Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/0d5d9f-5808-4871-a24d-bebdf4cd485b/1/hBZAk4FNboJLIs_5WgNm2zok0Vs.roa
File:                     hBZAk4FNboJLIs_5WgNm2zok0Vs.roa (raw, json)
Hash identifier:          Lzy9PPMtC2T31uLXlLOO0jJQfU9WOcUU2MpY3KuzP1s=
Subject key identifier:   84:16:40:93:81:4D:6E:82:4B:22:CF:F9:5A:03:66:DB:3A:24:D1:5B
Certificate issuer:       /CN=ee0bd0ea95a190c703a85e09ebc5e5fda5cdce32
Certificate serial:       018CC649C22760EBF25B82AA5A04996A0F2F
Authority key identifier: EE:0B:D0:EA:95:A1:90:C7:03:A8:5E:09:EB:C5:E5:FD:A5:CD:CE:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7gvQ6pWhkMcDqF4J68Xl_aXNzjI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/0d5d9f-5808-4871-a24d-bebdf4cd485b/1/hBZAk4FNboJLIs_5WgNm2zok0Vs.roa
Signing time:             Mon 01 Jan 2024 18:29:31 +0000
ROA not before:           Mon 01 Jan 2024 18:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197255
IP address blocks:        91.217.60.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/0d5d9f-5808-4871-a24d-bebdf4cd485b/1/7gvQ6pWhkMcDqF4J68Xl_aXNzjI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/0d5d9f-5808-4871-a24d-bebdf4cd485b/1/7gvQ6pWhkMcDqF4J68Xl_aXNzjI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7gvQ6pWhkMcDqF4J68Xl_aXNzjI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:c2:27:60:eb:f2:5b:82:aa:5a:04:99:6a:0f:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee0bd0ea95a190c703a85e09ebc5e5fda5cdce32
        Validity
            Not Before: Jan  1 18:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84164093814d6e824b22cff95a0366db3a24d15b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6b:2b:6e:82:2f:5c:c7:ea:54:3d:a4:2d:1e:
                    50:9a:df:f0:66:e8:10:88:89:87:fc:0a:42:7a:c0:
                    c4:49:e3:74:d1:a3:ce:93:3e:1a:08:1d:e0:f7:ac:
                    75:8d:89:94:58:4c:f4:b8:ba:77:df:92:5a:c4:9c:
                    71:5a:08:f4:91:e9:46:10:80:cb:94:9c:c9:df:05:
                    f5:86:d3:eb:40:76:42:8e:16:1d:05:f5:0a:eb:87:
                    1e:0f:10:25:78:9b:05:2f:c2:cc:8c:5c:36:74:e4:
                    4a:5c:7d:4c:58:f7:ae:13:b9:2a:2a:69:ef:b6:68:
                    66:aa:f0:4b:9b:e4:88:e2:eb:4b:be:3c:98:af:2d:
                    16:f8:86:53:8e:ae:4d:5d:db:3f:ad:18:ed:b9:68:
                    26:f0:1a:54:cb:9d:f5:49:10:29:0a:d0:ee:59:a5:
                    b9:17:35:bc:72:42:ba:3a:a9:47:0e:53:c0:53:63:
                    4f:24:7a:00:b9:1b:57:e9:00:4c:84:9a:a5:30:87:
                    80:d6:28:0d:c4:bb:e9:ad:8c:d9:f6:53:2d:f3:cf:
                    84:ae:dc:51:96:14:53:e3:ec:e1:a5:22:7c:52:dd:
                    25:7e:4e:be:63:36:10:bd:f0:82:50:b4:87:c1:47:
                    70:06:e3:b0:e9:e8:07:25:73:8f:fc:b6:08:3c:13:
                    14:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:16:40:93:81:4D:6E:82:4B:22:CF:F9:5A:03:66:DB:3A:24:D1:5B
            X509v3 Authority Key Identifier:
                keyid:EE:0B:D0:EA:95:A1:90:C7:03:A8:5E:09:EB:C5:E5:FD:A5:CD:CE:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7gvQ6pWhkMcDqF4J68Xl_aXNzjI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/0d5d9f-5808-4871-a24d-bebdf4cd485b/1/hBZAk4FNboJLIs_5WgNm2zok0Vs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/0d5d9f-5808-4871-a24d-bebdf4cd485b/1/7gvQ6pWhkMcDqF4J68Xl_aXNzjI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9d:6e:9f:51:0f:e3:2b:42:f4:30:98:88:f9:3d:76:9f:44:cf:
         bf:24:7e:4d:c3:cc:88:aa:4a:f2:f8:29:bf:36:72:9e:4c:02:
         cd:58:c8:1d:39:1c:81:88:a2:bf:b8:23:48:d0:81:be:5a:08:
         a9:45:03:62:6a:08:75:ff:39:c3:ed:2e:e7:70:53:b1:89:2f:
         a4:48:f8:0b:70:62:94:e9:bb:50:62:23:7d:72:6f:ee:86:89:
         3f:ac:21:61:bc:ea:7f:4f:2d:7c:bb:23:51:5a:71:f5:35:a8:
         97:ac:49:ab:c9:dc:b9:6f:db:f3:27:c5:6e:65:05:71:ca:6c:
         19:28:ec:7d:54:e1:75:57:7c:7b:df:0d:cd:63:70:46:9c:62:
         3d:22:fb:9b:b3:52:36:6e:2b:76:28:dd:52:8c:fb:96:9a:ed:
         89:4b:63:8f:42:a4:ce:ab:2c:8a:79:db:c5:a5:da:7d:09:2d:
         66:d8:f4:0e:89:ac:2b:67:b9:2d:fa:de:97:3d:b4:7b:59:9a:
         1d:f8:ec:26:32:ad:b5:e3:6e:85:ce:f0:c1:4b:04:2e:c7:6a:
         12:f6:b1:4e:d7:d0:b6:19:23:f5:3a:a1:8f:77:c6:48:90:f1:
         ca:dc:f2:c9:a2:15:71:35:7c:44:7e:f0:0e:73:f6:ce:4e:78:
         b8:01:38:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGScInYOvyW4KqWgSZag8vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMGJkMGVhOTVhMTkwYzcwM2E4NWUwOWViYzVlNWZkYTVj
ZGNlMzIwHhcNMjQwMTAxMTgyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDE2NDA5MzgxNGQ2ZTgyNGIyMmNmZjk1YTAzNjZkYjNhMjRkMTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmsrboIvXMfqVD2kLR5Qmt/wZugQ
iImH/ApCesDESeN00aPOkz4aCB3g96x1jYmUWEz0uLp335JaxJxxWgj0kelGEIDL
lJzJ3wX1htPrQHZCjhYdBfUK64ceDxAleJsFL8LMjFw2dORKXH1MWPeuE7kqKmnv
tmhmqvBLm+SI4utLvjyYry0W+IZTjq5NXds/rRjtuWgm8BpUy531SRApCtDuWaW5
FzW8ckK6OqlHDlPAU2NPJHoAuRtX6QBMhJqlMIeA1igNxLvprYzZ9lMt88+ErtxR
lhRT4+zhpSJ8Ut0lfk6+YzYQvfCCULSHwUdwBuOw6egHJXOP/LYIPBMU/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIQWQJOBTW6CSyLP+VoDZts6JNFbMB8GA1UdIwQY
MBaAFO4L0OqVoZDHA6heCevF5f2lzc4yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2d2UTZwV2hrTWNEcUY0SjY4WGxfYVhOempJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8wZDVkOWYtNTgwOC00ODcxLWEyNGQt
YmViZGY0Y2Q0ODViLzEvaEJaQWs0Rk5ib0pMSXNfNVdnTm0yem9rMFZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8wZDVkOWYtNTgwOC00ODcxLWEyNGQtYmViZGY0Y2Q0ODVi
LzEvN2d2UTZwV2hrTWNEcUY0SjY4WGxfYVhOempJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW9k8MA0G
CSqGSIb3DQEBCwUAA4IBAQCdbp9RD+MrQvQwmIj5PXafRM+/JH5Nw8yIqkry+Cm/
NnKeTALNWMgdORyBiKK/uCNI0IG+WgipRQNiagh1/znD7S7ncFOxiS+kSPgLcGKU
6btQYiN9cm/uhok/rCFhvOp/Ty18uyNRWnH1NaiXrEmrydy5b9vzJ8VuZQVxymwZ
KOx9VOF1V3x73w3NY3BGnGI9Ivubs1I2bit2KN1SjPuWmu2JS2OPQqTOqyyKedvF
pdp9CS1m2PQOiawrZ7kt+t6XPbR7WZod+OwmMq21426FzvDBSwQux2oS9rFO19C2
GSP1OqGPd8ZIkPHK3PLJohVxNXxEfvAOc/bOTni4ATgx
-----END CERTIFICATE-----