Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/V-Oh9-iBy5SPjZ5yHk5zXD1T98s.roa
File:                     V-Oh9-iBy5SPjZ5yHk5zXD1T98s.roa (raw, json)
Hash identifier:          4wqzVTsR1NlJjYmMe/uoOExAU6umOUIyuNom8VGcmAE=
Subject key identifier:   57:E3:A1:F7:E8:81:CB:94:8F:8D:9E:72:1E:4E:73:5C:3D:53:F7:CB
Certificate issuer:       /CN=e316318247d211841f9620a9a1130010ddb486f2
Certificate serial:       018CC87144277A4DB8CD3CE9E33603C882C4
Authority key identifier: E3:16:31:82:47:D2:11:84:1F:96:20:A9:A1:13:00:10:DD:B4:86:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4xYxgkfSEYQfliCpoRMAEN20hvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/V-Oh9-iBy5SPjZ5yHk5zXD1T98s.roa
Signing time:             Tue 02 Jan 2024 04:31:55 +0000
ROA not before:           Tue 02 Jan 2024 04:31:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212815
IP address blocks:        91.232.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/4xYxgkfSEYQfliCpoRMAEN20hvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/4xYxgkfSEYQfliCpoRMAEN20hvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4xYxgkfSEYQfliCpoRMAEN20hvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:44:27:7a:4d:b8:cd:3c:e9:e3:36:03:c8:82:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e316318247d211841f9620a9a1130010ddb486f2
        Validity
            Not Before: Jan  2 04:31:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57e3a1f7e881cb948f8d9e721e4e735c3d53f7cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e6:ed:56:1d:d9:44:91:cd:70:3f:6c:58:30:
                    9d:a8:7f:e2:8b:df:2a:46:bc:2b:8c:e9:93:fe:ae:
                    05:72:35:f2:32:9e:78:d6:1e:40:93:1b:b0:24:40:
                    f6:86:a7:57:be:e1:95:b7:04:c4:88:c6:ac:c8:e5:
                    0c:58:25:5d:6a:1b:64:12:51:5d:86:ef:35:9f:de:
                    50:29:14:ca:c6:22:ea:98:e6:1a:04:55:7e:ae:97:
                    2b:eb:c6:d6:cc:e9:01:51:26:f3:34:15:ed:1f:10:
                    ff:5c:4c:12:31:e2:08:2d:b7:04:f8:b1:18:81:3b:
                    6c:82:82:5f:47:3a:9c:a4:7a:59:3d:65:d5:c9:52:
                    6f:92:2b:46:8c:67:2e:2a:78:da:7e:70:20:f3:3f:
                    4b:a6:96:d2:12:03:ad:6b:ec:7b:c0:24:55:15:b8:
                    41:70:3f:85:94:08:24:ca:22:1b:15:d9:58:fb:c8:
                    d4:95:fc:58:d1:8c:72:07:da:cf:c1:1c:f8:3c:dc:
                    ae:f1:d9:ed:fa:35:9e:09:93:04:0e:7b:03:a9:2f:
                    8a:2d:2d:59:d8:22:b0:af:ca:7f:a2:a0:13:fd:1c:
                    fd:b0:bc:89:a2:b2:b7:b9:4e:36:d7:88:c6:89:3b:
                    0b:ae:8e:ec:60:62:29:10:cc:af:45:21:db:86:1f:
                    d0:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:E3:A1:F7:E8:81:CB:94:8F:8D:9E:72:1E:4E:73:5C:3D:53:F7:CB
            X509v3 Authority Key Identifier:
                keyid:E3:16:31:82:47:D2:11:84:1F:96:20:A9:A1:13:00:10:DD:B4:86:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4xYxgkfSEYQfliCpoRMAEN20hvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/V-Oh9-iBy5SPjZ5yHk5zXD1T98s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/4xYxgkfSEYQfliCpoRMAEN20hvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:db:c5:83:26:04:ce:dd:c5:ae:60:b7:a7:1a:2f:91:ae:1d:
         98:60:60:a6:f5:cd:61:f6:9f:19:73:69:c3:1a:cb:13:e8:f8:
         62:6f:5c:b8:4b:ab:da:57:60:1a:64:9e:81:7a:b9:39:5f:02:
         dd:35:48:f8:a4:00:81:ad:cc:47:ba:32:fb:e6:20:fe:c5:a6:
         bb:20:89:28:86:d0:25:5b:6e:df:54:82:e0:f8:b7:65:28:86:
         28:a8:ab:03:3a:1d:98:d0:26:cf:f9:4e:1e:3d:f0:ff:60:aa:
         ee:a1:47:79:0d:f2:b0:08:b7:c1:88:69:36:7a:6d:03:02:b9:
         55:dd:47:30:cf:b3:b3:5f:2f:1e:52:5d:72:c6:7a:f2:e8:49:
         57:40:ff:1b:ff:5a:eb:cd:6f:c6:9b:3c:e4:55:f3:b6:4d:70:
         d2:35:36:b5:a5:d8:38:f5:8f:e5:a8:04:05:a4:38:17:b5:10:
         71:8e:50:2d:67:1f:0f:6a:7f:6d:d5:f8:d2:f7:7a:12:96:6f:
         42:23:3c:80:9d:95:5e:a9:b6:9d:10:ff:1a:63:c2:e2:c0:8e:
         91:64:b5:c0:2a:22:42:d6:91:41:1a:6b:eb:2c:50:b4:cb:84:
         d1:dc:cd:71:c1:cf:77:76:17:99:1c:9d:72:c8:f3:b2:3a:27:
         5c:50:b5:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcUQnek24zTzp4zYDyILEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMTYzMTgyNDdkMjExODQxZjk2MjBhOWExMTMwMDEwZGRi
NDg2ZjIwHhcNMjQwMTAyMDQzMTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2UzYTFmN2U4ODFjYjk0OGY4ZDllNzIxZTRlNzM1YzNkNTNmN2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmebtVh3ZRJHNcD9sWDCdqH/ii98q
RrwrjOmT/q4FcjXyMp541h5AkxuwJED2hqdXvuGVtwTEiMasyOUMWCVdahtkElFd
hu81n95QKRTKxiLqmOYaBFV+rpcr68bWzOkBUSbzNBXtHxD/XEwSMeIILbcE+LEY
gTtsgoJfRzqcpHpZPWXVyVJvkitGjGcuKnjafnAg8z9LppbSEgOta+x7wCRVFbhB
cD+FlAgkyiIbFdlY+8jUlfxY0YxyB9rPwRz4PNyu8dnt+jWeCZMEDnsDqS+KLS1Z
2CKwr8p/oqAT/Rz9sLyJorK3uU4214jGiTsLro7sYGIpEMyvRSHbhh/QDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFfjoffogcuUj42ech5Oc1w9U/fLMB8GA1UdIwQY
MBaAFOMWMYJH0hGEH5YgqaETABDdtIbyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHhZeGdrZlNFWVFmbGlDcG9STUFFTjIwaHZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9lZTQyYmItMWU0OS00YzIxLWE0ZDYt
ZWMyODdlMWQzN2U1LzEvVi1PaDktaUJ5NVNQalo1eUhrNXpYRDFUOThzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9lZTQyYmItMWU0OS00YzIxLWE0ZDYtZWMyODdlMWQzN2U1
LzEvNHhZeGdrZlNFWVFmbGlDcG9STUFFTjIwaHZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+hjMA0G
CSqGSIb3DQEBCwUAA4IBAQA528WDJgTO3cWuYLenGi+Rrh2YYGCm9c1h9p8Zc2nD
GssT6Phib1y4S6vaV2AaZJ6Berk5XwLdNUj4pACBrcxHujL75iD+xaa7IIkohtAl
W27fVILg+LdlKIYoqKsDOh2Y0CbP+U4ePfD/YKruoUd5DfKwCLfBiGk2em0DArlV
3Ucwz7OzXy8eUl1yxnry6ElXQP8b/1rrzW/GmzzkVfO2TXDSNTa1pdg49Y/lqAQF
pDgXtRBxjlAtZx8Pan9t1fjS93oSlm9CIzyAnZVeqbadEP8aY8LiwI6RZLXAKiJC
1pFBGmvrLFC0y4TR3M1xwc93dheZHJ1yyPOyOidcULVr
-----END CERTIFICATE-----