Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/0be9d0-999a-449a-8519-3523e3030be4/1/mczUJyN4FZ-VsRzPpQEzABT-B_o.roa
File:                     mczUJyN4FZ-VsRzPpQEzABT-B_o.roa (raw, json)
Hash identifier:          r6n6SAcnfW+wsFs79szMDVlvn9RhLcf/meMRER+Dj2Q=
Subject key identifier:   99:CC:D4:27:23:78:15:9F:95:B1:1C:CF:A5:01:33:00:14:FE:07:FA
Certificate issuer:       /CN=7741d13a15a987dd60019c0265d2ecec4840944a
Certificate serial:       018CC9BC04631DBC1A282D41721D8921F7A1
Authority key identifier: 77:41:D1:3A:15:A9:87:DD:60:01:9C:02:65:D2:EC:EC:48:40:94:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d0HROhWph91gAZwCZdLs7EhAlEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/0be9d0-999a-449a-8519-3523e3030be4/1/mczUJyN4FZ-VsRzPpQEzABT-B_o.roa
Signing time:             Tue 02 Jan 2024 10:33:11 +0000
ROA not before:           Tue 02 Jan 2024 10:33:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        91.227.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/0be9d0-999a-449a-8519-3523e3030be4/1/d0HROhWph91gAZwCZdLs7EhAlEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/0be9d0-999a-449a-8519-3523e3030be4/1/d0HROhWph91gAZwCZdLs7EhAlEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d0HROhWph91gAZwCZdLs7EhAlEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 04:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:04:63:1d:bc:1a:28:2d:41:72:1d:89:21:f7:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7741d13a15a987dd60019c0265d2ecec4840944a
        Validity
            Not Before: Jan  2 10:33:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99ccd4272378159f95b11ccfa501330014fe07fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d5:b7:b9:61:76:86:9e:1a:ed:1e:a6:a5:d0:
                    e1:d1:64:0d:da:f8:f3:3b:ec:5c:54:78:5d:09:8c:
                    f7:a3:bd:db:b2:97:64:48:a2:f4:50:40:98:df:c1:
                    4c:64:d0:25:ec:5b:21:ef:b7:f4:1b:76:fa:4b:14:
                    c2:45:ee:1d:28:ab:b3:aa:38:ce:63:29:67:a0:7d:
                    a9:c4:86:7f:5d:ab:06:80:1a:02:68:b5:a9:6d:e6:
                    e6:25:52:fb:4c:70:6b:f6:8a:99:0b:99:b6:21:39:
                    9b:6c:23:f7:b6:a8:a3:50:a9:3c:aa:f0:2e:16:97:
                    51:d4:35:8e:37:23:64:76:b4:b7:d1:e0:23:03:e1:
                    a1:20:fc:3b:ed:3b:50:28:4d:1b:a3:a4:52:71:4a:
                    26:f6:58:31:a9:28:a9:7a:af:98:aa:a4:cc:e6:21:
                    7d:13:66:5d:6e:1a:8c:93:4c:28:c8:0e:e4:2b:18:
                    56:70:1c:15:39:61:9f:8c:65:3e:2d:dd:3e:1e:3b:
                    4f:09:63:8f:01:0d:90:3e:62:1f:0d:b8:11:dc:4c:
                    3b:0b:a7:0b:68:6d:f1:32:63:65:7d:00:7b:44:28:
                    34:54:87:c4:14:c6:0d:75:42:63:aa:e0:6a:e5:4b:
                    7b:4b:12:0a:a1:01:df:86:8e:8d:6b:51:5a:bc:e3:
                    42:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:CC:D4:27:23:78:15:9F:95:B1:1C:CF:A5:01:33:00:14:FE:07:FA
            X509v3 Authority Key Identifier:
                keyid:77:41:D1:3A:15:A9:87:DD:60:01:9C:02:65:D2:EC:EC:48:40:94:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0HROhWph91gAZwCZdLs7EhAlEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/0be9d0-999a-449a-8519-3523e3030be4/1/mczUJyN4FZ-VsRzPpQEzABT-B_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/0be9d0-999a-449a-8519-3523e3030be4/1/d0HROhWph91gAZwCZdLs7EhAlEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:a2:46:60:e5:da:c1:50:99:91:57:d7:2e:6c:50:cc:94:48:
         47:91:3c:3c:82:40:d8:86:f8:79:89:60:e3:39:00:3f:18:08:
         14:cc:04:d1:8d:67:ca:17:a1:6f:1b:27:75:98:e2:91:4c:fb:
         d0:40:8e:b8:80:b2:2b:22:9a:4b:6f:b6:d4:4e:99:f6:33:91:
         86:fa:8b:c3:a6:8d:f8:c9:c0:4b:8b:a9:d4:74:1d:4c:86:57:
         15:de:6b:1d:77:4d:46:9b:37:ab:da:be:9e:d7:ee:13:e4:18:
         75:92:a8:60:dd:4d:8d:c8:30:79:64:a6:dc:cb:5d:44:25:7b:
         2f:9d:8b:7c:99:ad:6d:6d:0f:80:cd:c9:df:dc:60:10:ce:75:
         8b:a2:7f:6c:dc:df:8f:ec:09:2a:d4:c9:3d:95:70:fa:62:0b:
         65:71:ee:cf:a9:fd:c0:28:46:1e:e9:ed:46:db:93:1e:c9:44:
         c0:53:74:a0:83:c8:7d:f3:8c:cb:80:1c:38:e3:32:2b:7c:83:
         83:63:a6:f0:c2:e1:07:3f:be:0a:11:12:13:5d:38:9e:6d:d7:
         bc:25:f6:11:23:ef:da:82:86:c2:68:b9:3e:0f:e5:42:36:84:
         e8:4c:6f:7d:ba:2d:f7:82:27:89:a9:2c:57:2e:ee:22:1a:07:
         28:e6:76:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvARjHbwaKC1Bch2JIfehMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3NDFkMTNhMTVhOTg3ZGQ2MDAxOWMwMjY1ZDJlY2VjNDg0
MDk0NGEwHhcNMjQwMTAyMTAzMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWNjZDQyNzIzNzgxNTlmOTViMTFjY2ZhNTAxMzMwMDE0ZmUwN2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNW3uWF2hp4a7R6mpdDh0WQN2vjz
O+xcVHhdCYz3o73bspdkSKL0UECY38FMZNAl7Fsh77f0G3b6SxTCRe4dKKuzqjjO
YylnoH2pxIZ/XasGgBoCaLWpbebmJVL7THBr9oqZC5m2ITmbbCP3tqijUKk8qvAu
FpdR1DWONyNkdrS30eAjA+GhIPw77TtQKE0bo6RScUom9lgxqSipeq+YqqTM5iF9
E2ZdbhqMk0woyA7kKxhWcBwVOWGfjGU+Ld0+HjtPCWOPAQ2QPmIfDbgR3Ew7C6cL
aG3xMmNlfQB7RCg0VIfEFMYNdUJjquBq5Ut7SxIKoQHfho6Na1FavONCMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJnM1CcjeBWflbEcz6UBMwAU/gf6MB8GA1UdIwQY
MBaAFHdB0ToVqYfdYAGcAmXS7OxIQJRKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDBIUk9oV3BoOTFnQVp3Q1pkTHM3RWhBbEVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8wYmU5ZDAtOTk5YS00NDlhLTg1MTkt
MzUyM2UzMDMwYmU0LzEvbWN6VUp5TjRGWi1Wc1J6UHBRRXpBQlQtQl9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8wYmU5ZDAtOTk5YS00NDlhLTg1MTktMzUyM2UzMDMwYmU0
LzEvZDBIUk9oV3BoOTFnQVp3Q1pkTHM3RWhBbEVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+PBMA0G
CSqGSIb3DQEBCwUAA4IBAQAmokZg5drBUJmRV9cubFDMlEhHkTw8gkDYhvh5iWDj
OQA/GAgUzATRjWfKF6FvGyd1mOKRTPvQQI64gLIrIppLb7bUTpn2M5GG+ovDpo34
ycBLi6nUdB1MhlcV3msdd01Gmzer2r6e1+4T5Bh1kqhg3U2NyDB5ZKbcy11EJXsv
nYt8ma1tbQ+Azcnf3GAQznWLon9s3N+P7Akq1Mk9lXD6Ygtlce7Pqf3AKEYe6e1G
25MeyUTAU3Sgg8h984zLgBw44zIrfIODY6bwwuEHP74KERITXTiebde8JfYRI+/a
gobCaLk+D+VCNoToTG99ui33gieJqSxXLu4iGgco5nai
-----END CERTIFICATE-----