Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/a3bfe9-dc56-4c1f-97a7-6b31a7360f0f/1/dj9XU0MEYgwNilblywbn_13okts.roa
File:                     dj9XU0MEYgwNilblywbn_13okts.roa (raw, json)
Hash identifier:          iKCPeWpoeoguzcFc9iWFSgt8zkbVErLpat5x7wUVOwQ=
Subject key identifier:   76:3F:57:53:43:04:62:0C:0D:8A:56:E5:CB:06:E7:FF:5D:E8:92:DB
Certificate issuer:       /CN=1b3029634ea8ed54681ba84d14990b00b864ddb8
Certificate serial:       018CC801F7DA1E4C7B9F24566AFFD681E8C0
Authority key identifier: 1B:30:29:63:4E:A8:ED:54:68:1B:A8:4D:14:99:0B:00:B8:64:DD:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GzApY06o7VRoG6hNFJkLALhk3bg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/a3bfe9-dc56-4c1f-97a7-6b31a7360f0f/1/dj9XU0MEYgwNilblywbn_13okts.roa
Signing time:             Tue 02 Jan 2024 02:30:21 +0000
ROA not before:           Tue 02 Jan 2024 02:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51776
IP address blocks:        91.199.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/a3bfe9-dc56-4c1f-97a7-6b31a7360f0f/1/GzApY06o7VRoG6hNFJkLALhk3bg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/a3bfe9-dc56-4c1f-97a7-6b31a7360f0f/1/GzApY06o7VRoG6hNFJkLALhk3bg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GzApY06o7VRoG6hNFJkLALhk3bg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 04:02:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:f7:da:1e:4c:7b:9f:24:56:6a:ff:d6:81:e8:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b3029634ea8ed54681ba84d14990b00b864ddb8
        Validity
            Not Before: Jan  2 02:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=763f57534304620c0d8a56e5cb06e7ff5de892db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:86:a8:61:55:1a:55:32:c7:f1:54:41:a4:4d:
                    23:11:b5:2e:04:af:51:b8:c4:62:23:6d:a2:bd:0c:
                    13:a8:be:12:72:7c:d9:02:82:79:7e:76:68:21:37:
                    b2:3a:dc:f4:f2:2e:42:33:8c:3f:2e:aa:d2:08:39:
                    fd:b2:45:a3:7c:51:e8:86:40:0f:16:20:54:38:d0:
                    f9:f9:51:28:5f:f4:44:98:5c:18:fb:a3:f8:65:fc:
                    c6:66:b0:a4:d0:f9:38:f9:f6:5b:f6:91:b9:cf:7a:
                    33:3a:02:e7:d7:2c:42:ed:87:c4:b8:af:a0:fc:90:
                    3f:85:fa:9b:0d:15:c9:71:ec:a3:76:16:c7:f0:39:
                    e3:8c:fe:9b:36:06:ab:87:a9:43:7a:26:af:f5:56:
                    b8:82:25:1f:4a:f8:3d:78:66:33:07:ce:fa:74:00:
                    f3:26:02:08:59:88:6e:1a:fd:56:cb:8d:47:10:18:
                    96:21:8e:4a:f6:a7:32:1c:e8:bc:16:7f:c7:d7:5b:
                    14:83:ed:78:a9:d0:2a:4f:8e:ea:a4:d6:d7:c0:49:
                    68:67:eb:1d:12:eb:41:3c:7d:d3:f4:50:98:fc:32:
                    bb:49:08:74:cd:d4:62:64:7e:6e:25:53:41:f9:0a:
                    c2:2a:93:3e:55:9c:a0:7f:6c:08:a4:3e:46:7c:d2:
                    df:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:3F:57:53:43:04:62:0C:0D:8A:56:E5:CB:06:E7:FF:5D:E8:92:DB
            X509v3 Authority Key Identifier:
                keyid:1B:30:29:63:4E:A8:ED:54:68:1B:A8:4D:14:99:0B:00:B8:64:DD:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GzApY06o7VRoG6hNFJkLALhk3bg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/a3bfe9-dc56-4c1f-97a7-6b31a7360f0f/1/dj9XU0MEYgwNilblywbn_13okts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/a3bfe9-dc56-4c1f-97a7-6b31a7360f0f/1/GzApY06o7VRoG6hNFJkLALhk3bg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:c8:7e:26:4c:49:51:1e:25:4d:8e:c2:31:05:93:ba:4c:ca:
         50:aa:d5:ae:5f:68:4f:ec:4a:78:43:97:e0:29:55:6d:f4:5b:
         aa:46:07:0c:c6:34:5b:ad:57:22:1b:ec:04:8d:cb:63:a7:55:
         06:46:6a:2f:e5:93:65:6d:e4:0a:9f:28:f1:00:d5:0f:e6:8c:
         aa:bd:c8:3e:db:a8:cc:f3:d9:01:31:22:53:7d:4b:c7:5d:94:
         fb:d3:10:4f:f6:6c:15:1a:0e:08:95:c1:ae:0c:8b:d1:3b:c2:
         39:d4:ea:19:8e:30:64:e9:cf:39:3c:09:0b:7d:1b:74:d9:01:
         74:f3:2a:c8:ee:bd:7d:76:b1:b8:3d:1c:f8:67:9b:09:a0:35:
         00:94:d6:24:98:69:0c:3c:05:06:ff:70:03:7c:06:b7:72:b9:
         80:99:61:bd:cc:1e:e7:54:f3:d8:6c:fa:14:c4:bb:c7:31:23:
         9c:dc:b7:65:7b:63:d3:97:ef:08:fc:93:cc:07:f5:60:b5:fe:
         f1:96:39:5d:f2:63:e7:d7:af:40:b2:ca:c8:e9:39:31:06:c4:
         9c:77:d9:08:63:d1:2f:f8:ca:ad:64:fb:fb:8f:62:7d:f9:e0:
         ba:c6:19:7f:fa:be:37:36:a8:54:f5:fc:3e:b2:6c:ef:73:8b:
         80:07:ba:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAffaHkx7nyRWav/WgejAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMzAyOTYzNGVhOGVkNTQ2ODFiYTg0ZDE0OTkwYjAwYjg2
NGRkYjgwHhcNMjQwMTAyMDIzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjNmNTc1MzQzMDQ2MjBjMGQ4YTU2ZTVjYjA2ZTdmZjVkZTg5MmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIaoYVUaVTLH8VRBpE0jEbUuBK9R
uMRiI22ivQwTqL4ScnzZAoJ5fnZoITeyOtz08i5CM4w/LqrSCDn9skWjfFHohkAP
FiBUOND5+VEoX/REmFwY+6P4ZfzGZrCk0Pk4+fZb9pG5z3ozOgLn1yxC7YfEuK+g
/JA/hfqbDRXJceyjdhbH8DnjjP6bNgarh6lDeiav9Va4giUfSvg9eGYzB876dADz
JgIIWYhuGv1Wy41HEBiWIY5K9qcyHOi8Fn/H11sUg+14qdAqT47qpNbXwEloZ+sd
EutBPH3T9FCY/DK7SQh0zdRiZH5uJVNB+QrCKpM+VZygf2wIpD5GfNLf9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHY/V1NDBGIMDYpW5csG5/9d6JLbMB8GA1UdIwQY
MBaAFBswKWNOqO1UaBuoTRSZCwC4ZN24MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3pBcFkwNm83VlJvRzZoTkZKa0xBTGhrM2JnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC9hM2JmZTktZGM1Ni00YzFmLTk3YTct
NmIzMWE3MzYwZjBmLzEvZGo5WFUwTUVZZ3dOaWxibHl3Ym5fMTNva3RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC9hM2JmZTktZGM1Ni00YzFmLTk3YTctNmIzMWE3MzYwZjBm
LzEvR3pBcFkwNm83VlJvRzZoTkZKa0xBTGhrM2JnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8evMA0G
CSqGSIb3DQEBCwUAA4IBAQBfyH4mTElRHiVNjsIxBZO6TMpQqtWuX2hP7Ep4Q5fg
KVVt9FuqRgcMxjRbrVciG+wEjctjp1UGRmov5ZNlbeQKnyjxANUP5oyqvcg+26jM
89kBMSJTfUvHXZT70xBP9mwVGg4IlcGuDIvRO8I51OoZjjBk6c85PAkLfRt02QF0
8yrI7r19drG4PRz4Z5sJoDUAlNYkmGkMPAUG/3ADfAa3crmAmWG9zB7nVPPYbPoU
xLvHMSOc3Ldle2PTl+8I/JPMB/Vgtf7xljld8mPn169AssrI6TkxBsScd9kIY9Ev
+MqtZPv7j2J9+eC6xhl/+r43NqhU9fw+smzvc4uAB7oO
-----END CERTIFICATE-----