Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/f5475b-a6f9-4cc7-b70f-fd644657ca2b/1/rBABCV6d0DrXeaNPxpZAAye3sjU.roa
File:                     rBABCV6d0DrXeaNPxpZAAye3sjU.roa (raw, json)
Hash identifier:          77Dmji7NOs4JNfucCagj5UVjEvu4VqbHoU1yw1xS9rY=
Subject key identifier:   AC:10:01:09:5E:9D:D0:3A:D7:79:A3:4F:C6:96:40:03:27:B7:B2:35
Certificate issuer:       /CN=df8089aa9e1d5c12abad43a701511da1c65f9fa6
Certificate serial:       018CC2DB56CE8A16846A5F3C12CE84511F8D
Authority key identifier: DF:80:89:AA:9E:1D:5C:12:AB:AD:43:A7:01:51:1D:A1:C6:5F:9F:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/34CJqp4dXBKrrUOnAVEdocZfn6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/f5475b-a6f9-4cc7-b70f-fd644657ca2b/1/rBABCV6d0DrXeaNPxpZAAye3sjU.roa
Signing time:             Mon 01 Jan 2024 02:30:03 +0000
ROA not before:           Mon 01 Jan 2024 02:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50673
IP address blocks:        91.247.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/f5475b-a6f9-4cc7-b70f-fd644657ca2b/1/34CJqp4dXBKrrUOnAVEdocZfn6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/f5475b-a6f9-4cc7-b70f-fd644657ca2b/1/34CJqp4dXBKrrUOnAVEdocZfn6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/34CJqp4dXBKrrUOnAVEdocZfn6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 10:02:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:56:ce:8a:16:84:6a:5f:3c:12:ce:84:51:1f:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df8089aa9e1d5c12abad43a701511da1c65f9fa6
        Validity
            Not Before: Jan  1 02:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac1001095e9dd03ad779a34fc696400327b7b235
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:65:69:97:08:8c:95:ca:e7:40:2f:ac:ed:a5:
                    a3:8d:5e:62:81:38:01:87:88:21:87:1b:fb:e0:bd:
                    16:fb:ff:d4:6b:82:df:d1:45:09:cd:c4:f7:af:0a:
                    20:84:ae:27:50:34:44:27:7f:5c:43:ce:d4:fb:35:
                    3b:48:13:84:20:68:41:1a:84:b2:66:7f:96:41:1f:
                    d4:cb:fc:8d:f4:a2:0b:cf:a7:48:56:47:61:d2:73:
                    73:f4:4c:f5:ec:23:55:bf:31:5d:e6:62:1d:79:12:
                    35:f1:c9:54:b1:46:ad:59:9e:2e:86:54:f6:2c:a7:
                    4c:0f:b1:77:8b:d3:4f:e2:d7:6d:36:00:42:b0:03:
                    91:62:d3:65:70:ba:1c:95:08:bf:53:4d:e8:48:95:
                    21:46:1c:c5:37:18:93:f0:1a:6e:47:79:86:76:51:
                    3e:5f:51:58:d8:09:1e:2e:1d:65:0c:47:aa:cc:fa:
                    aa:86:36:0d:06:c2:b6:97:1b:94:cd:6a:9e:87:79:
                    3f:5d:0c:14:4a:02:46:94:d8:62:54:e3:88:f0:e1:
                    b6:e1:be:dd:2c:c3:1f:cd:a1:76:51:33:7e:22:be:
                    99:45:3d:93:43:b6:a0:ca:15:af:29:14:51:53:97:
                    d5:16:c5:b5:1f:ef:2c:73:04:f0:4e:70:be:0a:3d:
                    16:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:10:01:09:5E:9D:D0:3A:D7:79:A3:4F:C6:96:40:03:27:B7:B2:35
            X509v3 Authority Key Identifier:
                keyid:DF:80:89:AA:9E:1D:5C:12:AB:AD:43:A7:01:51:1D:A1:C6:5F:9F:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/34CJqp4dXBKrrUOnAVEdocZfn6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/f5475b-a6f9-4cc7-b70f-fd644657ca2b/1/rBABCV6d0DrXeaNPxpZAAye3sjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/f5475b-a6f9-4cc7-b70f-fd644657ca2b/1/34CJqp4dXBKrrUOnAVEdocZfn6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.247.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:22:45:6c:97:3b:35:69:39:71:9a:91:6d:d5:90:27:a6:fa:
         3c:e0:a5:dc:01:06:54:35:c4:fb:6c:da:ce:4f:2b:a9:47:82:
         af:3e:80:88:8a:c5:39:c5:8f:4e:c2:cf:30:d0:1d:2d:7a:bc:
         ec:42:b7:6f:99:f0:a0:93:3e:bc:7c:9e:fb:53:47:a6:7d:15:
         d0:5d:e1:ff:f6:ca:48:33:7c:90:d6:8c:d9:a6:b0:41:71:3b:
         e4:9b:c6:cd:09:f3:d0:25:72:ae:6c:bf:f0:f2:30:2f:76:9a:
         56:e0:e8:7c:4f:f1:36:fe:c1:a4:ad:fc:18:ba:3c:52:d0:c6:
         ff:d8:d2:b1:ec:23:5f:ec:6e:db:fe:93:e2:88:85:5e:34:74:
         36:4c:29:7e:fb:f3:3d:ef:c0:85:a0:32:55:da:8e:91:81:7f:
         e4:18:6b:ec:22:6b:25:7d:9e:f2:fe:86:86:fc:8f:55:bc:61:
         4c:0a:2d:b1:97:43:92:64:04:90:d0:75:37:44:e5:a0:12:5f:
         87:9a:79:ac:84:27:9d:ce:2a:8f:f9:54:8f:cd:ce:a9:15:51:
         b2:2c:37:2c:15:72:57:24:8d:5c:4b:2a:1b:29:0c:d2:24:d8:
         32:4f:4e:32:1e:11:4c:30:e8:34:3d:32:6e:dc:06:da:46:78:
         0a:08:92:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC21bOihaEal88Es6EUR+NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmODA4OWFhOWUxZDVjMTJhYmFkNDNhNzAxNTExZGExYzY1
ZjlmYTYwHhcNMjQwMTAxMDIzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzEwMDEwOTVlOWRkMDNhZDc3OWEzNGZjNjk2NDAwMzI3YjdiMjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGVplwiMlcrnQC+s7aWjjV5igTgB
h4ghhxv74L0W+//Ua4Lf0UUJzcT3rwoghK4nUDREJ39cQ87U+zU7SBOEIGhBGoSy
Zn+WQR/Uy/yN9KILz6dIVkdh0nNz9Ez17CNVvzFd5mIdeRI18clUsUatWZ4uhlT2
LKdMD7F3i9NP4tdtNgBCsAORYtNlcLoclQi/U03oSJUhRhzFNxiT8BpuR3mGdlE+
X1FY2AkeLh1lDEeqzPqqhjYNBsK2lxuUzWqeh3k/XQwUSgJGlNhiVOOI8OG24b7d
LMMfzaF2UTN+Ir6ZRT2TQ7agyhWvKRRRU5fVFsW1H+8scwTwTnC+Cj0WWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKwQAQlendA613mjT8aWQAMnt7I1MB8GA1UdIwQY
MBaAFN+AiaqeHVwSq61DpwFRHaHGX5+mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzRDSnFwNGRYQktyclVPbkFWRWRvY1pmbjZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9mNTQ3NWItYTZmOS00Y2M3LWI3MGYt
ZmQ2NDQ2NTdjYTJiLzEvckJBQkNWNmQwRHJYZWFOUHhwWkFBeWUzc2pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9mNTQ3NWItYTZmOS00Y2M3LWI3MGYtZmQ2NDQ2NTdjYTJi
LzEvMzRDSnFwNGRYQktyclVPbkFWRWRvY1pmbjZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/e1MA0G
CSqGSIb3DQEBCwUAA4IBAQBQIkVslzs1aTlxmpFt1ZAnpvo84KXcAQZUNcT7bNrO
TyupR4KvPoCIisU5xY9Ows8w0B0terzsQrdvmfCgkz68fJ77U0emfRXQXeH/9spI
M3yQ1ozZprBBcTvkm8bNCfPQJXKubL/w8jAvdppW4Oh8T/E2/sGkrfwYujxS0Mb/
2NKx7CNf7G7b/pPiiIVeNHQ2TCl++/M978CFoDJV2o6RgX/kGGvsImslfZ7y/oaG
/I9VvGFMCi2xl0OSZASQ0HU3ROWgEl+HmnmshCedziqP+VSPzc6pFVGyLDcsFXJX
JI1cSyobKQzSJNgyT04yHhFMMOg0PTJu3AbaRngKCJKZ
-----END CERTIFICATE-----