Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/57e419-42f4-4d8c-b6b4-431f27a62ed8/1/nqGPJ3KOHuG6vTy-l1jmx1ni0Dw.roa
File:                     nqGPJ3KOHuG6vTy-l1jmx1ni0Dw.roa (raw, json)
Hash identifier:          tovGSS/dJ0UP45b0338Un3zlrMaBzhV46AkI2eD2Bjc=
Subject key identifier:   9E:A1:8F:27:72:8E:1E:E1:BA:BD:3C:BE:97:58:E6:C7:59:E2:D0:3C
Certificate issuer:       /CN=038af86795417a3584d616375209a72efee2462b
Certificate serial:       018CC3B747CE3356777BC6913F1C2AF374DD
Authority key identifier: 03:8A:F8:67:95:41:7A:35:84:D6:16:37:52:09:A7:2E:FE:E2:46:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A4r4Z5VBejWE1hY3UgmnLv7iRis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/57e419-42f4-4d8c-b6b4-431f27a62ed8/1/nqGPJ3KOHuG6vTy-l1jmx1ni0Dw.roa
Signing time:             Mon 01 Jan 2024 06:30:17 +0000
ROA not before:           Mon 01 Jan 2024 06:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5400
IP address blocks:        91.142.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/57e419-42f4-4d8c-b6b4-431f27a62ed8/1/A4r4Z5VBejWE1hY3UgmnLv7iRis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/57e419-42f4-4d8c-b6b4-431f27a62ed8/1/A4r4Z5VBejWE1hY3UgmnLv7iRis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A4r4Z5VBejWE1hY3UgmnLv7iRis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:47:ce:33:56:77:7b:c6:91:3f:1c:2a:f3:74:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=038af86795417a3584d616375209a72efee2462b
        Validity
            Not Before: Jan  1 06:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ea18f27728e1ee1babd3cbe9758e6c759e2d03c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:80:d1:88:83:9e:9a:52:f4:4a:4d:fb:13:ec:
                    b7:8c:3e:9d:13:2a:ed:6a:20:41:0d:7f:4a:b8:14:
                    d6:f7:d6:d4:3a:01:9d:a5:ec:65:2e:0f:b6:70:eb:
                    19:86:ed:39:2e:04:89:2d:a6:1d:05:88:f6:d2:82:
                    d9:9d:c9:8a:03:7c:c4:0d:25:12:48:85:66:01:5f:
                    a6:b8:f3:68:10:ec:b5:a5:93:04:e5:e9:41:a7:55:
                    b9:08:70:5b:80:19:ed:5e:a3:43:dd:b3:65:cc:e3:
                    09:35:b0:72:ea:49:9d:f8:35:ed:59:d0:33:2e:83:
                    58:cc:a3:84:d9:19:84:ff:ff:29:0b:03:e1:ed:dc:
                    0a:6b:31:3a:09:97:f7:80:3d:ff:db:9e:48:27:b7:
                    c3:ad:42:be:35:8a:60:4e:06:58:2e:4b:f2:ba:ed:
                    e0:8e:b7:d7:6c:b3:a4:19:ec:d8:74:f7:32:62:04:
                    7a:01:48:8b:01:cd:c8:fe:20:28:ac:41:c3:5b:61:
                    b8:73:db:3b:98:94:2b:f8:2b:37:3c:20:9f:ff:cb:
                    bd:05:45:8c:b9:93:2b:d0:fe:a4:84:e6:c5:04:bd:
                    2c:5c:7c:83:ab:ef:05:7b:60:ab:87:d0:67:4c:e5:
                    26:49:21:5e:11:21:39:22:3c:34:33:92:78:61:b5:
                    ea:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:A1:8F:27:72:8E:1E:E1:BA:BD:3C:BE:97:58:E6:C7:59:E2:D0:3C
            X509v3 Authority Key Identifier:
                keyid:03:8A:F8:67:95:41:7A:35:84:D6:16:37:52:09:A7:2E:FE:E2:46:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A4r4Z5VBejWE1hY3UgmnLv7iRis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/57e419-42f4-4d8c-b6b4-431f27a62ed8/1/nqGPJ3KOHuG6vTy-l1jmx1ni0Dw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/57e419-42f4-4d8c-b6b4-431f27a62ed8/1/A4r4Z5VBejWE1hY3UgmnLv7iRis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.142.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:fb:13:4f:1d:69:fe:a6:32:ba:44:ed:fd:ea:b8:f9:1e:1c:
         83:fd:bc:07:97:6c:b0:43:ca:e7:cc:ac:23:b3:98:6f:2c:76:
         3b:9e:9f:1e:f1:5d:59:e7:9f:d7:7c:d5:20:31:03:ca:41:a2:
         10:23:37:12:5b:7b:dd:b7:39:82:53:a5:54:de:54:74:65:6a:
         67:70:e4:58:22:e3:6f:fe:2c:dd:d7:8c:05:cf:b1:4a:f5:a0:
         d4:46:5c:ad:64:18:79:72:58:55:30:e3:14:84:78:a5:3a:74:
         9a:0d:71:6b:11:6a:14:1a:46:b2:c9:94:45:3f:80:b9:de:04:
         92:12:ab:f2:75:56:da:cf:31:e5:e1:3a:a4:78:12:a1:39:fd:
         dd:c5:4d:a1:aa:48:b1:d0:7a:5b:d2:8c:a3:c3:d3:7f:05:44:
         34:f2:87:f5:06:48:2e:85:e5:14:a0:02:b6:ea:56:38:83:bf:
         08:c4:37:d9:01:a5:97:27:db:79:6f:3d:4c:5a:cb:47:0b:89:
         9b:5a:d8:13:34:d6:47:9c:1c:5a:2f:35:53:09:ee:0b:c3:79:
         1c:87:f1:6b:3f:a3:98:cd:3e:c7:49:71:89:72:32:7e:9a:10:
         73:04:0a:ea:f9:86:f6:75:aa:02:67:15:62:cf:d9:fe:50:30:
         35:fd:9a:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDt0fOM1Z3e8aRPxwq83TdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzOGFmODY3OTU0MTdhMzU4NGQ2MTYzNzUyMDlhNzJlZmVl
MjQ2MmIwHhcNMjQwMTAxMDYzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWExOGYyNzcyOGUxZWUxYmFiZDNjYmU5NzU4ZTZjNzU5ZTJkMDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4DRiIOemlL0Sk37E+y3jD6dEyrt
aiBBDX9KuBTW99bUOgGdpexlLg+2cOsZhu05LgSJLaYdBYj20oLZncmKA3zEDSUS
SIVmAV+muPNoEOy1pZME5elBp1W5CHBbgBntXqND3bNlzOMJNbBy6kmd+DXtWdAz
LoNYzKOE2RmE//8pCwPh7dwKazE6CZf3gD3/255IJ7fDrUK+NYpgTgZYLkvyuu3g
jrfXbLOkGezYdPcyYgR6AUiLAc3I/iAorEHDW2G4c9s7mJQr+Cs3PCCf/8u9BUWM
uZMr0P6khObFBL0sXHyDq+8Fe2Crh9BnTOUmSSFeESE5Ijw0M5J4YbXqzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ6hjydyjh7hur08vpdY5sdZ4tA8MB8GA1UdIwQY
MBaAFAOK+GeVQXo1hNYWN1IJpy7+4kYrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTRyNFo1VkJlaldFMWhZM1VnbW5MdjdpUmlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi81N2U0MTktNDJmNC00ZDhjLWI2YjQt
NDMxZjI3YTYyZWQ4LzEvbnFHUEozS09IdUc2dlR5LWwxam14MW5pMER3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi81N2U0MTktNDJmNC00ZDhjLWI2YjQtNDMxZjI3YTYyZWQ4
LzEvQTRyNFo1VkJlaldFMWhZM1VnbW5MdjdpUmlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW46AMA0G
CSqGSIb3DQEBCwUAA4IBAQBz+xNPHWn+pjK6RO396rj5HhyD/bwHl2ywQ8rnzKwj
s5hvLHY7np8e8V1Z55/XfNUgMQPKQaIQIzcSW3vdtzmCU6VU3lR0ZWpncORYIuNv
/izd14wFz7FK9aDURlytZBh5clhVMOMUhHilOnSaDXFrEWoUGkayyZRFP4C53gSS
EqvydVbazzHl4TqkeBKhOf3dxU2hqkix0Hpb0oyjw9N/BUQ08of1BkguheUUoAK2
6lY4g78IxDfZAaWXJ9t5bz1MWstHC4mbWtgTNNZHnBxaLzVTCe4Lw3kch/FrP6OY
zT7HSXGJcjJ+mhBzBArq+Yb2daoCZxViz9n+UDA1/ZrI
-----END CERTIFICATE-----