Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/92901f-266e-49a3-8f56-a219cb4d4a3b/1/tb4XaWqErECYfOZImuMBMHrB3tU.roa
File:                     tb4XaWqErECYfOZImuMBMHrB3tU.roa (raw, json)
Hash identifier:          bAzmEkIYn3f8mFD6AXNy/79bFcWy1o8rqknNGLVEhZk=
Subject key identifier:   B5:BE:17:69:6A:84:AC:40:98:7C:E6:48:9A:E3:01:30:7A:C1:DE:D5
Certificate issuer:       /CN=9bbbe200bbdf379b50455163017b9d4777f1db5d
Certificate serial:       018CC8012C67E09795F92B767D8A078AA374
Authority key identifier: 9B:BB:E2:00:BB:DF:37:9B:50:45:51:63:01:7B:9D:47:77:F1:DB:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m7viALvfN5tQRVFjAXudR3fx210.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/92901f-266e-49a3-8f56-a219cb4d4a3b/1/tb4XaWqErECYfOZImuMBMHrB3tU.roa
Signing time:             Tue 02 Jan 2024 02:29:29 +0000
ROA not before:           Tue 02 Jan 2024 02:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15504
IP address blocks:        91.213.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/92901f-266e-49a3-8f56-a219cb4d4a3b/1/m7viALvfN5tQRVFjAXudR3fx210.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/92901f-266e-49a3-8f56-a219cb4d4a3b/1/m7viALvfN5tQRVFjAXudR3fx210.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m7viALvfN5tQRVFjAXudR3fx210.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 13:02:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:2c:67:e0:97:95:f9:2b:76:7d:8a:07:8a:a3:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bbbe200bbdf379b50455163017b9d4777f1db5d
        Validity
            Not Before: Jan  2 02:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5be17696a84ac40987ce6489ae301307ac1ded5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:4d:0a:a0:1c:f2:e8:3f:d7:86:b2:d0:50:9c:
                    4f:36:c3:66:75:b0:09:b2:de:2c:83:35:18:8e:29:
                    cc:ec:09:1e:ea:d6:6a:54:c8:d5:cc:a6:8e:c9:eb:
                    2d:fb:36:63:a4:e9:3e:69:5e:39:e1:56:c7:44:e0:
                    19:5b:73:01:b6:83:5f:e4:20:89:f0:9e:88:71:d1:
                    a0:0a:30:25:d0:ed:e9:89:9f:ba:76:fb:ae:4c:40:
                    37:67:6d:9b:99:eb:9d:66:f9:93:6a:ff:c0:2f:84:
                    9a:2c:37:10:07:5b:74:d1:d8:13:76:61:9f:f1:ff:
                    ad:db:68:b1:62:b4:cd:9c:92:b4:74:62:48:57:62:
                    96:6e:bf:2c:36:67:09:d9:1f:36:6d:ee:4a:2f:9b:
                    c2:37:5e:4d:ce:7e:7e:54:0b:9a:9f:5f:3b:8c:5d:
                    8f:b0:81:5d:cc:16:d1:0d:a4:78:e7:92:2e:86:07:
                    72:f4:d4:d3:45:24:3b:f5:6a:1e:22:47:71:ab:89:
                    e0:78:b8:a6:d8:c2:71:cc:bd:33:1b:a4:43:59:17:
                    d4:5c:8b:49:43:73:15:97:ea:0e:e2:f2:b7:22:fc:
                    d4:c9:e6:6d:5d:e1:a8:a3:a7:26:38:5d:7b:05:b7:
                    e4:ff:d6:99:af:b2:b8:95:e5:20:6f:43:61:a6:b3:
                    d8:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:BE:17:69:6A:84:AC:40:98:7C:E6:48:9A:E3:01:30:7A:C1:DE:D5
            X509v3 Authority Key Identifier:
                keyid:9B:BB:E2:00:BB:DF:37:9B:50:45:51:63:01:7B:9D:47:77:F1:DB:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m7viALvfN5tQRVFjAXudR3fx210.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/92901f-266e-49a3-8f56-a219cb4d4a3b/1/tb4XaWqErECYfOZImuMBMHrB3tU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/92901f-266e-49a3-8f56-a219cb4d4a3b/1/m7viALvfN5tQRVFjAXudR3fx210.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:a4:c1:ef:2e:1f:35:6d:28:cb:a8:49:3b:9d:22:53:33:8d:
         ce:7f:6d:8e:ea:ab:fc:22:a8:22:d5:23:9f:c6:12:31:12:a2:
         98:d7:9e:42:28:f6:32:c6:b6:ce:a4:8d:2d:be:cf:36:61:80:
         e1:bd:37:50:cf:43:97:40:38:be:2e:33:b6:f8:5d:4c:7d:ca:
         8b:94:bf:b5:bd:f9:93:09:bb:5a:18:40:69:b0:d1:84:d6:7c:
         d0:5d:43:dc:7e:92:41:63:58:09:7c:f6:0d:85:b1:71:a7:e1:
         cb:d3:8d:97:39:3a:d3:99:8f:4a:9f:4a:2b:75:4e:82:be:3a:
         bb:a0:21:4b:0a:d3:c0:5c:0b:5d:6f:5a:e9:7b:19:ec:79:78:
         f2:0c:b2:2c:b4:a9:62:ee:ab:4b:b1:df:af:f8:0f:a7:21:84:
         11:1c:0f:0f:2f:19:8f:7f:60:03:f6:89:92:9c:b3:91:7f:b8:
         e1:13:6d:2a:73:95:97:4f:47:68:c6:14:94:6d:46:6d:4c:bc:
         af:27:33:56:ac:a3:97:39:bf:19:97:de:86:2b:57:de:9d:5b:
         d2:b5:0e:3b:9f:0c:72:ba:75:ad:de:de:0b:dc:66:dd:db:a5:
         78:a1:c2:63:ae:10:6a:36:92:2a:f1:bc:1e:25:23:45:29:ea:
         f3:db:ca:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIASxn4JeV+St2fYoHiqN0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliYmJlMjAwYmJkZjM3OWI1MDQ1NTE2MzAxN2I5ZDQ3Nzdm
MWRiNWQwHhcNMjQwMTAyMDIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWJlMTc2OTZhODRhYzQwOTg3Y2U2NDg5YWUzMDEzMDdhYzFkZWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApE0KoBzy6D/XhrLQUJxPNsNmdbAJ
st4sgzUYjinM7Ake6tZqVMjVzKaOyest+zZjpOk+aV454VbHROAZW3MBtoNf5CCJ
8J6IcdGgCjAl0O3piZ+6dvuuTEA3Z22bmeudZvmTav/AL4SaLDcQB1t00dgTdmGf
8f+t22ixYrTNnJK0dGJIV2KWbr8sNmcJ2R82be5KL5vCN15Nzn5+VAuan187jF2P
sIFdzBbRDaR455Iuhgdy9NTTRSQ79WoeIkdxq4ngeLim2MJxzL0zG6RDWRfUXItJ
Q3MVl+oO4vK3IvzUyeZtXeGoo6cmOF17Bbfk/9aZr7K4leUgb0NhprPYvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLW+F2lqhKxAmHzmSJrjATB6wd7VMB8GA1UdIwQY
MBaAFJu74gC73zebUEVRYwF7nUd38dtdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTd2aUFMdmZONXRRUlZGakFYdWRSM2Z4MjEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi85MjkwMWYtMjY2ZS00OWEzLThmNTYt
YTIxOWNiNGQ0YTNiLzEvdGI0WGFXcUVyRUNZZk9aSW11TUJNSHJCM3RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi85MjkwMWYtMjY2ZS00OWEzLThmNTYtYTIxOWNiNGQ0YTNi
LzEvbTd2aUFMdmZONXRRUlZGakFYdWRSM2Z4MjEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9WYMA0G
CSqGSIb3DQEBCwUAA4IBAQAbpMHvLh81bSjLqEk7nSJTM43Of22O6qv8Iqgi1SOf
xhIxEqKY155CKPYyxrbOpI0tvs82YYDhvTdQz0OXQDi+LjO2+F1MfcqLlL+1vfmT
CbtaGEBpsNGE1nzQXUPcfpJBY1gJfPYNhbFxp+HL042XOTrTmY9Kn0ordU6Cvjq7
oCFLCtPAXAtdb1rpexnseXjyDLIstKli7qtLsd+v+A+nIYQRHA8PLxmPf2AD9omS
nLORf7jhE20qc5WXT0doxhSUbUZtTLyvJzNWrKOXOb8Zl96GK1fenVvStQ47nwxy
unWt3t4L3Gbd26V4ocJjrhBqNpIq8bweJSNFKerz28o0
-----END CERTIFICATE-----