Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/9fb1d7-8424-4c84-b0cb-2f51ecd1aa0e/1/pN06ABqJrRAOUU9S85twP_8uWGk.roa
File:                     pN06ABqJrRAOUU9S85twP_8uWGk.roa (raw, json)
Hash identifier:          u+hxRM1SZNiBsTMEqMpfk702PzVDULnyyono0kbLeX8=
Subject key identifier:   A4:DD:3A:00:1A:89:AD:10:0E:51:4F:52:F3:9B:70:3F:FF:2E:58:69
Certificate issuer:       /CN=5134d1320645644e2eaf3685879d693f72522c76
Certificate serial:       018CC4930FD270252ECB807C043ABD8F2AB1
Authority key identifier: 51:34:D1:32:06:45:64:4E:2E:AF:36:85:87:9D:69:3F:72:52:2C:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UTTRMgZFZE4urzaFh51pP3JSLHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/9fb1d7-8424-4c84-b0cb-2f51ecd1aa0e/1/pN06ABqJrRAOUU9S85twP_8uWGk.roa
Signing time:             Mon 01 Jan 2024 10:30:21 +0000
ROA not before:           Mon 01 Jan 2024 10:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        91.194.104.0/23 maxlen: 24
                          91.194.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/9fb1d7-8424-4c84-b0cb-2f51ecd1aa0e/1/UTTRMgZFZE4urzaFh51pP3JSLHY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/9fb1d7-8424-4c84-b0cb-2f51ecd1aa0e/1/UTTRMgZFZE4urzaFh51pP3JSLHY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UTTRMgZFZE4urzaFh51pP3JSLHY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:0f:d2:70:25:2e:cb:80:7c:04:3a:bd:8f:2a:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5134d1320645644e2eaf3685879d693f72522c76
        Validity
            Not Before: Jan  1 10:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4dd3a001a89ad100e514f52f39b703fff2e5869
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:ec:f4:e7:bc:fb:f7:61:fe:fd:ff:05:6a:6c:
                    36:2f:f6:20:14:a7:0e:3e:c1:85:07:6b:8f:67:93:
                    e7:34:bf:b0:f5:08:59:1a:ec:08:5a:a3:17:ae:27:
                    b2:d4:9c:a6:47:bd:55:15:27:cc:41:95:f2:27:79:
                    cf:5b:36:19:eb:f8:1b:a8:6a:7b:a8:3b:5e:94:ea:
                    26:de:36:cd:28:53:b2:5e:3e:74:42:f2:ef:7d:25:
                    6e:78:5f:13:8a:3b:95:4e:bd:ef:71:f6:3e:b3:75:
                    08:84:a5:6f:05:a8:cf:07:30:02:65:6d:a6:d7:38:
                    65:6c:55:6f:a0:52:1a:14:3e:2e:30:3b:ec:48:93:
                    c5:4c:41:da:9f:72:33:fb:35:7e:45:90:69:7e:b6:
                    1d:ad:94:f9:36:7f:9a:e2:70:31:8e:4b:e1:6c:66:
                    06:32:8e:9b:38:18:a3:d3:47:d5:58:11:d9:ae:27:
                    50:cf:78:d9:be:ee:07:18:2b:a3:6e:b0:2d:0a:af:
                    16:64:99:6d:bc:88:d1:91:b4:58:07:6c:22:2b:90:
                    e3:28:67:28:59:f4:b3:f0:48:ab:e6:ba:32:d5:fc:
                    55:1f:91:46:c6:3c:53:44:24:c6:65:19:a6:0c:3f:
                    ac:5c:6d:79:d0:47:a7:00:df:e5:f7:36:cf:45:eb:
                    c8:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:DD:3A:00:1A:89:AD:10:0E:51:4F:52:F3:9B:70:3F:FF:2E:58:69
            X509v3 Authority Key Identifier:
                keyid:51:34:D1:32:06:45:64:4E:2E:AF:36:85:87:9D:69:3F:72:52:2C:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UTTRMgZFZE4urzaFh51pP3JSLHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/9fb1d7-8424-4c84-b0cb-2f51ecd1aa0e/1/pN06ABqJrRAOUU9S85twP_8uWGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/9fb1d7-8424-4c84-b0cb-2f51ecd1aa0e/1/UTTRMgZFZE4urzaFh51pP3JSLHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.25.0/24
                  91.194.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:75:d3:47:22:70:c1:8f:86:50:e6:d3:2e:15:34:b5:24:69:
         4f:bd:0b:76:27:4e:94:92:2e:a6:6c:90:14:a9:c1:2b:d8:5d:
         2d:e2:32:ed:76:89:2d:37:f6:d9:ac:d1:13:da:15:f1:d2:85:
         c2:7a:ad:9d:8d:ac:a1:f0:4c:ec:63:dd:fe:12:ed:82:7a:98:
         74:78:53:c9:25:83:0e:8a:58:5f:6b:97:da:5e:74:e6:72:f9:
         b8:31:b4:d3:09:e0:00:21:3a:f4:8f:96:60:4a:a4:88:59:77:
         8f:04:55:5f:15:99:ee:5c:5d:5e:46:f6:bd:e3:65:88:fa:58:
         3a:70:bc:d1:56:ef:0e:8a:58:2b:ba:06:84:08:39:12:c3:a6:
         98:3c:dc:1e:27:e4:a8:48:c1:79:17:0a:7b:0d:cf:6c:0d:8a:
         df:39:ef:f5:75:9e:97:1e:0b:e7:cb:43:da:60:82:36:ee:74:
         61:fe:be:ec:19:21:a5:06:59:f0:ce:3c:7b:e1:5a:59:44:64:
         81:9a:d2:d1:c4:54:92:ac:4b:65:39:dc:b2:05:d8:4d:80:ad:
         2d:73:09:3a:f8:a3:b4:df:c7:d2:31:90:10:f3:5b:a3:ef:1b:
         de:da:91:90:fa:0c:fa:11:c9:be:c9:6b:81:35:30:ac:ce:3b:
         fb:19:57:8c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEkw/ScCUuy4B8BDq9jyqxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMzRkMTMyMDY0NTY0NGUyZWFmMzY4NTg3OWQ2OTNmNzI1
MjJjNzYwHhcNMjQwMTAxMTAzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGRkM2EwMDFhODlhZDEwMGU1MTRmNTJmMzliNzAzZmZmMmU1ODY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0uz057z792H+/f8Famw2L/YgFKcO
PsGFB2uPZ5PnNL+w9QhZGuwIWqMXriey1JymR71VFSfMQZXyJ3nPWzYZ6/gbqGp7
qDtelOom3jbNKFOyXj50QvLvfSVueF8TijuVTr3vcfY+s3UIhKVvBajPBzACZW2m
1zhlbFVvoFIaFD4uMDvsSJPFTEHan3Iz+zV+RZBpfrYdrZT5Nn+a4nAxjkvhbGYG
Mo6bOBij00fVWBHZridQz3jZvu4HGCujbrAtCq8WZJltvIjRkbRYB2wiK5DjKGco
WfSz8Eir5roy1fxVH5FGxjxTRCTGZRmmDD+sXG150EenAN/l9zbPRevIYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKTdOgAaia0QDlFPUvObcD//LlhpMB8GA1UdIwQY
MBaAFFE00TIGRWROLq82hYedaT9yUix2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVRUUk1nWkZaRTR1cnphRmg1MXBQM0pTTEhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS85ZmIxZDctODQyNC00Yzg0LWIwY2It
MmY1MWVjZDFhYTBlLzEvcE4wNkFCcUpyUkFPVVU5Uzg1dHdQXzh1V0drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS85ZmIxZDctODQyNC00Yzg0LWIwY2ItMmY1MWVjZDFhYTBl
LzEvVVRUUk1nWkZaRTR1cnphRmg1MXBQM0pTTEhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8IZAwQB
W8JoMA0GCSqGSIb3DQEBCwUAA4IBAQB5ddNHInDBj4ZQ5tMuFTS1JGlPvQt2J06U
ki6mbJAUqcEr2F0t4jLtdoktN/bZrNET2hXx0oXCeq2djayh8EzsY93+Eu2Ceph0
eFPJJYMOilhfa5faXnTmcvm4MbTTCeAAITr0j5ZgSqSIWXePBFVfFZnuXF1eRva9
42WI+lg6cLzRVu8OilgrugaECDkSw6aYPNweJ+SoSMF5Fwp7Dc9sDYrfOe/1dZ6X
Hgvny0PaYII27nRh/r7sGSGlBlnwzjx74VpZRGSBmtLRxFSSrEtlOdyyBdhNgK0t
cwk6+KO038fSMZAQ81uj7xve2pGQ+gz6Ecm+yWuBNTCszjv7GVeM
-----END CERTIFICATE-----