Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/533a8e-94fd-4b20-afb6-b3641ccdd4bb/1/vA17c7buLZ33zMI2A_m2TXDGjzk.roa
File:                     vA17c7buLZ33zMI2A_m2TXDGjzk.roa (raw, json)
Hash identifier:          Xiri/OJDJVZTRsDL+RpWknrIC9tXIN7P98uZjMEWs4w=
Subject key identifier:   BC:0D:7B:73:B6:EE:2D:9D:F7:CC:C2:36:03:F9:B6:4D:70:C6:8F:39
Certificate issuer:       /CN=18969bc62955113c0d04999eec91bdda9d2fa3a5
Certificate serial:       018CC9BC271205F515D4B3B09CAD5A17A4D4
Authority key identifier: 18:96:9B:C6:29:55:11:3C:0D:04:99:9E:EC:91:BD:DA:9D:2F:A3:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GJabxilVETwNBJme7JG92p0vo6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/533a8e-94fd-4b20-afb6-b3641ccdd4bb/1/vA17c7buLZ33zMI2A_m2TXDGjzk.roa
Signing time:             Tue 02 Jan 2024 10:33:20 +0000
ROA not before:           Tue 02 Jan 2024 10:33:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47577
IP address blocks:        91.208.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/533a8e-94fd-4b20-afb6-b3641ccdd4bb/1/GJabxilVETwNBJme7JG92p0vo6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/533a8e-94fd-4b20-afb6-b3641ccdd4bb/1/GJabxilVETwNBJme7JG92p0vo6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GJabxilVETwNBJme7JG92p0vo6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:27:12:05:f5:15:d4:b3:b0:9c:ad:5a:17:a4:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18969bc62955113c0d04999eec91bdda9d2fa3a5
        Validity
            Not Before: Jan  2 10:33:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc0d7b73b6ee2d9df7ccc23603f9b64d70c68f39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:a6:99:5a:99:2a:6f:7f:c4:f2:fd:47:0d:2e:
                    30:16:47:78:60:d4:f7:58:e5:f7:ba:52:94:9c:57:
                    0f:d0:d4:13:27:d7:a5:33:ad:76:4c:16:1a:99:17:
                    43:cb:c3:d6:e4:9f:80:7b:0b:36:e3:bc:7c:3e:83:
                    91:f0:cb:c7:bc:5c:8f:83:02:08:f5:0b:7c:c0:df:
                    18:c5:a1:87:a4:01:d9:e2:e9:58:38:88:65:0e:50:
                    f8:9c:b4:b0:b8:11:2f:59:c6:1b:48:e7:ae:d9:84:
                    1e:4e:de:b9:b0:03:35:03:ae:a6:9e:e2:35:47:4d:
                    c4:6b:4c:f4:80:04:8c:64:13:23:b4:b6:c9:d0:2c:
                    06:2d:cd:45:e5:ea:a6:3c:92:fe:d7:ae:f3:72:05:
                    c5:ef:a8:e3:b3:bd:13:20:c9:c6:97:4b:19:b6:6c:
                    c8:b6:20:96:46:46:22:8b:e8:1c:80:6f:22:af:7c:
                    24:31:95:fb:82:8b:5b:35:ae:77:5f:88:05:7b:5e:
                    eb:27:0f:19:94:06:89:36:a5:a2:89:a3:03:50:b6:
                    17:c4:0e:8e:97:50:13:ea:f0:2e:1e:b0:ac:fe:2d:
                    9c:0d:b9:f3:29:5a:1b:98:87:82:50:73:8f:ef:a9:
                    55:2c:f3:fa:6b:6f:40:c2:d4:ae:0a:30:c8:30:5d:
                    b2:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:0D:7B:73:B6:EE:2D:9D:F7:CC:C2:36:03:F9:B6:4D:70:C6:8F:39
            X509v3 Authority Key Identifier:
