Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/dec31c-dcd4-4da7-9dda-c4a07d61689d/1/1-v9BlnNcX6zwvd8A6hUjepG6Gg0.roa
File:                     1-v9BlnNcX6zwvd8A6hUjepG6Gg0.roa (raw, json)
Hash identifier:          peZC2JC9z9TM10oXtWCucoD/CKggNfHNt/KB4h0AbI4=
Subject key identifier:   FA:FF:41:96:73:5C:5F:AC:F0:BD:DF:00:EA:15:23:7A:91:BA:1A:0D
Certificate issuer:       /CN=abe0a8a462d0de1f4d3012c3e39e5cda603e8f91
Certificate serial:       018CC649AFC50E2C3B83F41853115D0286F4
Authority key identifier: AB:E0:A8:A4:62:D0:DE:1F:4D:30:12:C3:E3:9E:5C:DA:60:3E:8F:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q-CopGLQ3h9NMBLD455c2mA-j5E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/dec31c-dcd4-4da7-9dda-c4a07d61689d/1/1-v9BlnNcX6zwvd8A6hUjepG6Gg0.roa
Signing time:             Mon 01 Jan 2024 18:29:27 +0000
ROA not before:           Mon 01 Jan 2024 18:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58125
IP address blocks:        91.239.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/dec31c-dcd4-4da7-9dda-c4a07d61689d/1/q-CopGLQ3h9NMBLD455c2mA-j5E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/dec31c-dcd4-4da7-9dda-c4a07d61689d/1/q-CopGLQ3h9NMBLD455c2mA-j5E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q-CopGLQ3h9NMBLD455c2mA-j5E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:03:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:af:c5:0e:2c:3b:83:f4:18:53:11:5d:02:86:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abe0a8a462d0de1f4d3012c3e39e5cda603e8f91
        Validity
            Not Before: Jan  1 18:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=faff4196735c5facf0bddf00ea15237a91ba1a0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:88:8b:98:06:1e:5d:f2:5b:5b:26:db:8d:c5:
                    d4:0e:65:3a:bc:3d:ac:f0:0f:82:e1:18:31:0d:a2:
                    50:49:f2:47:12:46:43:15:27:93:1e:88:1b:f0:36:
                    e4:71:93:25:f8:7a:10:d2:5d:7d:a2:95:ca:41:72:
                    18:75:b3:46:25:e3:bf:a2:08:13:39:1d:33:a7:9a:
                    38:6f:32:1c:73:91:d4:19:f4:bc:18:f8:6c:10:79:
                    99:f2:b1:d2:a1:50:c6:80:de:59:e8:c8:ba:5a:f9:
                    52:38:ff:fa:bc:0e:4e:4d:4f:2c:a5:0c:95:b5:b6:
                    e8:88:ca:40:93:82:59:0d:3f:16:e3:a0:ce:6f:13:
                    60:64:d0:5a:f0:b8:30:9f:b7:00:fd:ec:e9:ae:bf:
                    07:b3:c3:f5:f8:42:32:2c:f0:27:9c:2f:58:45:af:
                    a8:4f:23:72:71:c8:66:a0:d3:6f:6e:bf:53:79:59:
                    03:49:d5:e3:e5:73:5c:f7:12:16:9e:68:0b:35:e5:
                    68:34:57:57:16:b3:e5:15:41:25:f5:33:06:be:07:
                    b3:66:71:16:10:f4:71:37:ae:71:b9:71:a2:bc:72:
                    71:c5:7a:ab:b5:e5:88:9d:05:71:cc:bf:82:a7:f0:
                    26:5c:00:52:d2:a0:38:73:13:5b:7c:e2:b7:43:51:
                    5c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:FF:41:96:73:5C:5F:AC:F0:BD:DF:00:EA:15:23:7A:91:BA:1A:0D
            X509v3 Authority Key Identifier:
