Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/e487da-4d2a-4b4d-bfe5-57c7e6199b12/1/n0MjsIN9l0WD2XsxevYyZnOXA_o.roa
File:                     n0MjsIN9l0WD2XsxevYyZnOXA_o.roa (raw, json)
Hash identifier:          P44x0gNe4pn15BIF2Z+765NjqLelGSc0UYDGu3pvOsE=
Subject key identifier:   9F:43:23:B0:83:7D:97:45:83:D9:7B:31:7A:F6:32:66:73:97:03:FA
Certificate issuer:       /CN=e8271443905f940b138d9d4b4a3487cbfbd021e3
Certificate serial:       018CC56EDBA19290D199D83863F38B642C45
Authority key identifier: E8:27:14:43:90:5F:94:0B:13:8D:9D:4B:4A:34:87:CB:FB:D0:21:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6CcUQ5BflAsTjZ1LSjSHy_vQIeM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/e487da-4d2a-4b4d-bfe5-57c7e6199b12/1/n0MjsIN9l0WD2XsxevYyZnOXA_o.roa
Signing time:             Mon 01 Jan 2024 14:30:25 +0000
ROA not before:           Mon 01 Jan 2024 14:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57105
IP address blocks:        91.230.206.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/e487da-4d2a-4b4d-bfe5-57c7e6199b12/1/6CcUQ5BflAsTjZ1LSjSHy_vQIeM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/e487da-4d2a-4b4d-bfe5-57c7e6199b12/1/6CcUQ5BflAsTjZ1LSjSHy_vQIeM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6CcUQ5BflAsTjZ1LSjSHy_vQIeM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:db:a1:92:90:d1:99:d8:38:63:f3:8b:64:2c:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8271443905f940b138d9d4b4a3487cbfbd021e3
        Validity
            Not Before: Jan  1 14:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f4323b0837d974583d97b317af63266739703fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:8f:be:e5:5a:ea:29:be:60:b8:ee:b3:75:0a:
                    fd:93:97:d4:69:9a:5d:0d:56:14:44:6c:b5:3c:42:
                    25:ca:3b:08:9c:77:6b:14:d1:65:27:bf:df:91:1c:
                    a4:3f:67:51:b0:c6:03:51:7d:ba:ee:23:36:91:b3:
                    20:43:6a:f3:83:f3:af:4e:6b:41:c5:5a:6c:cb:18:
                    68:8a:0b:86:78:82:ff:19:0f:b6:37:9e:3a:6f:eb:
                    c4:da:3e:1d:ee:95:54:5a:c3:8e:22:b9:9e:92:41:
                    2c:3c:e9:f1:a8:2a:2d:25:c0:84:3e:5f:4a:dd:80:
                    e3:18:dc:08:3e:87:2f:03:f7:5e:b4:2d:86:bf:cc:
                    cb:c4:f4:e4:bf:1a:af:61:8e:19:47:76:43:db:9c:
                    88:1e:e8:92:5c:7b:aa:03:81:27:95:5e:c2:41:42:
                    25:ea:ed:eb:5b:73:a8:ec:b3:6b:8d:47:cd:47:92:
                    97:4f:46:f6:f2:5e:04:3a:2e:d4:3b:27:be:8d:de:
                    43:00:01:df:20:e8:46:9e:ca:d1:e6:b6:cc:7c:a3:
                    8a:81:e1:2b:5b:4d:59:bc:3a:1a:8e:a2:41:be:5f:
                    e5:80:84:59:54:a0:a1:88:05:28:aa:f0:e8:c0:1d:
                    c1:17:fc:0a:86:24:ab:d3:1d:32:c6:2c:9b:b0:55:
                    ca:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:43:23:B0:83:7D:97:45:83:D9:7B:31:7A:F6:32:66:73:97:03:FA
            X509v3 Authority Key Identifier:
                keyid:E8:27:14:43:90:5F:94:0B:13:8D:9D:4B:4A:34:87:CB:FB:D0:21:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6CcUQ5BflAsTjZ1LSjSHy_vQIeM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/e487da-4d2a-4b4d-bfe5-57c7e6199b12/1/n0MjsIN9l0WD2XsxevYyZnOXA_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/e487da-4d2a-4b4d-bfe5-57c7e6199b12/1/6CcUQ5BflAsTjZ1LSjSHy_vQIeM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         27:4c:b8:a9:8e:49:d0:14:d2:83:9f:03:1d:1d:78:57:10:1c:
         cd:a6:2d:ad:53:06:13:3f:b7:33:8e:0d:1e:85:d6:32:e3:a4:
         7d:1f:b7:8f:9d:23:c3:35:e9:41:77:c2:ae:a3:eb:15:04:a2:
         fb:74:04:da:f9:6b:64:9a:c6:71:2b:67:d1:3f:93:80:0f:5e:
         01:4e:23:ff:1e:26:49:a8:0d:3c:fc:f1:e4:68:41:59:99:76:
         28:e1:af:a5:ae:5a:31:10:21:00:0f:27:34:b3:57:2f:1f:f0:
         09:14:bb:8d:62:f4:10:8c:ce:f7:6a:27:b4:10:c7:84:68:26:
         c1:fb:d4:2d:fa:b9:48:69:7d:22:f4:0e:40:c4:e3:18:58:76:
         1b:32:5a:e8:60:40:41:1f:09:9b:8b:3a:f2:02:a7:91:bb:4a:
         11:39:4c:38:38:cf:d6:2e:b4:dd:97:83:6c:17:39:ca:38:ab:
         30:80:a2:86:8f:7e:4e:ac:b6:a5:45:23:33:84:ee:14:9f:ba:
         43:fe:5b:2d:e6:08:71:82:ca:04:f3:29:fa:e2:36:1d:c5:24:
         77:c2:86:1d:5d:eb:c6:e3:fa:dd:e6:d8:b8:68:e0:70:75:7f:
         ee:a0:c7:2a:25:74:71:ec:70:d3:b6:89:67:87:16:8a:ad:0e:
         b2:8e:6b:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbtuhkpDRmdg4Y/OLZCxFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MjcxNDQzOTA1Zjk0MGIxMzhkOWQ0YjRhMzQ4N2NiZmJk
MDIxZTMwHhcNMjQwMTAxMTQzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjQzMjNiMDgzN2Q5NzQ1ODNkOTdiMzE3YWY2MzI2NjczOTcwM2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvI++5VrqKb5guO6zdQr9k5fUaZpd
DVYURGy1PEIlyjsInHdrFNFlJ7/fkRykP2dRsMYDUX267iM2kbMgQ2rzg/OvTmtB
xVpsyxhoiguGeIL/GQ+2N546b+vE2j4d7pVUWsOOIrmekkEsPOnxqCotJcCEPl9K
3YDjGNwIPocvA/detC2Gv8zLxPTkvxqvYY4ZR3ZD25yIHuiSXHuqA4EnlV7CQUIl
6u3rW3Oo7LNrjUfNR5KXT0b28l4EOi7UOye+jd5DAAHfIOhGnsrR5rbMfKOKgeEr
W01ZvDoajqJBvl/lgIRZVKChiAUoqvDowB3BF/wKhiSr0x0yxiybsFXKEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ9DI7CDfZdFg9l7MXr2MmZzlwP6MB8GA1UdIwQY
MBaAFOgnFEOQX5QLE42dS0o0h8v70CHjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkNjVVE1QmZsQXNUaloxTFNqU0h5X3ZRSWVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9lNDg3ZGEtNGQyYS00YjRkLWJmZTUt
NTdjN2U2MTk5YjEyLzEvbjBNanNJTjlsMFdEMlhzeGV2WXlabk9YQV9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9lNDg3ZGEtNGQyYS00YjRkLWJmZTUtNTdjN2U2MTk5YjEy
LzEvNkNjVVE1QmZsQXNUaloxTFNqU0h5X3ZRSWVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+bOMA0G
CSqGSIb3DQEBCwUAA4IBAQAnTLipjknQFNKDnwMdHXhXEBzNpi2tUwYTP7czjg0e
hdYy46R9H7ePnSPDNelBd8Kuo+sVBKL7dATa+WtkmsZxK2fRP5OAD14BTiP/HiZJ
qA08/PHkaEFZmXYo4a+lrloxECEADyc0s1cvH/AJFLuNYvQQjM73aie0EMeEaCbB
+9Qt+rlIaX0i9A5AxOMYWHYbMlroYEBBHwmbizryAqeRu0oROUw4OM/WLrTdl4Ns
FznKOKswgKKGj35OrLalRSMzhO4Un7pD/lst5ghxgsoE8yn64jYdxSR3woYdXevG
4/rd5ti4aOBwdX/uoMcqJXRx7HDTtolnhxaKrQ6yjmtE
-----END CERTIFICATE-----