Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/cSepb9T6Lng0m6WYRtjgXpO0YaU.roa
File:                     cSepb9T6Lng0m6WYRtjgXpO0YaU.roa (raw, json)
Hash identifier:          UyEm90Xriuqzt4t95YgibwEyy/yb5W/6O9YIwObAhU0=
Subject key identifier:   71:27:A9:6F:D4:FA:2E:78:34:9B:A5:98:46:D8:E0:5E:93:B4:61:A5
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       018CC500315CB68A37FE952DCE2258FC573C
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/cSepb9T6Lng0m6WYRtjgXpO0YaU.roa
Signing time:             Mon 01 Jan 2024 12:29:33 +0000
ROA not before:           Mon 01 Jan 2024 12:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42960
IP address blocks:        91.213.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:31:5c:b6:8a:37:fe:95:2d:ce:22:58:fc:57:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Jan  1 12:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7127a96fd4fa2e78349ba59846d8e05e93b461a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:35:27:d6:4e:a3:ce:c1:fa:a2:7b:52:d7:10:
                    c8:7c:91:0f:27:99:8f:24:21:8a:f1:62:9d:ff:98:
                    2d:b7:62:de:7d:50:37:a0:c4:f1:08:79:75:f5:22:
                    60:3f:3e:99:8a:fd:84:41:f8:a5:45:34:49:73:7b:
                    e1:c4:7a:cc:c3:22:48:81:9c:a8:f8:60:6f:2c:23:
                    97:9a:a0:a3:42:4d:d6:e3:36:06:3d:f2:f6:fc:8a:
                    92:e3:cc:29:e2:d4:03:86:6c:0f:3a:cb:49:85:a8:
                    8f:a1:0d:04:31:1c:6b:2a:81:93:59:53:3c:46:98:
                    18:07:d6:8c:36:7d:58:7d:41:67:02:1a:37:99:12:
                    d6:b8:ca:22:47:22:af:d2:97:74:3b:e7:6e:2d:1d:
                    f1:d8:3f:a9:db:9a:42:d9:ce:c7:af:47:95:6c:24:
                    3d:14:ed:da:f4:79:6d:65:fc:6f:ab:e3:9a:31:de:
                    26:18:5f:db:81:0d:81:ff:d5:97:37:f5:a3:82:0c:
                    b6:93:bf:b0:34:cc:35:19:42:20:8a:93:d9:dc:9c:
                    c2:a4:d1:f7:8a:1f:a1:cf:8d:49:8f:f8:65:3e:df:
                    40:80:d0:1d:0f:ef:c4:63:d3:81:0d:2c:d6:50:45:
                    d2:26:f9:eb:c2:4b:70:a7:d3:e4:c2:d7:05:a5:d4:
                    31:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:27:A9:6F:D4:FA:2E:78:34:9B:A5:98:46:D8:E0:5E:93:B4:61:A5
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/cSepb9T6Lng0m6WYRtjgXpO0YaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:c3:39:26:74:50:ac:1f:59:fa:b7:96:81:42:63:2a:95:c1:
         06:17:d2:73:e3:8f:1f:2e:0e:08:98:38:08:2a:64:f2:13:8f:
         59:b1:dc:bf:d2:95:15:a8:13:79:1d:1a:22:75:08:59:83:ee:
         78:07:1e:f6:1b:97:78:ff:95:a9:56:3d:bd:67:21:86:45:40:
         db:1e:eb:d2:51:61:07:82:47:90:65:72:58:a1:09:68:ff:1a:
         72:6e:39:dc:78:90:73:8f:00:cc:87:5b:ea:d6:08:94:f9:3d:
         15:4f:67:0f:9e:d8:13:0f:85:a4:41:d8:04:55:0e:33:79:08:
         af:ce:56:2c:24:1f:52:91:1d:3c:ce:4e:02:63:30:12:97:42:
         85:f3:5b:7d:c3:bf:47:3a:93:70:21:1d:2b:98:1a:f6:34:e8:
         0e:e5:ff:aa:2f:70:dd:38:e0:e5:9c:b8:fc:87:4b:a0:99:a7:
         95:cc:0f:d2:bf:f8:9b:e3:5c:da:82:00:a8:ad:06:1a:4b:5c:
         85:a6:19:65:70:5b:6b:3a:11:21:0f:b0:c7:bf:62:c1:08:17:
         0a:7d:01:3d:a7:c4:f7:18:f1:5d:a0:16:66:48:be:85:79:13:
         5d:de:18:0f:c4:3d:e1:04:f5:24:5a:e2:2c:e5:bb:47:11:ca:
         a9:cf:4b:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFADFctoo3/pUtziJY/Fc8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjQwMTAxMTIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTI3YTk2ZmQ0ZmEyZTc4MzQ5YmE1OTg0NmQ4ZTA1ZTkzYjQ2MWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjUn1k6jzsH6ontS1xDIfJEPJ5mP
JCGK8WKd/5gtt2LefVA3oMTxCHl19SJgPz6Ziv2EQfilRTRJc3vhxHrMwyJIgZyo
+GBvLCOXmqCjQk3W4zYGPfL2/IqS48wp4tQDhmwPOstJhaiPoQ0EMRxrKoGTWVM8
RpgYB9aMNn1YfUFnAho3mRLWuMoiRyKv0pd0O+duLR3x2D+p25pC2c7Hr0eVbCQ9
FO3a9HltZfxvq+OaMd4mGF/bgQ2B/9WXN/Wjggy2k7+wNMw1GUIgipPZ3JzCpNH3
ih+hz41Jj/hlPt9AgNAdD+/EY9OBDSzWUEXSJvnrwktwp9PkwtcFpdQxbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHEnqW/U+i54NJulmEbY4F6TtGGlMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvY1NlcGI5VDZMbmcwbTZXWVJ0amdYcE8wWWFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9XIMA0G
CSqGSIb3DQEBCwUAA4IBAQCdwzkmdFCsH1n6t5aBQmMqlcEGF9Jz448fLg4ImDgI
KmTyE49Zsdy/0pUVqBN5HRoidQhZg+54Bx72G5d4/5WpVj29ZyGGRUDbHuvSUWEH
gkeQZXJYoQlo/xpybjnceJBzjwDMh1vq1giU+T0VT2cPntgTD4WkQdgEVQ4zeQiv
zlYsJB9SkR08zk4CYzASl0KF81t9w79HOpNwIR0rmBr2NOgO5f+qL3DdOODlnLj8
h0ugmaeVzA/Sv/ib41zaggCorQYaS1yFphllcFtrOhEhD7DHv2LBCBcKfQE9p8T3
GPFdoBZmSL6FeRNd3hgPxD3hBPUkWuIs5btHEcqpz0tY
-----END CERTIFICATE-----