Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/64984d-ae8f-4cf9-a3c3-1e92c7bdc582/1/RJqvHryWITPbcumIkzOpCbdNV00.roa
File:                     RJqvHryWITPbcumIkzOpCbdNV00.roa (raw, json)
Hash identifier:          CWcE0zspbOCy4+9yWZ0enJf+xTJOS73qdtIKyRrQ4XQ=
Subject key identifier:   44:9A:AF:1E:BC:96:21:33:DB:72:E9:88:93:33:A9:09:B7:4D:57:4D
Certificate issuer:       /CN=0957b23c83795bc35c30bc1365a30fdf3375ac89
Certificate serial:       018CC8DEDC4ADAC7F483DE8A3BEF88373E94
Authority key identifier: 09:57:B2:3C:83:79:5B:C3:5C:30:BC:13:65:A3:0F:DF:33:75:AC:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CVeyPIN5W8NcMLwTZaMP3zN1rIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/64984d-ae8f-4cf9-a3c3-1e92c7bdc582/1/RJqvHryWITPbcumIkzOpCbdNV00.roa
Signing time:             Tue 02 Jan 2024 06:31:37 +0000
ROA not before:           Tue 02 Jan 2024 06:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        91.238.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/64984d-ae8f-4cf9-a3c3-1e92c7bdc582/1/CVeyPIN5W8NcMLwTZaMP3zN1rIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/64984d-ae8f-4cf9-a3c3-1e92c7bdc582/1/CVeyPIN5W8NcMLwTZaMP3zN1rIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CVeyPIN5W8NcMLwTZaMP3zN1rIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:dc:4a:da:c7:f4:83:de:8a:3b:ef:88:37:3e:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0957b23c83795bc35c30bc1365a30fdf3375ac89
        Validity
            Not Before: Jan  2 06:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=449aaf1ebc962133db72e9889333a909b74d574d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:60:bd:03:9f:e1:d0:ec:ac:41:80:28:fb:51:
                    be:d5:96:09:82:47:6f:5a:fb:21:2b:c2:67:ef:73:
                    86:a1:18:16:c8:73:4c:3e:6f:a7:2d:fb:32:a3:e2:
                    bc:bf:fd:14:b1:df:84:76:79:2d:3f:bc:ab:1e:13:
                    1f:5a:6c:85:7e:7d:ba:6b:d3:54:4d:7d:9e:47:48:
                    9b:d5:aa:34:77:d4:de:a1:0e:7a:19:bb:58:ed:75:
                    7a:48:3b:41:af:47:75:6d:6e:fe:ac:48:ff:50:63:
                    0f:79:9a:ba:d4:c4:e8:2d:57:d4:13:b9:c6:9f:0f:
                    15:53:a4:5d:26:cb:a5:16:2f:24:98:e6:26:94:17:
                    99:9c:70:7e:8d:36:dd:d9:37:02:ec:28:7f:19:1c:
                    f5:95:9e:dd:80:6e:42:e5:b0:f7:df:87:36:a8:4f:
                    50:88:62:bc:be:5b:19:b4:0e:59:f0:2b:27:3a:2c:
                    90:43:8f:dd:18:42:64:e9:27:eb:51:61:b2:df:ad:
                    72:11:a4:0e:ac:11:25:b0:98:ab:f0:ae:f0:bb:6a:
                    eb:20:4b:f1:ac:3b:03:5b:8a:f1:d3:93:d7:f7:6d:
                    98:8b:54:ad:e6:24:dc:65:73:2e:c1:ef:31:95:5c:
                    9f:4f:3a:d0:52:e1:ee:0d:c5:93:43:59:14:54:2b:
                    63:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:9A:AF:1E:BC:96:21:33:DB:72:E9:88:93:33:A9:09:B7:4D:57:4D
            X509v3 Authority Key Identifier:
                keyid:09:57:B2:3C:83:79:5B:C3:5C:30:BC:13:65:A3:0F:DF:33:75:AC:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CVeyPIN5W8NcMLwTZaMP3zN1rIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/64984d-ae8f-4cf9-a3c3-1e92c7bdc582/1/RJqvHryWITPbcumIkzOpCbdNV00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/64984d-ae8f-4cf9-a3c3-1e92c7bdc582/1/CVeyPIN5W8NcMLwTZaMP3zN1rIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:ce:ec:e6:bc:23:30:5f:ff:b8:a9:67:77:df:42:52:17:b5:
         0b:a5:52:bf:13:92:9e:1a:9d:4e:7a:8c:87:4a:6c:6d:58:64:
         3b:a3:05:4c:3f:ff:f1:52:5c:00:5e:67:02:8e:ea:c6:80:75:
         a7:b3:e0:ad:f6:28:21:28:61:81:1d:12:17:48:a5:eb:25:76:
         df:a8:f3:db:86:4c:cd:e5:4b:17:c7:7e:bd:cc:35:c3:17:5b:
         62:fc:96:75:9d:63:12:cb:d8:8f:82:4f:af:2e:9e:97:e3:b7:
         70:8a:8d:dd:c6:d8:1e:41:41:aa:2b:ee:db:06:fc:14:d8:dd:
         f7:8f:41:26:94:a8:0b:59:13:c7:8a:7c:f8:1c:fe:00:d6:fd:
         5c:c1:04:7c:7c:13:13:2f:52:43:a3:b7:1f:23:cf:cb:a0:b9:
         0c:52:31:e3:b6:ea:52:e1:26:60:39:e8:a9:7f:8f:b3:bd:b0:
         af:5b:4e:78:c7:5b:fd:21:18:31:14:bf:76:0e:a4:3d:f8:30:
         44:f0:12:f5:ea:2f:da:dd:09:32:4d:74:8a:31:fd:da:5b:c6:
         6d:b9:e6:ca:8d:e0:fc:7d:4f:40:83:d1:77:35:e9:54:0d:b6:
         32:1d:40:e8:2e:4a:16:ec:a3:ca:8b:32:bf:2e:4e:77:ce:4d:
         d9:d7:24:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3txK2sf0g96KO++INz6UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NTdiMjNjODM3OTViYzM1YzMwYmMxMzY1YTMwZmRmMzM3
NWFjODkwHhcNMjQwMTAyMDYzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDlhYWYxZWJjOTYyMTMzZGI3MmU5ODg5MzMzYTkwOWI3NGQ1NzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmC9A5/h0OysQYAo+1G+1ZYJgkdv
WvshK8Jn73OGoRgWyHNMPm+nLfsyo+K8v/0Usd+EdnktP7yrHhMfWmyFfn26a9NU
TX2eR0ib1ao0d9TeoQ56GbtY7XV6SDtBr0d1bW7+rEj/UGMPeZq61MToLVfUE7nG
nw8VU6RdJsulFi8kmOYmlBeZnHB+jTbd2TcC7Ch/GRz1lZ7dgG5C5bD334c2qE9Q
iGK8vlsZtA5Z8CsnOiyQQ4/dGEJk6SfrUWGy361yEaQOrBElsJir8K7wu2rrIEvx
rDsDW4rx05PX922Yi1St5iTcZXMuwe8xlVyfTzrQUuHuDcWTQ1kUVCtjKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFESarx68liEz23LpiJMzqQm3TVdNMB8GA1UdIwQY
MBaAFAlXsjyDeVvDXDC8E2WjD98zdayJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ZleVBJTjVXOE5jTUx3VFphTVAzek4xcklrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi82NDk4NGQtYWU4Zi00Y2Y5LWEzYzMt
MWU5MmM3YmRjNTgyLzEvUkpxdkhyeVdJVFBiY3VtSWt6T3BDYmROVjAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi82NDk4NGQtYWU4Zi00Y2Y5LWEzYzMtMWU5MmM3YmRjNTgy
LzEvQ1ZleVBJTjVXOE5jTUx3VFphTVAzek4xcklrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+7RMA0G
CSqGSIb3DQEBCwUAA4IBAQAszuzmvCMwX/+4qWd330JSF7ULpVK/E5KeGp1OeoyH
SmxtWGQ7owVMP//xUlwAXmcCjurGgHWns+Ct9ighKGGBHRIXSKXrJXbfqPPbhkzN
5UsXx369zDXDF1ti/JZ1nWMSy9iPgk+vLp6X47dwio3dxtgeQUGqK+7bBvwU2N33
j0EmlKgLWRPHinz4HP4A1v1cwQR8fBMTL1JDo7cfI8/LoLkMUjHjtupS4SZgOeip
f4+zvbCvW054x1v9IRgxFL92DqQ9+DBE8BL16i/a3QkyTXSKMf3aW8ZtuebKjeD8
fU9Ag9F3NelUDbYyHUDoLkoW7KPKizK/Lk53zk3Z1yRG
-----END CERTIFICATE-----