Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/sS5oFO1LNpIE84H9S5H1o35rnkQ.roa
File:                     sS5oFO1LNpIE84H9S5H1o35rnkQ.roa (raw, json)
Hash identifier:          purg2FdP9LTOXpRkBe7gf9eHNHPcsnRBUpBrFuo6RUE=
Subject key identifier:   B1:2E:68:14:ED:4B:36:92:04:F3:81:FD:4B:91:F5:A3:7E:6B:9E:44
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       018CC86FF20A2EDFF035236540FF35641B77
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/sS5oFO1LNpIE84H9S5H1o35rnkQ.roa
Signing time:             Tue 02 Jan 2024 04:30:28 +0000
ROA not before:           Tue 02 Jan 2024 04:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60027
IP address blocks:        91.93.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:f2:0a:2e:df:f0:35:23:65:40:ff:35:64:1b:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  2 04:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b12e6814ed4b369204f381fd4b91f5a37e6b9e44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b7:47:83:6b:49:3d:8c:76:b9:41:81:91:fa:
                    03:78:a4:e4:15:b2:0b:c8:39:d0:bf:71:94:b6:96:
                    4e:c9:82:1a:92:bb:45:da:57:d4:10:94:b0:61:05:
                    b1:91:41:81:3a:ed:98:db:62:da:05:96:95:14:c2:
                    e2:82:e2:c0:52:d5:9a:cd:54:e1:95:70:f0:b1:ea:
                    a3:8f:80:d7:d2:0c:8b:0a:21:13:2d:36:8c:1f:5c:
                    b6:74:c6:05:4e:76:d0:b1:7e:20:b2:c5:19:43:e3:
                    9e:15:c9:79:14:af:12:87:90:f6:8c:4e:ae:76:23:
                    6b:08:63:3f:30:42:56:43:9c:f3:f9:39:85:e2:e4:
                    4a:9e:e4:c7:9e:0c:12:f5:26:62:60:16:67:e1:e8:
                    8a:1b:b9:75:17:27:62:9c:47:be:3e:64:6b:3d:2a:
                    fd:83:c5:12:02:ca:06:62:5a:d8:49:fe:24:56:c8:
                    cd:0f:03:f7:6b:8e:71:2c:4c:8f:17:34:2f:3d:d6:
                    60:f7:13:2d:3c:10:df:60:5c:94:d9:a4:44:07:42:
                    68:1c:a8:eb:6e:57:b1:68:a1:ad:ad:39:64:10:8c:
                    0a:44:09:b0:56:04:95:18:58:e1:1e:df:75:26:45:
                    e7:36:c0:0a:f8:22:cd:1a:e3:f9:36:31:7a:b5:88:
                    dd:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:2E:68:14:ED:4B:36:92:04:F3:81:FD:4B:91:F5:A3:7E:6B:9E:44
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/sS5oFO1LNpIE84H9S5H1o35rnkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.93.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:10:e0:92:d2:74:b1:9f:6e:58:69:a2:bc:c3:b5:69:d2:1b:
         7e:01:5e:74:bf:48:4b:9c:c4:f6:65:23:b5:bb:9e:b1:af:7d:
         b8:26:eb:4c:16:a7:5d:90:9f:ce:3d:fa:dc:aa:be:ed:51:a7:
         5a:01:2b:9f:28:ff:2e:ba:67:54:96:f7:5c:68:ee:87:6c:4b:
         35:a5:21:cb:a3:73:77:16:4e:30:8c:a5:34:c9:2d:41:fe:7f:
         2b:8f:19:85:1b:99:99:02:b5:3e:6f:f6:f3:95:c6:c3:d2:0c:
         91:d9:fe:60:a2:9d:b4:c5:4e:50:e2:c8:67:64:33:d6:1a:a4:
         61:ab:c5:13:1f:4c:ec:74:ae:f9:33:63:c7:fe:2e:0a:7d:df:
         2f:3a:cc:55:1a:6b:67:42:dd:64:38:27:ba:68:c7:5f:97:04:
         0f:9a:92:f8:ce:d3:8b:bb:19:e3:aa:2c:18:8c:23:d4:34:eb:
         72:93:f4:c7:bf:7f:a4:c0:8b:d4:e8:bb:3e:6f:ba:83:61:20:
         48:85:d8:be:99:96:d0:49:a8:23:05:c6:d1:c2:01:c0:15:e9:
         58:62:7d:a1:d7:68:fa:f9:5f:27:d9:7d:24:41:89:af:81:52:
         f9:63:ec:ca:44:f8:68:d0:3a:89:f5:6b:1b:29:cd:a1:f3:46:
         e0:be:ad:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb/IKLt/wNSNlQP81ZBt3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjQwMTAyMDQzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTJlNjgxNGVkNGIzNjkyMDRmMzgxZmQ0YjkxZjVhMzdlNmI5ZTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLdHg2tJPYx2uUGBkfoDeKTkFbIL
yDnQv3GUtpZOyYIakrtF2lfUEJSwYQWxkUGBOu2Y22LaBZaVFMLiguLAUtWazVTh
lXDwseqjj4DX0gyLCiETLTaMH1y2dMYFTnbQsX4gssUZQ+OeFcl5FK8Sh5D2jE6u
diNrCGM/MEJWQ5zz+TmF4uRKnuTHngwS9SZiYBZn4eiKG7l1FydinEe+PmRrPSr9
g8USAsoGYlrYSf4kVsjNDwP3a45xLEyPFzQvPdZg9xMtPBDfYFyU2aREB0JoHKjr
blexaKGtrTlkEIwKRAmwVgSVGFjhHt91JkXnNsAK+CLNGuP5NjF6tYjdZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLEuaBTtSzaSBPOB/UuR9aN+a55EMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvc1M1b0ZPMUxOcElFODRIOVM1SDFvMzVybmtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW10yMA0G
CSqGSIb3DQEBCwUAA4IBAQAhEOCS0nSxn25YaaK8w7Vp0ht+AV50v0hLnMT2ZSO1
u56xr324JutMFqddkJ/OPfrcqr7tUadaASufKP8uumdUlvdcaO6HbEs1pSHLo3N3
Fk4wjKU0yS1B/n8rjxmFG5mZArU+b/bzlcbD0gyR2f5gop20xU5Q4shnZDPWGqRh
q8UTH0zsdK75M2PH/i4Kfd8vOsxVGmtnQt1kOCe6aMdflwQPmpL4ztOLuxnjqiwY
jCPUNOtyk/THv3+kwIvU6Ls+b7qDYSBIhdi+mZbQSagjBcbRwgHAFelYYn2h12j6
+V8n2X0kQYmvgVL5Y+zKRPho0DqJ9WsbKc2h80bgvq1e
-----END CERTIFICATE-----