Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/6e22f4-17b7-4f2c-956d-595adc5bfd74/1/ADo_m02J4Gfy_rnnxJ2NHA8bIRE.roa
File:                     ADo_m02J4Gfy_rnnxJ2NHA8bIRE.roa (raw, json)
Hash identifier:          how2yhFJpjXCmzptpQTWZ2Z5/M0haB7TtctSeF+JsNs=
Subject key identifier:   00:3A:3F:9B:4D:89:E0:67:F2:FE:B9:E7:C4:9D:8D:1C:0F:1B:21:11
Certificate issuer:       /CN=d2abab75e746db1ecaa998759900399485093027
Certificate serial:       018CC8015D7D9FE9A21352E6D41D24E49AFD
Authority key identifier: D2:AB:AB:75:E7:46:DB:1E:CA:A9:98:75:99:00:39:94:85:09:30:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0qurdedG2x7KqZh1mQA5lIUJMCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/6e22f4-17b7-4f2c-956d-595adc5bfd74/1/ADo_m02J4Gfy_rnnxJ2NHA8bIRE.roa
Signing time:             Tue 02 Jan 2024 02:29:41 +0000
ROA not before:           Tue 02 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198771
IP address blocks:        91.239.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/6e22f4-17b7-4f2c-956d-595adc5bfd74/1/0qurdedG2x7KqZh1mQA5lIUJMCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/6e22f4-17b7-4f2c-956d-595adc5bfd74/1/0qurdedG2x7KqZh1mQA5lIUJMCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0qurdedG2x7KqZh1mQA5lIUJMCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5d:7d:9f:e9:a2:13:52:e6:d4:1d:24:e4:9a:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2abab75e746db1ecaa998759900399485093027
        Validity
            Not Before: Jan  2 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=003a3f9b4d89e067f2feb9e7c49d8d1c0f1b2111
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:a2:4e:12:1d:d9:0d:ac:d5:58:89:5d:39:1c:
                    b9:62:99:97:a2:ff:12:e5:98:d4:92:2c:16:fc:ae:
                    58:f4:30:51:db:80:66:49:2c:19:94:97:8a:11:be:
                    70:29:b7:7c:ae:e6:22:93:1f:10:d1:70:cb:bb:3a:
                    e8:e3:e2:2e:a2:d1:da:87:8d:77:e2:86:fa:dd:99:
                    fb:5f:77:48:e9:b7:6d:e4:1c:f3:14:4f:d0:ae:cd:
                    dc:5d:28:27:e4:22:3d:10:3a:bc:6f:c7:36:31:e5:
                    74:00:7c:bd:44:41:3d:73:4b:0a:0b:c1:e5:e2:67:
                    55:39:f3:3b:d5:89:1c:24:41:f9:1d:72:32:72:52:
                    e5:51:48:95:60:0f:87:cb:ae:35:2a:16:ae:ee:32:
                    14:92:97:3e:e9:7d:0f:fe:27:3a:02:b4:03:86:39:
                    a8:ee:ff:2e:22:a0:3e:3f:4f:49:8d:6d:52:9a:0a:
                    31:f7:58:ee:c3:f0:9f:22:18:36:03:73:d7:d1:d7:
                    7e:2d:36:6d:b4:2d:db:3f:dc:e6:f5:c2:62:54:af:
                    7a:65:ea:65:8a:bd:c5:15:4e:49:81:a7:8b:27:af:
                    3c:96:03:8b:93:6a:c4:49:34:ba:9a:02:15:37:a3:
                    30:7e:55:e3:4f:01:b4:7f:18:95:5e:0f:81:09:70:
                    cd:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:3A:3F:9B:4D:89:E0:67:F2:FE:B9:E7:C4:9D:8D:1C:0F:1B:21:11
            X509v3 Authority Key Identifier:
                keyid:D2:AB:AB:75:E7:46:DB:1E:CA:A9:98:75:99:00:39:94:85:09:30:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0qurdedG2x7KqZh1mQA5lIUJMCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/6e22f4-17b7-4f2c-956d-595adc5bfd74/1/ADo_m02J4Gfy_rnnxJ2NHA8bIRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/6e22f4-17b7-4f2c-956d-595adc5bfd74/1/0qurdedG2x7KqZh1mQA5lIUJMCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:dc:12:b0:6e:4c:2e:47:71:12:04:be:57:c9:25:66:3f:b1:
         50:cc:a1:79:75:9b:81:b5:f8:a7:08:b0:6f:6f:93:54:07:cf:
         f1:9e:49:b1:52:2c:a0:f8:b0:5d:f2:35:e1:8d:f1:47:22:88:
         19:37:b5:ad:1f:df:68:4e:79:2c:67:6f:36:cd:4f:7e:a2:11:
         c5:fc:58:dd:ce:f4:a8:88:c3:79:96:c0:c6:e6:80:59:d6:68:
         63:07:32:61:1f:11:fe:14:1a:38:31:42:7a:f8:8a:90:48:aa:
         9e:3a:47:4d:90:04:2c:b8:b8:a3:f7:db:d7:84:44:b2:40:1b:
         49:be:c8:9b:ca:74:8e:cc:47:2d:1f:9d:eb:bc:9b:84:9a:df:
         74:a9:3c:ea:8f:aa:5b:e2:5f:84:b8:54:4c:4f:74:4d:6a:b5:
         d3:e4:67:5f:5f:f1:e7:49:85:4c:99:82:7b:5b:2c:e2:f3:9e:
         c4:65:e4:b0:60:01:b2:c4:8f:03:0f:23:4a:6b:77:77:1d:b3:
         3c:69:19:2c:c8:67:40:1c:8c:e4:ac:52:30:c0:64:72:2e:bf:
         65:9c:d5:03:94:8e:82:02:77:5b:5d:30:e6:23:06:96:69:20:
         65:04:63:98:d3:33:18:08:91:b9:ae:f1:10:46:f7:95:62:d5:
         f0:f1:6f:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAV19n+miE1Lm1B0k5Jr9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyYWJhYjc1ZTc0NmRiMWVjYWE5OTg3NTk5MDAzOTk0ODUw
OTMwMjcwHhcNMjQwMTAyMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDNhM2Y5YjRkODllMDY3ZjJmZWI5ZTdjNDlkOGQxYzBmMWIyMTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA06JOEh3ZDazVWIldORy5YpmXov8S
5ZjUkiwW/K5Y9DBR24BmSSwZlJeKEb5wKbd8ruYikx8Q0XDLuzro4+IuotHah413
4ob63Zn7X3dI6bdt5BzzFE/Qrs3cXSgn5CI9EDq8b8c2MeV0AHy9REE9c0sKC8Hl
4mdVOfM71YkcJEH5HXIyclLlUUiVYA+Hy641Khau7jIUkpc+6X0P/ic6ArQDhjmo
7v8uIqA+P09JjW1Smgox91juw/CfIhg2A3PX0dd+LTZttC3bP9zm9cJiVK96Zepl
ir3FFU5JgaeLJ688lgOLk2rESTS6mgIVN6MwflXjTwG0fxiVXg+BCXDN7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAA6P5tNieBn8v6558SdjRwPGyERMB8GA1UdIwQY
MBaAFNKrq3XnRtseyqmYdZkAOZSFCTAnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHF1cmRlZEcyeDdLcVpoMW1RQTVsSVVKTUNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS82ZTIyZjQtMTdiNy00ZjJjLTk1NmQt
NTk1YWRjNWJmZDc0LzEvQURvX20wMko0R2Z5X3JubnhKMk5IQThiSVJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS82ZTIyZjQtMTdiNy00ZjJjLTk1NmQtNTk1YWRjNWJmZDc0
LzEvMHF1cmRlZEcyeDdLcVpoMW1RQTVsSVVKTUNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+8NMA0G
CSqGSIb3DQEBCwUAA4IBAQBw3BKwbkwuR3ESBL5XySVmP7FQzKF5dZuBtfinCLBv
b5NUB8/xnkmxUiyg+LBd8jXhjfFHIogZN7WtH99oTnksZ282zU9+ohHF/FjdzvSo
iMN5lsDG5oBZ1mhjBzJhHxH+FBo4MUJ6+IqQSKqeOkdNkAQsuLij99vXhESyQBtJ
vsibynSOzEctH53rvJuEmt90qTzqj6pb4l+EuFRMT3RNarXT5GdfX/HnSYVMmYJ7
Wyzi857EZeSwYAGyxI8DDyNKa3d3HbM8aRksyGdAHIzkrFIwwGRyLr9lnNUDlI6C
AndbXTDmIwaWaSBlBGOY0zMYCJG5rvEQRveVYtXw8W+8
-----END CERTIFICATE-----