Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/446d40-5782-4de0-a2c5-b68f5d8f651a/1/8GIvJtJizN9wJS9RttgPc3kdVIM.roa
File:                     8GIvJtJizN9wJS9RttgPc3kdVIM.roa (raw, json)
Hash identifier:          Sf7iQfKfH4sDFBy09aD5dc6Qemkb4hsSBwyFzyteXI0=
Subject key identifier:   F0:62:2F:26:D2:62:CC:DF:70:25:2F:51:B6:D8:0F:73:79:1D:54:83
Certificate issuer:       /CN=d737824e0ffa79f18b9fc49d6cb0dd81c9a6ca28
Certificate serial:       018CC79506815D8892F3D3B9A3C7C94318EE
Authority key identifier: D7:37:82:4E:0F:FA:79:F1:8B:9F:C4:9D:6C:B0:DD:81:C9:A6:CA:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1zeCTg_6efGLn8SdbLDdgcmmyig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/446d40-5782-4de0-a2c5-b68f5d8f651a/1/8GIvJtJizN9wJS9RttgPc3kdVIM.roa
Signing time:             Tue 02 Jan 2024 00:31:21 +0000
ROA not before:           Tue 02 Jan 2024 00:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        91.232.229.0/24 maxlen: 24
                          2001:7f8:66::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/446d40-5782-4de0-a2c5-b68f5d8f651a/1/1zeCTg_6efGLn8SdbLDdgcmmyig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/446d40-5782-4de0-a2c5-b68f5d8f651a/1/1zeCTg_6efGLn8SdbLDdgcmmyig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1zeCTg_6efGLn8SdbLDdgcmmyig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:06:81:5d:88:92:f3:d3:b9:a3:c7:c9:43:18:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d737824e0ffa79f18b9fc49d6cb0dd81c9a6ca28
        Validity
            Not Before: Jan  2 00:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0622f26d262ccdf70252f51b6d80f73791d5483
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:08:a4:c7:dd:1d:ef:59:f2:93:9f:da:62:ae:
                    63:76:8f:04:90:c1:ea:1e:ca:61:1d:ad:d9:11:aa:
                    79:71:23:d5:c8:e8:c8:5e:52:50:fe:66:80:80:cc:
                    c1:9b:60:25:ef:66:b1:e6:73:22:ff:c3:36:7e:62:
                    74:4b:b4:9a:03:7f:c1:77:09:63:53:63:21:34:0e:
                    71:02:95:ce:04:e3:fa:3e:a6:48:fc:3d:f6:45:cf:
                    d7:4c:87:e1:ea:a2:22:b3:47:d9:c7:a1:79:0d:53:
                    fd:5b:f5:1e:d5:24:95:e6:94:c4:4f:d9:6f:54:ee:
                    6b:b1:2d:5e:91:b6:eb:b0:e8:55:d6:90:e0:23:da:
                    dd:ba:81:02:f1:95:cb:ab:09:85:31:f6:ee:cd:18:
                    48:07:18:69:05:a8:3f:f4:73:cb:89:c1:67:54:90:
                    50:91:93:f4:0b:c5:a6:4e:92:48:fc:8e:6e:cd:46:
                    71:13:36:3d:26:ec:11:13:7f:b5:6f:e0:d5:e6:f5:
                    88:d5:0e:57:25:2b:3a:4f:37:c7:a6:7d:7f:2a:82:
                    00:48:7b:f5:27:11:ab:dd:46:c0:1b:64:a3:97:dc:
                    e1:e3:69:8c:05:24:12:e3:ed:d2:93:6e:14:e5:63:
                    8a:7a:ae:1f:23:e7:ea:6c:60:03:25:73:53:37:45:
                    f8:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:62:2F:26:D2:62:CC:DF:70:25:2F:51:B6:D8:0F:73:79:1D:54:83
            X509v3 Authority Key Identifier:
                keyid:D7:37:82:4E:0F:FA:79:F1:8B:9F:C4:9D:6C:B0:DD:81:C9:A6:CA:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1zeCTg_6efGLn8SdbLDdgcmmyig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/446d40-5782-4de0-a2c5-b68f5d8f651a/1/8GIvJtJizN9wJS9RttgPc3kdVIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/446d40-5782-4de0-a2c5-b68f5d8f651a/1/1zeCTg_6efGLn8SdbLDdgcmmyig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.229.0/24
                IPv6:
                  2001:7f8:66::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:ae:e2:37:2a:58:b6:c1:70:59:33:18:f2:e8:36:ed:1f:76:
         83:f6:af:b8:62:44:cb:82:c6:08:a2:37:34:d6:89:04:a5:a9:
         ca:a6:8d:4c:3c:4d:fd:c7:3c:f9:a9:b6:0e:70:8f:6a:ff:94:
         fe:ff:83:66:48:79:0f:25:d9:66:f1:e9:c9:2d:e0:21:18:b1:
         4a:92:a0:b7:c7:f7:2e:2b:d3:3e:30:42:e5:4b:d2:fb:e4:2a:
         10:c5:1a:d0:1f:6d:89:c8:b5:e3:e6:ed:ea:5e:ad:13:10:d0:
         0a:95:75:6f:c7:5d:22:8f:c9:e8:bc:b0:72:4a:63:9e:8c:44:
         36:a2:bb:41:50:c3:d6:38:0d:2e:5c:bf:a4:75:68:26:c4:84:
         d8:c4:4d:84:f8:db:1a:ce:b8:63:6d:ba:b4:14:f4:10:88:b3:
         34:86:47:e6:6b:77:7d:90:a2:ca:a6:8a:15:cc:a4:87:67:89:
         a4:51:78:df:b6:ab:bd:89:75:77:63:e5:fc:08:28:61:18:b2:
         60:aa:da:03:d7:e5:c0:17:88:9e:7a:cb:cd:fb:69:7f:51:f8:
         69:f9:c6:5b:66:11:b5:3b:a0:9f:57:ce:b2:d9:68:d1:8b:a5:
         63:14:e7:72:4a:75:fd:59:32:62:b9:87:25:40:3f:5f:f8:13:
         ec:f9:f9:13
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHlQaBXYiS89O5o8fJQxjuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3Mzc4MjRlMGZmYTc5ZjE4YjlmYzQ5ZDZjYjBkZDgxYzlh
NmNhMjgwHhcNMjQwMTAyMDAzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDYyMmYyNmQyNjJjY2RmNzAyNTJmNTFiNmQ4MGY3Mzc5MWQ1NDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQikx90d71nyk5/aYq5jdo8EkMHq
HsphHa3ZEap5cSPVyOjIXlJQ/maAgMzBm2Al72ax5nMi/8M2fmJ0S7SaA3/Bdwlj
U2MhNA5xApXOBOP6PqZI/D32Rc/XTIfh6qIis0fZx6F5DVP9W/Ue1SSV5pTET9lv
VO5rsS1ekbbrsOhV1pDgI9rduoEC8ZXLqwmFMfbuzRhIBxhpBag/9HPLicFnVJBQ
kZP0C8WmTpJI/I5uzUZxEzY9JuwRE3+1b+DV5vWI1Q5XJSs6TzfHpn1/KoIASHv1
JxGr3UbAG2Sjl9zh42mMBSQS4+3Sk24U5WOKeq4fI+fqbGADJXNTN0X4JwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPBiLybSYszfcCUvUbbYD3N5HVSDMB8GA1UdIwQY
MBaAFNc3gk4P+nnxi5/EnWyw3YHJpsooMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXplQ1RnXzZlZkdMbjhTZGJMRGRnY21teWlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC80NDZkNDAtNTc4Mi00ZGUwLWEyYzUt
YjY4ZjVkOGY2NTFhLzEvOEdJdkp0Sml6Tjl3SlM5UnR0Z1BjM2tkVklNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC80NDZkNDAtNTc4Mi00ZGUwLWEyYzUtYjY4ZjVkOGY2NTFh
LzEvMXplQ1RnXzZlZkdMbjhTZGJMRGRnY21teWlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW+jlMA8E
AgACMAkDBwAgAQf4AGYwDQYJKoZIhvcNAQELBQADggEBADKu4jcqWLbBcFkzGPLo
Nu0fdoP2r7hiRMuCxgiiNzTWiQSlqcqmjUw8Tf3HPPmptg5wj2r/lP7/g2ZIeQ8l
2Wbx6ckt4CEYsUqSoLfH9y4r0z4wQuVL0vvkKhDFGtAfbYnItePm7eperRMQ0AqV
dW/HXSKPyei8sHJKY56MRDaiu0FQw9Y4DS5cv6R1aCbEhNjETYT42xrOuGNturQU
9BCIszSGR+Zrd32QosqmihXMpIdniaRReN+2q72JdXdj5fwIKGEYsmCq2gPX5cAX
iJ56y837aX9R+Gn5xltmEbU7oJ9XzrLZaNGLpWMU53JKdf1ZMmK5hyVAP1/4E+z5
+RM=
-----END CERTIFICATE-----