Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/23GyK6GnRyoCzRA9-Q_G_jD4uw4.roa
File:                     23GyK6GnRyoCzRA9-Q_G_jD4uw4.roa (raw, json)
Hash identifier:          TrcUX4Ekic7UgyBgnkoumlPGmVN1Aiceh7Ck9u0VeDc=
Subject key identifier:   DB:71:B2:2B:A1:A7:47:2A:02:CD:10:3D:F9:0F:C6:FE:30:F8:BB:0E
Certificate issuer:       /CN=e783b62ab8aea520770c57404be7771f679ec0b5
Certificate serial:       018CC5DD0922A2ED1350B742456627496E20
Authority key identifier: E7:83:B6:2A:B8:AE:A5:20:77:0C:57:40:4B:E7:77:1F:67:9E:C0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/54O2KriupSB3DFdAS-d3H2eewLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/23GyK6GnRyoCzRA9-Q_G_jD4uw4.roa
Signing time:             Mon 01 Jan 2024 16:30:46 +0000
ROA not before:           Mon 01 Jan 2024 16:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20712
IP address blocks:        91.244.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/54O2KriupSB3DFdAS-d3H2eewLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/54O2KriupSB3DFdAS-d3H2eewLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/54O2KriupSB3DFdAS-d3H2eewLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:09:22:a2:ed:13:50:b7:42:45:66:27:49:6e:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e783b62ab8aea520770c57404be7771f679ec0b5
        Validity
            Not Before: Jan  1 16:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db71b22ba1a7472a02cd103df90fc6fe30f8bb0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:47:89:26:ef:b2:d7:ea:d7:ad:59:ae:70:5b:
                    03:96:03:b8:97:ba:71:ad:c8:cf:23:e5:46:69:fa:
                    75:49:b0:11:e0:c8:86:27:86:2e:74:4c:8b:38:07:
                    2a:57:e1:c9:10:48:c0:41:5a:ed:4a:d3:82:02:6a:
                    12:62:4d:6f:21:85:a3:46:67:43:01:1b:d8:77:bd:
                    a1:4e:09:aa:99:0c:aa:34:c8:49:a6:d9:b0:e7:1f:
                    dc:fe:9c:82:b6:71:5c:ac:dc:72:c1:51:0f:ab:aa:
                    1d:af:b8:77:40:a8:f2:32:91:1a:b6:cb:5c:f0:73:
                    23:f4:66:8f:de:68:8b:9a:21:53:5f:8b:92:d0:d1:
                    5b:d5:e3:29:59:00:d3:3c:3c:fb:bb:4d:99:bf:82:
                    1f:e6:be:0c:62:a9:49:d6:62:6a:f0:95:84:3d:96:
                    53:83:e1:31:47:b7:30:81:a2:35:b4:d8:18:8b:a6:
                    fb:c5:93:3a:72:b2:69:83:d8:40:71:9b:08:89:96:
                    be:43:ca:2b:09:d1:e9:a1:73:a8:d5:d7:2c:13:e7:
                    4a:46:63:a3:36:8a:c2:01:92:1a:dd:d5:5c:21:28:
                    d5:82:46:ec:5d:6b:a7:00:cc:5b:eb:bd:06:72:c2:
                    2b:b1:a3:90:a1:6a:de:3a:7a:40:3c:75:b4:37:d2:
                    9b:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:71:B2:2B:A1:A7:47:2A:02:CD:10:3D:F9:0F:C6:FE:30:F8:BB:0E
            X509v3 Authority Key Identifier:
                keyid:E7:83:B6:2A:B8:AE:A5:20:77:0C:57:40:4B:E7:77:1F:67:9E:C0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/54O2KriupSB3DFdAS-d3H2eewLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/23GyK6GnRyoCzRA9-Q_G_jD4uw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/54O2KriupSB3DFdAS-d3H2eewLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.244.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:53:b0:33:98:70:47:d8:8e:d7:16:51:8f:88:56:c1:3d:49:
         cc:af:80:73:1a:3f:fc:47:58:04:63:f5:76:6f:0b:df:e5:21:
         97:4a:8a:ae:a1:ac:09:1f:b4:00:c5:7f:05:b0:a2:21:6d:a9:
         99:24:ef:84:92:d1:3e:a3:ab:47:4c:a1:2f:c0:4e:78:73:77:
         a7:16:9e:10:08:11:fe:f2:b9:02:57:36:fe:f1:fe:d2:3f:fb:
         8b:84:35:91:24:67:d8:f4:44:13:a3:d2:30:cd:aa:f1:10:51:
         80:8c:ed:3d:48:0d:50:dd:e9:61:1d:3c:d3:1c:ad:fc:6e:31:
         af:65:66:2d:21:ca:b2:71:aa:82:e6:55:ed:9a:18:e3:eb:60:
         2e:be:4f:d6:90:c8:d5:78:5f:8f:6e:a5:80:38:d4:a3:fd:01:
         64:a6:93:7c:ff:dc:64:ff:ad:99:1d:70:ff:f6:4a:91:d6:bb:
         77:1c:3e:46:c7:c3:dd:4c:f0:6c:51:f1:fb:76:7d:ef:c2:1c:
         bd:f4:b2:8c:00:cb:43:a2:ef:8c:11:eb:78:80:77:26:2b:6b:
         a5:83:c7:59:af:af:8e:7d:94:e9:a9:d7:95:4d:7b:4e:ce:d2:
         6c:cb:1b:be:cb:d8:e1:a9:ca:98:47:3f:28:7a:fb:b6:ad:69:
         60:ad:f6:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Qkiou0TULdCRWYnSW4gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ODNiNjJhYjhhZWE1MjA3NzBjNTc0MDRiZTc3NzFmNjc5
ZWMwYjUwHhcNMjQwMTAxMTYzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjcxYjIyYmExYTc0NzJhMDJjZDEwM2RmOTBmYzZmZTMwZjhiYjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0eJJu+y1+rXrVmucFsDlgO4l7px
rcjPI+VGafp1SbAR4MiGJ4YudEyLOAcqV+HJEEjAQVrtStOCAmoSYk1vIYWjRmdD
ARvYd72hTgmqmQyqNMhJptmw5x/c/pyCtnFcrNxywVEPq6odr7h3QKjyMpEatstc
8HMj9GaP3miLmiFTX4uS0NFb1eMpWQDTPDz7u02Zv4If5r4MYqlJ1mJq8JWEPZZT
g+ExR7cwgaI1tNgYi6b7xZM6crJpg9hAcZsIiZa+Q8orCdHpoXOo1dcsE+dKRmOj
NorCAZIa3dVcISjVgkbsXWunAMxb670GcsIrsaOQoWreOnpAPHW0N9KbWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNtxsiuhp0cqAs0QPfkPxv4w+LsOMB8GA1UdIwQY
MBaAFOeDtiq4rqUgdwxXQEvndx9nnsC1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTRPMktyaXVwU0IzREZkQVMtZDNIMmVld0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS9mYWRiM2YtZGM5Ni00OTAyLTg2ZWIt
MTlkZjViNGQxMDE0LzEvMjNHeUs2R25SeW9DelJBOS1RX0dfakQ0dXc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS9mYWRiM2YtZGM5Ni00OTAyLTg2ZWItMTlkZjViNGQxMDE0
LzEvNTRPMktyaXVwU0IzREZkQVMtZDNIMmVld0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/TvMA0G
CSqGSIb3DQEBCwUAA4IBAQBwU7AzmHBH2I7XFlGPiFbBPUnMr4BzGj/8R1gEY/V2
bwvf5SGXSoquoawJH7QAxX8FsKIhbamZJO+EktE+o6tHTKEvwE54c3enFp4QCBH+
8rkCVzb+8f7SP/uLhDWRJGfY9EQTo9IwzarxEFGAjO09SA1Q3elhHTzTHK38bjGv
ZWYtIcqycaqC5lXtmhjj62Auvk/WkMjVeF+PbqWAONSj/QFkppN8/9xk/62ZHXD/
9kqR1rt3HD5Gx8PdTPBsUfH7dn3vwhy99LKMAMtDou+MEet4gHcmK2ulg8dZr6+O
fZTpqdeVTXtOztJsyxu+y9jhqcqYRz8oevu2rWlgrfas
-----END CERTIFICATE-----