Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/483a68-08e7-4f90-9fd9-ff4a2b85889c/1/j1IEZXMzXLCKi9RncFlAMYKulAw.roa
File:                     j1IEZXMzXLCKi9RncFlAMYKulAw.roa (raw, json)
Hash identifier:          TXxPSz/pQk7cTxbi6YRxpNNlXPlIanShgMwqSRJgp5I=
Subject key identifier:   8F:52:04:65:73:33:5C:B0:8A:8B:D4:67:70:59:40:31:82:AE:94:0C
Certificate issuer:       /CN=a90dc475029e1d793355978ba46bf873065564b1
Certificate serial:       018CC3B69213FBC6AEAD5087084FBA0CFDBE
Authority key identifier: A9:0D:C4:75:02:9E:1D:79:33:55:97:8B:A4:6B:F8:73:06:55:64:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qQ3EdQKeHXkzVZeLpGv4cwZVZLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/483a68-08e7-4f90-9fd9-ff4a2b85889c/1/j1IEZXMzXLCKi9RncFlAMYKulAw.roa
Signing time:             Mon 01 Jan 2024 06:29:31 +0000
ROA not before:           Mon 01 Jan 2024 06:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41953
IP address blocks:        91.196.153.0/24 maxlen: 24
                          2a13:6440::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/483a68-08e7-4f90-9fd9-ff4a2b85889c/1/qQ3EdQKeHXkzVZeLpGv4cwZVZLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/483a68-08e7-4f90-9fd9-ff4a2b85889c/1/qQ3EdQKeHXkzVZeLpGv4cwZVZLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qQ3EdQKeHXkzVZeLpGv4cwZVZLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:92:13:fb:c6:ae:ad:50:87:08:4f:ba:0c:fd:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a90dc475029e1d793355978ba46bf873065564b1
        Validity
            Not Before: Jan  1 06:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f52046573335cb08a8bd4677059403182ae940c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:c2:d8:ce:86:bb:79:d4:86:1e:78:68:6f:70:
                    01:87:2c:f6:55:8c:8f:ee:fd:7a:92:f1:54:65:8c:
                    86:f4:6f:c6:0c:28:5b:2a:1f:77:33:bc:b4:07:ce:
                    76:67:6a:93:df:44:df:8f:89:84:eb:01:9a:ca:3e:
                    b8:8b:52:bb:3f:e9:f0:d9:be:29:d0:1f:73:a8:9e:
                    1e:e3:7a:d9:ab:dd:e1:d5:25:d4:15:4e:40:02:c1:
                    6e:7c:10:05:2e:63:f2:35:ad:62:82:45:96:5e:9f:
                    30:34:e6:2b:95:f8:ac:98:e9:0c:3a:c5:d4:4a:38:
                    fb:a3:38:fe:6f:78:9b:c6:29:5c:cd:15:d6:56:4e:
                    cb:2c:55:58:78:ce:d9:3c:04:5f:06:ef:47:20:df:
                    a8:23:fd:30:c5:de:5d:ff:1b:08:d9:07:3f:d2:37:
                    d7:0a:cc:7f:9e:7b:ba:59:83:83:ee:34:05:78:a5:
                    90:e5:e1:8b:ee:c7:b4:61:96:23:99:ff:ef:68:47:
                    81:43:c9:c9:33:85:9d:04:bf:fb:0a:72:a7:ef:09:
                    18:36:d7:53:39:17:54:4b:62:95:9d:b6:68:6d:47:
                    5c:5c:5e:81:db:e2:4b:da:45:71:09:e7:a5:81:b6:
                    c6:13:b4:bb:a7:a5:f9:d4:eb:80:48:e0:84:d8:61:
                    99:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:52:04:65:73:33:5C:B0:8A:8B:D4:67:70:59:40:31:82:AE:94:0C
            X509v3 Authority Key Identifier:
                keyid:A9:0D:C4:75:02:9E:1D:79:33:55:97:8B:A4:6B:F8:73:06:55:64:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qQ3EdQKeHXkzVZeLpGv4cwZVZLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/483a68-08e7-4f90-9fd9-ff4a2b85889c/1/j1IEZXMzXLCKi9RncFlAMYKulAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/483a68-08e7-4f90-9fd9-ff4a2b85889c/1/qQ3EdQKeHXkzVZeLpGv4cwZVZLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.153.0/24
                IPv6:
                  2a13:6440::/29

    Signature Algorithm: sha256WithRSAEncryption
         40:3d:b5:5a:87:dd:55:6e:01:7c:b3:6e:1d:b9:46:31:c1:74:
         11:65:e4:ef:0b:4d:a3:cd:9d:2b:60:a8:bd:d5:e5:ee:a9:ac:
         57:0b:40:72:e4:82:c2:30:81:c7:d7:3d:fb:17:11:91:94:09:
         c3:be:8a:9d:8a:ec:53:97:59:61:90:4e:42:c9:ce:37:4d:b4:
         ab:71:89:54:d7:83:87:16:04:35:d0:53:e7:ee:e5:a4:38:d3:
         24:d5:8d:f5:93:f0:a5:74:ff:b6:4f:1b:b4:05:8f:a9:77:5b:
         8f:de:5c:e5:9a:d0:b3:54:8d:db:2a:12:eb:39:90:52:d6:92:
         a7:39:32:a8:c3:ea:fe:b0:97:0f:88:8c:56:0f:3b:f4:ad:99:
         4d:d3:4a:43:8f:62:37:fb:71:86:f7:84:cc:cb:70:80:ed:ce:
         39:43:53:78:1b:29:03:16:4b:51:22:30:f6:06:c3:3b:aa:59:
         5a:63:c0:74:b7:d7:6a:0a:d6:e7:a4:78:b7:30:c4:4f:c6:80:
         ce:d2:5e:88:d3:aa:2c:aa:38:b3:cb:f9:82:e7:73:43:b8:b9:
         7d:20:30:ce:9f:4a:1e:e4:b4:5b:1f:b3:f5:fc:7f:2e:2f:db:
         42:33:b1:3f:1a:56:ac:b9:e6:7d:7d:5f:e6:34:a4:08:77:12:
         18:dd:d4:db
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtpIT+8aurVCHCE+6DP2+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5MGRjNDc1MDI5ZTFkNzkzMzU1OTc4YmE0NmJmODczMDY1
NTY0YjEwHhcNMjQwMTAxMDYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjUyMDQ2NTczMzM1Y2IwOGE4YmQ0Njc3MDU5NDAzMTgyYWU5NDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8LYzoa7edSGHnhob3ABhyz2VYyP
7v16kvFUZYyG9G/GDChbKh93M7y0B852Z2qT30Tfj4mE6wGayj64i1K7P+nw2b4p
0B9zqJ4e43rZq93h1SXUFU5AAsFufBAFLmPyNa1igkWWXp8wNOYrlfismOkMOsXU
Sjj7ozj+b3ibxilczRXWVk7LLFVYeM7ZPARfBu9HIN+oI/0wxd5d/xsI2Qc/0jfX
Csx/nnu6WYOD7jQFeKWQ5eGL7se0YZYjmf/vaEeBQ8nJM4WdBL/7CnKn7wkYNtdT
ORdUS2KVnbZobUdcXF6B2+JL2kVxCeelgbbGE7S7p6X51OuASOCE2GGZ8QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFI9SBGVzM1ywiovUZ3BZQDGCrpQMMB8GA1UdIwQY
MBaAFKkNxHUCnh15M1WXi6Rr+HMGVWSxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVEzRWRRS2VIWGt6VlplTHBHdjRjd1pWWkxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC80ODNhNjgtMDhlNy00ZjkwLTlmZDkt
ZmY0YTJiODU4ODljLzEvajFJRVpYTXpYTENLaTlSbmNGbEFNWUt1bEF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC80ODNhNjgtMDhlNy00ZjkwLTlmZDktZmY0YTJiODU4ODlj
LzEvcVEzRWRRS2VIWGt6VlplTHBHdjRjd1pWWkxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW8SZMA0E
AgACMAcDBQMqE2RAMA0GCSqGSIb3DQEBCwUAA4IBAQBAPbVah91VbgF8s24duUYx
wXQRZeTvC02jzZ0rYKi91eXuqaxXC0By5ILCMIHH1z37FxGRlAnDvoqdiuxTl1lh
kE5Cyc43TbSrcYlU14OHFgQ10FPn7uWkONMk1Y31k/CldP+2Txu0BY+pd1uP3lzl
mtCzVI3bKhLrOZBS1pKnOTKow+r+sJcPiIxWDzv0rZlN00pDj2I3+3GG94TMy3CA
7c45Q1N4GykDFktRIjD2BsM7qllaY8B0t9dqCtbnpHi3MMRPxoDO0l6I06osqjiz
y/mC53NDuLl9IDDOn0oe5LRbH7P1/H8uL9tCM7E/GlasueZ9fV/mNKQIdxIY3dTb
-----END CERTIFICATE-----