Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/ceff08-0527-48be-92b7-0cdfa1c291f6/1/ppsqp4Ev23bKI-PXkUU_kD0Y_AI.roa
File:                     ppsqp4Ev23bKI-PXkUU_kD0Y_AI.roa (raw, json)
Hash identifier:          /UnD97Ve4KRCd/IuF9FFNrUl10o2XuTYW7qm8hshx5E=
Subject key identifier:   A6:9B:2A:A7:81:2F:DB:76:CA:23:E3:D7:91:45:3F:90:3D:18:FC:02
Certificate issuer:       /CN=1639e611b58b7f7055df6a7f995d01fb95d790c9
Certificate serial:       018CC2DAFA9AB7413FCB1904DB2DA6042238
Authority key identifier: 16:39:E6:11:B5:8B:7F:70:55:DF:6A:7F:99:5D:01:FB:95:D7:90:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FjnmEbWLf3BV32p_mV0B-5XXkMk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/ceff08-0527-48be-92b7-0cdfa1c291f6/1/ppsqp4Ev23bKI-PXkUU_kD0Y_AI.roa
Signing time:             Mon 01 Jan 2024 02:29:40 +0000
ROA not before:           Mon 01 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42160
IP address blocks:        91.206.84.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/ceff08-0527-48be-92b7-0cdfa1c291f6/1/FjnmEbWLf3BV32p_mV0B-5XXkMk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/ceff08-0527-48be-92b7-0cdfa1c291f6/1/FjnmEbWLf3BV32p_mV0B-5XXkMk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FjnmEbWLf3BV32p_mV0B-5XXkMk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:fa:9a:b7:41:3f:cb:19:04:db:2d:a6:04:22:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1639e611b58b7f7055df6a7f995d01fb95d790c9
        Validity
            Not Before: Jan  1 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a69b2aa7812fdb76ca23e3d791453f903d18fc02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:4e:05:3b:81:a1:a4:ac:e1:1a:d2:7e:8a:56:
                    31:18:44:ff:f3:e1:89:96:62:21:41:d1:24:a9:d2:
                    2e:aa:d5:18:45:48:92:8d:28:c2:3c:a0:63:7b:87:
                    8f:42:70:6d:89:44:25:7c:20:e9:30:c2:28:3b:76:
                    bf:f0:59:67:b6:10:97:34:78:b6:4f:f9:f1:fa:3f:
                    97:88:b0:3e:43:74:2b:8f:46:e5:2c:3d:da:13:85:
                    8c:81:0a:a4:ac:c9:c7:0a:b9:b6:13:da:78:2e:23:
                    32:12:52:39:35:79:82:93:02:6f:f9:d6:49:00:16:
                    6b:d9:f9:62:bf:be:66:31:27:a7:1f:6b:15:0a:4d:
                    95:65:9c:6e:c1:04:3f:6c:b7:b2:27:72:e6:51:ef:
                    88:40:11:71:f1:d7:18:97:4f:b6:2b:73:64:f5:e5:
                    9c:cb:ba:a0:e9:0d:84:ef:1a:71:c2:b7:b6:26:fc:
                    2a:aa:e1:92:8e:1e:7e:74:58:fb:bc:31:f2:30:d1:
                    6c:1c:da:28:9d:27:e8:2e:4b:f4:fc:bb:22:41:34:
                    79:5d:68:24:c0:81:df:75:a1:7f:bf:97:77:c8:45:
                    b3:1b:da:f1:2a:62:54:e4:8f:53:98:2f:de:81:2c:
                    ee:5e:df:4e:e8:81:db:2d:6f:d8:09:ad:85:65:ab:
                    80:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:9B:2A:A7:81:2F:DB:76:CA:23:E3:D7:91:45:3F:90:3D:18:FC:02
            X509v3 Authority Key Identifier:
