Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/oYTzJaRtAE0SfQSNrGAO8zDeUUU.roa
File:                     oYTzJaRtAE0SfQSNrGAO8zDeUUU.roa (raw, json)
Hash identifier:          9VRLpaPeMGmnRFaHlSVO9RtsfqYmQp7bajtAnABOnXM=
Subject key identifier:   A1:84:F3:25:A4:6D:00:4D:12:7D:04:8D:AC:60:0E:F3:30:DE:51:45
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       018CCA29D2294623CAD2079C48E5C838C8FE
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/oYTzJaRtAE0SfQSNrGAO8zDeUUU.roa
Signing time:             Tue 02 Jan 2024 12:33:07 +0000
ROA not before:           Tue 02 Jan 2024 12:33:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43444
IP address blocks:        91.132.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:d2:29:46:23:ca:d2:07:9c:48:e5:c8:38:c8:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Jan  2 12:33:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a184f325a46d004d127d048dac600ef330de5145
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:8a:09:3a:8f:1a:9e:ab:14:d5:c7:27:4f:8a:
                    26:27:89:c6:4a:77:c7:f3:02:47:51:9e:4c:7f:f2:
                    20:ae:95:41:b8:6a:4b:88:4e:c3:3b:a2:2c:d0:e9:
                    73:c7:36:b8:5b:84:4e:2a:6f:bf:49:f6:a5:0d:c1:
                    e7:3b:4a:40:84:7a:65:b0:d9:0b:43:ca:c8:67:fe:
                    8e:df:6f:ac:56:14:a5:40:3d:54:eb:bd:45:e9:64:
                    94:15:f9:09:30:6f:e7:dd:4b:92:df:f6:56:1c:89:
                    bc:8c:f7:6e:ea:27:c7:76:60:d6:cc:30:46:33:e0:
                    a2:24:14:ea:28:2a:34:9e:79:b7:a7:03:d2:a5:e7:
                    d2:2d:66:cd:cd:a8:1a:60:bd:eb:e0:ad:3a:ec:a4:
                    ff:d6:cd:5f:a6:de:2a:3b:29:b4:21:6b:25:2b:36:
                    c5:18:01:3f:ac:fe:3a:86:f1:c8:bb:f2:b9:46:85:
                    c4:b9:0a:bf:ed:fd:d1:4a:36:98:57:3c:77:5b:3a:
                    30:81:53:31:31:c5:ab:5f:dc:76:0a:55:6b:dd:32:
                    9f:eb:78:3d:cc:c4:f3:81:13:b2:ce:3b:0a:d8:b7:
                    9a:65:40:29:fd:bf:34:3e:03:32:6f:df:7c:6a:a5:
                    1c:60:d6:56:f1:f7:b1:ec:6b:21:e6:58:c5:8c:7c:
                    4f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:84:F3:25:A4:6D:00:4D:12:7D:04:8D:AC:60:0E:F3:30:DE:51:45
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/oYTzJaRtAE0SfQSNrGAO8zDeUUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:dd:b9:90:16:fb:21:e2:1b:b0:c7:ef:26:0f:13:13:59:db:
         9c:d2:e9:c0:7d:15:44:a6:79:57:6e:17:c6:67:6e:47:2e:71:
         95:8e:c6:3e:67:68:3f:11:31:8e:a4:6f:43:40:80:c0:13:fe:
         a2:ee:47:69:0b:ee:03:32:90:df:16:3b:72:85:18:18:12:e6:
         f9:7b:fd:5f:b9:99:58:ae:bf:be:90:70:27:17:df:e1:8a:4a:
         9a:94:5c:48:13:ef:14:eb:43:1f:43:80:f0:8c:17:a4:e2:6b:
         ad:0b:3b:4a:7c:f4:6d:96:68:e2:04:a0:0c:96:13:ef:af:c2:
         05:77:3a:70:83:aa:27:03:76:27:35:c3:d9:9b:01:80:1a:e6:
         bc:56:83:e9:7c:34:48:00:a1:d4:b6:be:eb:b6:d1:d5:84:f5:
         26:22:53:c1:79:bb:3f:25:b2:6a:d5:95:0e:76:74:0d:c3:73:
         5c:13:cc:ec:41:6a:5b:15:85:bf:2f:88:47:b2:91:41:af:e3:
         15:2e:55:d1:84:45:ae:5e:47:66:81:80:ae:c0:a3:de:84:d3:
         5c:68:21:1c:0b:ca:b4:33:64:79:ce:df:10:e7:c8:01:a7:31:
         68:03:37:a5:bf:3a:dd:d4:fd:2a:ba:1a:af:aa:79:40:2b:f2:
         4c:48:e2:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKdIpRiPK0gecSOXIOMj+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjQwMTAyMTIzMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTg0ZjMyNWE0NmQwMDRkMTI3ZDA0OGRhYzYwMGVmMzMwZGU1MTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ooJOo8anqsU1ccnT4omJ4nGSnfH
8wJHUZ5Mf/IgrpVBuGpLiE7DO6Is0Olzxza4W4ROKm+/SfalDcHnO0pAhHplsNkL
Q8rIZ/6O32+sVhSlQD1U671F6WSUFfkJMG/n3UuS3/ZWHIm8jPdu6ifHdmDWzDBG
M+CiJBTqKCo0nnm3pwPSpefSLWbNzagaYL3r4K067KT/1s1fpt4qOym0IWslKzbF
GAE/rP46hvHIu/K5RoXEuQq/7f3RSjaYVzx3WzowgVMxMcWrX9x2ClVr3TKf63g9
zMTzgROyzjsK2LeaZUAp/b80PgMyb998aqUcYNZW8fex7Gsh5ljFjHxP1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKGE8yWkbQBNEn0EjaxgDvMw3lFFMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvb1lUekphUnRBRTBTZlFTTnJHQU84ekRlVVVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW4TGMA0G
CSqGSIb3DQEBCwUAA4IBAQAO3bmQFvsh4huwx+8mDxMTWduc0unAfRVEpnlXbhfG
Z25HLnGVjsY+Z2g/ETGOpG9DQIDAE/6i7kdpC+4DMpDfFjtyhRgYEub5e/1fuZlY
rr++kHAnF9/hikqalFxIE+8U60MfQ4DwjBek4mutCztKfPRtlmjiBKAMlhPvr8IF
dzpwg6onA3YnNcPZmwGAGua8VoPpfDRIAKHUtr7rttHVhPUmIlPBebs/JbJq1ZUO
dnQNw3NcE8zsQWpbFYW/L4hHspFBr+MVLlXRhEWuXkdmgYCuwKPehNNcaCEcC8q0
M2R5zt8Q58gBpzFoAzelvzrd1P0quhqvqnlAK/JMSOI4
-----END CERTIFICATE-----