Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/ab78fc-25a8-46c1-8699-1d82ab15c415/1/H5J3mge1GZ4FRU-EdmmHyh_pKLo.roa
File:                     H5J3mge1GZ4FRU-EdmmHyh_pKLo.roa (raw, json)
Hash identifier:          ODpbe1aNm5htOihTbXNKYY80aHpfwZ9JUF8pejl+RZY=
Subject key identifier:   1F:92:77:9A:07:B5:19:9E:05:45:4F:84:76:69:87:CA:1F:E9:28:BA
Certificate issuer:       /CN=20bdef3beb4114cfcbfeb9fb4ed8da98faf4fa89
Certificate serial:       019059FD6B5077A1B9C79F9AEDE37BAB8CB3
Authority key identifier: 20:BD:EF:3B:EB:41:14:CF:CB:FE:B9:FB:4E:D8:DA:98:FA:F4:FA:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IL3vO-tBFM_L_rn7TtjamPr0-ok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/ab78fc-25a8-46c1-8699-1d82ab15c415/1/H5J3mge1GZ4FRU-EdmmHyh_pKLo.roa
Signing time:             Thu 27 Jun 2024 13:58:18 +0000
ROA not before:           Thu 27 Jun 2024 13:58:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59772
IP address blocks:        91.239.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/ab78fc-25a8-46c1-8699-1d82ab15c415/1/IL3vO-tBFM_L_rn7TtjamPr0-ok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/ab78fc-25a8-46c1-8699-1d82ab15c415/1/IL3vO-tBFM_L_rn7TtjamPr0-ok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IL3vO-tBFM_L_rn7TtjamPr0-ok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:59:fd:6b:50:77:a1:b9:c7:9f:9a:ed:e3:7b:ab:8c:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20bdef3beb4114cfcbfeb9fb4ed8da98faf4fa89
        Validity
            Not Before: Jun 27 13:58:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f92779a07b5199e05454f84766987ca1fe928ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:59:09:1e:be:3e:bf:93:cf:52:be:49:3a:82:
                    17:61:ab:aa:fb:5b:01:de:13:56:20:8a:55:e7:82:
                    98:3a:c6:c9:8a:46:2f:7f:98:4c:19:f1:e4:ed:5c:
                    c1:32:8f:cd:cc:9e:f7:a6:56:c8:b6:b3:40:9f:48:
                    45:cf:46:fb:4c:b4:bd:3b:25:ac:31:68:7c:18:99:
                    1f:83:16:a1:91:64:48:9a:92:64:99:15:a1:7c:d2:
                    7d:df:25:76:1a:c5:d3:ed:b3:a0:02:26:3e:63:8a:
                    84:1a:16:af:8b:c1:54:61:42:fa:f0:14:7f:45:6c:
                    29:dd:16:17:78:76:8c:9e:78:9e:25:f2:d2:23:a3:
                    de:8c:1f:56:44:45:56:af:b9:29:07:a9:27:b5:4a:
                    8f:3b:63:84:e3:56:0c:47:eb:df:30:aa:b4:94:b5:
                    06:80:50:d7:d3:09:35:98:92:e6:e5:99:e5:f3:0c:
                    a5:e0:50:c0:f6:69:fb:5f:95:d0:ab:a6:cf:72:ce:
                    c2:16:5b:6d:18:42:5e:4c:a7:a6:03:04:63:78:50:
                    55:e8:03:3c:54:16:97:7a:13:cc:5e:80:a2:45:46:
                    a3:f7:26:51:e9:11:12:23:ba:5e:8a:00:0d:97:b3:
                    69:d9:ad:cb:66:e6:b7:9c:60:f3:f1:41:17:fc:2b:
                    48:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:92:77:9A:07:B5:19:9E:05:45:4F:84:76:69:87:CA:1F:E9:28:BA
            X509v3 Authority Key Identifier:
                keyid:20:BD:EF:3B:EB:41:14:CF:CB:FE:B9:FB:4E:D8:DA:98:FA:F4:FA:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IL3vO-tBFM_L_rn7TtjamPr0-ok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/ab78fc-25a8-46c1-8699-1d82ab15c415/1/H5J3mge1GZ4FRU-EdmmHyh_pKLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/ab78fc-25a8-46c1-8699-1d82ab15c415/1/IL3vO-tBFM_L_rn7TtjamPr0-ok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:66:9c:1d:83:72:b2:ea:ed:6a:1c:3a:91:6f:ad:95:6e:e5:
         7a:4a:05:2b:97:d6:fc:f1:90:5b:ba:08:17:c2:15:b6:84:e0:
         68:7b:b3:1f:21:9f:bd:ed:6f:4e:5d:47:bd:81:ca:bb:60:d7:
         e5:6f:d0:45:a5:a1:90:4a:35:f7:56:8a:e3:e9:5f:85:bb:be:
         de:16:a0:55:d0:2e:2b:b6:bc:7a:61:ad:4b:5e:b2:bc:15:6c:
         74:27:35:76:b9:22:2f:da:e7:13:c8:d6:ca:32:f6:f2:a9:a8:
         02:58:42:01:46:11:70:ab:1a:2d:66:94:17:6f:59:1c:f9:8a:
         cc:f0:a0:1c:51:b3:01:c5:12:f7:d2:80:b8:58:7c:f7:19:98:
         e5:4d:aa:19:15:87:55:43:bc:60:e5:ef:56:e6:b3:89:55:24:
         3b:f2:7b:39:11:8a:39:57:c1:3b:63:00:4e:56:8a:de:e7:f7:
         0e:ed:02:c4:76:cc:b0:83:4d:49:b4:90:f3:54:d2:4b:de:29:
         b5:73:8b:53:71:ab:83:72:40:a8:17:09:f7:7e:51:bc:57:12:
         f6:9a:8a:0c:f3:09:78:5f:9f:f9:9a:c0:83:06:4b:28:8c:97:
         6e:e0:96:87:3f:70:7b:60:56:98:e3:97:22:97:7c:47:2f:13:
         7a:fd:7f:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBZ/WtQd6G5x5+a7eN7q4yzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYmRlZjNiZWI0MTE0Y2ZjYmZlYjlmYjRlZDhkYTk4ZmFm
NGZhODkwHhcNMjQwNjI3MTM1ODE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjkyNzc5YTA3YjUxOTllMDU0NTRmODQ3NjY5ODdjYTFmZTkyOGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlkJHr4+v5PPUr5JOoIXYauq+1sB
3hNWIIpV54KYOsbJikYvf5hMGfHk7VzBMo/NzJ73plbItrNAn0hFz0b7TLS9OyWs
MWh8GJkfgxahkWRImpJkmRWhfNJ93yV2GsXT7bOgAiY+Y4qEGhavi8FUYUL68BR/
RWwp3RYXeHaMnnieJfLSI6PejB9WREVWr7kpB6kntUqPO2OE41YMR+vfMKq0lLUG
gFDX0wk1mJLm5Znl8wyl4FDA9mn7X5XQq6bPcs7CFlttGEJeTKemAwRjeFBV6AM8
VBaXehPMXoCiRUaj9yZR6RESI7peigANl7Np2a3LZua3nGDz8UEX/CtIrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+Sd5oHtRmeBUVPhHZph8of6Si6MB8GA1UdIwQY
MBaAFCC97zvrQRTPy/65+07Y2pj69PqJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUwzdk8tdEJGTV9MX3JuN1R0amFtUHIwLW9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9hYjc4ZmMtMjVhOC00NmMxLTg2OTkt
MWQ4MmFiMTVjNDE1LzEvSDVKM21nZTFHWjRGUlUtRWRtbUh5aF9wS0xvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9hYjc4ZmMtMjVhOC00NmMxLTg2OTktMWQ4MmFiMTVjNDE1
LzEvSUwzdk8tdEJGTV9MX3JuN1R0amFtUHIwLW9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+/RMA0G
CSqGSIb3DQEBCwUAA4IBAQBkZpwdg3Ky6u1qHDqRb62VbuV6SgUrl9b88ZBbuggX
whW2hOBoe7MfIZ+97W9OXUe9gcq7YNflb9BFpaGQSjX3Vorj6V+Fu77eFqBV0C4r
trx6Ya1LXrK8FWx0JzV2uSIv2ucTyNbKMvbyqagCWEIBRhFwqxotZpQXb1kc+YrM
8KAcUbMBxRL30oC4WHz3GZjlTaoZFYdVQ7xg5e9W5rOJVSQ78ns5EYo5V8E7YwBO
Vore5/cO7QLEdsywg01JtJDzVNJL3im1c4tTcauDckCoFwn3flG8VxL2mooM8wl4
X5/5msCDBksojJdu4JaHP3B7YFaY45cil3xHLxN6/X/w
-----END CERTIFICATE-----