Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/64984d-ae8f-4cf9-a3c3-1e92c7bdc582/1/139ETW_lKXrnJsaVw0MZPf56WYI.roa
File:                     139ETW_lKXrnJsaVw0MZPf56WYI.roa (raw, json)
Hash identifier:          L4v9vf+siLhaBIpEqD+lqBXzsQjcK/4zAnEA/tlwnkg=
Subject key identifier:   D7:7F:44:4D:6F:E5:29:7A:E7:26:C6:95:C3:43:19:3D:FE:7A:59:82
Certificate issuer:       /CN=0957b23c83795bc35c30bc1365a30fdf3375ac89
Certificate serial:       018CC8DEDCCDE076BC86A4797E8F3E25AA1B
Authority key identifier: 09:57:B2:3C:83:79:5B:C3:5C:30:BC:13:65:A3:0F:DF:33:75:AC:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CVeyPIN5W8NcMLwTZaMP3zN1rIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/64984d-ae8f-4cf9-a3c3-1e92c7bdc582/1/139ETW_lKXrnJsaVw0MZPf56WYI.roa
Signing time:             Tue 02 Jan 2024 06:31:37 +0000
ROA not before:           Tue 02 Jan 2024 06:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        91.238.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/64984d-ae8f-4cf9-a3c3-1e92c7bdc582/1/CVeyPIN5W8NcMLwTZaMP3zN1rIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/64984d-ae8f-4cf9-a3c3-1e92c7bdc582/1/CVeyPIN5W8NcMLwTZaMP3zN1rIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CVeyPIN5W8NcMLwTZaMP3zN1rIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:dc:cd:e0:76:bc:86:a4:79:7e:8f:3e:25:aa:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0957b23c83795bc35c30bc1365a30fdf3375ac89
        Validity
            Not Before: Jan  2 06:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d77f444d6fe5297ae726c695c343193dfe7a5982
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:00:39:51:31:ff:5b:d5:c8:38:0a:6e:ae:ee:
                    b8:50:32:05:aa:e3:5e:0a:1f:b6:9e:da:9f:26:95:
                    3c:e2:d1:b5:11:63:da:89:ea:4f:60:1c:99:bd:99:
                    5b:3d:53:f5:df:63:3f:75:cf:9b:8c:b8:f9:59:3a:
                    c3:c8:5f:be:49:4b:d0:76:61:9a:37:84:67:9d:48:
                    54:0a:5b:48:cd:0c:3d:95:04:6d:30:99:cc:40:39:
                    d5:f0:c9:29:e7:bb:8f:ff:1c:98:35:91:d2:d5:eb:
                    25:1b:f4:55:5a:d1:f1:e3:6f:f0:e7:4a:09:7a:98:
                    1d:93:8e:f1:db:d3:87:88:78:b5:63:1c:c9:7c:9e:
                    17:44:19:8c:d3:39:88:6e:09:8d:d6:a5:88:2b:6b:
                    36:54:f9:dd:d9:ef:4f:c5:77:5d:44:c2:15:63:6d:
                    b7:be:0f:66:1d:0d:5f:2c:c2:ee:ff:89:07:06:10:
                    92:34:f4:fb:47:af:ac:8e:21:aa:d1:7f:b1:59:94:
                    e9:e0:1a:7c:c3:c5:77:9a:4f:36:aa:65:b7:47:a1:
                    a7:32:a9:c9:01:26:f0:a3:db:21:7b:06:d7:44:9a:
                    91:6a:52:6b:a5:d1:90:ca:dc:2e:9e:7c:b6:20:00:
                    a7:b6:e6:2d:e7:cd:e1:33:e4:21:61:ac:49:d8:c8:
                    f1:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:7F:44:4D:6F:E5:29:7A:E7:26:C6:95:C3:43:19:3D:FE:7A:59:82
            X509v3 Authority Key Identifier:
                keyid:09:57:B2:3C:83:79:5B:C3:5C:30:BC:13:65:A3:0F:DF:33:75:AC:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CVeyPIN5W8NcMLwTZaMP3zN1rIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/64984d-ae8f-4cf9-a3c3-1e92c7bdc582/1/139ETW_lKXrnJsaVw0MZPf56WYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/64984d-ae8f-4cf9-a3c3-1e92c7bdc582/1/CVeyPIN5W8NcMLwTZaMP3zN1rIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:cf:81:a5:66:9d:85:bd:d2:70:9a:61:7c:54:cf:3a:6b:36:
         3c:4f:7a:cb:6d:eb:aa:11:08:24:d9:06:44:66:2f:df:1f:96:
         2b:63:a9:d4:50:80:ac:2b:a6:d6:bc:ee:53:85:d3:3a:10:e7:
         fb:07:29:bf:b2:22:c3:c5:f2:04:b3:fc:c6:a4:9c:dc:78:ff:
         1f:93:ff:68:64:bc:c6:7c:cc:d9:84:2c:e4:cc:90:78:75:b9:
         5d:f2:c2:49:cb:88:c6:20:1b:1c:d0:11:42:09:80:93:05:6d:
         96:cd:b3:97:9d:dc:85:6d:a0:51:e2:2e:81:c6:77:00:b2:e2:
         b5:20:8b:ba:68:d5:7c:31:72:38:8e:cd:77:ef:f4:15:42:be:
         f1:3c:ba:91:25:25:82:5b:ed:66:f5:89:6c:6c:6b:76:3b:e4:
         03:14:5b:e9:63:d0:af:72:4a:cf:67:a5:58:a7:f4:3b:ce:67:
         aa:7a:b3:60:14:40:1c:78:5b:e9:ee:66:0d:84:e6:88:cb:22:
         63:86:86:aa:98:72:b0:00:6c:70:67:c2:c8:25:90:f6:e2:69:
         41:1b:bb:a1:4c:5a:9c:b6:3c:ae:b6:37:5b:34:33:fb:2c:21:
         36:e3:71:c9:11:8b:25:1f:c3:61:bc:ce:cb:41:e6:64:c0:d3:
         59:4c:65:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3tzN4Ha8hqR5fo8+JaobMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NTdiMjNjODM3OTViYzM1YzMwYmMxMzY1YTMwZmRmMzM3
NWFjODkwHhcNMjQwMTAyMDYzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzdmNDQ0ZDZmZTUyOTdhZTcyNmM2OTVjMzQzMTkzZGZlN2E1OTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQA5UTH/W9XIOApuru64UDIFquNe
Ch+2ntqfJpU84tG1EWPaiepPYByZvZlbPVP132M/dc+bjLj5WTrDyF++SUvQdmGa
N4RnnUhUCltIzQw9lQRtMJnMQDnV8Mkp57uP/xyYNZHS1eslG/RVWtHx42/w50oJ
epgdk47x29OHiHi1YxzJfJ4XRBmM0zmIbgmN1qWIK2s2VPnd2e9PxXddRMIVY223
vg9mHQ1fLMLu/4kHBhCSNPT7R6+sjiGq0X+xWZTp4Bp8w8V3mk82qmW3R6GnMqnJ
ASbwo9shewbXRJqRalJrpdGQytwunny2IACntuYt583hM+QhYaxJ2MjxkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNd/RE1v5Sl65ybGlcNDGT3+elmCMB8GA1UdIwQY
MBaAFAlXsjyDeVvDXDC8E2WjD98zdayJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ZleVBJTjVXOE5jTUx3VFphTVAzek4xcklrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi82NDk4NGQtYWU4Zi00Y2Y5LWEzYzMt
MWU5MmM3YmRjNTgyLzEvMTM5RVRXX2xLWHJuSnNhVncwTVpQZjU2V1lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi82NDk4NGQtYWU4Zi00Y2Y5LWEzYzMtMWU5MmM3YmRjNTgy
LzEvQ1ZleVBJTjVXOE5jTUx3VFphTVAzek4xcklrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+7RMA0G
CSqGSIb3DQEBCwUAA4IBAQAEz4GlZp2FvdJwmmF8VM86azY8T3rLbeuqEQgk2QZE
Zi/fH5YrY6nUUICsK6bWvO5ThdM6EOf7Bym/siLDxfIEs/zGpJzceP8fk/9oZLzG
fMzZhCzkzJB4dbld8sJJy4jGIBsc0BFCCYCTBW2WzbOXndyFbaBR4i6BxncAsuK1
IIu6aNV8MXI4js137/QVQr7xPLqRJSWCW+1m9YlsbGt2O+QDFFvpY9CvckrPZ6VY
p/Q7zmeqerNgFEAceFvp7mYNhOaIyyJjhoaqmHKwAGxwZ8LIJZD24mlBG7uhTFqc
tjyutjdbNDP7LCE243HJEYslH8NhvM7LQeZkwNNZTGV3
-----END CERTIFICATE-----