Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/0e66e9-cf2d-40df-aaae-cf2d58d0e0ee/1/i0vFvkov6MG8Hjj-PhQZzJx7-h0.roa
File:                     i0vFvkov6MG8Hjj-PhQZzJx7-h0.roa (raw, json)
Hash identifier:          j4p/LNY8Z4pIeQalZyQru+g1YGyTnn0oy6ODKzPtigw=
Subject key identifier:   8B:4B:C5:BE:4A:2F:E8:C1:BC:1E:38:FE:3E:14:19:CC:9C:7B:FA:1D
Certificate issuer:       /CN=f58acd43c0033b13b88bb397415583aa51d9303a
Certificate serial:       018CC26D76429C4390A43E758FE377653C35
Authority key identifier: F5:8A:CD:43:C0:03:3B:13:B8:8B:B3:97:41:55:83:AA:51:D9:30:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9YrNQ8ADOxO4i7OXQVWDqlHZMDo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/0e66e9-cf2d-40df-aaae-cf2d58d0e0ee/1/i0vFvkov6MG8Hjj-PhQZzJx7-h0.roa
Signing time:             Mon 01 Jan 2024 00:30:02 +0000
ROA not before:           Mon 01 Jan 2024 00:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201729
IP address blocks:        91.137.124.0/22 maxlen: 22
                          91.137.84.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/0e66e9-cf2d-40df-aaae-cf2d58d0e0ee/1/9YrNQ8ADOxO4i7OXQVWDqlHZMDo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/0e66e9-cf2d-40df-aaae-cf2d58d0e0ee/1/9YrNQ8ADOxO4i7OXQVWDqlHZMDo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9YrNQ8ADOxO4i7OXQVWDqlHZMDo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:76:42:9c:43:90:a4:3e:75:8f:e3:77:65:3c:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f58acd43c0033b13b88bb397415583aa51d9303a
        Validity
            Not Before: Jan  1 00:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b4bc5be4a2fe8c1bc1e38fe3e1419cc9c7bfa1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:68:fd:3f:62:b8:2c:c6:69:c7:88:48:9c:15:
                    d4:e1:f4:ea:99:79:cb:d8:93:11:35:ec:93:c7:4b:
                    46:e5:48:fe:57:d4:4a:8c:b7:e8:cb:5e:6f:d4:d1:
                    c3:17:7b:46:c2:96:9d:ed:32:21:61:dd:d0:dd:14:
                    1e:aa:4c:6f:f9:d1:68:46:14:37:ba:11:90:30:41:
                    82:f7:b8:24:b7:97:ac:2d:d9:8a:81:39:dc:b2:35:
                    36:37:59:ca:08:7e:cf:69:4d:a9:00:1a:5a:d6:d4:
                    af:50:9b:04:1d:de:ec:e9:7f:1f:48:36:18:0e:e0:
                    2d:6d:6b:e1:c1:06:84:bb:b6:8e:4d:ef:e2:0c:29:
                    e7:9c:49:d5:12:db:cf:05:30:b4:c5:56:72:e1:38:
                    3b:39:53:20:81:aa:eb:31:33:ce:30:d2:d9:cf:38:
                    0e:1d:a5:b5:20:37:45:df:9e:cc:43:40:ab:07:e1:
                    b7:15:5a:9c:5f:38:93:7d:c4:b7:86:84:9f:f6:4f:
                    da:28:2c:01:b7:e2:be:d6:d6:f5:38:fb:70:12:1d:
                    9d:28:cb:64:3e:f0:5a:10:bf:79:8d:b1:9e:62:de:
                    57:be:ac:8f:dd:6f:a3:23:ee:37:bd:04:d5:50:3d:
                    10:fa:0a:f8:6b:f2:7e:b0:61:fa:fb:2e:e1:ee:84:
                    54:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:4B:C5:BE:4A:2F:E8:C1:BC:1E:38:FE:3E:14:19:CC:9C:7B:FA:1D
            X509v3 Authority Key Identifier:
                keyid:F5:8A:CD:43:C0:03:3B:13:B8:8B:B3:97:41:55:83:AA:51:D9:30:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9YrNQ8ADOxO4i7OXQVWDqlHZMDo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/0e66e9-cf2d-40df-aaae-cf2d58d0e0ee/1/i0vFvkov6MG8Hjj-PhQZzJx7-h0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/0e66e9-cf2d-40df-aaae-cf2d58d0e0ee/1/9YrNQ8ADOxO4i7OXQVWDqlHZMDo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.137.84.0/23
                  91.137.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:29:b5:69:e8:15:a8:36:be:c5:7e:7d:c6:ad:f9:35:48:58:
         f8:e8:1a:5a:3b:35:c2:18:70:c6:fb:46:91:8b:25:65:7b:a2:
         59:0b:94:bb:af:39:e9:5c:98:af:ac:1d:42:12:2c:c6:e7:9f:
         53:c1:a9:69:25:e2:2a:c8:39:cc:d2:75:ec:7f:64:d7:ff:49:
         23:67:a5:b8:b5:31:37:7c:b7:40:a7:06:72:90:08:fd:69:a0:
         32:72:50:ae:7a:7f:5f:b8:f1:ad:1f:e8:f9:70:e0:0f:e8:8d:
         d6:b8:03:81:8e:dc:23:c4:4d:8b:e7:46:45:3b:86:d2:96:c7:
         ea:40:4a:2f:db:ca:9e:68:15:f3:73:27:ba:c1:ad:40:de:5a:
         4d:d3:c0:c8:21:01:f3:e1:c7:42:4a:9d:f2:84:7a:d0:0e:3b:
         7c:1e:6e:db:ad:04:fb:a6:55:2f:65:46:16:f1:f8:d1:27:e7:
         f9:0c:be:92:77:d2:a2:4f:41:cd:fb:82:7d:70:dd:34:af:65:
         4c:b7:2e:7f:31:85:fe:b8:5e:41:99:b3:b8:1d:7a:7d:d7:f8:
         80:94:ec:0c:0e:bb:22:5d:c5:0e:b7:6f:4d:1a:61:0f:88:e1:
         8b:b2:ca:6b:25:a3:97:90:c2:64:16:50:04:1e:91:76:70:ac:
         88:1c:7a:e4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbXZCnEOQpD51j+N3ZTw1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1OGFjZDQzYzAwMzNiMTNiODhiYjM5NzQxNTU4M2FhNTFk
OTMwM2EwHhcNMjQwMTAxMDAzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjRiYzViZTRhMmZlOGMxYmMxZTM4ZmUzZTE0MTljYzljN2JmYTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmj9P2K4LMZpx4hInBXU4fTqmXnL
2JMRNeyTx0tG5Uj+V9RKjLfoy15v1NHDF3tGwpad7TIhYd3Q3RQeqkxv+dFoRhQ3
uhGQMEGC97gkt5esLdmKgTncsjU2N1nKCH7PaU2pABpa1tSvUJsEHd7s6X8fSDYY
DuAtbWvhwQaEu7aOTe/iDCnnnEnVEtvPBTC0xVZy4Tg7OVMggarrMTPOMNLZzzgO
HaW1IDdF357MQ0CrB+G3FVqcXziTfcS3hoSf9k/aKCwBt+K+1tb1OPtwEh2dKMtk
PvBaEL95jbGeYt5XvqyP3W+jI+43vQTVUD0Q+gr4a/J+sGH6+y7h7oRU9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFItLxb5KL+jBvB44/j4UGcyce/odMB8GA1UdIwQY
MBaAFPWKzUPAAzsTuIuzl0FVg6pR2TA6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVlyTlE4QURPeE80aTdPWFFWV0RxbEhaTURvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS8wZTY2ZTktY2YyZC00MGRmLWFhYWUt
Y2YyZDU4ZDBlMGVlLzEvaTB2RnZrb3Y2TUc4SGpqLVBoUVp6Sng3LWgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS8wZTY2ZTktY2YyZC00MGRmLWFhYWUtY2YyZDU4ZDBlMGVl
LzEvOVlyTlE4QURPeE80aTdPWFFWV0RxbEhaTURvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW4lUAwQC
W4l8MA0GCSqGSIb3DQEBCwUAA4IBAQBxKbVp6BWoNr7Ffn3Grfk1SFj46BpaOzXC
GHDG+0aRiyVle6JZC5S7rznpXJivrB1CEizG559TwalpJeIqyDnM0nXsf2TX/0kj
Z6W4tTE3fLdApwZykAj9aaAyclCuen9fuPGtH+j5cOAP6I3WuAOBjtwjxE2L50ZF
O4bSlsfqQEov28qeaBXzcye6wa1A3lpN08DIIQHz4cdCSp3yhHrQDjt8Hm7brQT7
plUvZUYW8fjRJ+f5DL6Sd9KiT0HN+4J9cN00r2VMty5/MYX+uF5BmbO4HXp91/iA
lOwMDrsiXcUOt29NGmEPiOGLssprJaOXkMJkFlAEHpF2cKyIHHrk
-----END CERTIFICATE-----