Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/dd3f15-bbac-49d4-9435-399b7a3b20cf/1/wCnljZVm6ObMHpXp7IzD8ioTc_k.roa
File:                     wCnljZVm6ObMHpXp7IzD8ioTc_k.roa (raw, json)
Hash identifier:          Kgho8j1ime9o41D3pl2F4T8Y8+mgzpAMna7Q+M21J/U=
Subject key identifier:   C0:29:E5:8D:95:66:E8:E6:CC:1E:95:E9:EC:8C:C3:F2:2A:13:73:F9
Certificate issuer:       /CN=cc1e7c46b81ddab2744270c5bad986af86df4f60
Certificate serial:       018CC86F243FC508EF4BCB6E89BF223FC2C1
Authority key identifier: CC:1E:7C:46:B8:1D:DA:B2:74:42:70:C5:BA:D9:86:AF:86:DF:4F:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zB58Rrgd2rJ0QnDFutmGr4bfT2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/dd3f15-bbac-49d4-9435-399b7a3b20cf/1/wCnljZVm6ObMHpXp7IzD8ioTc_k.roa
Signing time:             Tue 02 Jan 2024 04:29:36 +0000
ROA not before:           Tue 02 Jan 2024 04:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        91.193.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/dd3f15-bbac-49d4-9435-399b7a3b20cf/1/zB58Rrgd2rJ0QnDFutmGr4bfT2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/dd3f15-bbac-49d4-9435-399b7a3b20cf/1/zB58Rrgd2rJ0QnDFutmGr4bfT2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zB58Rrgd2rJ0QnDFutmGr4bfT2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:04:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:24:3f:c5:08:ef:4b:cb:6e:89:bf:22:3f:c2:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc1e7c46b81ddab2744270c5bad986af86df4f60
        Validity
            Not Before: Jan  2 04:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c029e58d9566e8e6cc1e95e9ec8cc3f22a1373f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:8e:6f:62:e2:a8:bb:c6:51:8e:e3:2a:fa:8e:
                    43:c8:e3:63:0b:b4:c1:15:12:c1:53:10:3b:33:0b:
                    ea:3f:23:95:69:e5:49:3d:a7:da:12:ca:fa:4a:de:
                    fc:4d:e0:ea:e2:58:98:5b:f5:8c:84:25:32:f3:d8:
                    a0:41:97:7f:0d:c0:44:33:f4:0f:33:d0:06:ec:c9:
                    8b:cc:a5:fc:db:cf:92:6a:62:86:1e:fb:b3:e9:7a:
                    68:7f:5a:f2:fc:87:5b:73:f3:57:e2:53:2a:42:bd:
                    be:90:bb:97:3d:12:fd:74:56:d8:8d:76:19:02:b5:
                    57:a2:a1:58:9e:c6:35:17:6b:ef:63:e8:48:d8:f4:
                    1d:28:cf:3f:11:b7:ac:c0:f3:d9:06:47:2b:bc:7b:
                    5c:3c:50:9f:b8:80:af:26:58:ab:bd:2b:0d:78:24:
                    b0:8f:50:ca:e0:c6:53:15:44:f4:55:d2:25:0c:c7:
                    b2:a0:f4:80:fc:39:ac:68:f5:71:b7:39:d1:40:61:
                    d6:3e:a6:7e:e1:13:1e:ef:6d:4a:30:c0:33:f5:38:
                    5e:55:4c:1f:cf:4d:31:57:fa:64:cb:fb:6a:25:36:
                    ae:36:33:db:b3:03:01:54:fe:fe:57:30:1c:fc:71:
                    3e:ef:df:13:90:34:9a:8c:67:e3:1b:7b:12:93:b6:
                    d9:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:29:E5:8D:95:66:E8:E6:CC:1E:95:E9:EC:8C:C3:F2:2A:13:73:F9
            X509v3 Authority Key Identifier:
                keyid:CC:1E:7C:46:B8:1D:DA:B2:74:42:70:C5:BA:D9:86:AF:86:DF:4F:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zB58Rrgd2rJ0QnDFutmGr4bfT2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/dd3f15-bbac-49d4-9435-399b7a3b20cf/1/wCnljZVm6ObMHpXp7IzD8ioTc_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/dd3f15-bbac-49d4-9435-399b7a3b20cf/1/zB58Rrgd2rJ0QnDFutmGr4bfT2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:5b:0e:8c:c0:a8:ef:f1:40:2d:63:31:06:2f:c7:b7:74:c2:
         91:b4:9f:1c:f0:19:5f:09:2f:5b:00:14:b1:85:76:79:2c:f9:
         83:88:2f:19:77:34:3e:63:46:c8:98:2e:07:45:c8:74:a8:4d:
         fa:b6:4c:90:a3:c2:1e:e6:6f:d8:be:a4:73:c9:2c:31:14:b6:
         28:63:84:03:dc:a3:83:7a:80:1a:7e:c9:5a:ba:69:11:15:09:
         53:a6:e6:f5:bf:83:0e:0c:fd:90:82:3c:c4:05:6e:89:52:57:
         df:83:a8:a7:ea:13:71:1d:49:7d:8d:d9:f0:ec:04:da:54:82:
         e0:f4:fc:82:f6:93:28:31:2b:ed:1b:62:6f:3f:64:e5:93:8c:
         64:1a:6d:79:57:05:e0:0b:f8:54:35:2a:a0:8d:b0:26:88:9f:
         c6:b7:65:f8:0e:86:e6:bd:3b:4b:c4:d0:9f:1f:af:bc:e2:3d:
         59:47:f0:c3:a9:0d:de:13:6d:e4:92:d3:3a:be:27:8f:f5:1b:
         ed:79:81:53:e1:9f:45:1e:2f:01:fd:19:57:b1:3b:b2:50:33:
         43:7e:36:63:ba:40:e7:08:46:06:04:bc:f4:30:cb:7c:40:6a:
         75:e4:e2:7e:9b:08:bc:cc:2d:c3:77:0e:83:de:0f:1f:a7:68:
         15:97:4d:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbyQ/xQjvS8tuib8iP8LBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMWU3YzQ2YjgxZGRhYjI3NDQyNzBjNWJhZDk4NmFmODZk
ZjRmNjAwHhcNMjQwMTAyMDQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDI5ZTU4ZDk1NjZlOGU2Y2MxZTk1ZTllYzhjYzNmMjJhMTM3M2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlo5vYuKou8ZRjuMq+o5DyONjC7TB
FRLBUxA7MwvqPyOVaeVJPafaEsr6St78TeDq4liYW/WMhCUy89igQZd/DcBEM/QP
M9AG7MmLzKX828+SamKGHvuz6Xpof1ry/Idbc/NX4lMqQr2+kLuXPRL9dFbYjXYZ
ArVXoqFYnsY1F2vvY+hI2PQdKM8/EbeswPPZBkcrvHtcPFCfuICvJlirvSsNeCSw
j1DK4MZTFUT0VdIlDMeyoPSA/DmsaPVxtznRQGHWPqZ+4RMe721KMMAz9TheVUwf
z00xV/pky/tqJTauNjPbswMBVP7+VzAc/HE+798TkDSajGfjG3sSk7bZrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMAp5Y2VZujmzB6V6eyMw/IqE3P5MB8GA1UdIwQY
MBaAFMwefEa4HdqydEJwxbrZhq+G309gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekI1OFJyZ2QyckowUW5ERnV0bUdyNGJmVDJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9kZDNmMTUtYmJhYy00OWQ0LTk0MzUt
Mzk5YjdhM2IyMGNmLzEvd0NubGpaVm02T2JNSHBYcDdJekQ4aW9UY19rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9kZDNmMTUtYmJhYy00OWQ0LTk0MzUtMzk5YjdhM2IyMGNm
LzEvekI1OFJyZ2QyckowUW5ERnV0bUdyNGJmVDJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8EqMA0G
CSqGSIb3DQEBCwUAA4IBAQA/Ww6MwKjv8UAtYzEGL8e3dMKRtJ8c8BlfCS9bABSx
hXZ5LPmDiC8ZdzQ+Y0bImC4HRch0qE36tkyQo8Ie5m/YvqRzySwxFLYoY4QD3KOD
eoAafslaumkRFQlTpub1v4MODP2QgjzEBW6JUlffg6in6hNxHUl9jdnw7ATaVILg
9PyC9pMoMSvtG2JvP2Tlk4xkGm15VwXgC/hUNSqgjbAmiJ/Gt2X4DobmvTtLxNCf
H6+84j1ZR/DDqQ3eE23kktM6vieP9RvteYFT4Z9FHi8B/RlXsTuyUDNDfjZjukDn
CEYGBLz0MMt8QGp15OJ+mwi8zC3Ddw6D3g8fp2gVl03w
-----END CERTIFICATE-----