Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/dbYnx4iYb9WYJAumHyCMIYsUECY.roa
File:                     dbYnx4iYb9WYJAumHyCMIYsUECY.roa (raw, json)
Hash identifier:          mJdK9SfFJEXfCgq16GSe1e4bH053bLTJoJCo2qrmAuw=
Subject key identifier:   75:B6:27:C7:88:98:6F:D5:98:24:0B:A6:1F:20:8C:21:8B:14:10:26
Certificate issuer:       /CN=e316318247d211841f9620a9a1130010ddb486f2
Certificate serial:       018CC87142B3D8AECBADDF5A1874F81E895D
Authority key identifier: E3:16:31:82:47:D2:11:84:1F:96:20:A9:A1:13:00:10:DD:B4:86:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4xYxgkfSEYQfliCpoRMAEN20hvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/dbYnx4iYb9WYJAumHyCMIYsUECY.roa
Signing time:             Tue 02 Jan 2024 04:31:54 +0000
ROA not before:           Tue 02 Jan 2024 04:31:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49434
IP address blocks:        91.231.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/4xYxgkfSEYQfliCpoRMAEN20hvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/4xYxgkfSEYQfliCpoRMAEN20hvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4xYxgkfSEYQfliCpoRMAEN20hvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 21:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:42:b3:d8:ae:cb:ad:df:5a:18:74:f8:1e:89:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e316318247d211841f9620a9a1130010ddb486f2
        Validity
            Not Before: Jan  2 04:31:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75b627c788986fd598240ba61f208c218b141026
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e6:12:26:c7:c9:64:ce:e4:3e:89:68:ed:19:
                    89:9d:11:ba:c1:ec:ff:d7:ae:0f:e6:72:22:42:fb:
                    04:c7:aa:d1:93:00:d3:3b:7a:62:49:c7:ae:b6:fd:
                    37:10:28:2a:bf:65:cc:39:d9:c0:f4:55:a4:10:f2:
                    e5:71:4f:0a:92:49:5a:e6:ba:b4:a7:fb:23:59:f6:
                    ed:72:59:cd:16:c8:e3:2b:65:2b:15:f3:2a:c6:a5:
                    9c:ae:04:b8:90:65:68:e1:8c:15:e7:4a:9f:02:dc:
                    d7:62:0e:a2:31:aa:bc:38:50:de:eb:fb:da:8c:4b:
                    a5:2c:22:7a:5f:0e:ae:de:3d:50:e7:08:96:d8:e0:
                    a8:97:a1:ec:2e:42:af:bd:be:bc:c8:f5:c1:44:71:
                    46:70:cc:1b:ba:4a:21:60:a2:58:a7:8b:08:80:d2:
                    e1:70:17:f1:82:52:00:7e:7d:60:7e:41:9e:f8:e3:
                    9b:60:f2:b3:38:00:87:2e:1c:44:cb:77:9d:98:d5:
                    b0:de:73:33:79:c1:4b:9d:f7:2d:1a:1a:fb:f7:2f:
                    22:e4:12:1f:41:55:7c:3f:95:4d:f7:be:38:3f:a1:
                    9b:57:85:f7:1a:b5:a0:cd:46:81:68:40:f7:68:31:
                    4f:8b:55:be:98:66:a5:5c:01:b8:9c:dd:6a:e7:cf:
                    b1:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:B6:27:C7:88:98:6F:D5:98:24:0B:A6:1F:20:8C:21:8B:14:10:26
            X509v3 Authority Key Identifier:
                keyid:E3:16:31:82:47:D2:11:84:1F:96:20:A9:A1:13:00:10:DD:B4:86:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4xYxgkfSEYQfliCpoRMAEN20hvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/dbYnx4iYb9WYJAumHyCMIYsUECY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/4xYxgkfSEYQfliCpoRMAEN20hvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:d0:bd:88:3e:b7:62:1f:80:98:a1:ee:28:48:bd:53:4d:80:
         60:c6:9d:6e:ce:4a:bb:36:c8:68:8c:4a:4e:2d:03:1b:8e:e2:
         28:a9:26:5b:0d:29:cc:12:0c:e2:99:8a:12:bc:35:1b:6a:b5:
         45:93:6c:1a:0a:61:2f:fc:15:cd:c9:05:34:03:d1:c9:c2:dd:
         ca:eb:0b:dc:71:56:18:47:80:95:db:36:bb:bd:ad:d8:63:93:
         ee:a8:24:c4:6c:2b:7a:36:af:fa:ef:a4:93:2a:fc:42:9f:f0:
         35:6d:5e:05:f7:8b:b2:20:a5:d1:76:e1:f0:df:9d:3d:21:7a:
         f1:32:a4:64:a7:ab:8b:54:8e:92:8d:53:d5:03:4f:46:f0:1b:
         1e:58:ae:ce:4b:71:5b:03:10:52:16:41:19:b2:66:4f:57:79:
         ab:c7:88:e7:65:0c:6b:7e:fb:71:dd:1e:cf:0f:5c:f6:c5:5d:
         56:e8:57:4c:bd:d2:d5:02:42:22:24:17:3d:77:0f:be:3f:ee:
         dd:65:c4:20:14:cd:35:55:e8:46:35:c2:2c:26:e2:0f:5a:24:
         42:0e:de:73:f5:3d:bc:73:38:69:4c:0a:d6:7d:14:52:1b:85:
         f2:a1:c6:37:cc:cc:8e:97:76:c9:f1:cf:0e:61:4b:eb:26:c0:
         24:45:89:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcUKz2K7Lrd9aGHT4HoldMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMTYzMTgyNDdkMjExODQxZjk2MjBhOWExMTMwMDEwZGRi
NDg2ZjIwHhcNMjQwMTAyMDQzMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWI2MjdjNzg4OTg2ZmQ1OTgyNDBiYTYxZjIwOGMyMThiMTQxMDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuYSJsfJZM7kPolo7RmJnRG6wez/
164P5nIiQvsEx6rRkwDTO3piSceutv03ECgqv2XMOdnA9FWkEPLlcU8Kkkla5rq0
p/sjWfbtclnNFsjjK2UrFfMqxqWcrgS4kGVo4YwV50qfAtzXYg6iMaq8OFDe6/va
jEulLCJ6Xw6u3j1Q5wiW2OCol6HsLkKvvb68yPXBRHFGcMwbukohYKJYp4sIgNLh
cBfxglIAfn1gfkGe+OObYPKzOACHLhxEy3edmNWw3nMzecFLnfctGhr79y8i5BIf
QVV8P5VN9744P6GbV4X3GrWgzUaBaED3aDFPi1W+mGalXAG4nN1q58+xowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHW2J8eImG/VmCQLph8gjCGLFBAmMB8GA1UdIwQY
MBaAFOMWMYJH0hGEH5YgqaETABDdtIbyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHhZeGdrZlNFWVFmbGlDcG9STUFFTjIwaHZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9lZTQyYmItMWU0OS00YzIxLWE0ZDYt
ZWMyODdlMWQzN2U1LzEvZGJZbng0aVliOVdZSkF1bUh5Q01JWXNVRUNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9lZTQyYmItMWU0OS00YzIxLWE0ZDYtZWMyODdlMWQzN2U1
LzEvNHhZeGdrZlNFWVFmbGlDcG9STUFFTjIwaHZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+ecMA0G
CSqGSIb3DQEBCwUAA4IBAQBy0L2IPrdiH4CYoe4oSL1TTYBgxp1uzkq7NshojEpO
LQMbjuIoqSZbDSnMEgzimYoSvDUbarVFk2waCmEv/BXNyQU0A9HJwt3K6wvccVYY
R4CV2za7va3YY5PuqCTEbCt6Nq/676STKvxCn/A1bV4F94uyIKXRduHw3509IXrx
MqRkp6uLVI6SjVPVA09G8BseWK7OS3FbAxBSFkEZsmZPV3mrx4jnZQxrfvtx3R7P
D1z2xV1W6FdMvdLVAkIiJBc9dw++P+7dZcQgFM01VehGNcIsJuIPWiRCDt5z9T28
czhpTArWfRRSG4XyocY3zMyOl3bJ8c8OYUvrJsAkRYkh
-----END CERTIFICATE-----