Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/41b40c-f3b6-40b8-840c-19a3c5649b57/1/AvX0VH2eKLcaFb8br_UqZavPGyQ.roa
File:                     AvX0VH2eKLcaFb8br_UqZavPGyQ.roa (raw, json)
Hash identifier:          PbQRRKnXo9gFfubt1ZmPsfg7jFepZHmJTJ2DTV8PnZs=
Subject key identifier:   02:F5:F4:54:7D:9E:28:B7:1A:15:BF:1B:AF:F5:2A:65:AB:CF:1B:24
Certificate issuer:       /CN=a9ec57bc8464fec2e9a1b098ffce34c21aaf9ca6
Certificate serial:       018CC726FABC5B3EBB99E040D3BA8CC33F26
Authority key identifier: A9:EC:57:BC:84:64:FE:C2:E9:A1:B0:98:FF:CE:34:C2:1A:AF:9C:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qexXvIRk_sLpobCY_840whqvnKY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/41b40c-f3b6-40b8-840c-19a3c5649b57/1/AvX0VH2eKLcaFb8br_UqZavPGyQ.roa
Signing time:             Mon 01 Jan 2024 22:31:09 +0000
ROA not before:           Mon 01 Jan 2024 22:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210850
IP address blocks:        213.108.134.0/24 maxlen: 32
                          91.223.53.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/41b40c-f3b6-40b8-840c-19a3c5649b57/1/qexXvIRk_sLpobCY_840whqvnKY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/41b40c-f3b6-40b8-840c-19a3c5649b57/1/qexXvIRk_sLpobCY_840whqvnKY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qexXvIRk_sLpobCY_840whqvnKY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:fa:bc:5b:3e:bb:99:e0:40:d3:ba:8c:c3:3f:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9ec57bc8464fec2e9a1b098ffce34c21aaf9ca6
        Validity
            Not Before: Jan  1 22:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02f5f4547d9e28b71a15bf1baff52a65abcf1b24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:51:fe:a8:e8:f2:22:8b:47:37:0d:74:c6:09:
                    75:21:61:3e:49:2a:69:06:28:7a:8f:e4:fc:23:e6:
                    38:88:40:d3:aa:60:9d:04:36:78:49:49:5c:a1:9f:
                    5f:38:2a:2b:50:a3:07:51:d0:fb:cb:4e:7c:2e:fd:
                    3b:f1:87:2c:2e:d8:f2:3d:fb:8d:9e:d4:39:a8:28:
                    f3:72:4a:b6:a3:0e:4d:4a:02:c1:40:9a:47:02:0f:
                    88:90:cc:62:24:1e:79:3c:57:21:cf:fc:71:35:3f:
                    43:b8:27:95:9f:27:1f:28:d9:3b:f4:a5:59:3f:67:
                    c0:2f:9f:4c:6d:ce:9d:c6:4b:b4:c8:de:a2:80:bc:
                    f1:16:35:c2:bc:2d:fd:59:02:1f:d8:cd:09:b6:b2:
                    12:19:f0:9d:b0:54:24:ce:93:ce:5b:c7:1c:52:00:
                    05:8e:10:39:0d:6a:3b:bb:9a:3a:a4:69:27:c9:4a:
                    ee:2b:a9:b3:d5:47:07:7f:a6:1b:50:9a:e3:9d:44:
                    72:fe:80:59:58:0a:8c:27:ec:36:ae:69:20:14:a4:
                    b3:71:5c:db:e2:7b:7d:6e:9f:36:38:35:26:8b:a7:
                    ab:1e:cc:a9:46:d3:d5:ea:ab:b2:d9:f8:4c:fe:70:
                    0a:52:25:5a:41:f4:94:c6:8d:4d:0c:73:75:b6:24:
                    8a:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:F5:F4:54:7D:9E:28:B7:1A:15:BF:1B:AF:F5:2A:65:AB:CF:1B:24
            X509v3 Authority Key Identifier:
                keyid:A9:EC:57:BC:84:64:FE:C2:E9:A1:B0:98:FF:CE:34:C2:1A:AF:9C:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qexXvIRk_sLpobCY_840whqvnKY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/41b40c-f3b6-40b8-840c-19a3c5649b57/1/AvX0VH2eKLcaFb8br_UqZavPGyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/41b40c-f3b6-40b8-840c-19a3c5649b57/1/qexXvIRk_sLpobCY_840whqvnKY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.53.0/24
                  213.108.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:02:9a:39:43:46:de:22:e1:b8:93:c1:e6:15:98:8f:ad:a3:
         63:22:fc:1d:76:c5:30:ef:f0:76:1f:44:08:99:17:89:a1:17:
         91:5a:4f:32:d2:9b:46:96:2d:f2:c1:34:f3:11:e3:43:05:ca:
         56:7d:d4:b3:e7:c0:c6:fb:96:7b:db:b1:a4:56:fb:6c:78:60:
         41:49:94:e9:c7:ad:e8:4e:13:59:5d:68:10:cf:8d:94:5f:e1:
         8d:95:b4:86:4d:3c:41:2b:b6:2a:6a:16:33:2b:04:e2:fa:fc:
         8e:82:eb:ba:7a:ca:c3:b7:c1:af:95:db:19:72:37:f5:aa:a8:
         3f:c1:ff:49:c8:7c:9b:09:3c:06:3c:9e:b9:55:0d:23:07:02:
         4f:01:74:2e:b5:6c:14:1d:23:88:90:86:36:3b:37:c6:6d:32:
         bb:7b:61:3a:0b:00:95:42:07:ab:7e:9e:9b:b6:1f:29:5c:41:
         64:d0:07:46:df:4d:94:2c:99:15:57:53:ac:9b:4c:64:67:a9:
         5d:9e:31:80:18:a5:34:dc:9a:fb:89:19:8c:72:82:68:59:4c:
         fe:4e:29:d8:e0:8c:30:46:da:3f:23:3c:92:77:e9:4b:b6:3e:
         43:1c:c6:ca:1b:40:3a:12:b0:76:0c:04:67:9c:92:48:a5:07:
         dc:1d:6b:fb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJvq8Wz67meBA07qMwz8mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ZWM1N2JjODQ2NGZlYzJlOWExYjA5OGZmY2UzNGMyMWFh
ZjljYTYwHhcNMjQwMTAxMjIzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmY1ZjQ1NDdkOWUyOGI3MWExNWJmMWJhZmY1MmE2NWFiY2YxYjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1H+qOjyIotHNw10xgl1IWE+SSpp
Bih6j+T8I+Y4iEDTqmCdBDZ4SUlcoZ9fOCorUKMHUdD7y058Lv078YcsLtjyPfuN
ntQ5qCjzckq2ow5NSgLBQJpHAg+IkMxiJB55PFchz/xxNT9DuCeVnycfKNk79KVZ
P2fAL59Mbc6dxku0yN6igLzxFjXCvC39WQIf2M0JtrISGfCdsFQkzpPOW8ccUgAF
jhA5DWo7u5o6pGknyUruK6mz1UcHf6YbUJrjnURy/oBZWAqMJ+w2rmkgFKSzcVzb
4nt9bp82ODUmi6erHsypRtPV6quy2fhM/nAKUiVaQfSUxo1NDHN1tiSKvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAL19FR9nii3GhW/G6/1KmWrzxskMB8GA1UdIwQY
MBaAFKnsV7yEZP7C6aGwmP/ONMIar5ymMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWV4WHZJUmtfc0xwb2JDWV84NDB3aHF2bktZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy80MWI0MGMtZjNiNi00MGI4LTg0MGMt
MTlhM2M1NjQ5YjU3LzEvQXZYMFZIMmVLTGNhRmI4YnJfVXFaYXZQR3lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy80MWI0MGMtZjNiNi00MGI4LTg0MGMtMTlhM2M1NjQ5YjU3
LzEvcWV4WHZJUmtfc0xwb2JDWV84NDB3aHF2bktZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW981AwQA
1WyGMA0GCSqGSIb3DQEBCwUAA4IBAQCMApo5Q0beIuG4k8HmFZiPraNjIvwddsUw
7/B2H0QImReJoReRWk8y0ptGli3ywTTzEeNDBcpWfdSz58DG+5Z727GkVvtseGBB
SZTpx63oThNZXWgQz42UX+GNlbSGTTxBK7YqahYzKwTi+vyOguu6esrDt8GvldsZ
cjf1qqg/wf9JyHybCTwGPJ65VQ0jBwJPAXQutWwUHSOIkIY2OzfGbTK7e2E6CwCV
Qgerfp6bth8pXEFk0AdG302ULJkVV1Osm0xkZ6ldnjGAGKU03Jr7iRmMcoJoWUz+
TinY4IwwRto/IzySd+lLtj5DHMbKG0A6ErB2DARnnJJIpQfcHWv7
-----END CERTIFICATE-----