Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/a5188d-a0ad-453c-ba82-3879bd703946/1/cSnw7C9mgaOh-LFrgkaVBCM5Y_s.roa
File:                     cSnw7C9mgaOh-LFrgkaVBCM5Y_s.roa (raw, json)
Hash identifier:          c+rx6RMqDGgME2BIfK5o2fCWfO97pjF5c4L73vrVm0o=
Subject key identifier:   71:29:F0:EC:2F:66:81:A3:A1:F8:B1:6B:82:46:95:04:23:39:63:FB
Certificate issuer:       /CN=9a233bbddfe438646f586f085e5df0d79bdfb9fc
Certificate serial:       018EC1EFF5E4E59FBC68E95FFAB194EF8DCD
Authority key identifier: 9A:23:3B:BD:DF:E4:38:64:6F:58:6F:08:5E:5D:F0:D7:9B:DF:B9:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/miM7vd_kOGRvWG8IXl3w15vfufw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/a5188d-a0ad-453c-ba82-3879bd703946/1/cSnw7C9mgaOh-LFrgkaVBCM5Y_s.roa
Signing time:             Tue 09 Apr 2024 08:18:32 +0000
ROA not before:           Tue 09 Apr 2024 08:18:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38478
IP address blocks:        80.91.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/a5188d-a0ad-453c-ba82-3879bd703946/1/miM7vd_kOGRvWG8IXl3w15vfufw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/a5188d-a0ad-453c-ba82-3879bd703946/1/miM7vd_kOGRvWG8IXl3w15vfufw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/miM7vd_kOGRvWG8IXl3w15vfufw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c1:ef:f5:e4:e5:9f:bc:68:e9:5f:fa:b1:94:ef:8d:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a233bbddfe438646f586f085e5df0d79bdfb9fc
        Validity
            Not Before: Apr  9 08:18:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7129f0ec2f6681a3a1f8b16b82469504233963fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:16:4c:6e:ca:11:71:97:bb:91:6c:c5:b2:ce:
                    da:2b:da:58:3c:9b:0e:9d:be:10:f9:22:22:46:dd:
                    1b:d1:b6:49:0c:22:82:9f:02:c7:b2:d7:4a:65:ab:
                    dc:52:f6:81:69:c3:ad:10:63:a6:a8:5f:c3:14:c8:
                    da:48:16:42:a9:21:98:c7:ae:06:e0:67:86:e7:13:
                    62:2a:51:a2:ff:eb:b1:8c:bf:80:60:47:2e:05:b8:
                    ac:e3:c1:63:82:73:ad:0e:33:2d:8f:6b:47:b2:6e:
                    5e:04:2d:1d:ac:12:f6:30:7f:76:d0:39:26:92:ad:
                    62:3a:07:d1:4c:bd:a3:64:b4:4a:47:aa:9b:29:21:
                    5c:a7:3a:c4:37:3b:ee:09:f2:46:d6:9a:0f:5e:6e:
                    74:4d:56:93:03:9e:2f:22:e1:22:20:5a:f7:0e:14:
                    26:86:1e:72:9d:dc:72:67:69:b0:44:1d:c1:d8:c8:
                    a6:1b:61:70:58:e0:a5:a5:9b:1b:8f:a9:52:84:f0:
                    31:1b:8c:40:95:03:ec:7c:ee:c5:48:cd:c9:30:23:
                    51:60:b1:94:13:5e:25:22:eb:7e:b5:34:9f:e2:2b:
                    75:90:48:38:2f:b6:ff:a2:8d:1b:0f:67:d3:30:26:
                    c7:68:de:bf:68:b4:cb:dc:34:c3:70:b2:25:1e:bd:
                    fe:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:29:F0:EC:2F:66:81:A3:A1:F8:B1:6B:82:46:95:04:23:39:63:FB
            X509v3 Authority Key Identifier:
