Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/abd2a7-3bfd-4613-9f01-6ca7c54263b9/1/SbO8xzHi7q8Sa8IL1CPO9Vx4UGU.roa
File:                     SbO8xzHi7q8Sa8IL1CPO9Vx4UGU.roa (raw, json)
Hash identifier:          EFV6lXYBJWUSDJj+qVXoqE3P7v249rfgz+PP/5YkIVc=
Subject key identifier:   49:B3:BC:C7:31:E2:EE:AF:12:6B:C2:0B:D4:23:CE:F5:5C:78:50:65
Certificate issuer:       /CN=5965c62f10c25e7a7ef18356833aa4f9b9842c6a
Certificate serial:       018CC348D32CF201D8A765696D3F0CAE5229
Authority key identifier: 59:65:C6:2F:10:C2:5E:7A:7E:F1:83:56:83:3A:A4:F9:B9:84:2C:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WWXGLxDCXnp-8YNWgzqk-bmELGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/abd2a7-3bfd-4613-9f01-6ca7c54263b9/1/SbO8xzHi7q8Sa8IL1CPO9Vx4UGU.roa
Signing time:             Mon 01 Jan 2024 04:29:38 +0000
ROA not before:           Mon 01 Jan 2024 04:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59437
IP address blocks:        91.239.86.0/24 maxlen: 24
                          2a11:cc80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/abd2a7-3bfd-4613-9f01-6ca7c54263b9/1/WWXGLxDCXnp-8YNWgzqk-bmELGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/abd2a7-3bfd-4613-9f01-6ca7c54263b9/1/WWXGLxDCXnp-8YNWgzqk-bmELGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WWXGLxDCXnp-8YNWgzqk-bmELGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 16:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d3:2c:f2:01:d8:a7:65:69:6d:3f:0c:ae:52:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5965c62f10c25e7a7ef18356833aa4f9b9842c6a
        Validity
            Not Before: Jan  1 04:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49b3bcc731e2eeaf126bc20bd423cef55c785065
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:59:7c:d1:ad:e7:8c:bb:82:99:c5:49:3d:32:
                    5c:92:7e:10:fe:78:16:0f:36:3a:2d:70:d7:4d:34:
                    91:e6:b2:7e:a6:02:b8:b4:de:09:9f:eb:84:ad:a0:
                    86:1d:af:18:37:60:61:8d:a5:ca:1c:cc:ba:a8:9b:
                    1e:54:f6:7a:39:d5:4d:a7:d6:d3:a2:a7:ba:75:55:
                    08:97:58:8c:99:68:67:88:8d:4c:de:95:8f:6b:cb:
                    9e:95:e2:c4:8a:45:96:33:63:12:80:55:ff:8b:6f:
                    37:ec:79:49:60:f3:99:f2:2b:5e:eb:51:d2:38:d8:
                    14:8d:2d:89:94:99:92:d5:e7:c7:1e:c6:88:7a:dd:
                    59:a4:af:41:6d:88:10:20:c7:60:f4:59:56:7a:78:
                    60:00:3f:1b:2f:30:dd:62:6b:7c:b8:1d:d6:36:42:
                    b0:69:7b:b6:77:14:62:1c:34:76:2e:d5:02:1b:7d:
                    37:5b:81:a3:cf:f7:18:a4:55:0e:e2:25:0d:32:54:
                    36:d7:80:83:ec:cd:50:23:b2:cb:a0:8f:ca:3e:77:
                    ba:46:cf:8c:5b:f2:a7:6b:e4:ee:94:a4:a7:8a:08:
                    56:7a:12:58:49:50:57:96:24:b9:40:c3:22:78:45:
                    f4:c2:c9:82:f8:cf:f6:26:6a:bc:a2:02:31:5e:01:
                    bb:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:B3:BC:C7:31:E2:EE:AF:12:6B:C2:0B:D4:23:CE:F5:5C:78:50:65
            X509v3 Authority Key Identifier:
