo3NUFZZlRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+oVMA0G
CSqGSIb3DQEBCwUAA4IBAQBwc/Gq2Z8OdP3BJS6jMpdb4J63162OOtOizc88si0G
u5USPGYBorQsJ9y70u6zPTd/L9QV/3w/IFZ+FwNNZ+UfYEMbr4rqkNCbMzO7alMr
FDaaoIQQTfizbTJ29SUxwMQh3fOKyIvb8lhYfHm4RTx0iRyFBlH3lSD++WygzcNy
XEOsqS16tIzIV0tRPHfHZWsI5xzD+3MwY+15V1BybSAfb8KahOjv54MtYUxwtq+j
sfr5Tv8LTsYZ16Lvtvbk9rDRhY+pyqC31huyIx7rc/2ZFeKXXITRmTe0qlUTvODB
QMKfaiNLie6CgAHs02aeJWSjR3IaCrZ5yrf5c1Z+L3Y4
-----END CERTIFICATE-----