Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/a7e45c-f297-4520-abe6-6b813693bc8c/1/JxZgacv6zU70ggT3op96ncy1JU4.roa
File:                     JxZgacv6zU70ggT3op96ncy1JU4.roa (raw, json)
Hash identifier:          A5WqoyJcAmjghv3ACa7o/AWfYMKeNrSxZbL7dvLWYi8=
Subject key identifier:   27:16:60:69:CB:FA:CD:4E:F4:82:04:F7:A2:9F:7A:9D:CC:B5:25:4E
Certificate issuer:       /CN=0f18326e001aa7fc56f83531315376f9eaae0988
Certificate serial:       018CC3B6FC9C5261ED8C3938A40C8FAB5A5C
Authority key identifier: 0F:18:32:6E:00:1A:A7:FC:56:F8:35:31:31:53:76:F9:EA:AE:09:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DxgybgAap_xW-DUxMVN2-equCYg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/a7e45c-f297-4520-abe6-6b813693bc8c/1/JxZgacv6zU70ggT3op96ncy1JU4.roa
Signing time:             Mon 01 Jan 2024 06:29:58 +0000
ROA not before:           Mon 01 Jan 2024 06:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205134
IP address blocks:        91.216.171.0/24 maxlen: 24
                          2a12:d9c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/a7e45c-f297-4520-abe6-6b813693bc8c/1/DxgybgAap_xW-DUxMVN2-equCYg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/a7e45c-f297-4520-abe6-6b813693bc8c/1/DxgybgAap_xW-DUxMVN2-equCYg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DxgybgAap_xW-DUxMVN2-equCYg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:fc:9c:52:61:ed:8c:39:38:a4:0c:8f:ab:5a:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f18326e001aa7fc56f83531315376f9eaae0988
        Validity
            Not Before: Jan  1 06:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27166069cbfacd4ef48204f7a29f7a9dccb5254e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:b0:4c:2d:fd:be:c2:07:57:1c:4a:e3:f6:1d:
                    6f:48:93:09:3e:82:f8:1e:7a:d4:4b:fb:59:20:17:
                    9e:89:79:19:b6:92:fd:73:a0:f3:0e:fd:08:05:d5:
                    1c:6b:e6:db:94:c4:ef:e1:8a:0b:e5:77:a5:ad:df:
                    da:64:da:da:99:24:3a:16:ac:30:c7:40:9d:7b:06:
                    87:af:e0:9c:7e:af:e5:72:f3:7d:ba:7b:8c:6e:44:
                    95:5a:17:2a:5d:9f:72:b9:a6:2d:9a:4c:77:54:76:
                    55:7b:9b:e6:05:c4:68:b3:b0:8a:3a:f9:e1:51:4e:
                    0f:74:f2:a8:87:9c:52:5c:f7:f2:de:a7:fc:ae:51:
                    60:66:6a:0a:fd:17:e0:b6:b9:c9:02:9f:d9:29:b8:
                    78:ad:0a:21:41:65:12:15:a4:cc:85:ac:f1:cf:35:
                    0d:44:05:0c:35:ac:78:dc:48:80:34:cb:d8:8b:16:
                    33:df:24:cb:d8:26:34:8f:8f:11:06:34:ea:4e:5f:
                    19:f3:da:15:04:8d:52:fb:c9:3d:ce:05:42:15:b4:
                    dc:5c:98:e9:28:bf:78:4f:30:9f:0e:a1:9f:2e:71:
                    b1:4f:5f:87:b4:80:16:30:07:99:0f:cf:45:e9:ad:
                    4a:ed:e3:85:8a:19:69:ad:a0:de:ed:06:98:40:1c:
                    9b:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:16:60:69:CB:FA:CD:4E:F4:82:04:F7:A2:9F:7A:9D:CC:B5:25:4E
            X509v3 Authority Key Identifier:
                keyid:0F:18:32:6E:00:1A:A7:FC:56:F8:35:31:31:53:76:F9:EA:AE:09:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DxgybgAap_xW-DUxMVN2-equCYg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/a7e45c-f297-4520-abe6-6b813693bc8c/1/JxZgacv6zU70ggT3op96ncy1JU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/a7e45c-f297-4520-abe6-6b813693bc8c/1/DxgybgAap_xW-DUxMVN2-equCYg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.171.0/24
                IPv6:
                  2a12:d9c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         95:3d:9b:3b:ff:ee:c2:76:30:dc:df:63:78:b7:49:55:af:64:
         62:ba:ac:7c:0c:52:11:6f:e7:09:63:4f:57:83:72:1e:c3:bc:
         67:05:98:2d:a5:19:2a:e6:2b:74:c2:73:fb:18:19:c5:cc:b3:
         52:ff:8a:d9:73:22:c2:e2:ad:20:e2:8b:43:66:53:98:ad:6f:
         85:2a:42:e8:a9:7a:98:00:a7:60:74:65:dd:44:bd:fc:8a:3b:
         7f:4d:87:e8:e4:0b:27:ab:3d:86:5d:f4:03:f8:61:28:5c:cb:
         d6:c0:8b:fe:74:3b:88:9d:2a:bc:63:fa:96:9d:38:e3:ef:88:
         e3:be:61:c6:bc:8c:7c:2e:8c:c9:8b:e4:04:2e:09:31:2d:17:
         a9:d6:cf:79:03:9b:2d:73:9f:d9:fc:24:01:44:ba:e8:7e:5b:
         3a:30:6c:bb:b7:d6:99:cc:64:59:74:5f:13:53:aa:6a:72:d3:
         e2:ce:38:7f:37:f2:3d:cb:bd:e7:dc:a3:a4:1c:be:18:c9:08:
         4a:e7:80:d3:ef:fa:64:82:44:c4:ab:f2:93:5b:7f:39:1d:ec:
         2b:f1:02:31:74:de:7d:4e:bf:35:03:76:ba:b8:c4:7f:8e:0b:
         7d:e5:bd:92:92:f1:e9:d9:85:6d:8f:60:31:a2:94:68:bb:ac:
         a0:43:7a:d5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtvycUmHtjDk4pAyPq1pcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMTgzMjZlMDAxYWE3ZmM1NmY4MzUzMTMxNTM3NmY5ZWFh
ZTA5ODgwHhcNMjQwMTAxMDYyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzE2NjA2OWNiZmFjZDRlZjQ4MjA0ZjdhMjlmN2E5ZGNjYjUyNTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbBMLf2+wgdXHErj9h1vSJMJPoL4
HnrUS/tZIBeeiXkZtpL9c6DzDv0IBdUca+bblMTv4YoL5Xelrd/aZNramSQ6Fqww
x0CdewaHr+Ccfq/lcvN9unuMbkSVWhcqXZ9yuaYtmkx3VHZVe5vmBcRos7CKOvnh
UU4PdPKoh5xSXPfy3qf8rlFgZmoK/RfgtrnJAp/ZKbh4rQohQWUSFaTMhazxzzUN
RAUMNax43EiANMvYixYz3yTL2CY0j48RBjTqTl8Z89oVBI1S+8k9zgVCFbTcXJjp
KL94TzCfDqGfLnGxT1+HtIAWMAeZD89F6a1K7eOFihlpraDe7QaYQBybgwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCcWYGnL+s1O9IIE96Kfep3MtSVOMB8GA1UdIwQY
MBaAFA8YMm4AGqf8Vvg1MTFTdvnqrgmIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHhneWJnQWFwX3hXLURVeE1WTjItZXF1Q1lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9hN2U0NWMtZjI5Ny00NTIwLWFiZTYt
NmI4MTM2OTNiYzhjLzEvSnhaZ2FjdjZ6VTcwZ2dUM29wOTZuY3kxSlU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9hN2U0NWMtZjI5Ny00NTIwLWFiZTYtNmI4MTM2OTNiYzhj
LzEvRHhneWJnQWFwX3hXLURVeE1WTjItZXF1Q1lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW9irMA0E
AgACMAcDBQMqEtnAMA0GCSqGSIb3DQEBCwUAA4IBAQCVPZs7/+7CdjDc32N4t0lV
r2Riuqx8DFIRb+cJY09Xg3Iew7xnBZgtpRkq5it0wnP7GBnFzLNS/4rZcyLC4q0g
4otDZlOYrW+FKkLoqXqYAKdgdGXdRL38ijt/TYfo5Asnqz2GXfQD+GEoXMvWwIv+
dDuInSq8Y/qWnTjj74jjvmHGvIx8LozJi+QELgkxLRep1s95A5stc5/Z/CQBRLro
fls6MGy7t9aZzGRZdF8TU6pqctPizjh/N/I9y73n3KOkHL4YyQhK54DT7/pkgkTE
q/KTW385Hewr8QIxdN59Tr81A3a6uMR/jgt95b2SkvHp2YVtj2AxopRou6ygQ3rV
-----END CERTIFICATE-----