                keyid:16:39:E6:11:B5:8B:7F:70:55:DF:6A:7F:99:5D:01:FB:95:D7:90:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FjnmEbWLf3BV32p_mV0B-5XXkMk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ceff08-0527-48be-92b7-0cdfa1c291f6/1/ppsqp4Ev23bKI-PXkUU_kD0Y_AI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ceff08-0527-48be-92b7-0cdfa1c291f6/1/FjnmEbWLf3BV32p_mV0B-5XXkMk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.84.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:d4:d7:cc:81:52:62:e6:f4:c8:04:64:f5:d6:80:82:1c:35:
         2d:8f:ef:05:30:37:94:72:fd:e4:79:bb:12:5f:9c:d4:ab:c9:
         a5:eb:b3:d0:86:56:9a:60:df:5f:5d:af:78:b1:bb:0f:4a:91:
         f7:0b:82:0b:94:f3:54:73:c2:56:68:1f:a8:10:25:fa:34:e9:
         6a:86:7b:77:1c:2b:16:88:74:d3:d3:7a:df:b2:d7:f1:65:41:
         c6:2b:de:41:1f:0c:d8:9f:59:ad:04:0e:bb:60:c7:3d:4c:f1:
         f4:96:fa:f2:db:6f:75:ee:8e:d0:49:18:d7:59:78:4b:29:5b:
         74:76:a4:a5:5d:e6:9f:20:9e:ed:fa:35:4b:b7:c6:16:c7:47:
         c0:69:99:dc:1d:9f:b8:80:0d:3e:f9:43:05:0e:bb:f2:0e:12:
         be:83:2e:57:d9:9d:ca:8d:05:05:91:48:13:f4:25:b4:3a:98:
         3c:47:a2:89:f5:58:fd:8b:6b:3e:00:ff:45:2e:87:87:9e:3e:
         61:05:c7:37:03:85:f4:8c:a6:aa:fc:7d:ca:6b:29:fc:01:82:
         fa:fc:86:a9:fa:c4:3b:54:4c:34:08:25:00:b2:c7:ce:4a:ac:
         fb:68:6f:34:2a:d3:cf:97:b8:14:64:56:d2:b8:82:da:e9:0a:
         0f:d5:a7:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2vqat0E/yxkE2y2mBCI4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MzllNjExYjU4YjdmNzA1NWRmNmE3Zjk5NWQwMWZiOTVk
NzkwYzkwHhcNMjQwMTAxMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjliMmFhNzgxMmZkYjc2Y2EyM2UzZDc5MTQ1M2Y5MDNkMThmYzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr04FO4GhpKzhGtJ+ilYxGET/8+GJ
lmIhQdEkqdIuqtUYRUiSjSjCPKBje4ePQnBtiUQlfCDpMMIoO3a/8FlnthCXNHi2
T/nx+j+XiLA+Q3Qrj0blLD3aE4WMgQqkrMnHCrm2E9p4LiMyElI5NXmCkwJv+dZJ
ABZr2fliv75mMSenH2sVCk2VZZxuwQQ/bLeyJ3LmUe+IQBFx8dcYl0+2K3Nk9eWc
y7qg6Q2E7xpxwre2JvwqquGSjh5+dFj7vDHyMNFsHNoonSfoLkv0/LsiQTR5XWgk
wIHfdaF/v5d3yEWzG9rxKmJU5I9TmC/egSzuXt9O6IHbLW/YCa2FZauAXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKabKqeBL9t2yiPj15FFP5A9GPwCMB8GA1UdIwQY
MBaAFBY55hG1i39wVd9qf5ldAfuV15DJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmpubUViV0xmM0JWMzJwX21WMEItNVhYa01rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9jZWZmMDgtMDUyNy00OGJlLTkyYjct
MGNkZmExYzI5MWY2LzEvcHBzcXA0RXYyM2JLSS1QWGtVVV9rRDBZX0FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9jZWZmMDgtMDUyNy00OGJlLTkyYjctMGNkZmExYzI5MWY2
LzEvRmpubUViV0xmM0JWMzJwX21WMEItNVhYa01rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW85UMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ1NfMgVJi5vTIBGT11oCCHDUtj+8FMDeUcv3kebsS
X5zUq8ml67PQhlaaYN9fXa94sbsPSpH3C4ILlPNUc8JWaB+oECX6NOlqhnt3HCsW
iHTT03rfstfxZUHGK95BHwzYn1mtBA67YMc9TPH0lvry22917o7QSRjXWXhLKVt0
dqSlXeafIJ7t+jVLt8YWx0fAaZncHZ+4gA0++UMFDrvyDhK+gy5X2Z3KjQUFkUgT
9CW0Opg8R6KJ9Vj9i2s+AP9FLoeHnj5hBcc3A4X0jKaq/H3Kayn8AYL6/Iap+sQ7
VEw0CCUAssfOSqz7aG80KtPPl7gUZFbSuILa6QoP1adg
-----END CERTIFICATE-----