Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/9qvAwNn06l_NztfBJpgWi0VTcd4.roa
File:                     9qvAwNn06l_NztfBJpgWi0VTcd4.roa (raw, json)
Hash identifier:          PfoSWsNjkEG1dwrdNoB7DktwNUdMKJ+8L/jewl1VXqs=
Subject key identifier:   F6:AB:C0:C0:D9:F4:EA:5F:CD:CE:D7:C1:26:98:16:8B:45:53:71:DE
Certificate issuer:       /CN=5a4a47d582bb0e9680f89258ab96d05867d352ef
Certificate serial:       018CC86FA96AFA809A309E9FB5C427F720D2
Authority key identifier: 5A:4A:47:D5:82:BB:0E:96:80:F8:92:58:AB:96:D0:58:67:D3:52:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WkpH1YK7DpaA-JJYq5bQWGfTUu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/9qvAwNn06l_NztfBJpgWi0VTcd4.roa
Signing time:             Tue 02 Jan 2024 04:30:10 +0000
ROA not before:           Tue 02 Jan 2024 04:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57702
IP address blocks:        192.58.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/WkpH1YK7DpaA-JJYq5bQWGfTUu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/WkpH1YK7DpaA-JJYq5bQWGfTUu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WkpH1YK7DpaA-JJYq5bQWGfTUu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:a9:6a:fa:80:9a:30:9e:9f:b5:c4:27:f7:20:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a4a47d582bb0e9680f89258ab96d05867d352ef
        Validity
            Not Before: Jan  2 04:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6abc0c0d9f4ea5fcdced7c12698168b455371de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:51:dd:5c:eb:8f:ba:fb:d0:73:f6:41:72:70:
                    89:df:f3:bc:ac:0a:a0:b6:c9:9d:74:5a:f6:a3:f8:
                    00:52:75:da:bc:25:6d:d1:79:2b:c2:5c:2b:99:6b:
                    81:7b:11:2d:e9:cc:9b:ea:8f:30:da:98:f8:71:2d:
                    86:a8:cd:6d:1c:fd:79:14:71:e3:a1:1b:0a:76:3d:
                    6d:34:e3:82:56:06:b8:9f:61:74:30:ba:25:c9:f2:
                    48:7b:cf:18:c7:0e:c2:22:c8:ee:23:2b:98:63:39:
                    c7:e1:47:97:58:6a:8a:24:2c:01:ba:64:25:c9:17:
                    96:f6:10:f1:d0:cd:7e:4c:2d:42:76:e5:6e:c4:ee:
                    0c:9b:58:ec:a6:15:cc:31:2a:86:37:42:37:8c:4e:
                    d6:dc:5d:97:69:07:cd:37:bb:9c:8a:6e:fe:3f:9f:
                    8d:42:0b:87:85:5f:8e:37:5e:7a:cd:b7:70:fd:fc:
                    58:19:60:2d:bc:48:0b:bb:be:e3:4a:5e:bf:48:55:
                    89:e5:4c:74:30:92:ec:79:e8:f3:42:8e:44:74:02:
                    2a:86:35:71:00:75:8f:5e:72:74:4b:52:49:81:f1:
                    49:ca:4f:c9:cd:14:61:d7:cc:bf:ce:2b:1a:22:41:
                    3a:9f:1c:58:3a:40:d0:27:3f:3d:81:69:4c:5c:b4:
                    57:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:AB:C0:C0:D9:F4:EA:5F:CD:CE:D7:C1:26:98:16:8B:45:53:71:DE
            X509v3 Authority Key Identifier:
                keyid:5A:4A:47:D5:82:BB:0E:96:80:F8:92:58:AB:96:D0:58:67:D3:52:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WkpH1YK7DpaA-JJYq5bQWGfTUu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/9qvAwNn06l_NztfBJpgWi0VTcd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/WkpH1YK7DpaA-JJYq5bQWGfTUu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.58.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:71:b7:a4:e1:e8:7c:5a:69:89:06:fe:f8:01:89:84:4b:76:
         91:ae:9a:b8:37:76:87:e3:4b:fd:72:1a:32:e3:6e:27:5b:06:
         a5:54:5d:07:58:0b:4b:6d:e8:8f:62:7f:e3:c6:aa:f8:bb:52:
         39:86:84:4c:38:98:89:cc:f7:aa:3c:af:4b:b2:a6:7d:43:ae:
         d0:5c:3d:6b:27:bb:98:8d:d6:c5:b9:c2:5b:ae:fc:d6:61:5a:
         d2:8b:77:9f:cc:5f:f6:c8:87:75:61:df:2e:e5:0c:28:e9:e6:
         3e:17:84:1f:52:5c:da:98:10:07:fb:db:97:89:84:90:8c:2c:
         5e:d8:ae:81:f6:c7:fc:cb:a7:ca:b5:52:b9:59:59:c6:1c:1d:
         44:0d:d9:04:b7:e4:15:f5:56:5e:82:66:9e:3e:bf:7a:6e:9b:
         d4:3b:77:a6:56:77:c8:c7:1c:ad:e3:ab:c9:f2:b6:36:b6:61:
         29:b9:bb:a0:53:4d:a4:eb:90:fb:a1:76:23:36:c6:8f:87:d6:
         c2:05:66:18:3e:33:10:b2:d2:b7:02:90:6f:94:9a:18:db:d0:
         37:35:38:af:d7:35:d0:0d:1c:78:c3:09:db:76:c5:9d:24:92:
         f4:fe:0a:0c:03:4c:a4:2a:07:6d:bf:5f:45:6a:19:44:7c:0b:
         44:ad:c8:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb6lq+oCaMJ6ftcQn9yDSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNGE0N2Q1ODJiYjBlOTY4MGY4OTI1OGFiOTZkMDU4Njdk
MzUyZWYwHhcNMjQwMTAyMDQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmFiYzBjMGQ5ZjRlYTVmY2RjZWQ3YzEyNjk4MTY4YjQ1NTM3MWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi1HdXOuPuvvQc/ZBcnCJ3/O8rAqg
tsmddFr2o/gAUnXavCVt0XkrwlwrmWuBexEt6cyb6o8w2pj4cS2GqM1tHP15FHHj
oRsKdj1tNOOCVga4n2F0MLolyfJIe88Yxw7CIsjuIyuYYznH4UeXWGqKJCwBumQl
yReW9hDx0M1+TC1CduVuxO4Mm1jsphXMMSqGN0I3jE7W3F2XaQfNN7ucim7+P5+N
QguHhV+ON156zbdw/fxYGWAtvEgLu77jSl6/SFWJ5Ux0MJLseejzQo5EdAIqhjVx
AHWPXnJ0S1JJgfFJyk/JzRRh18y/zisaIkE6nxxYOkDQJz89gWlMXLRXEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFParwMDZ9Opfzc7XwSaYFotFU3HeMB8GA1UdIwQY
MBaAFFpKR9WCuw6WgPiSWKuW0Fhn01LvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2twSDFZSzdEcGFBLUpKWXE1YlFXR2ZUVXU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS80Yjc1NzYtMmI5Yy00M2FmLTg4MTct
NmIwMDY1NTA4OTk2LzEvOXF2QXdObjA2bF9OenRmQkpwZ1dpMFZUY2Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS80Yjc1NzYtMmI5Yy00M2FmLTg4MTctNmIwMDY1NTA4OTk2
LzEvV2twSDFZSzdEcGFBLUpKWXE1YlFXR2ZUVXU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwDodMA0G
CSqGSIb3DQEBCwUAA4IBAQBZcbek4eh8WmmJBv74AYmES3aRrpq4N3aH40v9choy
424nWwalVF0HWAtLbeiPYn/jxqr4u1I5hoRMOJiJzPeqPK9LsqZ9Q67QXD1rJ7uY
jdbFucJbrvzWYVrSi3efzF/2yId1Yd8u5Qwo6eY+F4QfUlzamBAH+9uXiYSQjCxe
2K6B9sf8y6fKtVK5WVnGHB1EDdkEt+QV9VZegmaePr96bpvUO3emVnfIxxyt46vJ
8rY2tmEpubugU02k65D7oXYjNsaPh9bCBWYYPjMQstK3ApBvlJoY29A3NTiv1zXQ
DRx4wwnbdsWdJJL0/goMA0ykKgdtv19FahlEfAtErch2
-----END CERTIFICATE-----