Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/sB9__xNUyayS9sCaeRE9Dos7pWo.roa
File:                     sB9__xNUyayS9sCaeRE9Dos7pWo.roa (raw, json)
Hash identifier:          +O22jIxQXhP37M37Our38M1OHXGja7QuD8clcgH5g2I=
Subject key identifier:   B0:1F:7F:FF:13:54:C9:AC:92:F6:C0:9A:79:11:3D:0E:8B:3B:A5:6A
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       01930133F1503DB83CF7E8A11E98DCFB4F26
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/sB9__xNUyayS9sCaeRE9Dos7pWo.roa
Signing time:             Wed 06 Nov 2024 11:20:01 +0000
ROA not before:           Wed 06 Nov 2024 11:20:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7029
IP address blocks:        188.191.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:01:33:f1:50:3d:b8:3c:f7:e8:a1:1e:98:dc:fb:4f:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Nov  6 11:20:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b01f7fff1354c9ac92f6c09a79113d0e8b3ba56a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c5:55:fa:c8:49:d1:5c:1d:2d:f7:0b:87:3d:
                    e8:06:e7:e4:de:53:28:7d:72:5d:32:24:de:d4:54:
                    e0:83:e6:25:19:0a:2e:60:13:51:44:25:0c:97:a1:
                    14:03:f0:a1:59:9d:12:67:5f:37:2c:cb:26:96:c8:
                    72:50:11:ae:bb:1c:45:ab:c7:7b:b4:5a:cd:3c:d5:
                    c8:61:37:d5:35:89:81:5a:86:75:8f:72:06:41:93:
                    69:b6:63:1d:ea:c7:97:98:39:22:81:4d:b7:22:d1:
                    0e:97:f2:d6:e4:a9:b8:c6:1b:a2:af:2b:0a:7f:f5:
                    e8:6e:ff:bd:fb:b7:e1:d3:52:ff:a1:76:7c:42:a5:
                    bc:dd:04:c6:b5:c3:d8:c8:9a:87:b1:2a:8a:c5:9a:
                    08:68:0f:d9:99:6b:fa:30:11:e5:3c:15:ad:b1:fb:
                    06:a1:d0:a0:5e:93:a8:a6:3a:6c:ac:85:36:d2:be:
                    98:62:f4:21:fd:3d:cf:a4:a4:b9:b2:ba:de:e9:b6:
                    12:d1:5f:28:dd:85:b1:3e:3f:0d:84:20:fc:60:91:
                    a7:0d:f1:9b:aa:42:81:3f:a8:67:4b:3d:2c:07:6c:
                    ad:4d:6b:6c:c1:a7:00:0c:a8:a6:b1:d5:e4:b1:c6:
                    17:92:ef:45:65:12:e6:e6:5c:84:53:9c:5e:74:72:
                    cd:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:1F:7F:FF:13:54:C9:AC:92:F6:C0:9A:79:11:3D:0E:8B:3B:A5:6A
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/sB9__xNUyayS9sCaeRE9Dos7pWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.191.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:6d:db:1b:2d:08:c5:47:b6:8b:79:8d:c6:3e:f4:2a:71:a1:
         e6:86:13:ba:7f:b0:0e:c8:41:19:54:86:80:36:f8:84:e3:f5:
         97:18:ce:9c:27:4a:32:3c:aa:30:ef:df:a6:10:5b:b4:25:ba:
         54:4d:df:d5:d6:ad:47:a9:0b:7d:67:c8:5c:53:20:7f:d8:4b:
         fd:15:2e:34:0e:86:9b:5a:71:f6:da:e3:01:99:eb:2b:bc:41:
         00:25:0c:38:97:cd:03:ee:16:a1:e3:5b:ba:a6:fb:7a:57:2a:
         24:dd:18:41:6d:45:fd:6f:ef:7a:d8:4f:f1:99:14:9d:21:70:
         ef:89:bb:62:fd:7d:7c:3c:7d:2d:38:e2:88:bf:b2:6c:5b:8b:
         f9:e6:14:e6:7a:28:30:04:18:35:86:61:24:9c:8c:e4:e8:c9:
         44:83:01:be:73:ab:ee:33:3d:6b:b2:6c:fc:3f:fd:25:07:bf:
         7a:a5:3e:69:c2:1e:c6:c0:5c:9f:f8:4e:40:a9:a1:5b:c0:46:
         8b:fc:3a:9a:b8:16:4a:d9:f6:d0:3d:5d:63:88:e7:fc:7f:8e:
         26:93:5a:1f:9c:09:1d:46:31:a2:e4:b1:d7:5c:2e:84:74:ae:
         46:18:8b:38:bf:36:be:ee:da:86:01:18:56:cb:15:21:2b:91:
         9a:b1:47:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMBM/FQPbg89+ihHpjc+08mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjQxMTA2MTEyMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDFmN2ZmZjEzNTRjOWFjOTJmNmMwOWE3OTExM2QwZThiM2JhNTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocVV+shJ0VwdLfcLhz3oBufk3lMo
fXJdMiTe1FTgg+YlGQouYBNRRCUMl6EUA/ChWZ0SZ183LMsmlshyUBGuuxxFq8d7
tFrNPNXIYTfVNYmBWoZ1j3IGQZNptmMd6seXmDkigU23ItEOl/LW5Km4xhuirysK
f/Xobv+9+7fh01L/oXZ8QqW83QTGtcPYyJqHsSqKxZoIaA/ZmWv6MBHlPBWtsfsG
odCgXpOopjpsrIU20r6YYvQh/T3PpKS5srre6bYS0V8o3YWxPj8NhCD8YJGnDfGb
qkKBP6hnSz0sB2ytTWtswacADKimsdXkscYXku9FZRLm5lyEU5xedHLNaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLAff/8TVMmskvbAmnkRPQ6LO6VqMB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvc0I5X194TlV5YXlTOXNDYWVSRTlEb3M3cFdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvL9hMA0G
CSqGSIb3DQEBCwUAA4IBAQBhbdsbLQjFR7aLeY3GPvQqcaHmhhO6f7AOyEEZVIaA
NviE4/WXGM6cJ0oyPKow79+mEFu0JbpUTd/V1q1HqQt9Z8hcUyB/2Ev9FS40Doab
WnH22uMBmesrvEEAJQw4l80D7hah41u6pvt6Vyok3RhBbUX9b+962E/xmRSdIXDv
ibti/X18PH0tOOKIv7JsW4v55hTmeigwBBg1hmEknIzk6MlEgwG+c6vuMz1rsmz8
P/0lB796pT5pwh7GwFyf+E5AqaFbwEaL/DqauBZK2fbQPV1jiOf8f44mk1ofnAkd
RjGi5LHXXC6EdK5GGIs4vza+7tqGARhWyxUhK5GasUcw
-----END CERTIFICATE-----