Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/16y8FYc3kVtUvseSJBF5cw1MhOw.roa
File:                     16y8FYc3kVtUvseSJBF5cw1MhOw.roa (raw, json)
Hash identifier:          vGGo72/eWIE/0WLlayPajYvxkncoe2gaXIiI3tChzyM=
Subject key identifier:   D7:AC:BC:15:87:37:91:5B:54:BE:C7:92:24:11:79:73:0D:4C:84:EC
Certificate issuer:       /CN=dac633a14cac7c7a0922ffd980de5f278a3be267
Certificate serial:       018CC6B780B6F81FB51FD93B6C7B359279B5
Authority key identifier: DA:C6:33:A1:4C:AC:7C:7A:09:22:FF:D9:80:DE:5F:27:8A:3B:E2:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2sYzoUysfHoJIv_ZgN5fJ4o74mc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/16y8FYc3kVtUvseSJBF5cw1MhOw.roa
Signing time:             Mon 01 Jan 2024 20:29:23 +0000
ROA not before:           Mon 01 Jan 2024 20:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        213.5.226.0/24 maxlen: 24
                          91.233.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/2sYzoUysfHoJIv_ZgN5fJ4o74mc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/2sYzoUysfHoJIv_ZgN5fJ4o74mc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2sYzoUysfHoJIv_ZgN5fJ4o74mc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:03:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:80:b6:f8:1f:b5:1f:d9:3b:6c:7b:35:92:79:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dac633a14cac7c7a0922ffd980de5f278a3be267
        Validity
            Not Before: Jan  1 20:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7acbc158737915b54bec792241179730d4c84ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:f3:ff:37:16:fe:e4:7e:98:78:78:9f:c0:4c:
                    03:60:ee:30:23:15:f1:c8:eb:cb:25:6e:76:05:a1:
                    17:f4:7d:6b:ca:ff:6f:4a:ea:09:33:77:98:bf:e7:
                    dc:df:8b:7f:39:fa:21:7d:2d:e9:c0:63:9a:c6:aa:
                    a5:dd:49:ac:29:c2:1c:8f:f8:6a:ad:ec:9e:67:6e:
                    97:99:08:61:53:77:2b:06:98:28:2e:46:6e:ff:91:
                    1d:59:5d:c9:83:bc:a5:49:47:a2:b4:9f:d2:e2:74:
                    f4:a7:6e:c1:82:26:6e:1c:c9:a3:08:89:0b:5c:b9:
                    6d:07:a5:63:82:25:34:6f:a2:4d:1a:c4:af:2a:49:
                    78:a7:2c:99:41:00:fc:24:a1:4c:16:cc:b6:98:fd:
                    2e:c1:47:ec:15:bd:2e:0d:06:6d:ce:71:79:69:c3:
                    a0:6b:86:08:60:a1:2f:ae:2b:2e:df:3b:39:4c:14:
                    dc:36:59:04:ab:e7:9e:03:0a:e8:fa:16:0c:44:db:
                    c8:b1:7c:2c:fc:41:1e:f2:8b:d7:66:83:a8:76:0d:
                    90:0b:a6:4f:bd:d9:16:0d:ff:e6:4d:f9:d5:c4:f4:
                    62:d9:de:5a:e2:8a:92:20:9c:60:d4:e0:c7:c0:18:
                    8b:32:af:3a:88:58:5c:01:5a:30:15:39:7f:81:a4:
                    7d:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:AC:BC:15:87:37:91:5B:54:BE:C7:92:24:11:79:73:0D:4C:84:EC
            X509v3 Authority Key Identifier:
                keyid:DA:C6:33:A1:4C:AC:7C:7A:09:22:FF:D9:80:DE:5F:27:8A:3B:E2:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2sYzoUysfHoJIv_ZgN5fJ4o74mc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/16y8FYc3kVtUvseSJBF5cw1MhOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/2sYzoUysfHoJIv_ZgN5fJ4o74mc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.61.0/24
                  213.5.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:bd:0e:ff:e4:a6:41:54:2a:0e:ac:b0:8c:e0:1c:7b:04:db:
         b3:68:8f:d3:bf:14:57:75:69:87:b3:13:59:ec:58:ae:f8:1a:
         af:81:6b:53:5d:00:87:83:c8:15:e6:dc:09:d4:f7:27:15:67:
         54:b9:f1:f9:50:60:22:ec:bb:44:55:03:eb:23:6e:9c:4b:8a:
         54:6e:19:5a:7f:db:bc:0a:bd:61:df:72:66:1f:c5:c3:c4:c7:
         02:c2:98:7e:c3:2d:66:96:cb:7b:06:db:f8:fc:eb:82:b6:4d:
         2e:78:c5:c9:42:9d:09:65:27:23:fd:22:93:b8:a7:fd:a4:20:
         a6:cd:2d:c7:a7:57:ad:45:e6:a4:e5:c9:05:1b:17:18:01:7c:
         eb:15:43:56:23:b5:e5:0b:57:a3:72:dc:ac:a0:59:06:6d:3a:
         23:7d:b0:71:b8:7b:65:60:57:5e:94:31:25:09:60:cc:e7:70:
         69:3f:8f:b3:7f:91:b9:93:99:dd:92:81:2a:b9:b9:94:d1:af:
         ae:cc:38:3b:b7:65:45:44:b0:94:1f:a6:48:2d:af:f3:b8:d7:
         54:fa:7d:be:f0:a4:ff:a2:13:1d:05:f3:2d:7d:c0:4b:e2:f2:
         b9:b8:81:be:81:09:8c:c7:9f:39:1f:5e:65:a1:68:5f:01:94:
         3f:9d:54:f4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGt4C2+B+1H9k7bHs1knm1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYzYzM2ExNGNhYzdjN2EwOTIyZmZkOTgwZGU1ZjI3OGEz
YmUyNjcwHhcNMjQwMTAxMjAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2FjYmMxNTg3Mzc5MTViNTRiZWM3OTIyNDExNzk3MzBkNGM4NGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvP/Nxb+5H6YeHifwEwDYO4wIxXx
yOvLJW52BaEX9H1ryv9vSuoJM3eYv+fc34t/OfohfS3pwGOaxqql3UmsKcIcj/hq
reyeZ26XmQhhU3crBpgoLkZu/5EdWV3Jg7ylSUeitJ/S4nT0p27BgiZuHMmjCIkL
XLltB6VjgiU0b6JNGsSvKkl4pyyZQQD8JKFMFsy2mP0uwUfsFb0uDQZtznF5acOg
a4YIYKEvrisu3zs5TBTcNlkEq+eeAwro+hYMRNvIsXws/EEe8ovXZoOodg2QC6ZP
vdkWDf/mTfnVxPRi2d5a4oqSIJxg1ODHwBiLMq86iFhcAVowFTl/gaR9rwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNesvBWHN5FbVL7HkiQReXMNTITsMB8GA1UdIwQY
MBaAFNrGM6FMrHx6CSL/2YDeXyeKO+JnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnNZem9VeXNmSG9KSXZfWmdONWZKNG83NG1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9jODUyYjUtYWNjNC00ZDcwLWFlZWIt
MjQ1MTVhMTRjNDU2LzEvMTZ5OEZZYzNrVnRVdnNlU0pCRjVjdzFNaE93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9jODUyYjUtYWNjNC00ZDcwLWFlZWItMjQ1MTVhMTRjNDU2
LzEvMnNZem9VeXNmSG9KSXZfWmdONWZKNG83NG1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+k9AwQA
1QXiMA0GCSqGSIb3DQEBCwUAA4IBAQAlvQ7/5KZBVCoOrLCM4Bx7BNuzaI/TvxRX
dWmHsxNZ7Fiu+BqvgWtTXQCHg8gV5twJ1PcnFWdUufH5UGAi7LtEVQPrI26cS4pU
bhlaf9u8Cr1h33JmH8XDxMcCwph+wy1mlst7Btv4/OuCtk0ueMXJQp0JZScj/SKT
uKf9pCCmzS3Hp1etReak5ckFGxcYAXzrFUNWI7XlC1ejctysoFkGbTojfbBxuHtl
YFdelDElCWDM53BpP4+zf5G5k5ndkoEqubmU0a+uzDg7t2VFRLCUH6ZILa/zuNdU
+n2+8KT/ohMdBfMtfcBL4vK5uIG+gQmMx585H15loWhfAZQ/nVT0
-----END CERTIFICATE-----