Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/_p-0fd7pM5nslnZW0jJwDgpSBGg.roa
File:                     _p-0fd7pM5nslnZW0jJwDgpSBGg.roa (raw, json)
Hash identifier:          //GYns952vbbxffHenDRt1YK7lq8BbuVV3HeThABHRo=
Subject key identifier:   FE:9F:B4:7D:DE:E9:33:99:EC:96:76:56:D2:32:70:0E:0A:52:04:68
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D634B3ED0F60982664D44452E6CB5
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/_p-0fd7pM5nslnZW0jJwDgpSBGg.roa
Signing time:             Mon 01 Jan 2024 00:29:57 +0000
ROA not before:           Mon 01 Jan 2024 00:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199512
IP address blocks:        213.91.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:63:4b:3e:d0:f6:09:82:66:4d:44:45:2e:6c:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe9fb47ddee93399ec967656d232700e0a520468
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:4b:02:01:d5:ea:00:1d:59:17:37:f2:c8:14:
                    df:45:9b:5e:d5:65:3b:cd:99:4f:3f:8e:1c:f5:42:
                    0d:a5:95:3c:69:0c:86:75:b6:0a:de:b0:6d:33:b7:
                    42:b7:db:74:6c:2b:36:c0:6b:e9:f6:1a:8c:85:df:
                    21:71:dd:e8:9e:fd:c8:59:5a:e4:ac:12:3a:86:01:
                    15:2d:52:f7:90:42:06:81:d2:74:ce:fa:c4:7f:c4:
                    86:f3:65:c1:f4:74:43:fb:fd:b1:eb:7b:f1:66:34:
                    a8:56:2d:a2:d8:52:69:13:13:18:00:fb:ac:c2:67:
                    02:5d:c5:d5:36:db:ee:b4:08:2d:e6:f2:1c:8d:18:
                    39:1f:b8:40:a9:9e:6c:2a:e7:d2:91:21:85:fb:da:
                    0f:27:81:ff:c7:0a:fb:51:77:ac:5d:5b:06:cc:e9:
                    1c:62:d4:e1:4a:57:ec:d2:32:8c:bf:21:8c:50:d8:
                    22:d5:75:a8:cb:ac:b0:6d:3f:0f:3c:ce:15:91:02:
                    05:bc:df:fb:6c:c7:e7:18:1e:60:34:bc:ba:3e:7f:
                    7b:14:c7:77:8a:b5:49:1f:7f:5b:b3:7d:c8:e3:d8:
                    c0:e2:df:19:5d:20:6b:73:7f:61:97:05:24:6b:07:
                    7d:5b:fd:6e:c9:81:b6:6a:10:66:c8:3b:03:f6:e6:
                    41:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:9F:B4:7D:DE:E9:33:99:EC:96:76:56:D2:32:70:0E:0A:52:04:68
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/_p-0fd7pM5nslnZW0jJwDgpSBGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.91.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:95:97:cd:a7:a5:8b:c3:e8:bf:76:a1:5e:0c:cd:fa:86:0a:
         97:bc:6a:cb:02:ef:f4:30:6c:71:75:ab:f6:dc:95:71:e7:92:
         58:6c:33:e5:49:82:ef:4c:ac:05:09:f8:b6:ca:09:c9:f7:f2:
         11:57:fa:3e:3d:97:9f:b0:18:a6:93:31:a7:f9:59:6d:c0:f1:
         a6:14:dc:71:0d:ba:92:39:b1:47:e7:98:4c:f0:95:b2:ff:1c:
         9c:e4:60:95:25:61:36:56:b9:66:72:19:6a:6a:0b:e7:47:0b:
         04:0e:72:b2:62:b8:b1:e1:d2:86:cb:4f:40:46:30:85:a3:f0:
         e6:36:41:6b:00:ee:6e:11:f2:04:00:6d:57:83:ab:50:d3:c5:
         17:49:37:e8:3a:f8:b8:7a:b8:90:48:63:56:67:be:94:dd:c3:
         f2:7b:31:3e:1d:53:8a:24:4a:cd:1c:23:ee:d9:c9:0f:f5:02:
         3d:67:a5:f5:1a:9e:44:6e:90:56:69:63:9d:13:3e:c2:df:4b:
         6d:51:93:f2:e9:f2:6c:f2:79:56:2a:8c:a1:b2:bc:98:70:b3:
         71:dd:28:9c:4a:4e:2a:37:42:ed:66:50:5d:64:48:8f:5c:23:
         32:67:ab:fd:b3:dc:06:2b:6d:b6:d7:ad:82:e3:83:42:8b:10:
         77:78:36:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWNLPtD2CYJmTURFLmy1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTlmYjQ3ZGRlZTkzMzk5ZWM5Njc2NTZkMjMyNzAwZTBhNTIwNDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtksCAdXqAB1ZFzfyyBTfRZte1WU7
zZlPP44c9UINpZU8aQyGdbYK3rBtM7dCt9t0bCs2wGvp9hqMhd8hcd3onv3IWVrk
rBI6hgEVLVL3kEIGgdJ0zvrEf8SG82XB9HRD+/2x63vxZjSoVi2i2FJpExMYAPus
wmcCXcXVNtvutAgt5vIcjRg5H7hAqZ5sKufSkSGF+9oPJ4H/xwr7UXesXVsGzOkc
YtThSlfs0jKMvyGMUNgi1XWoy6ywbT8PPM4VkQIFvN/7bMfnGB5gNLy6Pn97FMd3
irVJH39bs33I49jA4t8ZXSBrc39hlwUkawd9W/1uyYG2ahBmyDsD9uZBUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP6ftH3e6TOZ7JZ2VtIycA4KUgRoMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvX3AtMGZkN3BNNW5zbG5aVzBqSndEZ3BTQkdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1VudMA0G
CSqGSIb3DQEBCwUAA4IBAQAzlZfNp6WLw+i/dqFeDM36hgqXvGrLAu/0MGxxdav2
3JVx55JYbDPlSYLvTKwFCfi2ygnJ9/IRV/o+PZefsBimkzGn+VltwPGmFNxxDbqS
ObFH55hM8JWy/xyc5GCVJWE2VrlmchlqagvnRwsEDnKyYrix4dKGy09ARjCFo/Dm
NkFrAO5uEfIEAG1Xg6tQ08UXSTfoOvi4eriQSGNWZ76U3cPyezE+HVOKJErNHCPu
2ckP9QI9Z6X1Gp5EbpBWaWOdEz7C30ttUZPy6fJs8nlWKoyhsryYcLNx3SicSk4q
N0LtZlBdZEiPXCMyZ6v9s9wGK222162C44NCixB3eDbB
-----END CERTIFICATE-----