Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/e100b5-6f0a-4fe9-befb-c4acb8969c49/1/kfib2ZcU_k0XJ9_JA3AlQci9v-c.roa
File:                     kfib2ZcU_k0XJ9_JA3AlQci9v-c.roa (raw, json)
Hash identifier:          v5fpceWiqefhzd/1fRTEZcoQBwQhq3Dr7f1kgQQ5Ngo=
Subject key identifier:   91:F8:9B:D9:97:14:FE:4D:17:27:DF:C9:03:70:25:41:C8:BD:BF:E7
Certificate issuer:       /CN=788f5b210f3c3eb42065960e85d061e9d9d63ab8
Certificate serial:       018CC348D1E36C001C80D0E074626BACB5A0
Authority key identifier: 78:8F:5B:21:0F:3C:3E:B4:20:65:96:0E:85:D0:61:E9:D9:D6:3A:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eI9bIQ88PrQgZZYOhdBh6dnWOrg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/e100b5-6f0a-4fe9-befb-c4acb8969c49/1/kfib2ZcU_k0XJ9_JA3AlQci9v-c.roa
Signing time:             Mon 01 Jan 2024 04:29:38 +0000
ROA not before:           Mon 01 Jan 2024 04:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201027
IP address blocks:        185.238.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/e100b5-6f0a-4fe9-befb-c4acb8969c49/1/eI9bIQ88PrQgZZYOhdBh6dnWOrg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/e100b5-6f0a-4fe9-befb-c4acb8969c49/1/eI9bIQ88PrQgZZYOhdBh6dnWOrg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eI9bIQ88PrQgZZYOhdBh6dnWOrg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d1:e3:6c:00:1c:80:d0:e0:74:62:6b:ac:b5:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=788f5b210f3c3eb42065960e85d061e9d9d63ab8
        Validity
            Not Before: Jan  1 04:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91f89bd99714fe4d1727dfc903702541c8bdbfe7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:96:fa:08:83:06:f2:61:e3:52:7f:09:7e:0d:
                    01:03:6e:bf:db:3f:3b:63:e3:51:0d:63:06:13:a1:
                    95:c1:3c:33:6f:25:32:1b:7d:fa:32:b4:03:0b:e2:
                    23:d2:22:91:2c:2a:10:9b:07:e2:2d:36:bf:67:48:
                    91:d6:fb:97:29:a2:c8:2c:31:7b:bd:ae:28:5d:b2:
                    b5:fd:b7:da:02:bf:b1:de:c7:f2:49:fa:52:fc:4a:
                    3a:96:ac:82:02:8e:e6:ee:a6:6a:90:57:52:d5:d9:
                    43:b2:95:b1:3d:71:6d:ba:6a:2c:36:2c:86:60:1e:
                    89:7b:09:75:78:f3:3e:93:c6:cb:1b:9a:45:87:4d:
                    b9:eb:e9:1b:0d:dd:d8:24:42:12:7e:57:c3:53:58:
                    fb:3a:78:22:51:6d:fc:c6:16:23:8f:5d:56:8b:ee:
                    f2:75:38:d3:95:4c:85:2b:be:5a:85:92:05:ff:d0:
                    05:18:63:b5:69:fc:f0:84:5b:72:bb:16:85:ab:18:
                    30:dc:8d:6d:d0:43:61:f2:24:6c:39:9e:58:1a:6d:
                    41:ea:9c:c5:3d:bc:d8:d4:36:aa:06:6b:4d:36:eb:
                    f7:4d:26:0e:fb:9a:2e:12:69:c0:51:e5:0f:7e:60:
                    12:75:d4:37:53:8a:81:2b:b4:1d:c1:49:95:58:50:
                    02:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:F8:9B:D9:97:14:FE:4D:17:27:DF:C9:03:70:25:41:C8:BD:BF:E7
            X509v3 Authority Key Identifier:
                keyid:78:8F:5B:21:0F:3C:3E:B4:20:65:96:0E:85:D0:61:E9:D9:D6:3A:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eI9bIQ88PrQgZZYOhdBh6dnWOrg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/e100b5-6f0a-4fe9-befb-c4acb8969c49/1/kfib2ZcU_k0XJ9_JA3AlQci9v-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/e100b5-6f0a-4fe9-befb-c4acb8969c49/1/eI9bIQ88PrQgZZYOhdBh6dnWOrg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:34:4a:b9:da:09:6f:82:df:1c:8a:aa:80:7d:fc:ac:4a:2c:
         3d:fe:b9:0f:76:13:04:92:9c:f2:7f:56:cb:f2:6a:07:72:78:
         c3:a7:06:eb:20:07:e2:78:d5:c8:27:82:fc:be:4d:a3:d1:4d:
         91:50:33:01:0e:d0:4b:94:ed:7f:63:87:12:69:25:6a:73:ad:
         7e:6a:78:05:58:5e:e0:be:f6:09:a3:6c:f7:ed:40:52:01:a3:
         30:ee:89:8d:be:39:9c:79:c8:ac:51:cb:ff:fd:45:a9:f8:2e:
         40:71:93:2b:f6:3f:21:23:ad:5f:40:06:96:d1:55:da:dd:0e:
         60:1e:c2:be:95:36:71:b9:c4:52:5b:79:a0:d0:7e:6e:65:7e:
         0b:59:99:a4:f6:84:bc:e6:fc:c2:65:bf:fd:bc:2f:6c:2e:31:
         b8:03:58:32:52:69:34:70:7b:83:26:12:f6:fa:db:c1:30:79:
         67:58:ea:d5:d8:53:9a:a2:d9:16:e6:ac:06:ee:fb:07:2a:cb:
         57:a5:d7:dc:7a:dd:6f:14:c9:1b:a4:f4:a7:b2:da:6d:50:8c:
         b9:6c:be:07:2b:23:4c:a4:37:56:b5:1f:31:19:96:83:46:59:
         da:b4:b0:2a:a0:c5:df:c6:92:64:4c:c7:b4:4e:c2:5d:db:eb:
         28:0c:b3:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSNHjbAAcgNDgdGJrrLWgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4OGY1YjIxMGYzYzNlYjQyMDY1OTYwZTg1ZDA2MWU5ZDlk
NjNhYjgwHhcNMjQwMTAxMDQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWY4OWJkOTk3MTRmZTRkMTcyN2RmYzkwMzcwMjU0MWM4YmRiZmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJb6CIMG8mHjUn8Jfg0BA26/2z87
Y+NRDWMGE6GVwTwzbyUyG336MrQDC+Ij0iKRLCoQmwfiLTa/Z0iR1vuXKaLILDF7
va4oXbK1/bfaAr+x3sfySfpS/Eo6lqyCAo7m7qZqkFdS1dlDspWxPXFtumosNiyG
YB6Jewl1ePM+k8bLG5pFh0256+kbDd3YJEISflfDU1j7OngiUW38xhYjj11Wi+7y
dTjTlUyFK75ahZIF/9AFGGO1afzwhFtyuxaFqxgw3I1t0ENh8iRsOZ5YGm1B6pzF
PbzY1DaqBmtNNuv3TSYO+5ouEmnAUeUPfmASddQ3U4qBK7QdwUmVWFACWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJH4m9mXFP5NFyffyQNwJUHIvb/nMB8GA1UdIwQY
MBaAFHiPWyEPPD60IGWWDoXQYenZ1jq4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUk5YklRODhQclFnWlpZT2hkQmg2ZG5XT3JnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9lMTAwYjUtNmYwYS00ZmU5LWJlZmIt
YzRhY2I4OTY5YzQ5LzEva2ZpYjJaY1VfazBYSjlfSkEzQWxRY2k5di1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9lMTAwYjUtNmYwYS00ZmU5LWJlZmItYzRhY2I4OTY5YzQ5
LzEvZUk5YklRODhQclFnWlpZT2hkQmg2ZG5XT3JnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue4/MA0G
CSqGSIb3DQEBCwUAA4IBAQANNEq52glvgt8ciqqAffysSiw9/rkPdhMEkpzyf1bL
8moHcnjDpwbrIAfieNXIJ4L8vk2j0U2RUDMBDtBLlO1/Y4cSaSVqc61+angFWF7g
vvYJo2z37UBSAaMw7omNvjmcecisUcv//UWp+C5AcZMr9j8hI61fQAaW0VXa3Q5g
HsK+lTZxucRSW3mg0H5uZX4LWZmk9oS85vzCZb/9vC9sLjG4A1gyUmk0cHuDJhL2
+tvBMHlnWOrV2FOaotkW5qwG7vsHKstXpdfcet1vFMkbpPSnstptUIy5bL4HKyNM
pDdWtR8xGZaDRlnatLAqoMXfxpJkTMe0TsJd2+soDLNf
-----END CERTIFICATE-----