Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/mIs7FuKL49YrIo_B4SQOcdwwOMo.roa
File:                     mIs7FuKL49YrIo_B4SQOcdwwOMo.roa (raw, json)
Hash identifier:          frGELVk/UIsK1uH5rYXkaN7206ZpXpE65WkkZFpYCTo=
Subject key identifier:   98:8B:3B:16:E2:8B:E3:D6:2B:22:8F:C1:E1:24:0E:71:DC:30:38:CA
Certificate issuer:       /CN=91d0c78c309a3e99dc9ab74f2cdc0484859e7530
Certificate serial:       018CC6B822C99CAA683603F14202EF09E8B9
Authority key identifier: 91:D0:C7:8C:30:9A:3E:99:DC:9A:B7:4F:2C:DC:04:84:85:9E:75:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/mIs7FuKL49YrIo_B4SQOcdwwOMo.roa
Signing time:             Mon 01 Jan 2024 20:30:05 +0000
ROA not before:           Mon 01 Jan 2024 20:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397423
IP address blocks:        195.62.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:22:c9:9c:aa:68:36:03:f1:42:02:ef:09:e8:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91d0c78c309a3e99dc9ab74f2cdc0484859e7530
        Validity
            Not Before: Jan  1 20:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=988b3b16e28be3d62b228fc1e1240e71dc3038ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:4c:21:12:a0:9c:bb:58:13:76:9f:7d:86:a4:
                    5e:91:ad:d5:b5:f2:41:11:ca:59:fd:fc:06:12:96:
                    86:fd:c4:03:e2:84:a5:4a:d4:1e:29:94:3e:ad:1b:
                    d7:e2:40:7f:93:d2:c6:3a:ac:a7:82:66:36:28:54:
                    f9:c8:d2:e3:08:db:15:d1:71:5b:27:57:32:1f:77:
                    ea:ed:1b:a8:b9:1b:fb:3a:2d:d3:d9:98:fd:bc:f3:
                    ed:eb:45:07:32:3d:47:2b:80:a9:5e:d5:ca:fb:1d:
                    c6:49:6b:1d:69:37:73:ec:a2:4d:d8:7c:3a:64:a2:
                    10:40:0d:8f:df:a4:27:2a:fe:78:94:81:65:c0:05:
                    f1:16:a1:81:5c:1c:d3:c1:64:46:bf:dd:9d:19:9c:
                    e5:a5:30:83:d6:e8:dd:5d:2f:09:c7:65:5c:f0:fb:
                    54:fd:c3:ee:37:3d:ff:7d:d7:1e:c8:37:40:95:ff:
                    a2:38:56:6e:f9:6f:2e:b9:8c:cc:64:58:af:59:06:
                    7f:fd:e3:c7:bf:e0:f1:ae:08:85:76:ed:f7:f7:66:
                    d4:2a:40:a7:80:9a:c4:9c:8c:cf:3a:9a:b1:2c:1c:
                    15:ed:93:c4:c0:74:84:dd:2c:94:b3:b0:a9:88:21:
                    38:94:d2:3e:af:b0:50:01:9b:4c:55:47:b8:d9:58:
                    2b:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:8B:3B:16:E2:8B:E3:D6:2B:22:8F:C1:E1:24:0E:71:DC:30:38:CA
            X509v3 Authority Key Identifier:
                keyid:91:D0:C7:8C:30:9A:3E:99:DC:9A:B7:4F:2C:DC:04:84:85:9E:75:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/mIs7FuKL49YrIo_B4SQOcdwwOMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.62.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:46:b4:da:dc:67:00:04:bd:14:fc:77:05:6a:d9:b3:3f:c8:
         52:53:8d:97:0f:c0:fc:71:06:15:71:1f:0d:1d:af:74:ef:5d:
         e8:09:b4:c2:db:d1:1c:eb:42:9c:70:a2:3e:af:2d:56:63:f7:
         29:8b:18:e0:65:c0:40:d7:7b:99:62:32:b2:09:12:c9:a9:e6:
         37:16:b2:a3:63:f7:a2:6d:24:68:f6:39:15:ac:1e:91:23:3e:
         b6:e3:e0:cd:d8:fe:b5:24:c8:4b:55:c4:9e:68:d9:31:12:1b:
         26:9f:15:f2:40:1c:eb:8f:3c:77:e1:c0:c4:18:51:32:0f:f7:
         67:03:b3:4e:a2:49:91:64:e7:07:cb:ca:ab:1e:47:0a:00:ba:
         91:a2:12:ca:e3:29:c4:e4:54:5f:3c:1d:bd:da:6d:79:9b:fd:
         4c:3e:34:84:21:d3:61:b8:c3:ad:85:f1:a3:d1:81:3f:e1:53:
         85:5a:cc:3c:b3:50:f9:f6:01:90:3f:1e:84:7b:21:fc:f1:65:
         68:4b:db:e3:01:b6:94:fc:36:a8:2c:0b:2e:ef:e3:37:ba:91:
         0c:75:da:a9:5f:34:73:f4:85:ff:2c:b1:1f:45:14:ad:7b:da:
         d5:56:aa:99:60:f4:80:d7:ab:4d:7a:5c:ca:1f:1b:fb:d3:91:
         65:6f:15:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuCLJnKpoNgPxQgLvCei5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZDBjNzhjMzA5YTNlOTlkYzlhYjc0ZjJjZGMwNDg0ODU5
ZTc1MzAwHhcNMjQwMTAxMjAzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODhiM2IxNmUyOGJlM2Q2MmIyMjhmYzFlMTI0MGU3MWRjMzAzOGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEwhEqCcu1gTdp99hqReka3VtfJB
EcpZ/fwGEpaG/cQD4oSlStQeKZQ+rRvX4kB/k9LGOqyngmY2KFT5yNLjCNsV0XFb
J1cyH3fq7RuouRv7Oi3T2Zj9vPPt60UHMj1HK4CpXtXK+x3GSWsdaTdz7KJN2Hw6
ZKIQQA2P36QnKv54lIFlwAXxFqGBXBzTwWRGv92dGZzlpTCD1ujdXS8Jx2Vc8PtU
/cPuNz3/fdceyDdAlf+iOFZu+W8uuYzMZFivWQZ//ePHv+DxrgiFdu3392bUKkCn
gJrEnIzPOpqxLBwV7ZPEwHSE3SyUs7CpiCE4lNI+r7BQAZtMVUe42VgrXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJiLOxbii+PWKyKPweEkDnHcMDjKMB8GA1UdIwQY
MBaAFJHQx4wwmj6Z3Jq3TyzcBISFnnUwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2RESGpEQ2FQcG5jbXJkUExOd0VoSVdlZFRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8yOTNhMmYtMzk5Ny00OTdmLTllZjEt
NDg1MmM4ZmY4YWYyLzEvbUlzN0Z1S0w0OVlySW9fQjRTUU9jZHd3T01vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8yOTNhMmYtMzk5Ny00OTdmLTllZjEtNDg1MmM4ZmY4YWYy
LzEva2RESGpEQ2FQcG5jbXJkUExOd0VoSVdlZFRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwz4vMA0G
CSqGSIb3DQEBCwUAA4IBAQCeRrTa3GcABL0U/HcFatmzP8hSU42XD8D8cQYVcR8N
Ha90713oCbTC29Ec60KccKI+ry1WY/cpixjgZcBA13uZYjKyCRLJqeY3FrKjY/ei
bSRo9jkVrB6RIz624+DN2P61JMhLVcSeaNkxEhsmnxXyQBzrjzx34cDEGFEyD/dn
A7NOokmRZOcHy8qrHkcKALqRohLK4ynE5FRfPB292m15m/1MPjSEIdNhuMOthfGj
0YE/4VOFWsw8s1D59gGQPx6EeyH88WVoS9vjAbaU/DaoLAsu7+M3upEMddqpXzRz
9IX/LLEfRRSte9rVVqqZYPSA16tNelzKHxv705FlbxXy
-----END CERTIFICATE-----