Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/3aa386-9057-49a0-a229-5e77fa0333a3/1/hwnbGe2Y2ssHLhMyvixKPEUBd1c.roa
File:                     hwnbGe2Y2ssHLhMyvixKPEUBd1c.roa (raw, json)
Hash identifier:          SpXZi1GNiPQuy9IdZaa9d0BaxgWjvFtVYAy5aJ0r/QA=
Subject key identifier:   87:09:DB:19:ED:98:DA:CB:07:2E:13:32:BE:2C:4A:3C:45:01:77:57
Certificate issuer:       /CN=96c0ce9f87d9d275f6cae4dc9cdfb5d4437d8ceb
Certificate serial:       018CC349473AC5876DB12E4C01B379B152D6
Authority key identifier: 96:C0:CE:9F:87:D9:D2:75:F6:CA:E4:DC:9C:DF:B5:D4:43:7D:8C:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lsDOn4fZ0nX2yuTcnN-11EN9jOs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/3aa386-9057-49a0-a229-5e77fa0333a3/1/hwnbGe2Y2ssHLhMyvixKPEUBd1c.roa
Signing time:             Mon 01 Jan 2024 04:30:08 +0000
ROA not before:           Mon 01 Jan 2024 04:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7155
IP address blocks:        91.201.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/3aa386-9057-49a0-a229-5e77fa0333a3/1/lsDOn4fZ0nX2yuTcnN-11EN9jOs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/3aa386-9057-49a0-a229-5e77fa0333a3/1/lsDOn4fZ0nX2yuTcnN-11EN9jOs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lsDOn4fZ0nX2yuTcnN-11EN9jOs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:47:3a:c5:87:6d:b1:2e:4c:01:b3:79:b1:52:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96c0ce9f87d9d275f6cae4dc9cdfb5d4437d8ceb
        Validity
            Not Before: Jan  1 04:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8709db19ed98dacb072e1332be2c4a3c45017757
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:bc:b2:10:4d:44:71:ea:7c:6f:7d:5c:73:e8:
                    89:0f:75:92:db:33:21:20:1e:3a:17:3b:df:09:b1:
                    f3:e3:2c:0e:51:88:65:31:fb:fc:f3:8c:14:f6:1c:
                    57:89:38:68:0a:b5:3a:39:ee:0a:72:4c:de:26:23:
                    0e:db:a0:37:51:a7:b4:da:6b:95:70:4e:c3:b4:34:
                    bf:18:71:88:54:90:31:55:cd:25:b8:5a:ae:ea:97:
                    67:07:85:05:a7:11:fd:a2:3e:f3:54:cd:83:c7:08:
                    44:06:17:22:ed:74:8d:50:4a:c8:39:b1:6a:34:7d:
                    7c:c6:ff:9d:89:73:d8:ca:00:60:d7:e2:b5:ac:01:
                    bf:c1:dc:7c:f5:c1:b6:b1:a8:61:8d:97:0f:08:20:
                    53:be:06:51:92:2f:e9:68:b7:8a:38:ca:61:6b:b7:
                    db:c1:95:79:b8:1c:53:1b:32:9a:24:c1:3b:cd:1e:
                    5c:bc:36:e4:fa:39:85:94:c5:7e:53:8c:e0:87:2a:
                    fe:8b:5d:53:95:b9:51:62:ee:d2:cf:af:c2:9b:ac:
                    91:bc:9c:1e:56:9f:84:fb:e0:63:a1:59:0a:30:03:
                    d0:33:b5:53:25:7c:e6:97:de:96:f2:37:ec:ec:07:
                    36:d5:4a:a3:cc:e9:12:6e:ac:88:20:88:96:09:29:
                    62:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:09:DB:19:ED:98:DA:CB:07:2E:13:32:BE:2C:4A:3C:45:01:77:57
            X509v3 Authority Key Identifier:
                keyid:96:C0:CE:9F:87:D9:D2:75:F6:CA:E4:DC:9C:DF:B5:D4:43:7D:8C:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lsDOn4fZ0nX2yuTcnN-11EN9jOs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/3aa386-9057-49a0-a229-5e77fa0333a3/1/hwnbGe2Y2ssHLhMyvixKPEUBd1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/3aa386-9057-49a0-a229-5e77fa0333a3/1/lsDOn4fZ0nX2yuTcnN-11EN9jOs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:a0:ff:38:b4:bd:3a:66:88:6b:2c:25:97:47:d2:d9:28:b8:
         b6:dd:d5:2c:6f:50:e1:c8:ff:25:8c:96:43:75:ad:58:84:a1:
         41:61:6c:c7:eb:1c:57:39:af:e3:8d:c3:c1:9c:2f:68:d7:b8:
         15:d2:51:ff:8b:80:8a:62:ba:3a:aa:c8:3e:ed:b3:18:f5:34:
         81:e9:6f:ee:a8:17:ff:fc:c6:51:e1:5c:7c:8a:65:00:05:dc:
         38:91:64:77:76:6f:62:24:46:e4:92:49:ed:bf:ab:d9:17:c2:
         58:fd:4a:36:7a:4d:dc:45:66:b1:4f:40:5e:da:2c:82:a7:4d:
         a1:be:38:77:7d:9e:e0:4c:09:e8:f7:93:88:fb:1c:88:7f:61:
         6e:8c:ee:14:66:4f:74:7f:93:7c:45:bd:dd:1e:85:a3:9d:9a:
         e2:fd:fb:8f:58:44:c7:b8:2a:f3:92:b8:78:80:01:78:9b:4a:
         af:c5:76:32:6d:5f:e0:a8:41:dd:c5:73:d5:ec:32:e9:b2:98:
         fa:f2:04:b3:c8:2a:dd:8e:db:b7:55:6a:8b:1f:59:dc:09:5a:
         92:86:5a:9f:27:5f:73:50:0d:71:61:f9:d9:d3:eb:4f:84:b5:
         d9:59:5c:a9:32:de:75:0e:8a:9b:77:fe:00:69:c1:7b:9a:f7:
         dd:c4:08:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSUc6xYdtsS5MAbN5sVLWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2YzBjZTlmODdkOWQyNzVmNmNhZTRkYzljZGZiNWQ0NDM3
ZDhjZWIwHhcNMjQwMTAxMDQzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzA5ZGIxOWVkOThkYWNiMDcyZTEzMzJiZTJjNGEzYzQ1MDE3NzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk7yyEE1Ecep8b31cc+iJD3WS2zMh
IB46FzvfCbHz4ywOUYhlMfv884wU9hxXiThoCrU6Oe4KckzeJiMO26A3Uae02muV
cE7DtDS/GHGIVJAxVc0luFqu6pdnB4UFpxH9oj7zVM2DxwhEBhci7XSNUErIObFq
NH18xv+diXPYygBg1+K1rAG/wdx89cG2sahhjZcPCCBTvgZRki/paLeKOMpha7fb
wZV5uBxTGzKaJME7zR5cvDbk+jmFlMV+U4zghyr+i11TlblRYu7Sz6/Cm6yRvJwe
Vp+E++BjoVkKMAPQM7VTJXzml96W8jfs7Ac21UqjzOkSbqyIIIiWCSliLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcJ2xntmNrLBy4TMr4sSjxFAXdXMB8GA1UdIwQY
MBaAFJbAzp+H2dJ19srk3JzftdRDfYzrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHNET240ZlowblgyeXVUY25OLTExRU45ak9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8zYWEzODYtOTA1Ny00OWEwLWEyMjkt
NWU3N2ZhMDMzM2EzLzEvaHduYkdlMlkyc3NITGhNeXZpeEtQRVVCZDFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8zYWEzODYtOTA1Ny00OWEwLWEyMjktNWU3N2ZhMDMzM2Ez
LzEvbHNET240ZlowblgyeXVUY25OLTExRU45ak9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8nHMA0G
CSqGSIb3DQEBCwUAA4IBAQCOoP84tL06ZohrLCWXR9LZKLi23dUsb1DhyP8ljJZD
da1YhKFBYWzH6xxXOa/jjcPBnC9o17gV0lH/i4CKYro6qsg+7bMY9TSB6W/uqBf/
/MZR4Vx8imUABdw4kWR3dm9iJEbkkkntv6vZF8JY/Uo2ek3cRWaxT0Be2iyCp02h
vjh3fZ7gTAno95OI+xyIf2FujO4UZk90f5N8Rb3dHoWjnZri/fuPWETHuCrzkrh4
gAF4m0qvxXYybV/gqEHdxXPV7DLpspj68gSzyCrdjtu3VWqLH1ncCVqShlqfJ19z
UA1xYfnZ0+tPhLXZWVypMt51Doqbd/4AacF7mvfdxAg9
-----END CERTIFICATE-----