                keyid:9A:23:3B:BD:DF:E4:38:64:6F:58:6F:08:5E:5D:F0:D7:9B:DF:B9:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/miM7vd_kOGRvWG8IXl3w15vfufw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/a5188d-a0ad-453c-ba82-3879bd703946/1/cSnw7C9mgaOh-LFrgkaVBCM5Y_s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/a5188d-a0ad-453c-ba82-3879bd703946/1/miM7vd_kOGRvWG8IXl3w15vfufw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.91.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:59:31:e1:b6:47:0c:1a:e1:2f:7f:79:fc:fc:15:9b:15:ac:
         02:ae:9f:fa:cd:02:43:b9:3b:ed:4f:99:35:07:d6:33:a2:85:
         47:98:0d:30:82:7d:26:0b:ae:6f:bd:ad:4a:4a:66:67:37:5d:
         4d:2a:d3:49:f1:81:ea:f7:58:e7:d6:37:45:9c:ea:88:c9:d5:
         66:a9:8e:47:3e:3c:70:2d:b5:9f:fa:ed:e4:0b:e6:70:75:58:
         bf:d8:17:39:14:44:21:d7:fb:e0:66:be:bc:4a:13:53:61:47:
         c1:b7:e8:f2:70:e2:ad:9f:9d:c5:6e:51:e4:4e:ac:62:a6:74:
         99:f9:f1:a7:ca:5a:54:98:20:29:7d:c1:92:c9:ec:f3:8a:2e:
         dc:94:dc:60:f0:2e:16:48:3f:29:ad:7a:cf:03:07:47:2b:fc:
         46:1c:b7:fe:c5:d6:18:41:4c:c6:cf:b4:0f:2e:29:bb:de:92:
         c4:64:ca:c3:b5:55:61:35:12:92:30:19:04:0d:56:c6:91:84:
         84:10:ce:1b:7b:b8:bb:02:60:af:47:b7:5d:57:de:8c:fc:35:
         98:f7:6d:07:d7:65:5d:2a:0d:64:be:80:09:1b:a5:87:69:55:
         93:82:71:c1:bc:99:9b:fd:da:1b:28:f2:f5:f0:c8:f6:70:0c:
         49:f8:fc:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7B7/Xk5Z+8aOlf+rGU743NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMjMzYmJkZGZlNDM4NjQ2ZjU4NmYwODVlNWRmMGQ3OWJk
ZmI5ZmMwHhcNMjQwNDA5MDgxODMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTI5ZjBlYzJmNjY4MWEzYTFmOGIxNmI4MjQ2OTUwNDIzMzk2M2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRZMbsoRcZe7kWzFss7aK9pYPJsO
nb4Q+SIiRt0b0bZJDCKCnwLHstdKZavcUvaBacOtEGOmqF/DFMjaSBZCqSGYx64G
4GeG5xNiKlGi/+uxjL+AYEcuBbis48FjgnOtDjMtj2tHsm5eBC0drBL2MH920Dkm
kq1iOgfRTL2jZLRKR6qbKSFcpzrENzvuCfJG1poPXm50TVaTA54vIuEiIFr3DhQm
hh5yndxyZ2mwRB3B2MimG2FwWOClpZsbj6lShPAxG4xAlQPsfO7FSM3JMCNRYLGU
E14lIut+tTSf4it1kEg4L7b/oo0bD2fTMCbHaN6/aLTL3DTDcLIlHr3+awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHEp8OwvZoGjofixa4JGlQQjOWP7MB8GA1UdIwQY
MBaAFJojO73f5Dhkb1hvCF5d8Neb37n8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWlNN3ZkX2tPR1J2V0c4SVhsM3cxNXZmdWZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hNTE4OGQtYTBhZC00NTNjLWJhODIt
Mzg3OWJkNzAzOTQ2LzEvY1NudzdDOW1nYU9oLUxGcmdrYVZCQ001WV9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hNTE4OGQtYTBhZC00NTNjLWJhODItMzg3OWJkNzAzOTQ2
LzEvbWlNN3ZkX2tPR1J2V0c4SVhsM3cxNXZmdWZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFs4MA0G
CSqGSIb3DQEBCwUAA4IBAQAJWTHhtkcMGuEvf3n8/BWbFawCrp/6zQJDuTvtT5k1
B9YzooVHmA0wgn0mC65vva1KSmZnN11NKtNJ8YHq91jn1jdFnOqIydVmqY5HPjxw
LbWf+u3kC+ZwdVi/2Bc5FEQh1/vgZr68ShNTYUfBt+jycOKtn53FblHkTqxipnSZ
+fGnylpUmCApfcGSyezzii7clNxg8C4WSD8prXrPAwdHK/xGHLf+xdYYQUzGz7QP
Lim73pLEZMrDtVVhNRKSMBkEDVbGkYSEEM4be7i7AmCvR7ddV96M/DWY920H12Vd
Kg1kvoAJG6WHaVWTgnHBvJmb/dobKPL18Mj2cAxJ+PzL
-----END CERTIFICATE-----