Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/d7d5cd-79a9-4c82-8fc4-046d2e2adcd5/1/3sEJUY_ji8Xa0Nv7WRFAmhPVbeg.roa
File:                     3sEJUY_ji8Xa0Nv7WRFAmhPVbeg.roa (raw, json)
Hash identifier:          YvMUP++XtWoDT3zKvQyzjFmFbKG0oKbwfK2IQtfSzNc=
Subject key identifier:   DE:C1:09:51:8F:E3:8B:C5:DA:D0:DB:FB:59:11:40:9A:13:D5:6D:E8
Certificate issuer:       /CN=ce7180c4bad3cf425a50672e1cb7a9d2ac78e20c
Certificate serial:       018CC4938E40E42341B8965172926ECE8C73
Authority key identifier: CE:71:80:C4:BA:D3:CF:42:5A:50:67:2E:1C:B7:A9:D2:AC:78:E2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/znGAxLrTz0JaUGcuHLep0qx44gw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/d7d5cd-79a9-4c82-8fc4-046d2e2adcd5/1/3sEJUY_ji8Xa0Nv7WRFAmhPVbeg.roa
Signing time:             Mon 01 Jan 2024 10:30:53 +0000
ROA not before:           Mon 01 Jan 2024 10:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12670
IP address blocks:        91.234.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/d7d5cd-79a9-4c82-8fc4-046d2e2adcd5/1/znGAxLrTz0JaUGcuHLep0qx44gw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/d7d5cd-79a9-4c82-8fc4-046d2e2adcd5/1/znGAxLrTz0JaUGcuHLep0qx44gw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/znGAxLrTz0JaUGcuHLep0qx44gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:8e:40:e4:23:41:b8:96:51:72:92:6e:ce:8c:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce7180c4bad3cf425a50672e1cb7a9d2ac78e20c
        Validity
            Not Before: Jan  1 10:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dec109518fe38bc5dad0dbfb5911409a13d56de8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d3:aa:24:c6:a8:4f:5f:62:f7:95:4a:b0:41:
                    90:27:e3:68:b0:e1:8f:f7:5d:bc:3e:22:96:b9:fb:
                    0e:67:70:46:44:da:09:e4:fd:99:ba:78:2a:c0:d6:
                    88:c8:61:b8:cc:04:03:05:2f:5a:43:2c:9c:b0:34:
                    d3:38:1f:6b:26:fd:0d:32:25:b9:81:c1:84:38:fa:
                    8a:cf:39:39:d1:ae:e9:5f:fc:fa:d1:f4:9f:33:d0:
                    f5:6c:a9:3d:90:74:02:69:cb:55:2d:62:b0:86:d5:
                    7e:c7:b7:32:ed:b8:74:be:81:ca:9c:cb:bd:d3:fb:
                    51:3c:fd:a7:e4:5f:93:e3:75:22:89:62:91:74:3a:
                    d2:f2:52:2e:2f:11:c5:e6:82:35:b3:2d:55:5f:aa:
                    c4:5b:9e:ca:3d:d5:68:c5:59:37:d8:98:27:db:08:
                    6b:32:8f:4a:8b:8d:51:b5:b0:70:4c:29:3c:55:28:
                    68:f1:ca:59:84:8e:96:63:95:eb:88:90:e2:12:31:
                    8d:f2:ab:8e:ff:4c:33:5e:cf:7c:d1:69:93:2d:7f:
                    aa:08:fe:ba:ef:c5:fc:22:6a:58:cc:b7:08:6a:6c:
                    6f:67:63:1c:11:3e:23:49:e3:60:15:a5:79:b1:9d:
                    54:67:0d:b3:c3:93:52:96:6d:a3:3a:e0:b5:ac:aa:
                    ad:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:C1:09:51:8F:E3:8B:C5:DA:D0:DB:FB:59:11:40:9A:13:D5:6D:E8
            X509v3 Authority Key Identifier:
                keyid:CE:71:80:C4:BA:D3:CF:42:5A:50:67:2E:1C:B7:A9:D2:AC:78:E2:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/znGAxLrTz0JaUGcuHLep0qx44gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/d7d5cd-79a9-4c82-8fc4-046d2e2adcd5/1/3sEJUY_ji8Xa0Nv7WRFAmhPVbeg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/d7d5cd-79a9-4c82-8fc4-046d2e2adcd5/1/znGAxLrTz0JaUGcuHLep0qx44gw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:a7:06:2b:7d:2f:f5:49:90:1b:90:5a:81:cb:54:95:99:01:
         e9:01:4d:8b:bf:00:65:7b:36:ac:8c:a6:80:43:3f:de:7b:d4:
         de:7b:25:0f:d0:50:c5:ea:ad:a8:48:07:5b:d4:22:96:8e:81:
         ab:a7:8e:41:53:34:d9:e4:6a:15:a8:6e:21:4b:a6:09:da:4e:
         24:f0:e6:25:47:dd:48:9c:25:ec:d7:90:6c:3f:eb:e4:68:6e:
         70:95:e7:7c:03:65:ec:78:6a:94:32:6b:03:1e:46:00:36:f5:
         f5:39:1c:27:56:db:dc:13:02:ab:a9:75:80:6a:83:61:8d:89:
         75:3b:9d:79:ed:f5:93:72:de:ca:0d:33:26:2b:ea:60:1a:bc:
         82:20:b2:3c:2e:09:0d:1d:eb:49:64:6c:a6:62:de:80:21:1a:
         35:e4:2d:39:41:25:38:c4:d8:d4:06:1c:e1:a2:38:49:e7:3b:
         e8:4e:0a:ce:91:fa:8a:6a:14:47:a4:2c:dd:53:87:3c:26:a6:
         3b:4b:1f:e1:82:41:90:8c:6d:60:83:a1:a7:51:e6:e4:4f:65:
         bb:e7:ad:61:7b:52:89:3a:25:3e:39:e6:fb:ca:f7:21:55:ad:
         45:7c:ce:14:a6:4c:7e:fd:88:b6:50:c8:c2:9c:b2:7c:a7:64:
         bc:5f:63:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk45A5CNBuJZRcpJuzoxzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlNzE4MGM0YmFkM2NmNDI1YTUwNjcyZTFjYjdhOWQyYWM3
OGUyMGMwHhcNMjQwMTAxMTAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWMxMDk1MThmZTM4YmM1ZGFkMGRiZmI1OTExNDA5YTEzZDU2ZGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9OqJMaoT19i95VKsEGQJ+NosOGP
9128PiKWufsOZ3BGRNoJ5P2ZungqwNaIyGG4zAQDBS9aQyycsDTTOB9rJv0NMiW5
gcGEOPqKzzk50a7pX/z60fSfM9D1bKk9kHQCactVLWKwhtV+x7cy7bh0voHKnMu9
0/tRPP2n5F+T43UiiWKRdDrS8lIuLxHF5oI1sy1VX6rEW57KPdVoxVk32Jgn2whr
Mo9Ki41RtbBwTCk8VSho8cpZhI6WY5XriJDiEjGN8quO/0wzXs980WmTLX+qCP66
78X8ImpYzLcIamxvZ2McET4jSeNgFaV5sZ1UZw2zw5NSlm2jOuC1rKqtzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN7BCVGP44vF2tDb+1kRQJoT1W3oMB8GA1UdIwQY
MBaAFM5xgMS6089CWlBnLhy3qdKseOIMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvem5HQXhMclR6MEphVUdjdUhMZXAwcXg0NGd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9kN2Q1Y2QtNzlhOS00YzgyLThmYzQt
MDQ2ZDJlMmFkY2Q1LzEvM3NFSlVZX2ppOFhhME52N1dSRkFtaFBWYmVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9kN2Q1Y2QtNzlhOS00YzgyLThmYzQtMDQ2ZDJlMmFkY2Q1
LzEvem5HQXhMclR6MEphVUdjdUhMZXAwcXg0NGd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+oJMA0G
CSqGSIb3DQEBCwUAA4IBAQBcpwYrfS/1SZAbkFqBy1SVmQHpAU2LvwBlezasjKaA
Qz/ee9TeeyUP0FDF6q2oSAdb1CKWjoGrp45BUzTZ5GoVqG4hS6YJ2k4k8OYlR91I
nCXs15BsP+vkaG5wled8A2XseGqUMmsDHkYANvX1ORwnVtvcEwKrqXWAaoNhjYl1
O5157fWTct7KDTMmK+pgGryCILI8LgkNHetJZGymYt6AIRo15C05QSU4xNjUBhzh
ojhJ5zvoTgrOkfqKahRHpCzdU4c8JqY7Sx/hgkGQjG1gg6GnUebkT2W7561he1KJ
OiU+Oeb7yvchVa1FfM4Upkx+/Yi2UMjCnLJ8p2S8X2Ps
-----END CERTIFICATE-----