                keyid:18:96:9B:C6:29:55:11:3C:0D:04:99:9E:EC:91:BD:DA:9D:2F:A3:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GJabxilVETwNBJme7JG92p0vo6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/533a8e-94fd-4b20-afb6-b3641ccdd4bb/1/vA17c7buLZ33zMI2A_m2TXDGjzk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/533a8e-94fd-4b20-afb6-b3641ccdd4bb/1/GJabxilVETwNBJme7JG92p0vo6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:52:05:3c:f7:c5:e1:c5:7a:90:de:27:50:fe:62:4d:ea:04:
         3c:ec:4f:f0:8f:2f:ad:77:34:38:03:22:0a:09:7b:9f:86:76:
         34:f1:61:ab:91:3e:20:9b:5f:a3:70:89:20:83:75:da:15:b3:
         09:96:35:61:ce:52:55:0e:d5:9e:b9:8d:6e:8e:62:99:f0:f1:
         f4:e1:60:e1:3e:79:bf:6f:f6:2a:da:0f:4d:b3:0b:c6:e0:4b:
         69:89:92:79:59:74:9e:26:49:8f:e9:57:9d:4f:76:cd:ae:04:
         62:d7:b9:6f:60:43:1c:16:5b:06:8b:df:20:eb:81:f3:2f:8c:
         a0:17:6e:33:b9:a3:2c:ae:73:58:16:7a:7a:06:12:07:ad:30:
         e1:6d:0d:fa:d0:98:6e:44:d7:ec:b7:a2:65:7e:3c:66:5a:88:
         7a:ea:34:1e:18:5c:eb:ed:3e:98:d6:39:77:ee:a1:9a:ff:26:
         ec:9c:eb:09:67:50:b0:51:5a:5e:43:18:bc:cf:bc:7c:41:15:
         ea:f8:d6:94:db:7f:05:0c:21:92:6f:2c:00:47:40:49:48:97:
         84:43:b4:31:a7:54:fd:82:b8:cd:2d:42:83:93:81:13:29:c0:
         91:d0:09:6b:8e:2d:e9:71:54:3f:eb:f8:88:47:5d:33:5d:3c:
         15:26:2d:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvCcSBfUV1LOwnK1aF6TUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OTY5YmM2Mjk1NTExM2MwZDA0OTk5ZWVjOTFiZGRhOWQy
ZmEzYTUwHhcNMjQwMTAyMTAzMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzBkN2I3M2I2ZWUyZDlkZjdjY2MyMzYwM2Y5YjY0ZDcwYzY4ZjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3aaZWpkqb3/E8v1HDS4wFkd4YNT3
WOX3ulKUnFcP0NQTJ9elM612TBYamRdDy8PW5J+Aews247x8PoOR8MvHvFyPgwII
9Qt8wN8YxaGHpAHZ4ulYOIhlDlD4nLSwuBEvWcYbSOeu2YQeTt65sAM1A66mnuI1
R03Ea0z0gASMZBMjtLbJ0CwGLc1F5eqmPJL+167zcgXF76jjs70TIMnGl0sZtmzI
tiCWRkYii+gcgG8ir3wkMZX7gotbNa53X4gFe17rJw8ZlAaJNqWiiaMDULYXxA6O
l1AT6vAuHrCs/i2cDbnzKVobmIeCUHOP76lVLPP6a29AwtSuCjDIMF2ynwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLwNe3O27i2d98zCNgP5tk1wxo85MB8GA1UdIwQY
MBaAFBiWm8YpVRE8DQSZnuyRvdqdL6OlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0phYnhpbFZFVHdOQkptZTdKRzkycDB2bzZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi81MzNhOGUtOTRmZC00YjIwLWFmYjYt
YjM2NDFjY2RkNGJiLzEvdkExN2M3YnVMWjMzek1JMkFfbTJUWERHanprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi81MzNhOGUtOTRmZC00YjIwLWFmYjYtYjM2NDFjY2RkNGJi
LzEvR0phYnhpbFZFVHdOQkptZTdKRzkycDB2bzZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9AqMA0G
CSqGSIb3DQEBCwUAA4IBAQAlUgU898XhxXqQ3idQ/mJN6gQ87E/wjy+tdzQ4AyIK
CXufhnY08WGrkT4gm1+jcIkgg3XaFbMJljVhzlJVDtWeuY1ujmKZ8PH04WDhPnm/
b/Yq2g9NswvG4EtpiZJ5WXSeJkmP6VedT3bNrgRi17lvYEMcFlsGi98g64HzL4yg
F24zuaMsrnNYFnp6BhIHrTDhbQ360JhuRNfst6JlfjxmWoh66jQeGFzr7T6Y1jl3
7qGa/ybsnOsJZ1CwUVpeQxi8z7x8QRXq+NaU238FDCGSbywAR0BJSJeEQ7Qxp1T9
grjNLUKDk4ETKcCR0Alrji3pcVQ/6/iIR10zXTwVJi1G
-----END CERTIFICATE-----