Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/mDOAiYPn4DBt3mk1yAdAG5o6VQE.roa
File:                     mDOAiYPn4DBt3mk1yAdAG5o6VQE.roa (raw, json)
Hash identifier:          ILQ8mdArrK+fpSnRLefKj8ZzvgCXalDc6sm12PITlXM=
Subject key identifier:   98:33:80:89:83:E7:E0:30:6D:DE:69:35:C8:07:40:1B:9A:3A:55:01
Certificate issuer:       /CN=0a81fe9059f6820bc18ad5802f2f1fca77d254b7
Certificate serial:       018CC94D4C6FA0562B9F6548F915994A82AC
Authority key identifier: 0A:81:FE:90:59:F6:82:0B:C1:8A:D5:80:2F:2F:1F:CA:77:D2:54:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/mDOAiYPn4DBt3mk1yAdAG5o6VQE.roa
Signing time:             Tue 02 Jan 2024 08:32:15 +0000
ROA not before:           Tue 02 Jan 2024 08:32:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42830
IP address blocks:        91.236.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:4c:6f:a0:56:2b:9f:65:48:f9:15:99:4a:82:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a81fe9059f6820bc18ad5802f2f1fca77d254b7
        Validity
            Not Before: Jan  2 08:32:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9833808983e7e0306dde6935c807401b9a3a5501
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:13:89:c9:05:12:64:7c:04:11:5c:d8:73:40:
                    23:ac:d5:36:04:74:94:a9:10:7f:7e:0d:b3:e4:39:
                    17:99:5d:6e:5a:da:a7:97:af:04:41:aa:1c:76:d7:
                    1f:5e:af:2f:b4:c6:f4:5c:57:44:51:a0:a9:25:f0:
                    b6:1a:21:88:bf:f6:2b:90:46:2c:54:ed:f2:93:37:
                    2e:73:65:f0:66:ba:e9:37:8f:98:45:27:17:42:39:
                    9b:12:e9:cb:02:df:2a:92:13:e1:fb:06:d2:58:5a:
                    87:25:5c:8d:36:ae:19:74:09:50:89:2e:2e:91:34:
                    e2:5f:1b:a5:77:2e:ae:94:06:00:31:68:13:76:63:
                    aa:0d:54:eb:b4:f1:a4:f4:04:7d:1b:c4:ef:51:48:
                    57:f0:43:68:4c:10:d9:52:af:d7:1a:4c:49:ff:a4:
                    14:b5:0b:b9:06:a8:f2:29:24:68:86:bf:87:9e:2f:
                    dd:a7:8a:f7:32:86:8e:9b:43:17:34:4a:a9:c1:44:
                    a1:d5:cc:37:20:ca:91:bd:2d:3f:ef:07:d5:b3:56:
                    a6:3e:0d:90:37:c0:77:5b:b4:e0:ea:1b:41:c2:da:
                    f7:11:ca:22:63:cc:9d:27:9c:54:50:a4:86:ac:7b:
                    e0:a2:22:49:7e:07:67:79:5a:54:65:82:b8:fa:7c:
                    29:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:33:80:89:83:E7:E0:30:6D:DE:69:35:C8:07:40:1B:9A:3A:55:01
            X509v3 Authority Key Identifier:
                keyid:0A:81:FE:90:59:F6:82:0B:C1:8A:D5:80:2F:2F:1F:CA:77:D2:54:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/mDOAiYPn4DBt3mk1yAdAG5o6VQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:48:c7:96:35:87:4b:03:84:c5:2f:3b:75:6d:e4:ad:1c:f1:
