Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/b1592d-3a23-4f40-81c8-1600b742b5dd/1/F-hLjIEAQHj7agM_cf8AWi49kAc.roa
File:                     F-hLjIEAQHj7agM_cf8AWi49kAc.roa (raw, json)
Hash identifier:          Sixjs6/2o9sJkvTNFPQPhMcvjfupGzGcco5OZRGZG2I=
Subject key identifier:   17:E8:4B:8C:81:00:40:78:FB:6A:03:3F:71:FF:00:5A:2E:3D:90:07
Certificate issuer:       /CN=a0e0c59044c87e3e2dfa13cbf99023aee012efa0
Certificate serial:       018CC3B697D337D29347BCC4C83E6A3D06EF
Authority key identifier: A0:E0:C5:90:44:C8:7E:3E:2D:FA:13:CB:F9:90:23:AE:E0:12:EF:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oODFkETIfj4t-hPL-ZAjruAS76A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/b1592d-3a23-4f40-81c8-1600b742b5dd/1/F-hLjIEAQHj7agM_cf8AWi49kAc.roa
Signing time:             Mon 01 Jan 2024 06:29:32 +0000
ROA not before:           Mon 01 Jan 2024 06:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57480
IP address blocks:        91.232.4.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/b1592d-3a23-4f40-81c8-1600b742b5dd/1/oODFkETIfj4t-hPL-ZAjruAS76A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/b1592d-3a23-4f40-81c8-1600b742b5dd/1/oODFkETIfj4t-hPL-ZAjruAS76A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oODFkETIfj4t-hPL-ZAjruAS76A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:97:d3:37:d2:93:47:bc:c4:c8:3e:6a:3d:06:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0e0c59044c87e3e2dfa13cbf99023aee012efa0
        Validity
            Not Before: Jan  1 06:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17e84b8c81004078fb6a033f71ff005a2e3d9007
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:6f:5c:22:ac:58:c5:06:b9:7e:52:09:e1:20:
                    95:54:f5:4c:9d:c3:f7:23:86:0e:85:b0:fc:4e:38:
                    50:13:2d:9e:58:7f:43:dd:58:d6:b3:a9:f1:15:22:
                    d0:45:f2:b2:9e:70:b7:a6:68:c6:58:6c:3e:d4:e7:
                    ba:e5:1a:96:0d:df:5d:ca:eb:a8:3f:7d:95:a5:d8:
                    14:41:94:f7:7b:90:d9:f0:37:81:dc:b6:e0:d9:f9:
                    9f:86:f7:8e:a2:05:98:74:d0:bd:dd:b7:57:e8:ee:
                    00:ab:fc:9e:82:ef:e2:30:83:7b:e0:1e:63:10:b5:
                    6d:75:36:f8:b6:0c:d4:4b:ef:63:f7:42:72:03:ad:
                    d4:f0:a6:f3:e2:8c:2d:4b:44:24:32:b8:7a:e3:2f:
                    e8:4c:e1:59:14:0d:3c:5b:04:26:73:51:af:94:5a:
                    94:49:d7:f5:14:9e:d8:e3:8f:b5:8c:47:c4:9e:f1:
                    f4:e1:14:ca:1c:b9:41:22:33:5f:04:0b:76:9f:b9:
                    ae:06:06:76:9b:f1:4f:2d:14:10:2a:76:67:49:88:
                    26:92:3b:86:d1:2f:ac:12:9a:bc:08:d3:0d:91:25:
                    12:1a:7c:e1:12:c9:56:a1:5a:7e:38:f4:86:5c:69:
                    10:0f:38:82:8a:cd:68:87:2b:86:e6:b4:3f:b7:14:
                    f4:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:E8:4B:8C:81:00:40:78:FB:6A:03:3F:71:FF:00:5A:2E:3D:90:07
            X509v3 Authority Key Identifier:
                keyid:A0:E0:C5:90:44:C8:7E:3E:2D:FA:13:CB:F9:90:23:AE:E0:12:EF:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oODFkETIfj4t-hPL-ZAjruAS76A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/b1592d-3a23-4f40-81c8-1600b742b5dd/1/F-hLjIEAQHj7agM_cf8AWi49kAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/b1592d-3a23-4f40-81c8-1600b742b5dd/1/oODFkETIfj4t-hPL-ZAjruAS76A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:37:fb:f3:fe:f3:c2:b3:df:98:f3:be:d8:d7:df:a1:1d:c3:
         2f:cc:1e:23:51:c5:eb:47:b9:ef:85:fe:17:d4:bb:55:ca:94:
         d7:36:89:86:1a:d7:a0:79:0a:61:ea:d6:c0:82:b0:71:d5:2a:
         b7:a1:62:8a:f6:77:14:ae:ac:4c:48:50:5d:0e:d0:e6:2a:16:
         84:61:03:af:14:75:2d:ca:ed:0f:72:de:4c:21:a3:92:7f:7a:
         f3:57:58:bd:06:02:95:de:cd:a3:81:15:09:ff:29:fa:f1:67:
         d1:ec:bd:93:84:31:61:76:03:df:aa:44:82:33:12:05:eb:fc:
         f3:41:60:71:d5:cc:47:39:09:c5:e2:10:ec:a7:25:d8:c2:a3:
         33:c2:71:63:f4:a8:2d:63:f3:95:64:a7:15:d8:77:d8:fe:af:
         23:cb:b6:e4:2e:94:2d:ce:dc:93:44:90:19:85:3e:70:89:8c:
         bb:ae:c3:5f:db:a7:38:d9:c0:79:57:30:66:78:26:f0:42:fe:
         e6:a3:ed:c7:ae:b4:3b:a0:3f:09:74:e0:0a:29:56:21:5a:be:
         f7:ae:40:0e:db:45:dc:7f:f8:74:b7:ed:f5:3e:b2:0d:d1:70:
         a5:5d:f2:0b:80:83:0f:01:a7:a3:6a:29:04:48:90:f2:30:4d:
         08:a5:e5:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtpfTN9KTR7zEyD5qPQbvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZTBjNTkwNDRjODdlM2UyZGZhMTNjYmY5OTAyM2FlZTAx
MmVmYTAwHhcNMjQwMTAxMDYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2U4NGI4YzgxMDA0MDc4ZmI2YTAzM2Y3MWZmMDA1YTJlM2Q5MDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlG9cIqxYxQa5flIJ4SCVVPVMncP3
I4YOhbD8TjhQEy2eWH9D3VjWs6nxFSLQRfKynnC3pmjGWGw+1Oe65RqWDd9dyuuo
P32VpdgUQZT3e5DZ8DeB3Lbg2fmfhveOogWYdNC93bdX6O4Aq/yegu/iMIN74B5j
ELVtdTb4tgzUS+9j90JyA63U8Kbz4owtS0QkMrh64y/oTOFZFA08WwQmc1GvlFqU
Sdf1FJ7Y44+1jEfEnvH04RTKHLlBIjNfBAt2n7muBgZ2m/FPLRQQKnZnSYgmkjuG
0S+sEpq8CNMNkSUSGnzhEslWoVp+OPSGXGkQDziCis1ohyuG5rQ/txT0yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBfoS4yBAEB4+2oDP3H/AFouPZAHMB8GA1UdIwQY
MBaAFKDgxZBEyH4+LfoTy/mQI67gEu+gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb09ERmtFVElmajR0LWhQTC1aQWpydUFTNzZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9iMTU5MmQtM2EyMy00ZjQwLTgxYzgt
MTYwMGI3NDJiNWRkLzEvRi1oTGpJRUFRSGo3YWdNX2NmOEFXaTQ5a0FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9iMTU5MmQtM2EyMy00ZjQwLTgxYzgtMTYwMGI3NDJiNWRk
LzEvb09ERmtFVElmajR0LWhQTC1aQWpydUFTNzZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+gEMA0G
CSqGSIb3DQEBCwUAA4IBAQCeN/vz/vPCs9+Y877Y19+hHcMvzB4jUcXrR7nvhf4X
1LtVypTXNomGGtegeQph6tbAgrBx1Sq3oWKK9ncUrqxMSFBdDtDmKhaEYQOvFHUt
yu0Pct5MIaOSf3rzV1i9BgKV3s2jgRUJ/yn68WfR7L2ThDFhdgPfqkSCMxIF6/zz
QWBx1cxHOQnF4hDspyXYwqMzwnFj9KgtY/OVZKcV2HfY/q8jy7bkLpQtztyTRJAZ
hT5wiYy7rsNf26c42cB5VzBmeCbwQv7mo+3HrrQ7oD8JdOAKKVYhWr73rkAO20Xc
f/h0t+31PrIN0XClXfILgIMPAaejaikESJDyME0IpeUO
-----END CERTIFICATE-----