Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/d3d466-d951-4c52-b330-aa8485cf3068/1/oQeKV5LgklmKvDmBbJEQYD9q4zA.roa
File:                     oQeKV5LgklmKvDmBbJEQYD9q4zA.roa (raw, json)
Hash identifier:          VBng7xAocJU6nPUGunX1xTbqpFEaldafprE1rcqvBI4=
Subject key identifier:   A1:07:8A:57:92:E0:92:59:8A:BC:39:81:6C:91:10:60:3F:6A:E3:30
Certificate issuer:       /CN=0dd2f8e0dea1387daf9035d2cdf4eb8c93ad89cc
Certificate serial:       018CC80142504830F82929E7360390DC6193
Authority key identifier: 0D:D2:F8:E0:DE:A1:38:7D:AF:90:35:D2:CD:F4:EB:8C:93:AD:89:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DdL44N6hOH2vkDXSzfTrjJOticw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/d3d466-d951-4c52-b330-aa8485cf3068/1/oQeKV5LgklmKvDmBbJEQYD9q4zA.roa
Signing time:             Tue 02 Jan 2024 02:29:34 +0000
ROA not before:           Tue 02 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13209
IP address blocks:        91.217.82.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/d3d466-d951-4c52-b330-aa8485cf3068/1/DdL44N6hOH2vkDXSzfTrjJOticw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/d3d466-d951-4c52-b330-aa8485cf3068/1/DdL44N6hOH2vkDXSzfTrjJOticw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DdL44N6hOH2vkDXSzfTrjJOticw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 19:03:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:42:50:48:30:f8:29:29:e7:36:03:90:dc:61:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0dd2f8e0dea1387daf9035d2cdf4eb8c93ad89cc
        Validity
            Not Before: Jan  2 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1078a5792e092598abc39816c9110603f6ae330
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:c9:df:9e:54:c5:d9:3d:74:fe:45:e3:e6:d2:
                    1a:4f:99:95:97:66:03:a3:cb:db:7e:53:e3:11:45:
                    78:d2:8c:7e:8f:5e:4a:d8:73:b4:f3:74:4a:a6:2b:
                    3c:11:69:be:28:4a:17:fe:f9:aa:68:6d:4f:eb:8e:
                    e6:8b:0c:68:bf:71:71:2c:58:d6:81:65:f4:26:74:
                    ba:79:fd:db:e5:d1:04:b0:a4:57:a3:70:9a:76:81:
                    59:0d:c5:3b:bb:c0:fe:28:46:90:12:d6:55:91:49:
                    cd:c4:29:ee:76:ad:e1:1e:40:c3:12:0d:42:0d:62:
                    50:a8:d8:76:d3:3f:96:ff:a7:d9:22:a4:84:c6:f5:
                    55:36:fc:d5:ef:0e:01:4c:d7:79:23:fd:75:5c:b3:
                    0c:53:4c:69:72:6d:c2:ba:d0:bc:79:72:28:04:b1:
                    09:2b:60:ba:a8:a6:06:f5:f3:53:78:82:16:54:e9:
                    87:e4:8c:05:eb:df:f1:11:36:48:94:02:69:53:ce:
                    a5:c5:8a:7b:2d:9c:4b:3e:28:f6:6f:9a:eb:58:05:
                    de:6b:2c:41:59:e4:0a:32:df:61:69:12:ed:d0:cb:
                    94:52:5a:b7:f1:ac:49:ee:e4:5a:6a:0c:40:18:c5:
                    d1:48:05:d2:38:8b:cb:05:72:33:ca:fd:50:63:80:
                    97:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:07:8A:57:92:E0:92:59:8A:BC:39:81:6C:91:10:60:3F:6A:E3:30
            X509v3 Authority Key Identifier:
                keyid:0D:D2:F8:E0:DE:A1:38:7D:AF:90:35:D2:CD:F4:EB:8C:93:AD:89:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DdL44N6hOH2vkDXSzfTrjJOticw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/d3d466-d951-4c52-b330-aa8485cf3068/1/oQeKV5LgklmKvDmBbJEQYD9q4zA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/d3d466-d951-4c52-b330-aa8485cf3068/1/DdL44N6hOH2vkDXSzfTrjJOticw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1a:87:10:ad:a8:ff:63:1e:b7:97:ef:3a:72:7a:fd:fb:4d:26:
         0b:b5:bb:56:1c:00:4b:95:95:5d:12:9a:3b:8b:a8:51:cc:a6:
         fc:81:7b:77:69:12:57:a1:9e:ea:82:d6:28:17:ad:ea:7c:dd:
         d4:13:0f:da:d7:a0:00:0e:7d:c5:1e:d2:82:fa:61:ee:7f:19:
         ad:3e:03:25:73:6b:e3:3e:cb:46:77:a8:c7:8c:9e:f1:7d:e4:
         78:bd:b0:28:4c:97:12:14:a5:57:b6:d9:86:63:66:76:8e:c3:
         24:04:14:83:40:d4:4d:03:38:a9:df:6e:c9:f9:cf:5e:82:5e:
         5c:02:bc:88:c6:21:28:f0:c4:2d:fc:7c:3d:30:c7:e3:3d:f1:
         af:d0:18:22:7d:87:08:6e:a1:19:12:1f:41:28:37:d4:55:af:
         e2:9b:50:c8:4a:e7:34:76:6b:79:3a:63:a4:de:f3:68:76:99:
         b7:e2:be:46:fa:6c:ae:69:37:58:1e:46:8c:65:d9:f0:40:b2:
         b6:5c:cd:ce:1d:48:70:47:7b:ab:66:a9:2e:59:c3:c2:eb:9a:
         f3:db:4c:0f:cc:ca:13:26:9e:1a:45:f6:4e:da:18:e1:f5:32:
         4d:75:6c:12:10:a0:29:1d:37:ea:36:81:cc:78:ea:be:f2:02:
         06:f8:39:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAUJQSDD4KSnnNgOQ3GGTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkZDJmOGUwZGVhMTM4N2RhZjkwMzVkMmNkZjRlYjhjOTNh
ZDg5Y2MwHhcNMjQwMTAyMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTA3OGE1NzkyZTA5MjU5OGFiYzM5ODE2YzkxMTA2MDNmNmFlMzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlMnfnlTF2T10/kXj5tIaT5mVl2YD
o8vbflPjEUV40ox+j15K2HO083RKpis8EWm+KEoX/vmqaG1P647miwxov3FxLFjW
gWX0JnS6ef3b5dEEsKRXo3CadoFZDcU7u8D+KEaQEtZVkUnNxCnudq3hHkDDEg1C
DWJQqNh20z+W/6fZIqSExvVVNvzV7w4BTNd5I/11XLMMU0xpcm3CutC8eXIoBLEJ
K2C6qKYG9fNTeIIWVOmH5IwF69/xETZIlAJpU86lxYp7LZxLPij2b5rrWAXeayxB
WeQKMt9haRLt0MuUUlq38axJ7uRaagxAGMXRSAXSOIvLBXIzyv1QY4CXCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKEHileS4JJZirw5gWyREGA/auMwMB8GA1UdIwQY
MBaAFA3S+ODeoTh9r5A10s3064yTrYnMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGRMNDRONmhPSDJ2a0RYU3pmVHJqSk90aWN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9kM2Q0NjYtZDk1MS00YzUyLWIzMzAt
YWE4NDg1Y2YzMDY4LzEvb1FlS1Y1TGdrbG1LdkRtQmJKRVFZRDlxNHpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9kM2Q0NjYtZDk1MS00YzUyLWIzMzAtYWE4NDg1Y2YzMDY4
LzEvRGRMNDRONmhPSDJ2a0RYU3pmVHJqSk90aWN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW9lSMA0G
CSqGSIb3DQEBCwUAA4IBAQAahxCtqP9jHreX7zpyev37TSYLtbtWHABLlZVdEpo7
i6hRzKb8gXt3aRJXoZ7qgtYoF63qfN3UEw/a16AADn3FHtKC+mHufxmtPgMlc2vj
PstGd6jHjJ7xfeR4vbAoTJcSFKVXttmGY2Z2jsMkBBSDQNRNAzip327J+c9egl5c
AryIxiEo8MQt/Hw9MMfjPfGv0BgifYcIbqEZEh9BKDfUVa/im1DISuc0dmt5OmOk
3vNodpm34r5G+myuaTdYHkaMZdnwQLK2XM3OHUhwR3urZqkuWcPC65rz20wPzMoT
Jp4aRfZO2hjh9TJNdWwSEKApHTfqNoHMeOq+8gIG+Dnc
-----END CERTIFICATE-----