         6d:2c:31:56:64:fd:43:af:9b:65:be:f6:37:af:c4:70:8e:49:
         f5:d9:90:38:8d:74:97:9d:23:37:c4:13:01:2e:06:dd:ec:5b:
         76:a6:02:2a:64:20:75:d0:e1:26:a5:8e:53:cf:8c:e1:68:40:
         e2:8a:ca:8a:a3:34:ef:66:c9:aa:aa:6a:f0:e7:c0:c8:7a:c9:
         a3:90:37:29:1c:da:4d:b4:3e:9b:25:ae:3d:8a:b4:1a:67:d2:
         bf:04:6e:2a:5f:39:d0:ad:f3:21:25:94:81:d8:75:aa:8c:62:
         03:40:2a:f3:36:08:48:21:61:63:a2:a4:b7:4f:68:69:40:db:
         7f:58:0c:a9:c3:76:a1:e5:9f:1c:3d:e8:c1:f0:5f:6c:f1:c8:
         c7:7b:c9:35:e8:44:a1:51:e1:12:8e:80:b7:b0:45:b8:66:05:
         9f:5b:74:e2:e1:e4:e9:4d:c8:8e:44:20:84:12:94:82:c5:a0:
         3f:8b:d2:ba:8a:67:29:ff:e7:a3:65:d8:9c:8d:71:75:b1:fa:
         11:87:01:91:62:ef:e5:a5:19:fd:f6:43:b7:72:76:a5:6d:10:
         ad:eb:16:b7:ec:e8:29:5b:da:4e:0d:d3:14:b5:17:19:8d:a9:
         8a:b6:8f:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTUxvoFYrn2VI+RWZSoKsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhODFmZTkwNTlmNjgyMGJjMThhZDU4MDJmMmYxZmNhNzdk
MjU0YjcwHhcNMjQwMTAyMDgzMjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODMzODA4OTgzZTdlMDMwNmRkZTY5MzVjODA3NDAxYjlhM2E1NTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhOJyQUSZHwEEVzYc0AjrNU2BHSU
qRB/fg2z5DkXmV1uWtqnl68EQaocdtcfXq8vtMb0XFdEUaCpJfC2GiGIv/YrkEYs
VO3ykzcuc2XwZrrpN4+YRScXQjmbEunLAt8qkhPh+wbSWFqHJVyNNq4ZdAlQiS4u
kTTiXxuldy6ulAYAMWgTdmOqDVTrtPGk9AR9G8TvUUhX8ENoTBDZUq/XGkxJ/6QU
tQu5BqjyKSRohr+Hni/dp4r3MoaOm0MXNEqpwUSh1cw3IMqRvS0/7wfVs1amPg2Q
N8B3W7Tg6htBwtr3EcoiY8ydJ5xUUKSGrHvgoiJJfgdneVpUZYK4+nwpiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJgzgImD5+Awbd5pNcgHQBuaOlUBMB8GA1UdIwQY
MBaAFAqB/pBZ9oILwYrVgC8vH8p30lS3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ29ILWtGbjJnZ3ZCaXRXQUx5OGZ5bmZTVkxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC80OTg0ZGYtNmRiMi00ZTBhLTkxZjgt
YmYwNWFjYzgyYmQxLzEvbURPQWlZUG40REJ0M21rMXlBZEFHNW82VlFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC80OTg0ZGYtNmRiMi00ZTBhLTkxZjgtYmYwNWFjYzgyYmQx
LzEvQ29ILWtGbjJnZ3ZCaXRXQUx5OGZ5bmZTVkxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+yBMA0G
CSqGSIb3DQEBCwUAA4IBAQCeSMeWNYdLA4TFLzt1beStHPFtLDFWZP1Dr5tlvvY3
r8Rwjkn12ZA4jXSXnSM3xBMBLgbd7Ft2pgIqZCB10OEmpY5Tz4zhaEDiisqKozTv
Zsmqqmrw58DIesmjkDcpHNpNtD6bJa49irQaZ9K/BG4qXznQrfMhJZSB2HWqjGID
QCrzNghIIWFjoqS3T2hpQNt/WAypw3ah5Z8cPejB8F9s8cjHe8k16EShUeESjoC3
sEW4ZgWfW3Ti4eTpTciORCCEEpSCxaA/i9K6imcp/+ejZdicjXF1sfoRhwGRYu/l
pRn99kO3cnalbRCt6xa37OgpW9pODdMUtRcZjamKto/8
-----END CERTIFICATE-----