Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/13fcd1-d806-4e56-8533-475dbbb0c08c/1/vJJ4Dav6U1F4n7E4isRSRRp3Wo4.roa
File:                     vJJ4Dav6U1F4n7E4isRSRRp3Wo4.roa (raw, json)
Hash identifier:          UVqTrTL0rbg858uWE3MGkh1CZO4Pryr3HeWLDrBgOnE=
Subject key identifier:   BC:92:78:0D:AB:FA:53:51:78:9F:B1:38:8A:C4:52:45:1A:77:5A:8E
Certificate issuer:       /CN=b91464767773f1239b646bb66bdcf4f7fb1206ce
Certificate serial:       018CC5DC3A40C7F8A130A948EA8AE2ED5C9F
Authority key identifier: B9:14:64:76:77:73:F1:23:9B:64:6B:B6:6B:DC:F4:F7:FB:12:06:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uRRkdndz8SObZGu2a9z09_sSBs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/13fcd1-d806-4e56-8533-475dbbb0c08c/1/vJJ4Dav6U1F4n7E4isRSRRp3Wo4.roa
Signing time:             Mon 01 Jan 2024 16:29:53 +0000
ROA not before:           Mon 01 Jan 2024 16:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        91.192.4.0/24 maxlen: 24
                          91.192.5.0/24 maxlen: 24
                          91.192.6.0/24 maxlen: 24
                          91.192.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/13fcd1-d806-4e56-8533-475dbbb0c08c/1/uRRkdndz8SObZGu2a9z09_sSBs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/13fcd1-d806-4e56-8533-475dbbb0c08c/1/uRRkdndz8SObZGu2a9z09_sSBs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uRRkdndz8SObZGu2a9z09_sSBs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:3a:40:c7:f8:a1:30:a9:48:ea:8a:e2:ed:5c:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b91464767773f1239b646bb66bdcf4f7fb1206ce
        Validity
            Not Before: Jan  1 16:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc92780dabfa5351789fb1388ac452451a775a8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:0f:6c:fb:0d:50:54:d4:78:3c:5a:8c:29:81:
                    15:da:a9:c4:d3:99:b5:65:e5:86:30:1a:98:37:1f:
                    68:ef:34:c4:cf:9b:52:10:ab:ca:76:93:53:b4:9f:
                    31:dd:56:d3:8d:35:9f:b2:6f:7f:59:25:3a:85:40:
                    5d:6c:0c:ae:68:7e:15:ff:06:e6:7e:61:3f:c7:55:
                    0f:b9:1b:46:a5:39:f2:49:50:26:51:39:84:8f:6b:
                    84:71:5d:1e:3d:9a:c0:56:51:f5:bb:87:85:c3:0b:
                    a3:48:34:76:0b:d9:6e:22:f8:65:c8:93:4b:0e:aa:
                    1b:74:56:04:2d:a5:a5:4d:4d:8e:5f:e8:42:0c:c9:
                    cf:89:59:2c:b0:a1:89:ee:cb:5d:02:e4:93:18:39:
                    47:37:67:12:ba:cd:0a:8d:47:a1:0e:32:56:7d:fa:
                    06:60:07:11:4d:d2:23:93:aa:d4:ff:ab:6e:21:01:
                    23:94:b7:1c:35:b0:fe:d3:e8:0f:25:21:c2:7d:97:
                    55:7b:8d:b5:6d:d7:7f:08:3c:72:01:c6:6c:3f:41:
                    6a:47:6c:20:6a:5f:0d:69:4c:a2:10:a8:9d:87:58:
                    25:c7:f1:ac:2a:8e:d6:9b:6b:cc:1f:cf:5c:87:12:
                    f1:3a:d3:2c:20:4f:a2:85:b0:5d:d4:7e:fd:27:7d:
                    11:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:92:78:0D:AB:FA:53:51:78:9F:B1:38:8A:C4:52:45:1A:77:5A:8E
            X509v3 Authority Key Identifier:
                keyid:B9:14:64:76:77:73:F1:23:9B:64:6B:B6:6B:DC:F4:F7:FB:12:06:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uRRkdndz8SObZGu2a9z09_sSBs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/13fcd1-d806-4e56-8533-475dbbb0c08c/1/vJJ4Dav6U1F4n7E4isRSRRp3Wo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/13fcd1-d806-4e56-8533-475dbbb0c08c/1/uRRkdndz8SObZGu2a9z09_sSBs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.192.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:f0:6e:ba:9d:d3:32:dd:a2:15:19:73:67:de:3e:af:31:a6:
         f9:aa:a2:54:46:5f:b5:6d:ef:da:d5:2f:b7:17:26:a0:f5:2a:
         81:79:65:eb:cc:7d:aa:2c:fe:4c:a8:fd:ab:0e:f7:45:87:4c:
         d2:7f:70:2a:4f:79:a0:61:12:01:67:eb:f7:b4:2b:38:ba:2e:
         d3:9f:20:ba:68:92:5d:0f:90:29:c6:34:bd:dd:d7:64:e8:54:
         f7:84:f9:1a:de:69:e3:88:ca:69:ad:16:8a:5e:f3:ed:20:9d:
         82:6a:96:88:3b:58:2c:13:b5:05:3d:3a:c9:dc:06:97:63:53:
         2e:bf:a8:4f:11:e6:4e:77:9c:a2:22:28:ec:9b:25:77:52:ae:
         33:cb:5c:0f:81:24:3f:2b:01:c0:6d:ce:01:f3:e7:0c:e6:b8:
         a2:41:d3:f2:5b:f3:0a:29:b2:38:7c:2c:8e:d3:ba:8c:22:94:
         08:23:f1:80:fd:1d:e5:99:0b:ce:e7:e3:c7:b2:00:4f:01:8d:
         aa:32:8f:db:64:b6:f7:6b:8a:91:1a:78:0a:1b:8b:ab:35:43:
         ea:c9:5c:f5:e8:cb:5c:62:0d:84:98:79:8a:0e:53:da:00:45:
         91:61:c5:42:1f:6d:e8:e8:79:57:cd:ee:8f:a2:56:4a:eb:e4:
         e8:b3:2a:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3DpAx/ihMKlI6ori7VyfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MTQ2NDc2Nzc3M2YxMjM5YjY0NmJiNjZiZGNmNGY3ZmIx
MjA2Y2UwHhcNMjQwMTAxMTYyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzkyNzgwZGFiZmE1MzUxNzg5ZmIxMzg4YWM0NTI0NTFhNzc1YThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmA9s+w1QVNR4PFqMKYEV2qnE05m1
ZeWGMBqYNx9o7zTEz5tSEKvKdpNTtJ8x3VbTjTWfsm9/WSU6hUBdbAyuaH4V/wbm
fmE/x1UPuRtGpTnySVAmUTmEj2uEcV0ePZrAVlH1u4eFwwujSDR2C9luIvhlyJNL
DqobdFYELaWlTU2OX+hCDMnPiVkssKGJ7stdAuSTGDlHN2cSus0KjUehDjJWffoG
YAcRTdIjk6rU/6tuIQEjlLccNbD+0+gPJSHCfZdVe421bdd/CDxyAcZsP0FqR2wg
al8NaUyiEKidh1glx/GsKo7Wm2vMH89chxLxOtMsIE+ihbBd1H79J30RIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLySeA2r+lNReJ+xOIrEUkUad1qOMB8GA1UdIwQY
MBaAFLkUZHZ3c/Ejm2Rrtmvc9Pf7EgbOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJSa2RuZHo4U09iWkd1MmE5ejA5X3NTQnM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8xM2ZjZDEtZDgwNi00ZTU2LTg1MzMt
NDc1ZGJiYjBjMDhjLzEvdkpKNERhdjZVMUY0bjdFNGlzUlNSUnAzV280LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8xM2ZjZDEtZDgwNi00ZTU2LTg1MzMtNDc1ZGJiYjBjMDhj
LzEvdVJSa2RuZHo4U09iWkd1MmE5ejA5X3NTQnM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8AEMA0G
CSqGSIb3DQEBCwUAA4IBAQCG8G66ndMy3aIVGXNn3j6vMab5qqJURl+1be/a1S+3
Fyag9SqBeWXrzH2qLP5MqP2rDvdFh0zSf3AqT3mgYRIBZ+v3tCs4ui7TnyC6aJJd
D5ApxjS93ddk6FT3hPka3mnjiMpprRaKXvPtIJ2CapaIO1gsE7UFPTrJ3AaXY1Mu
v6hPEeZOd5yiIijsmyV3Uq4zy1wPgSQ/KwHAbc4B8+cM5riiQdPyW/MKKbI4fCyO
07qMIpQII/GA/R3lmQvO5+PHsgBPAY2qMo/bZLb3a4qRGngKG4urNUPqyVz16Mtc
Yg2EmHmKDlPaAEWRYcVCH23o6HlXze6PolZK6+Tosyqv
-----END CERTIFICATE-----