Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/57e419-42f4-4d8c-b6b4-431f27a62ed8/1/o5cStNsLTTFzaVWhI4boa6SLtX4.roa
File:                     o5cStNsLTTFzaVWhI4boa6SLtX4.roa (raw, json)
Hash identifier:          SeimYrls3m4EGtBEol0YV7g69oL6k6bgo882cSvS69U=
Subject key identifier:   A3:97:12:B4:DB:0B:4D:31:73:69:55:A1:23:86:E8:6B:A4:8B:B5:7E
Certificate issuer:       /CN=038af86795417a3584d616375209a72efee2462b
Certificate serial:       018CC3B74790B8943849A951E3164ECE02E7
Authority key identifier: 03:8A:F8:67:95:41:7A:35:84:D6:16:37:52:09:A7:2E:FE:E2:46:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A4r4Z5VBejWE1hY3UgmnLv7iRis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/57e419-42f4-4d8c-b6b4-431f27a62ed8/1/o5cStNsLTTFzaVWhI4boa6SLtX4.roa
Signing time:             Mon 01 Jan 2024 06:30:17 +0000
ROA not before:           Mon 01 Jan 2024 06:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2856
IP address blocks:        91.142.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/57e419-42f4-4d8c-b6b4-431f27a62ed8/1/A4r4Z5VBejWE1hY3UgmnLv7iRis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/57e419-42f4-4d8c-b6b4-431f27a62ed8/1/A4r4Z5VBejWE1hY3UgmnLv7iRis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A4r4Z5VBejWE1hY3UgmnLv7iRis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 21:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:47:90:b8:94:38:49:a9:51:e3:16:4e:ce:02:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=038af86795417a3584d616375209a72efee2462b
        Validity
            Not Before: Jan  1 06:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a39712b4db0b4d31736955a12386e86ba48bb57e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:1c:75:cb:e4:af:b9:14:67:ff:94:66:64:eb:
                    ca:81:e0:51:c4:4d:d9:68:b0:c1:1e:3f:a6:9e:4f:
                    18:15:47:f0:0f:72:9b:67:77:22:f9:ba:b9:96:01:
                    14:5e:55:25:18:b5:92:ea:d2:a9:2f:07:9c:6b:05:
                    ee:af:6a:0e:2c:a0:24:b4:a7:b1:07:58:f6:7c:28:
                    f9:b7:13:18:cf:be:7e:cc:d9:f6:c9:c3:c8:99:17:
                    1c:67:32:26:74:2c:a0:24:20:28:f9:18:cd:18:7d:
                    14:9b:2c:7c:31:de:d8:c5:2e:7e:36:09:e0:90:8d:
                    28:dc:db:dd:38:4b:c0:ad:75:37:d3:5a:a6:79:43:
                    fd:94:0a:db:b9:df:18:e8:df:2b:aa:09:3a:04:82:
                    39:c9:c4:4d:45:bb:84:ad:3c:8b:b4:4d:87:b5:62:
                    78:d9:56:00:09:8a:05:b6:4a:2e:cd:3f:e2:97:bf:
                    d7:5b:31:21:37:97:9d:3f:bb:ef:fc:09:58:44:b3:
                    d1:ed:e3:9f:0d:aa:e5:26:0c:de:3e:1e:b5:86:5c:
                    26:b7:05:e4:ab:11:29:e3:aa:7d:c2:2c:57:12:21:
                    3f:e6:6c:6c:8f:dc:5c:44:64:a4:f1:52:dd:65:cc:
                    eb:70:e2:39:59:0f:11:64:a7:3c:c4:37:2d:be:d1:
                    59:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:97:12:B4:DB:0B:4D:31:73:69:55:A1:23:86:E8:6B:A4:8B:B5:7E
            X509v3 Authority Key Identifier:
                keyid:03:8A:F8:67:95:41:7A:35:84:D6:16:37:52:09:A7:2E:FE:E2:46:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A4r4Z5VBejWE1hY3UgmnLv7iRis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/57e419-42f4-4d8c-b6b4-431f27a62ed8/1/o5cStNsLTTFzaVWhI4boa6SLtX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/57e419-42f4-4d8c-b6b4-431f27a62ed8/1/A4r4Z5VBejWE1hY3UgmnLv7iRis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.142.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:ff:fa:39:26:0a:1a:55:5f:3f:49:c9:29:bc:30:ef:10:c1:
         3b:7c:6a:4c:5e:6c:1b:3d:4d:63:ef:04:6e:84:f1:c3:94:14:
         57:19:73:d2:ad:e4:7c:e0:01:ae:da:ef:88:60:04:30:21:49:
         9f:4a:cd:87:04:b3:5a:a5:c7:b4:57:c5:6d:8d:93:0a:28:fb:
         37:bf:e4:86:c7:1b:04:a2:52:96:88:66:f7:36:c6:49:41:d3:
         05:9b:87:5b:2c:02:88:52:9a:05:ee:68:62:2f:04:8b:6f:42:
         78:3a:f6:18:6c:34:2c:b6:68:06:b3:56:58:4d:44:03:87:2f:
         30:72:d5:74:4a:7b:d6:fd:52:c4:b4:b0:a7:29:7f:d2:c3:bc:
         c3:4a:ea:82:9c:f6:3d:0b:b5:5e:ad:ea:43:3b:ac:5b:28:84:
         6b:55:33:d1:57:83:3f:9c:9f:9d:82:9b:48:d9:f8:02:c5:e6:
         c1:96:63:e4:fd:1a:f7:b9:94:5f:93:e2:2f:69:10:b8:92:c0:
         f4:46:40:ff:20:16:0b:fc:44:0f:9d:f0:1b:61:78:d7:84:84:
         d6:f0:87:61:de:b8:95:c7:4a:3a:2d:a8:10:e3:01:ab:80:66:
         92:6a:e1:97:5d:89:5d:5e:2a:84:47:38:5c:ee:4c:72:1d:7e:
         5b:2f:32:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDt0eQuJQ4SalR4xZOzgLnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzOGFmODY3OTU0MTdhMzU4NGQ2MTYzNzUyMDlhNzJlZmVl
MjQ2MmIwHhcNMjQwMTAxMDYzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzk3MTJiNGRiMGI0ZDMxNzM2OTU1YTEyMzg2ZTg2YmE0OGJiNTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxx1y+SvuRRn/5RmZOvKgeBRxE3Z
aLDBHj+mnk8YFUfwD3KbZ3ci+bq5lgEUXlUlGLWS6tKpLwecawXur2oOLKAktKex
B1j2fCj5txMYz75+zNn2ycPImRccZzImdCygJCAo+RjNGH0Umyx8Md7YxS5+Ngng
kI0o3NvdOEvArXU301qmeUP9lArbud8Y6N8rqgk6BII5ycRNRbuErTyLtE2HtWJ4
2VYACYoFtkouzT/il7/XWzEhN5edP7vv/AlYRLPR7eOfDarlJgzePh61hlwmtwXk
qxEp46p9wixXEiE/5mxsj9xcRGSk8VLdZczrcOI5WQ8RZKc8xDctvtFZvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKOXErTbC00xc2lVoSOG6Guki7V+MB8GA1UdIwQY
MBaAFAOK+GeVQXo1hNYWN1IJpy7+4kYrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTRyNFo1VkJlaldFMWhZM1VnbW5MdjdpUmlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi81N2U0MTktNDJmNC00ZDhjLWI2YjQt
NDMxZjI3YTYyZWQ4LzEvbzVjU3ROc0xUVEZ6YVZXaEk0Ym9hNlNMdFg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi81N2U0MTktNDJmNC00ZDhjLWI2YjQtNDMxZjI3YTYyZWQ4
LzEvQTRyNFo1VkJlaldFMWhZM1VnbW5MdjdpUmlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW46AMA0G
CSqGSIb3DQEBCwUAA4IBAQCe//o5JgoaVV8/SckpvDDvEME7fGpMXmwbPU1j7wRu
hPHDlBRXGXPSreR84AGu2u+IYAQwIUmfSs2HBLNapce0V8VtjZMKKPs3v+SGxxsE
olKWiGb3NsZJQdMFm4dbLAKIUpoF7mhiLwSLb0J4OvYYbDQstmgGs1ZYTUQDhy8w
ctV0SnvW/VLEtLCnKX/Sw7zDSuqCnPY9C7VerepDO6xbKIRrVTPRV4M/nJ+dgptI
2fgCxebBlmPk/Rr3uZRfk+IvaRC4ksD0RkD/IBYL/EQPnfAbYXjXhITW8Idh3riV
x0o6LagQ4wGrgGaSauGXXYldXiqERzhc7kxyHX5bLzL3
-----END CERTIFICATE-----