                keyid:59:65:C6:2F:10:C2:5E:7A:7E:F1:83:56:83:3A:A4:F9:B9:84:2C:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WWXGLxDCXnp-8YNWgzqk-bmELGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/abd2a7-3bfd-4613-9f01-6ca7c54263b9/1/SbO8xzHi7q8Sa8IL1CPO9Vx4UGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/abd2a7-3bfd-4613-9f01-6ca7c54263b9/1/WWXGLxDCXnp-8YNWgzqk-bmELGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.86.0/24
                IPv6:
                  2a11:cc80::/29

    Signature Algorithm: sha256WithRSAEncryption
         78:77:2b:80:97:e7:89:d8:77:7f:82:d3:40:d4:bb:85:47:73:
         37:b5:e7:38:06:37:3e:ae:a0:08:70:f7:48:9e:d7:08:c3:19:
         60:10:94:f0:73:6b:b0:4f:4b:47:52:0c:77:73:af:cf:1f:c2:
         e1:b2:0c:98:ed:65:e7:99:c0:f8:cb:dd:0d:80:52:46:e4:a5:
         9b:eb:35:2e:ff:b5:4b:17:03:40:4b:d6:51:de:a3:fa:6b:88:
         46:9d:d9:a7:3a:54:b3:94:f5:4e:97:31:23:75:03:70:df:49:
         1c:b5:08:39:24:e4:3d:80:91:1e:32:c7:bf:c8:ae:3a:58:8c:
         21:14:36:b0:ac:c8:06:1f:85:f4:ce:a2:93:5c:f7:fd:19:43:
         4b:28:1f:f1:b6:a5:3d:af:a8:be:59:79:16:f4:4b:07:43:b3:
         bc:81:52:f7:ea:07:cd:aa:95:c7:4b:30:e8:3a:6f:b0:bf:5b:
         37:c6:36:d3:9e:da:a8:3b:25:47:7d:90:cb:72:73:b0:17:b3:
         8b:b2:65:f3:7b:61:99:9b:fb:ab:f1:4a:94:6b:00:ba:01:0a:
         04:aa:79:3f:6f:c3:a7:0f:cb:52:0c:d8:b9:23:5a:2e:97:2e:
         ca:8c:fd:6a:b7:93:56:fa:63:2d:ad:b8:ec:08:3d:62:bf:69:
         d1:6f:12:46
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSNMs8gHYp2VpbT8MrlIpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NjVjNjJmMTBjMjVlN2E3ZWYxODM1NjgzM2FhNGY5Yjk4
NDJjNmEwHhcNMjQwMTAxMDQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWIzYmNjNzMxZTJlZWFmMTI2YmMyMGJkNDIzY2VmNTVjNzg1MDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1l80a3njLuCmcVJPTJckn4Q/ngW
DzY6LXDXTTSR5rJ+pgK4tN4Jn+uEraCGHa8YN2BhjaXKHMy6qJseVPZ6OdVNp9bT
oqe6dVUIl1iMmWhniI1M3pWPa8ueleLEikWWM2MSgFX/i2837HlJYPOZ8ite61HS
ONgUjS2JlJmS1efHHsaIet1ZpK9BbYgQIMdg9FlWenhgAD8bLzDdYmt8uB3WNkKw
aXu2dxRiHDR2LtUCG303W4Gjz/cYpFUO4iUNMlQ214CD7M1QI7LLoI/KPne6Rs+M
W/Kna+TulKSnighWehJYSVBXliS5QMMieEX0wsmC+M/2Jmq8ogIxXgG78QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEmzvMcx4u6vEmvCC9QjzvVceFBlMB8GA1UdIwQY
MBaAFFllxi8Qwl56fvGDVoM6pPm5hCxqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1dYR0x4RENYbnAtOFlOV2d6cWstYm1FTEdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9hYmQyYTctM2JmZC00NjEzLTlmMDEt
NmNhN2M1NDI2M2I5LzEvU2JPOHh6SGk3cThTYThJTDFDUE85Vng0VUdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9hYmQyYTctM2JmZC00NjEzLTlmMDEtNmNhN2M1NDI2M2I5
LzEvV1dYR0x4RENYbnAtOFlOV2d6cWstYm1FTEdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW+9WMA0E
AgACMAcDBQMqEcyAMA0GCSqGSIb3DQEBCwUAA4IBAQB4dyuAl+eJ2Hd/gtNA1LuF
R3M3tec4Bjc+rqAIcPdIntcIwxlgEJTwc2uwT0tHUgx3c6/PH8LhsgyY7WXnmcD4
y90NgFJG5KWb6zUu/7VLFwNAS9ZR3qP6a4hGndmnOlSzlPVOlzEjdQNw30kctQg5
JOQ9gJEeMse/yK46WIwhFDawrMgGH4X0zqKTXPf9GUNLKB/xtqU9r6i+WXkW9EsH
Q7O8gVL36gfNqpXHSzDoOm+wv1s3xjbTntqoOyVHfZDLcnOwF7OLsmXze2GZm/ur
8UqUawC6AQoEqnk/b8OnD8tSDNi5I1ouly7KjP1qt5NW+mMtrbjsCD1iv2nRbxJG
-----END CERTIFICATE-----