                keyid:AB:E0:A8:A4:62:D0:DE:1F:4D:30:12:C3:E3:9E:5C:DA:60:3E:8F:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q-CopGLQ3h9NMBLD455c2mA-j5E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/dec31c-dcd4-4da7-9dda-c4a07d61689d/1/1-v9BlnNcX6zwvd8A6hUjepG6Gg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/dec31c-dcd4-4da7-9dda-c4a07d61689d/1/q-CopGLQ3h9NMBLD455c2mA-j5E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:ab:f9:eb:34:19:56:21:51:2d:7c:f3:32:6a:a7:ac:8e:ff:
         31:4c:e6:d0:64:d6:09:b1:3d:15:fb:fa:9f:6e:f3:a1:ce:7a:
         0a:d1:c5:3d:8a:79:83:e8:24:19:21:b1:b3:c6:72:77:3e:3e:
         dc:7f:a9:b3:1f:da:d7:e4:39:27:fb:72:c3:a1:60:3b:e6:75:
         2f:f8:0b:1f:96:d4:a8:c0:34:1a:d9:ed:9c:9c:4f:1d:50:b2:
         b7:81:61:c1:e0:eb:5f:80:a0:44:2c:c5:e3:d8:55:69:e6:af:
         34:87:23:49:33:34:11:dc:3f:0d:5b:cf:79:6b:0b:d7:c1:85:
         12:90:0c:b8:cd:c0:5b:34:d6:86:a2:c8:b4:93:b7:a4:53:9f:
         32:15:58:a9:2b:35:9e:b7:cf:19:84:c6:f2:03:6a:49:4a:8e:
         6e:a0:35:44:6a:3b:a2:71:62:87:cc:01:74:50:29:0a:22:d3:
         1e:b7:49:02:8c:31:4b:e4:80:01:fd:43:4c:6d:66:ab:50:2a:
         f3:34:86:21:74:1d:1d:04:80:2e:17:2c:f8:98:a8:b1:fb:b0:
         21:2c:9d:18:26:66:46:e4:55:4a:08:30:91:d4:fc:f0:46:45:
         e6:ad:1d:e3:01:69:90:dd:c7:b8:0b:4e:6c:9d:93:e4:73:98:
         2c:62:2a:ad
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGSa/FDiw7g/QYUxFdAob0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiZTBhOGE0NjJkMGRlMWY0ZDMwMTJjM2UzOWU1Y2RhNjAz
ZThmOTEwHhcNMjQwMTAxMTgyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWZmNDE5NjczNWM1ZmFjZjBiZGRmMDBlYTE1MjM3YTkxYmExYTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsoiLmAYeXfJbWybbjcXUDmU6vD2s
8A+C4RgxDaJQSfJHEkZDFSeTHogb8DbkcZMl+HoQ0l19opXKQXIYdbNGJeO/oggT
OR0zp5o4bzIcc5HUGfS8GPhsEHmZ8rHSoVDGgN5Z6Mi6WvlSOP/6vA5OTU8spQyV
tbboiMpAk4JZDT8W46DObxNgZNBa8Lgwn7cA/ezprr8Hs8P1+EIyLPAnnC9YRa+o
TyNycchmoNNvbr9TeVkDSdXj5XNc9xIWnmgLNeVoNFdXFrPlFUEl9TMGvgezZnEW
EPRxN65xuXGivHJxxXqrteWInQVxzL+Cp/AmXABS0qA4cxNbfOK3Q1FcNwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPr/QZZzXF+s8L3fAOoVI3qRuhoNMB8GA1UdIwQY
MBaAFKvgqKRi0N4fTTASw+OeXNpgPo+RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcS1Db3BHTFEzaDlOTUJMRDQ1NWMybUEtajVFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9kZWMzMWMtZGNkNC00ZGE3LTlkZGEt
YzRhMDdkNjE2ODlkLzEvMS12OUJsbk5jWDZ6d3ZkOEE2aFVqZXBHNkdnMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTIvZGVjMzFjLWRjZDQtNGRhNy05ZGRhLWM0YTA3ZDYxNjg5
ZC8xL3EtQ29wR0xRM2g5Tk1CTEQ0NTVjMm1BLWo1RS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvvDjAN
BgkqhkiG9w0BAQsFAAOCAQEAE6v56zQZViFRLXzzMmqnrI7/MUzm0GTWCbE9Ffv6
n27zoc56CtHFPYp5g+gkGSGxs8Zydz4+3H+psx/a1+Q5J/tyw6FgO+Z1L/gLH5bU
qMA0GtntnJxPHVCyt4FhweDrX4CgRCzF49hVaeavNIcjSTM0Edw/DVvPeWsL18GF
EpAMuM3AWzTWhqLItJO3pFOfMhVYqSs1nrfPGYTG8gNqSUqObqA1RGo7onFih8wB
dFApCiLTHrdJAowxS+SAAf1DTG1mq1Aq8zSGIXQdHQSALhcs+JiosfuwISydGCZm
RuRVSggwkdT88EZF5q0d4wFpkN3HuAtObJ2T5HOYLGIqrQ==
-----END CERTIFICATE-----