Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/725b88-c523-4313-9e30-02c1e19a71d5/1/r_eUJ3JQd8oFpunLMpezsuG47ZY.roa
File:                     r_eUJ3JQd8oFpunLMpezsuG47ZY.roa (raw, json)
Hash identifier:          XV+mSO/EmB23qlGkGBMJqvyQ8NflNQ1qKi509eDKCU4=
Subject key identifier:   AF:F7:94:27:72:50:77:CA:05:A6:E9:CB:32:97:B3:B2:E1:B8:ED:96
Certificate issuer:       /CN=21cf53481d133bacf527868dba1b3763e3d6dda7
Certificate serial:       018D2BCCB23DED3C997CED3DB7734CEA9D78
Authority key identifier: 21:CF:53:48:1D:13:3B:AC:F5:27:86:8D:BA:1B:37:63:E3:D6:DD:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ic9TSB0TO6z1J4aNuhs3Y-PW3ac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/725b88-c523-4313-9e30-02c1e19a71d5/1/r_eUJ3JQd8oFpunLMpezsuG47ZY.roa
Signing time:             Sun 21 Jan 2024 11:34:11 +0000
ROA not before:           Sun 21 Jan 2024 11:34:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197716
IP address blocks:        91.226.8.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/725b88-c523-4313-9e30-02c1e19a71d5/1/Ic9TSB0TO6z1J4aNuhs3Y-PW3ac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/725b88-c523-4313-9e30-02c1e19a71d5/1/Ic9TSB0TO6z1J4aNuhs3Y-PW3ac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ic9TSB0TO6z1J4aNuhs3Y-PW3ac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:2b:cc:b2:3d:ed:3c:99:7c:ed:3d:b7:73:4c:ea:9d:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21cf53481d133bacf527868dba1b3763e3d6dda7
        Validity
            Not Before: Jan 21 11:34:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aff79427725077ca05a6e9cb3297b3b2e1b8ed96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:cb:75:c7:41:e9:a6:4a:f5:11:94:68:f6:c8:
                    cd:a9:8a:fe:26:56:75:5b:47:ca:88:cc:4c:46:67:
                    92:08:08:2d:e6:92:06:ac:db:71:c2:c0:f2:f6:21:
                    ef:e5:5a:ac:6b:29:4e:94:3f:6d:48:0c:68:8b:c8:
                    6f:2b:53:ac:f2:b9:90:19:55:82:4a:01:52:eb:8f:
                    97:9b:9f:f4:5a:a9:d9:39:9c:6f:c0:da:d0:e8:a7:
                    71:ac:ff:59:b6:5c:eb:0d:f9:db:21:34:f1:fa:99:
                    09:9b:43:0b:f7:c4:65:8b:80:f3:3e:ef:24:d4:e6:
                    69:a2:f7:36:9e:1b:60:dd:30:5b:ec:5f:22:0f:57:
                    32:47:d0:60:28:6e:74:ed:ab:3d:dd:e2:6d:71:1e:
                    70:8e:50:b9:00:8a:78:a4:d1:22:52:38:82:da:43:
                    25:fe:2c:aa:c1:1a:8b:58:e6:ec:b4:74:03:ec:82:
                    19:5b:e4:1f:28:7a:d5:05:3b:0a:f3:04:3c:6e:a8:
                    a2:f1:09:e9:16:6b:06:cd:4d:49:de:c6:8b:77:57:
                    0e:b4:71:0b:5e:35:2a:5e:f1:35:bd:5a:86:ad:3d:
                    be:ef:34:b9:0d:26:5b:f4:48:5e:8e:30:f1:ff:34:
                    82:9b:0f:8c:4e:bf:c2:62:6c:8b:5c:36:fb:9c:13:
                    01:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:F7:94:27:72:50:77:CA:05:A6:E9:CB:32:97:B3:B2:E1:B8:ED:96
            X509v3 Authority Key Identifier:
                keyid:21:CF:53:48:1D:13:3B:AC:F5:27:86:8D:BA:1B:37:63:E3:D6:DD:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ic9TSB0TO6z1J4aNuhs3Y-PW3ac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/725b88-c523-4313-9e30-02c1e19a71d5/1/r_eUJ3JQd8oFpunLMpezsuG47ZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/725b88-c523-4313-9e30-02c1e19a71d5/1/Ic9TSB0TO6z1J4aNuhs3Y-PW3ac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:4b:ce:c2:77:0c:40:39:7b:77:65:d1:1a:14:c8:87:39:83:
         dc:07:c4:b2:35:a3:b3:d7:11:5b:25:55:02:f4:a6:ca:84:f2:
         8b:26:9b:da:7a:b2:1b:be:5e:8b:21:f8:a4:7a:9b:9c:da:9c:
         73:e1:d0:0e:26:b2:06:42:43:1c:55:ce:e3:ea:d0:3d:d2:e7:
         8c:20:cd:19:7d:08:ef:de:5e:0d:4b:41:a8:81:28:67:ab:c7:
         04:79:d6:67:d1:3a:b7:a8:35:b9:d5:d4:68:c7:e6:60:66:6f:
         88:61:1b:8d:31:8c:1e:63:da:8b:af:21:7c:f8:51:d3:a0:d9:
         f4:e4:96:a8:f6:90:28:d6:34:16:86:43:52:09:dc:2c:f9:76:
         be:2f:2a:64:97:1f:6e:66:27:36:17:5f:88:85:d8:eb:c2:b0:
         d7:e9:7f:40:a2:3e:d2:b4:c4:c1:48:4e:f5:3d:d5:4d:f4:97:
         a0:67:fb:54:a0:4f:95:bb:22:82:d6:a9:33:55:0f:e4:fd:7b:
         bf:6b:67:88:82:70:f4:98:e5:14:fe:f2:d2:aa:84:5d:0a:56:
         b2:eb:02:93:f9:c1:41:b8:2d:33:c3:e0:88:f6:d6:8f:c4:18:
         29:bb:36:b1:99:65:4b:6c:b1:03:a8:b8:4e:ab:5b:05:29:7d:
         d7:1e:9f:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0rzLI97TyZfO09t3NM6p14MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxY2Y1MzQ4MWQxMzNiYWNmNTI3ODY4ZGJhMWIzNzYzZTNk
NmRkYTcwHhcNMjQwMTIxMTEzNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmY3OTQyNzcyNTA3N2NhMDVhNmU5Y2IzMjk3YjNiMmUxYjhlZDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgct1x0Hppkr1EZRo9sjNqYr+JlZ1
W0fKiMxMRmeSCAgt5pIGrNtxwsDy9iHv5VqsaylOlD9tSAxoi8hvK1Os8rmQGVWC
SgFS64+Xm5/0WqnZOZxvwNrQ6KdxrP9ZtlzrDfnbITTx+pkJm0ML98Rli4DzPu8k
1OZpovc2nhtg3TBb7F8iD1cyR9BgKG507as93eJtcR5wjlC5AIp4pNEiUjiC2kMl
/iyqwRqLWObstHQD7IIZW+QfKHrVBTsK8wQ8bqii8QnpFmsGzU1J3saLd1cOtHEL
XjUqXvE1vVqGrT2+7zS5DSZb9EhejjDx/zSCmw+MTr/CYmyLXDb7nBMB+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK/3lCdyUHfKBabpyzKXs7LhuO2WMB8GA1UdIwQY
MBaAFCHPU0gdEzus9SeGjbobN2Pj1t2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWM5VFNCMFRPNnoxSjRhTnVoczNZLVBXM2FjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS83MjViODgtYzUyMy00MzEzLTllMzAt
MDJjMWUxOWE3MWQ1LzEvcl9lVUozSlFkOG9GcHVuTE1wZXpzdUc0N1pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS83MjViODgtYzUyMy00MzEzLTllMzAtMDJjMWUxOWE3MWQ1
LzEvSWM5VFNCMFRPNnoxSjRhTnVoczNZLVBXM2FjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+IIMA0G
CSqGSIb3DQEBCwUAA4IBAQB0S87CdwxAOXt3ZdEaFMiHOYPcB8SyNaOz1xFbJVUC
9KbKhPKLJpvaerIbvl6LIfikepuc2pxz4dAOJrIGQkMcVc7j6tA90ueMIM0ZfQjv
3l4NS0GogShnq8cEedZn0Tq3qDW51dRox+ZgZm+IYRuNMYweY9qLryF8+FHToNn0
5Jao9pAo1jQWhkNSCdws+Xa+Lypklx9uZic2F1+IhdjrwrDX6X9Aoj7StMTBSE71
PdVN9JegZ/tUoE+VuyKC1qkzVQ/k/Xu/a2eIgnD0mOUU/vLSqoRdClay6wKT+cFB
uC0zw+CI9taPxBgpuzaxmWVLbLEDqLhOq1sFKX3XHp+0
-----END CERTIFICATE-----