Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/1bdda9-64ec-4fb6-8b40-f4b9da480ee2/1/dn5l-f8yINra0h-qekUFHF-Twgw.roa
File:                     dn5l-f8yINra0h-qekUFHF-Twgw.roa (raw, json)
Hash identifier:          9p94DKbR3BOgyiaP3HA5vdOZyqg6qWtpexDicUZFmYQ=
Subject key identifier:   76:7E:65:F9:FF:32:20:DA:DA:D2:1F:AA:7A:45:05:1C:5F:93:C2:0C
Certificate issuer:       /CN=378aa6ed4b6cac6b3a52961bcfa229cfda00080e
Certificate serial:       018CC8DF050ED56CCB5A2B09E424DC955AA4
Authority key identifier: 37:8A:A6:ED:4B:6C:AC:6B:3A:52:96:1B:CF:A2:29:CF:DA:00:08:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N4qm7UtsrGs6UpYbz6Ipz9oACA4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/1bdda9-64ec-4fb6-8b40-f4b9da480ee2/1/dn5l-f8yINra0h-qekUFHF-Twgw.roa
Signing time:             Tue 02 Jan 2024 06:31:48 +0000
ROA not before:           Tue 02 Jan 2024 06:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41887
IP address blocks:        91.227.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/1bdda9-64ec-4fb6-8b40-f4b9da480ee2/1/N4qm7UtsrGs6UpYbz6Ipz9oACA4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/1bdda9-64ec-4fb6-8b40-f4b9da480ee2/1/N4qm7UtsrGs6UpYbz6Ipz9oACA4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N4qm7UtsrGs6UpYbz6Ipz9oACA4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:05:0e:d5:6c:cb:5a:2b:09:e4:24:dc:95:5a:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=378aa6ed4b6cac6b3a52961bcfa229cfda00080e
        Validity
            Not Before: Jan  2 06:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=767e65f9ff3220dadad21faa7a45051c5f93c20c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:16:62:60:41:b8:63:df:af:c1:87:01:26:3b:
                    0a:9c:e1:c0:6a:bd:de:8c:34:23:ec:7f:a0:ba:bb:
                    1a:ff:46:f3:f1:2a:13:4d:1f:a9:35:34:40:4c:b8:
                    56:0a:e7:61:f3:29:f0:f2:9f:4d:f6:4c:47:e6:22:
                    76:44:c8:b8:8a:23:6b:8e:5b:3b:d1:88:05:e7:d6:
                    f9:73:b6:5a:50:27:69:de:ee:2c:be:6f:eb:32:86:
                    81:38:d5:ca:3c:0e:6d:7b:c3:ab:9a:60:44:83:6a:
                    7b:db:3e:ea:f9:6f:08:dd:b1:2e:25:27:dc:13:cd:
                    2b:34:b9:53:d0:b6:b9:20:00:39:32:ce:64:cd:f4:
                    e2:40:e5:28:de:a6:bc:1e:70:ac:32:fb:d3:a7:36:
                    b8:33:80:3d:da:12:36:ef:6d:9d:ff:ed:68:d8:87:
                    8a:64:6c:26:3a:2d:d8:8f:14:85:40:c5:dd:ec:c3:
                    b7:68:7e:64:98:6f:92:b6:fb:f0:5c:95:59:82:dc:
                    ef:05:86:43:a0:ab:f7:5e:d7:f8:09:63:4f:0a:c2:
                    92:a6:2a:b1:cd:14:30:b5:d6:ec:d0:8c:a0:a4:53:
                    6f:7b:3c:f6:85:88:23:73:84:45:a6:65:0d:93:ac:
                    33:d5:f2:b0:91:e3:0b:39:38:69:89:66:cf:dd:51:
                    b5:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:7E:65:F9:FF:32:20:DA:DA:D2:1F:AA:7A:45:05:1C:5F:93:C2:0C
            X509v3 Authority Key Identifier:
                keyid:37:8A:A6:ED:4B:6C:AC:6B:3A:52:96:1B:CF:A2:29:CF:DA:00:08:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N4qm7UtsrGs6UpYbz6Ipz9oACA4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/1bdda9-64ec-4fb6-8b40-f4b9da480ee2/1/dn5l-f8yINra0h-qekUFHF-Twgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/1bdda9-64ec-4fb6-8b40-f4b9da480ee2/1/N4qm7UtsrGs6UpYbz6Ipz9oACA4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:19:0a:fa:5f:d1:2e:d0:d5:4a:72:32:91:c3:45:41:9c:36:
         1d:e9:b6:a4:2a:cf:60:b3:c2:a4:a3:d2:62:c7:47:86:10:f6:
         6a:0e:fe:9d:7a:fb:79:e5:fe:e8:b1:2a:bc:a4:54:18:7f:89:
         48:32:38:03:41:4f:82:f6:15:f2:63:59:1a:df:ce:5d:00:0d:
         80:fc:f0:c7:b7:59:48:d9:ea:04:a8:f0:32:9b:aa:18:d2:3e:
         d1:a8:87:fe:30:b3:0d:63:c4:a4:b7:d3:9a:00:17:c3:33:bd:
         cb:e7:03:96:c3:50:6f:84:a3:48:da:37:12:2f:50:7a:e0:73:
         f7:50:1b:8e:50:97:62:84:5a:db:d4:d7:2e:7e:2f:b4:55:b1:
         bd:bd:91:50:c8:32:51:d4:52:8c:c3:12:a5:1b:e8:a7:93:aa:
         ed:e0:24:d3:95:c3:40:de:16:e5:d4:79:9c:88:36:db:e7:10:
         04:00:f5:80:68:10:4a:1e:65:0c:15:48:06:d2:9c:8d:fb:2d:
         75:29:b0:ee:56:ea:22:bf:69:11:c4:97:87:2d:c0:8c:26:95:
         6a:1f:b7:f9:db:20:61:2d:6d:b2:bf:54:d9:7d:21:bd:3f:fe:
         99:98:80:8c:04:07:65:b1:d4:8e:43:56:e0:19:9d:d8:a7:ff:
         b7:54:37:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3wUO1WzLWisJ5CTclVqkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3OGFhNmVkNGI2Y2FjNmIzYTUyOTYxYmNmYTIyOWNmZGEw
MDA4MGUwHhcNMjQwMTAyMDYzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjdlNjVmOWZmMzIyMGRhZGFkMjFmYWE3YTQ1MDUxYzVmOTNjMjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxZiYEG4Y9+vwYcBJjsKnOHAar3e
jDQj7H+gursa/0bz8SoTTR+pNTRATLhWCudh8ynw8p9N9kxH5iJ2RMi4iiNrjls7
0YgF59b5c7ZaUCdp3u4svm/rMoaBONXKPA5te8OrmmBEg2p72z7q+W8I3bEuJSfc
E80rNLlT0La5IAA5Ms5kzfTiQOUo3qa8HnCsMvvTpza4M4A92hI2722d/+1o2IeK
ZGwmOi3YjxSFQMXd7MO3aH5kmG+StvvwXJVZgtzvBYZDoKv3Xtf4CWNPCsKSpiqx
zRQwtdbs0IygpFNvezz2hYgjc4RFpmUNk6wz1fKwkeMLOThpiWbP3VG1YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZ+Zfn/MiDa2tIfqnpFBRxfk8IMMB8GA1UdIwQY
MBaAFDeKpu1LbKxrOlKWG8+iKc/aAAgOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjRxbTdVdHNyR3M2VXBZYno2SXB6OW9BQ0E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8xYmRkYTktNjRlYy00ZmI2LThiNDAt
ZjRiOWRhNDgwZWUyLzEvZG41bC1mOHlJTnJhMGgtcWVrVUZIRi1Ud2d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8xYmRkYTktNjRlYy00ZmI2LThiNDAtZjRiOWRhNDgwZWUy
LzEvTjRxbTdVdHNyR3M2VXBZYno2SXB6OW9BQ0E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+NLMA0G
CSqGSIb3DQEBCwUAA4IBAQCfGQr6X9Eu0NVKcjKRw0VBnDYd6bakKs9gs8Kko9Ji
x0eGEPZqDv6devt55f7osSq8pFQYf4lIMjgDQU+C9hXyY1ka385dAA2A/PDHt1lI
2eoEqPAym6oY0j7RqIf+MLMNY8Skt9OaABfDM73L5wOWw1BvhKNI2jcSL1B64HP3
UBuOUJdihFrb1Ncufi+0VbG9vZFQyDJR1FKMwxKlG+ink6rt4CTTlcNA3hbl1Hmc
iDbb5xAEAPWAaBBKHmUMFUgG0pyN+y11KbDuVuoiv2kRxJeHLcCMJpVqH7f52yBh
LW2yv1TZfSG9P/6ZmICMBAdlsdSOQ1bgGZ3Yp/+3VDdO
-----END CERTIFICATE-----