Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/d4497a-11f2-49ac-aef9-43e67d5d0a85/1/7PuPN6dCMUZ92oaox9fEXcUhiBg.roa
File:                     7PuPN6dCMUZ92oaox9fEXcUhiBg.roa (raw, json)
Hash identifier:          LS1soZ6/Ez9Mfu1sTBarib5FH+D9saGUExq7n+4Qi8c=
Subject key identifier:   EC:FB:8F:37:A7:42:31:46:7D:DA:86:A8:C7:D7:C4:5D:C5:21:88:18
Certificate issuer:       /CN=1a93849bff337df8b8b0bd1ae252ee6119d8a61f
Certificate serial:       018CC9BC44267F46A7A14F6143BB46344BC5
Authority key identifier: 1A:93:84:9B:FF:33:7D:F8:B8:B0:BD:1A:E2:52:EE:61:19:D8:A6:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GpOEm_8zffi4sL0a4lLuYRnYph8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/d4497a-11f2-49ac-aef9-43e67d5d0a85/1/7PuPN6dCMUZ92oaox9fEXcUhiBg.roa
Signing time:             Tue 02 Jan 2024 10:33:27 +0000
ROA not before:           Tue 02 Jan 2024 10:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8315
IP address blocks:        91.200.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/d4497a-11f2-49ac-aef9-43e67d5d0a85/1/GpOEm_8zffi4sL0a4lLuYRnYph8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/d4497a-11f2-49ac-aef9-43e67d5d0a85/1/GpOEm_8zffi4sL0a4lLuYRnYph8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GpOEm_8zffi4sL0a4lLuYRnYph8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:44:26:7f:46:a7:a1:4f:61:43:bb:46:34:4b:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a93849bff337df8b8b0bd1ae252ee6119d8a61f
        Validity
            Not Before: Jan  2 10:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ecfb8f37a74231467dda86a8c7d7c45dc5218818
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ed:ae:08:18:7e:7d:c4:21:97:34:26:0e:f8:
                    3b:af:ba:e6:f9:f1:ea:2c:8b:78:61:20:52:79:ba:
                    ba:f2:97:67:4e:d2:44:86:72:9e:f2:26:81:50:98:
                    2d:a3:b3:7a:27:27:2a:c8:c4:2c:b5:eb:cd:71:cb:
                    3f:09:34:61:da:ca:09:a0:66:97:ae:51:e4:a1:bc:
                    55:17:36:b1:77:dd:d4:86:0f:77:c3:09:e5:04:22:
                    27:40:46:3f:96:db:b4:40:6c:81:f3:86:ef:f2:5e:
                    dd:cd:22:61:e0:11:e3:83:9c:9b:c5:5e:ac:c2:c3:
                    7f:bf:f5:15:6c:7b:e7:c4:c3:d2:45:68:57:71:f6:
                    76:95:bc:d2:45:ee:d3:b5:70:c7:e8:42:03:c9:bb:
                    f0:95:16:5c:44:18:62:14:89:17:57:a9:88:2e:92:
                    19:ad:04:ca:80:48:8b:e6:74:10:92:ae:ad:72:58:
                    88:14:af:84:b1:2b:35:cc:fe:e5:49:ab:a9:13:c9:
                    8a:5a:1a:13:a7:c6:df:64:f5:66:41:cd:fa:95:e6:
                    fc:6c:07:2a:b7:17:64:54:49:ca:88:c1:8c:15:f5:
                    30:18:ec:e4:72:c4:94:5d:8c:34:a0:d6:5e:39:8d:
                    32:f8:3a:ca:be:bb:85:f4:da:7a:9c:7d:09:93:f9:
                    aa:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:FB:8F:37:A7:42:31:46:7D:DA:86:A8:C7:D7:C4:5D:C5:21:88:18
            X509v3 Authority Key Identifier:
                keyid:1A:93:84:9B:FF:33:7D:F8:B8:B0:BD:1A:E2:52:EE:61:19:D8:A6:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GpOEm_8zffi4sL0a4lLuYRnYph8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/d4497a-11f2-49ac-aef9-43e67d5d0a85/1/7PuPN6dCMUZ92oaox9fEXcUhiBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/d4497a-11f2-49ac-aef9-43e67d5d0a85/1/GpOEm_8zffi4sL0a4lLuYRnYph8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:a7:c2:82:ee:62:6a:ca:06:94:24:24:8e:97:27:c0:c1:6a:
         bb:e4:6d:ec:46:7e:d0:53:ce:71:7e:00:dc:7d:14:4b:59:83:
         6a:37:fb:b0:d5:26:a1:1d:4b:07:66:d8:00:ab:fd:ad:5f:b2:
         ee:31:11:d2:43:46:c4:40:9a:2a:7d:08:42:29:23:98:4f:f1:
         2d:4f:bd:42:11:0c:3f:6c:10:f7:ad:c5:38:43:5c:be:bf:e4:
         28:c6:b8:73:6b:bf:91:85:5e:82:b0:8e:f0:db:e2:64:18:8e:
         61:59:13:5d:73:06:4b:6c:22:5c:42:3c:93:0e:da:8c:22:2d:
         c3:e6:93:73:73:e4:20:76:15:3b:e3:64:ed:79:db:f9:12:5c:
         0b:57:86:88:63:a3:4f:03:54:e8:f2:63:d4:f8:63:ea:9d:c5:
         eb:fe:57:6f:cd:a5:41:ab:8c:47:a5:43:a0:18:d2:0f:1b:dd:
         92:97:9d:67:cb:d9:15:5e:92:db:e1:56:50:d5:d0:39:59:00:
         dc:bc:fe:d5:b9:f7:6d:d0:05:34:33:e3:41:4f:25:2c:41:bd:
         59:0b:dd:98:64:43:91:f9:ee:ad:28:9e:11:3c:96:02:9b:e4:
         ef:39:66:8b:9c:d7:4e:f1:2b:63:3f:7f:cb:44:0a:17:92:5e:
         30:15:46:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvEQmf0anoU9hQ7tGNEvFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhOTM4NDliZmYzMzdkZjhiOGIwYmQxYWUyNTJlZTYxMTlk
OGE2MWYwHhcNMjQwMTAyMTAzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2ZiOGYzN2E3NDIzMTQ2N2RkYTg2YThjN2Q3YzQ1ZGM1MjE4ODE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAme2uCBh+fcQhlzQmDvg7r7rm+fHq
LIt4YSBSebq68pdnTtJEhnKe8iaBUJgto7N6JycqyMQstevNccs/CTRh2soJoGaX
rlHkobxVFzaxd93Uhg93wwnlBCInQEY/ltu0QGyB84bv8l7dzSJh4BHjg5ybxV6s
wsN/v/UVbHvnxMPSRWhXcfZ2lbzSRe7TtXDH6EIDybvwlRZcRBhiFIkXV6mILpIZ
rQTKgEiL5nQQkq6tcliIFK+EsSs1zP7lSaupE8mKWhoTp8bfZPVmQc36leb8bAcq
txdkVEnKiMGMFfUwGOzkcsSUXYw0oNZeOY0y+DrKvruF9Np6nH0Jk/mq2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOz7jzenQjFGfdqGqMfXxF3FIYgYMB8GA1UdIwQY
MBaAFBqThJv/M334uLC9GuJS7mEZ2KYfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3BPRW1fOHpmZmk0c0wwYTRsTHVZUm5ZcGg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9kNDQ5N2EtMTFmMi00OWFjLWFlZjkt
NDNlNjdkNWQwYTg1LzEvN1B1UE42ZENNVVo5Mm9hb3g5ZkVYY1VoaUJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9kNDQ5N2EtMTFmMi00OWFjLWFlZjktNDNlNjdkNWQwYTg1
LzEvR3BPRW1fOHpmZmk0c0wwYTRsTHVZUm5ZcGg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8gyMA0G
CSqGSIb3DQEBCwUAA4IBAQAmp8KC7mJqygaUJCSOlyfAwWq75G3sRn7QU85xfgDc
fRRLWYNqN/uw1SahHUsHZtgAq/2tX7LuMRHSQ0bEQJoqfQhCKSOYT/EtT71CEQw/
bBD3rcU4Q1y+v+Qoxrhza7+RhV6CsI7w2+JkGI5hWRNdcwZLbCJcQjyTDtqMIi3D
5pNzc+QgdhU742Ttedv5ElwLV4aIY6NPA1To8mPU+GPqncXr/ldvzaVBq4xHpUOg
GNIPG92Sl51ny9kVXpLb4VZQ1dA5WQDcvP7Vufdt0AU0M+NBTyUsQb1ZC92YZEOR
+e6tKJ4RPJYCm+TvOWaLnNdO8StjP3/LRAoXkl4wFUZB
-----END CERTIFICATE-----