Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/pu_pFf7l03_Tlx4cqalTpl42HEY.roa
File:                     pu_pFf7l03_Tlx4cqalTpl42HEY.roa (raw, json)
Hash identifier:          Yv3gVaL2PUtWWS71RnQks9feNpk6yE3d1i3tTs/VStc=
Subject key identifier:   A6:EF:E9:15:FE:E5:D3:7F:D3:97:1E:1C:A9:A9:53:A6:5E:36:1C:46
Certificate issuer:       /CN=a389e7035b08e181a341f37eda7343d23f1cafa4
Certificate serial:       018CCA2B5B03642D294F4740382BC4F233B9
Authority key identifier: A3:89:E7:03:5B:08:E1:81:A3:41:F3:7E:DA:73:43:D2:3F:1C:AF:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o4nnA1sI4YGjQfN-2nND0j8cr6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/pu_pFf7l03_Tlx4cqalTpl42HEY.roa
Signing time:             Tue 02 Jan 2024 12:34:48 +0000
ROA not before:           Tue 02 Jan 2024 12:34:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     17819
IP address blocks:        176.121.90.0/24 maxlen: 24
                          176.121.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/o4nnA1sI4YGjQfN-2nND0j8cr6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/o4nnA1sI4YGjQfN-2nND0j8cr6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o4nnA1sI4YGjQfN-2nND0j8cr6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:5b:03:64:2d:29:4f:47:40:38:2b:c4:f2:33:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a389e7035b08e181a341f37eda7343d23f1cafa4
        Validity
            Not Before: Jan  2 12:34:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6efe915fee5d37fd3971e1ca9a953a65e361c46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:20:dd:73:5f:ff:ae:d8:6f:43:a3:5e:b3:b7:
                    84:d2:23:1c:fe:aa:fb:f6:6c:89:62:98:aa:a3:35:
                    ff:fe:ba:37:d8:d2:f3:86:0d:39:58:f5:06:73:66:
                    23:84:44:6b:b4:11:02:d8:9a:e2:d8:11:73:ee:19:
                    15:1c:1f:bf:e9:a3:44:f9:49:81:e7:66:62:82:c2:
                    46:b1:bb:16:96:19:de:35:e3:af:af:5d:b4:b6:57:
                    6d:88:db:e9:46:26:e5:c5:83:c0:2d:61:c7:74:92:
                    61:dd:f9:27:35:7e:47:a5:18:28:4a:72:56:91:31:
                    92:47:70:60:3d:ff:70:6b:60:7c:3f:1b:2a:42:ca:
                    63:ba:c6:10:08:9c:3b:bf:89:35:38:6e:9e:86:e9:
                    ef:ed:54:b0:17:7c:85:c3:56:33:52:ba:56:84:0a:
                    6f:23:98:80:eb:f7:75:d7:49:ad:2b:ca:01:17:07:
                    da:2c:5d:a5:85:c2:19:49:ca:76:4c:d2:5b:8b:9f:
                    79:a2:79:4d:59:ea:c4:44:de:3d:3d:3a:bc:fa:d3:
                    2b:0f:73:c9:88:54:fe:5b:2b:1c:f7:c1:ee:79:a9:
                    81:34:e5:f5:50:1b:37:12:c2:7e:f1:08:ea:b5:09:
                    48:52:52:0e:a6:e2:5b:b9:65:84:c3:b6:ae:b4:db:
                    25:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:EF:E9:15:FE:E5:D3:7F:D3:97:1E:1C:A9:A9:53:A6:5E:36:1C:46
            X509v3 Authority Key Identifier:
                keyid:A3:89:E7:03:5B:08:E1:81:A3:41:F3:7E:DA:73:43:D2:3F:1C:AF:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o4nnA1sI4YGjQfN-2nND0j8cr6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/pu_pFf7l03_Tlx4cqalTpl42HEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/o4nnA1sI4YGjQfN-2nND0j8cr6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.121.90.0/23

    Signature Algorithm: sha256WithRSAEncryption
         09:a9:4a:93:30:20:42:18:7a:9d:dc:43:54:f3:a9:d7:bc:88:
         aa:81:41:d6:e1:9e:09:95:c2:ed:3f:f7:bf:1e:97:f7:3e:57:
         ad:ab:c5:76:0c:f2:77:3d:4d:3d:7c:3d:05:9e:08:a3:3d:bc:
         3d:11:93:07:a9:ad:7c:f6:f0:75:c4:52:6f:5e:c4:49:73:97:
         f6:26:52:cb:15:9e:1f:79:1a:91:34:1f:1e:44:49:44:ff:00:
         e5:93:90:5a:83:55:21:15:8d:ef:29:45:7c:17:22:bd:42:2c:
         e8:12:e1:bd:46:b0:ea:59:b1:57:97:d6:a7:f0:0e:f0:8c:47:
         25:d0:6e:7c:14:dc:0d:78:c7:0d:e2:d5:cc:93:32:62:ba:e7:
         00:a4:f2:80:3f:e0:ad:f1:fe:72:96:10:48:bc:5a:f8:8c:cb:
         86:59:8a:34:ab:e9:b0:51:6e:1f:ca:7d:ef:c0:b6:cd:50:cc:
         42:13:1b:99:be:31:4e:d2:dc:71:dd:1a:4e:0b:9f:df:f1:8f:
         a7:41:3a:72:be:bc:b4:d6:b7:ac:3a:a7:1c:a7:a9:54:f9:72:
         fc:33:11:84:28:aa:e8:5b:0e:90:80:d8:18:a2:4d:e4:5b:b9:
         09:9d:a6:d3:2a:f9:87:1c:f8:ac:1a:3c:e4:41:c2:e1:75:cb:
         48:dd:07:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK1sDZC0pT0dAOCvE8jO5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzODllNzAzNWIwOGUxODFhMzQxZjM3ZWRhNzM0M2QyM2Yx
Y2FmYTQwHhcNMjQwMTAyMTIzNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmVmZTkxNWZlZTVkMzdmZDM5NzFlMWNhOWE5NTNhNjVlMzYxYzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyDdc1//rthvQ6Nes7eE0iMc/qr7
9myJYpiqozX//ro32NLzhg05WPUGc2YjhERrtBEC2Jri2BFz7hkVHB+/6aNE+UmB
52ZigsJGsbsWlhneNeOvr120tldtiNvpRiblxYPALWHHdJJh3fknNX5HpRgoSnJW
kTGSR3BgPf9wa2B8PxsqQspjusYQCJw7v4k1OG6ehunv7VSwF3yFw1YzUrpWhApv
I5iA6/d110mtK8oBFwfaLF2lhcIZScp2TNJbi595onlNWerERN49PTq8+tMrD3PJ
iFT+Wysc98HueamBNOX1UBs3EsJ+8QjqtQlIUlIOpuJbuWWEw7autNslewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKbv6RX+5dN/05ceHKmpU6ZeNhxGMB8GA1UdIwQY
MBaAFKOJ5wNbCOGBo0HzftpzQ9I/HK+kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzRubkExc0k0WUdqUWZOLTJuTkQwajhjcjZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9mMDUzY2QtMWQ3OS00M2ExLTlhYWIt
MGU3MjQxNmI0ZGM3LzEvcHVfcEZmN2wwM19UbHg0Y3FhbFRwbDQySEVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9mMDUzY2QtMWQ3OS00M2ExLTlhYWItMGU3MjQxNmI0ZGM3
LzEvbzRubkExc0k0WUdqUWZOLTJuTkQwajhjcjZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsHlaMA0G
CSqGSIb3DQEBCwUAA4IBAQAJqUqTMCBCGHqd3ENU86nXvIiqgUHW4Z4JlcLtP/e/
Hpf3Pletq8V2DPJ3PU09fD0FngijPbw9EZMHqa189vB1xFJvXsRJc5f2JlLLFZ4f
eRqRNB8eRElE/wDlk5Bag1UhFY3vKUV8FyK9QizoEuG9RrDqWbFXl9an8A7wjEcl
0G58FNwNeMcN4tXMkzJiuucApPKAP+Ct8f5ylhBIvFr4jMuGWYo0q+mwUW4fyn3v
wLbNUMxCExuZvjFO0txx3RpOC5/f8Y+nQTpyvry01resOqccp6lU+XL8MxGEKKro
Ww6QgNgYok3kW7kJnabTKvmHHPisGjzkQcLhdctI3Qeb
-----END CERTIFICATE-----