Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/PpsNhRF0le6WIDouS3rtKnnqXkY.roa
File:                     PpsNhRF0le6WIDouS3rtKnnqXkY.roa (raw, json)
Hash identifier:          tbaWdcOhQndowF1POmeMXmJ7p+bFj+OZa6cjRcrdBfI=
Subject key identifier:   3E:9B:0D:85:11:74:95:EE:96:20:3A:2E:4B:7A:ED:2A:79:EA:5E:46
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       018D097729985CE4A4125157E8FA927E6EA5
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/PpsNhRF0le6WIDouS3rtKnnqXkY.roa
Signing time:             Sun 14 Jan 2024 19:33:40 +0000
ROA not before:           Sun 14 Jan 2024 19:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        188.191.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:09:77:29:98:5c:e4:a4:12:51:57:e8:fa:92:7e:6e:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Jan 14 19:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e9b0d85117495ee96203a2e4b7aed2a79ea5e46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:cd:81:0e:27:fb:c7:a4:e3:2a:75:ab:f3:01:
                    29:3b:ea:08:68:81:d7:48:60:93:c5:01:b6:9a:57:
                    e4:08:f3:b4:ca:cb:6c:ae:6f:70:19:4f:65:3f:4b:
                    a7:d0:2f:81:0a:75:e2:47:4d:77:86:43:3c:83:82:
                    36:12:24:7c:fb:c4:9c:cb:c5:3e:fc:7f:d2:a6:fd:
                    82:42:2b:92:48:61:8e:8c:b7:f2:7e:17:44:d0:d7:
                    f4:39:81:d3:dc:7d:56:bd:18:7f:45:fc:ca:d2:b3:
                    e3:eb:88:40:07:87:a8:63:da:39:0b:1f:de:28:25:
                    e6:c2:3f:8b:f4:cb:1f:55:98:3e:ec:f7:f7:62:32:
                    93:85:f2:43:83:60:a6:7a:b7:24:f0:c7:a7:59:2c:
                    c5:af:da:12:02:50:e3:94:f6:01:c5:38:b3:69:cb:
                    2f:11:39:3d:78:63:be:7d:60:6a:2a:a8:d3:47:62:
                    5d:72:af:86:36:07:3d:47:12:72:fb:9a:0c:24:8d:
                    6a:2b:1c:1c:aa:c4:76:12:a8:c3:b0:b6:25:24:44:
                    d8:a5:35:0d:d9:1f:9e:8c:55:80:2a:ad:8b:e2:5f:
                    d3:da:8f:02:d6:8a:6b:48:48:17:48:12:69:ef:b6:
                    ff:a6:9f:3c:79:96:af:07:cf:4d:87:0b:5d:f9:17:
                    3b:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:9B:0D:85:11:74:95:EE:96:20:3A:2E:4B:7A:ED:2A:79:EA:5E:46
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/PpsNhRF0le6WIDouS3rtKnnqXkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.191.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:38:7d:0e:42:09:08:c8:9b:1a:2f:2c:76:46:ee:f6:4a:86:
         4b:73:7d:e5:23:9e:c2:c2:64:a6:6f:97:ea:02:0b:e6:da:55:
         1b:cf:27:dd:fa:a5:1f:c5:98:05:50:de:35:7b:2a:0d:b1:ef:
         6b:61:b3:b9:81:08:72:29:c2:95:e9:a0:56:86:31:21:a1:90:
         00:e3:2a:07:3a:b2:7e:49:63:d1:9f:d1:48:99:c2:ae:36:72:
         07:80:d4:66:5e:76:d6:be:b3:08:7e:46:1e:cd:2a:16:db:03:
         51:ed:fe:b9:bd:3e:48:45:b8:55:5e:ee:51:b9:16:93:67:46:
         33:89:75:d2:ff:d0:0f:7d:42:cc:9c:f7:5d:00:27:c5:f9:c7:
         e6:3d:d8:95:c0:e1:13:bb:36:ac:f8:3c:8c:00:00:35:05:27:
         7e:af:23:c8:2f:c7:ae:62:3b:92:86:97:6f:43:b7:91:0d:59:
         c7:12:ba:c4:31:59:5d:6b:1a:f4:67:bd:c6:1a:9a:ef:2f:82:
         06:b5:2b:7b:bd:44:6c:ba:d4:a1:fa:1d:dc:17:15:28:94:af:
         2b:7d:77:c1:c3:1b:50:72:61:a1:e0:03:73:03:43:74:2d:94:
         5d:63:6f:33:f8:d6:9a:e1:d9:15:4a:65:92:94:71:85:39:d2:
         e4:06:b9:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0JdymYXOSkElFX6PqSfm6lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjQwMTE0MTkzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTliMGQ4NTExNzQ5NWVlOTYyMDNhMmU0YjdhZWQyYTc5ZWE1ZTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApc2BDif7x6TjKnWr8wEpO+oIaIHX
SGCTxQG2mlfkCPO0ystsrm9wGU9lP0un0C+BCnXiR013hkM8g4I2EiR8+8Scy8U+
/H/Spv2CQiuSSGGOjLfyfhdE0Nf0OYHT3H1WvRh/RfzK0rPj64hAB4eoY9o5Cx/e
KCXmwj+L9MsfVZg+7Pf3YjKThfJDg2Cmerck8MenWSzFr9oSAlDjlPYBxTizacsv
ETk9eGO+fWBqKqjTR2Jdcq+GNgc9RxJy+5oMJI1qKxwcqsR2EqjDsLYlJETYpTUN
2R+ejFWAKq2L4l/T2o8C1oprSEgXSBJp77b/pp88eZavB89Nhwtd+Rc7fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD6bDYURdJXuliA6Lkt67Sp56l5GMB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvUHBzTmhSRjBsZTZXSURvdVMzcnRLbm5xWGtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvL9jMA0G
CSqGSIb3DQEBCwUAA4IBAQAbOH0OQgkIyJsaLyx2Ru72SoZLc33lI57CwmSmb5fq
Agvm2lUbzyfd+qUfxZgFUN41eyoNse9rYbO5gQhyKcKV6aBWhjEhoZAA4yoHOrJ+
SWPRn9FImcKuNnIHgNRmXnbWvrMIfkYezSoW2wNR7f65vT5IRbhVXu5RuRaTZ0Yz
iXXS/9APfULMnPddACfF+cfmPdiVwOETuzas+DyMAAA1BSd+ryPIL8euYjuShpdv
Q7eRDVnHErrEMVldaxr0Z73GGprvL4IGtSt7vURsutSh+h3cFxUolK8rfXfBwxtQ
cmGh4ANzA0N0LZRdY28z+Naa4dkVSmWSlHGFOdLkBrkI
-----END CERTIFICATE-----