Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/PbVA7VFO0BqUeIBTpM9_XmQHMCo.roa
File:                     PbVA7VFO0BqUeIBTpM9_XmQHMCo.roa (raw, json)
Hash identifier:          5lKSwEQZYz8OcYUZaWvJ1Jg7s63yWztvdRJkaB4kyuM=
Subject key identifier:   3D:B5:40:ED:51:4E:D0:1A:94:78:80:53:A4:CF:7F:5E:64:07:30:2A
Certificate issuer:       /CN=8a6024b2c27a67dff5b654efa06bf7bfc1222625
Certificate serial:       018CCA2A8699CD2AA09E7F107244CBD0ED3D
Authority key identifier: 8A:60:24:B2:C2:7A:67:DF:F5:B6:54:EF:A0:6B:F7:BF:C1:22:26:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/imAkssJ6Z9_1tlTvoGv3v8EiJiU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/PbVA7VFO0BqUeIBTpM9_XmQHMCo.roa
Signing time:             Tue 02 Jan 2024 12:33:53 +0000
ROA not before:           Tue 02 Jan 2024 12:33:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10010
IP address blocks:        91.200.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/imAkssJ6Z9_1tlTvoGv3v8EiJiU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/imAkssJ6Z9_1tlTvoGv3v8EiJiU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/imAkssJ6Z9_1tlTvoGv3v8EiJiU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:86:99:cd:2a:a0:9e:7f:10:72:44:cb:d0:ed:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a6024b2c27a67dff5b654efa06bf7bfc1222625
        Validity
            Not Before: Jan  2 12:33:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3db540ed514ed01a94788053a4cf7f5e6407302a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:2e:1d:cb:09:a9:20:fa:1f:ec:2c:9f:9e:ac:
                    b5:ef:2f:90:5f:ae:f5:5c:bc:d4:0a:a7:b4:94:d8:
                    fd:e8:2d:01:d8:d0:31:30:e2:58:e6:d5:3d:52:21:
                    ec:11:bb:43:8f:86:15:4b:93:e2:c9:fc:4f:2d:5a:
                    d4:18:5c:a8:07:98:12:e0:4c:95:7b:3c:15:07:06:
                    10:e2:52:9d:dd:7c:5f:ce:63:95:0d:15:e1:32:e3:
                    6d:76:97:fe:6d:b1:c8:6f:5b:e8:50:b0:10:db:be:
                    3d:cf:cf:e0:7a:7f:96:d7:5b:3e:44:1c:65:d5:73:
                    2b:d6:1a:3a:51:0b:c9:a2:04:61:71:f9:ac:84:9d:
                    66:9f:26:9e:d0:98:46:ed:6f:54:98:4b:f7:46:0c:
                    81:8a:fe:d0:73:3a:36:e6:c4:ff:7a:39:6e:18:a8:
                    29:e9:33:af:36:4b:0e:49:75:1c:cf:6f:b5:30:a6:
                    d3:e8:2f:47:5c:22:fc:06:e3:d9:35:57:a7:79:d8:
                    a7:44:65:08:5d:cb:4d:ff:6c:76:96:ee:50:12:26:
                    83:8c:10:6c:d8:ba:ef:49:bb:52:85:74:a4:bd:a3:
                    83:be:11:50:30:a1:4e:1d:7b:e9:4e:d0:9d:e1:e3:
                    d5:ba:54:85:86:4f:89:4a:f7:4a:9f:fd:1a:6c:a9:
                    30:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:B5:40:ED:51:4E:D0:1A:94:78:80:53:A4:CF:7F:5E:64:07:30:2A
            X509v3 Authority Key Identifier:
                keyid:8A:60:24:B2:C2:7A:67:DF:F5:B6:54:EF:A0:6B:F7:BF:C1:22:26:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/imAkssJ6Z9_1tlTvoGv3v8EiJiU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/PbVA7VFO0BqUeIBTpM9_XmQHMCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/imAkssJ6Z9_1tlTvoGv3v8EiJiU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:ff:13:8a:8d:e8:ef:e6:33:c5:3b:d7:e5:d8:e1:45:7a:92:
         64:c2:51:88:5c:34:98:43:28:fa:e7:0e:2c:d8:a7:87:75:cd:
         f8:59:d4:1d:78:14:a7:eb:86:a6:de:39:00:84:ec:e1:1f:36:
         8d:58:c8:30:bb:d5:40:cc:c0:b2:1a:73:ba:29:d4:6a:eb:46:
         9c:a6:77:26:af:b2:2f:72:9d:17:c0:b9:cc:9e:96:89:33:ef:
         0d:56:98:15:77:a5:50:99:a1:5b:60:f8:c7:d5:56:61:80:bd:
         5f:35:4c:2f:f8:57:b6:e5:11:63:56:9c:79:5c:ab:9c:b2:ca:
         75:83:24:00:9a:5e:b6:74:a9:35:b1:80:65:ea:71:33:f3:4b:
         13:fc:2f:ef:9d:99:7a:9a:2f:95:63:68:df:a7:ba:4d:a3:3f:
         ef:68:08:d5:95:11:2f:6b:c7:74:93:f6:da:13:41:44:be:35:
         e0:ce:46:b6:cb:cc:ae:cb:1e:a7:c2:e6:dc:2b:c3:89:b8:3c:
         e7:7e:84:a3:36:5d:b3:4e:03:d2:86:a9:82:54:62:b4:b1:2f:
         3a:29:3f:c0:1b:8d:a0:7e:8e:e5:6c:c8:2f:d9:2b:96:0f:e4:
         45:b0:c2:06:05:58:97:80:a0:ae:5a:c3:fc:b1:62:df:79:3d:
         37:32:b0:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKoaZzSqgnn8QckTL0O09MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNjAyNGIyYzI3YTY3ZGZmNWI2NTRlZmEwNmJmN2JmYzEy
MjI2MjUwHhcNMjQwMTAyMTIzMzUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGI1NDBlZDUxNGVkMDFhOTQ3ODgwNTNhNGNmN2Y1ZTY0MDczMDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAli4dywmpIPof7Cyfnqy17y+QX671
XLzUCqe0lNj96C0B2NAxMOJY5tU9UiHsEbtDj4YVS5PiyfxPLVrUGFyoB5gS4EyV
ezwVBwYQ4lKd3XxfzmOVDRXhMuNtdpf+bbHIb1voULAQ2749z8/gen+W11s+RBxl
1XMr1ho6UQvJogRhcfmshJ1mnyae0JhG7W9UmEv3RgyBiv7Qczo25sT/ejluGKgp
6TOvNksOSXUcz2+1MKbT6C9HXCL8BuPZNVenedinRGUIXctN/2x2lu5QEiaDjBBs
2LrvSbtShXSkvaODvhFQMKFOHXvpTtCd4ePVulSFhk+JSvdKn/0abKkwxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD21QO1RTtAalHiAU6TPf15kBzAqMB8GA1UdIwQY
MBaAFIpgJLLCemff9bZU76Br97/BIiYlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaW1Ba3NzSjZaOV8xdGxUdm9HdjN2OEVpSmlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zM2VjY2YtMGFlMy00YzdlLWE0NDEt
MDhlOGYwY2JiODQwLzEvUGJWQTdWRk8wQnFVZUlCVHBNOV9YbVFITUNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zM2VjY2YtMGFlMy00YzdlLWE0NDEtMDhlOGYwY2JiODQw
LzEvaW1Ba3NzSjZaOV8xdGxUdm9HdjN2OEVpSmlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8g6MA0G
CSqGSIb3DQEBCwUAA4IBAQAZ/xOKjejv5jPFO9fl2OFFepJkwlGIXDSYQyj65w4s
2KeHdc34WdQdeBSn64am3jkAhOzhHzaNWMgwu9VAzMCyGnO6KdRq60acpncmr7Iv
cp0XwLnMnpaJM+8NVpgVd6VQmaFbYPjH1VZhgL1fNUwv+Fe25RFjVpx5XKucssp1
gyQAml62dKk1sYBl6nEz80sT/C/vnZl6mi+VY2jfp7pNoz/vaAjVlREva8d0k/ba
E0FEvjXgzka2y8yuyx6nwubcK8OJuDznfoSjNl2zTgPShqmCVGK0sS86KT/AG42g
fo7lbMgv2SuWD+RFsMIGBViXgKCuWsP8sWLfeT03MrDT
-----END CERTIFICATE-----