Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/22e49d-6953-4fc8-a896-c5c358837a84/1/kXaMYjeLv7tYVBOtkgMXNA98LtA.roa
File:                     kXaMYjeLv7tYVBOtkgMXNA98LtA.roa (raw, json)
Hash identifier:          grI5nyGIFwvIg5Wp1mg9/JEeCVJpTUfBeZ0XtPZYL0k=
Subject key identifier:   91:76:8C:62:37:8B:BF:BB:58:54:13:AD:92:03:17:34:0F:7C:2E:D0
Certificate issuer:       /CN=c9cd38d1d1c4a23053cd997163318d649a7b2a57
Certificate serial:       018CC7274A0BFC89E18AFCF4E7C2BB6D0D4B
Authority key identifier: C9:CD:38:D1:D1:C4:A2:30:53:CD:99:71:63:31:8D:64:9A:7B:2A:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yc040dHEojBTzZlxYzGNZJp7Klc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/22e49d-6953-4fc8-a896-c5c358837a84/1/kXaMYjeLv7tYVBOtkgMXNA98LtA.roa
Signing time:             Mon 01 Jan 2024 22:31:29 +0000
ROA not before:           Mon 01 Jan 2024 22:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205660
IP address blocks:        185.39.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/22e49d-6953-4fc8-a896-c5c358837a84/1/yc040dHEojBTzZlxYzGNZJp7Klc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/22e49d-6953-4fc8-a896-c5c358837a84/1/yc040dHEojBTzZlxYzGNZJp7Klc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yc040dHEojBTzZlxYzGNZJp7Klc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:4a:0b:fc:89:e1:8a:fc:f4:e7:c2:bb:6d:0d:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9cd38d1d1c4a23053cd997163318d649a7b2a57
        Validity
            Not Before: Jan  1 22:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91768c62378bbfbb585413ad920317340f7c2ed0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:16:58:c2:cf:22:d4:98:3a:65:8a:f7:84:bd:
                    3b:2b:b9:fa:e1:60:09:20:20:c4:6d:36:82:b0:1a:
                    e4:ee:50:e4:94:f6:08:06:ee:f0:81:a4:95:3b:96:
                    35:be:67:76:c0:42:c5:b6:22:b1:00:49:55:1e:29:
                    33:9e:8e:0a:dc:78:36:89:53:dc:cb:24:cf:04:30:
                    50:9d:f7:2e:a3:2f:18:d5:7c:28:f1:b6:06:50:b4:
                    4c:cb:2a:1a:b0:38:55:02:0b:49:cf:04:9d:73:b1:
                    4a:45:63:c3:46:54:0a:a7:38:66:bb:ce:57:80:3a:
                    7f:26:30:50:ef:54:89:34:72:f4:d7:0f:98:f1:c5:
                    71:24:cd:f8:aa:3b:2e:d2:55:55:de:1c:8c:bd:07:
                    3c:10:0d:62:af:a6:76:27:b5:38:82:b2:8e:8d:d6:
                    f6:a9:d6:b4:bd:97:35:de:d3:3a:a6:b0:c0:53:2c:
                    2b:6a:8b:47:6c:3e:7f:c8:10:ff:c9:64:f8:7a:39:
                    ce:64:ae:ee:80:c4:bc:a8:10:d4:00:5b:7b:79:68:
                    b3:5a:1a:df:cb:e9:b4:07:d6:ce:27:cc:9a:e3:30:
                    6c:65:8b:e9:50:fc:12:e6:93:a7:2b:0a:90:1f:0e:
                    ab:39:a2:ff:5f:dd:67:2e:48:f3:4c:55:ba:61:27:
                    d4:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:76:8C:62:37:8B:BF:BB:58:54:13:AD:92:03:17:34:0F:7C:2E:D0
            X509v3 Authority Key Identifier:
                keyid:C9:CD:38:D1:D1:C4:A2:30:53:CD:99:71:63:31:8D:64:9A:7B:2A:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yc040dHEojBTzZlxYzGNZJp7Klc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/22e49d-6953-4fc8-a896-c5c358837a84/1/kXaMYjeLv7tYVBOtkgMXNA98LtA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/22e49d-6953-4fc8-a896-c5c358837a84/1/yc040dHEojBTzZlxYzGNZJp7Klc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.39.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:77:fb:8b:52:9e:38:dc:27:c0:21:2f:d6:75:44:05:70:16:
         4b:3b:7c:87:e0:d5:95:4e:78:62:77:bc:8e:9a:80:5e:20:6c:
         b6:df:9b:ee:88:94:db:b6:c9:9a:b4:a4:2d:45:65:8e:fa:53:
         dc:04:13:3d:a2:52:ad:35:4e:7f:66:cf:a0:16:c6:03:69:f5:
         df:0c:77:3e:fe:25:67:be:a5:f7:19:9e:f2:97:c0:d2:c0:d2:
         25:97:23:63:fd:8f:78:c4:41:8b:06:3b:93:47:0b:8d:71:4e:
         b7:2d:b9:ea:b7:46:ec:62:fd:77:ef:33:b9:60:00:78:56:85:
         64:67:ec:8a:3d:0b:3a:94:bb:bb:64:f2:32:e8:3d:bd:d4:03:
         19:f6:8a:01:f9:32:7a:90:d8:df:26:15:60:04:ca:94:97:a3:
         ad:a5:32:23:88:8a:c2:ad:9b:5f:c3:13:59:c0:4f:4a:b1:19:
         c7:40:e3:ab:26:45:80:ba:4e:19:30:5c:fb:04:a0:4d:22:00:
         7e:0d:1d:81:58:5b:d1:3a:6a:10:32:3d:bd:fa:61:c4:ee:7d:
         5d:ae:7e:79:87:b5:20:14:7c:52:d8:ec:35:7a:80:18:28:7b:
         7f:1e:89:2d:46:d6:b9:a9:ee:75:6b:ba:3e:17:44:cd:11:05:
         b6:4d:47:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ0oL/Inhivz058K7bQ1LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5Y2QzOGQxZDFjNGEyMzA1M2NkOTk3MTYzMzE4ZDY0OWE3
YjJhNTcwHhcNMjQwMTAxMjIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTc2OGM2MjM3OGJiZmJiNTg1NDEzYWQ5MjAzMTczNDBmN2MyZWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgRZYws8i1Jg6ZYr3hL07K7n64WAJ
ICDEbTaCsBrk7lDklPYIBu7wgaSVO5Y1vmd2wELFtiKxAElVHikzno4K3Hg2iVPc
yyTPBDBQnfcuoy8Y1Xwo8bYGULRMyyoasDhVAgtJzwSdc7FKRWPDRlQKpzhmu85X
gDp/JjBQ71SJNHL01w+Y8cVxJM34qjsu0lVV3hyMvQc8EA1ir6Z2J7U4grKOjdb2
qda0vZc13tM6prDAUywraotHbD5/yBD/yWT4ejnOZK7ugMS8qBDUAFt7eWizWhrf
y+m0B9bOJ8ya4zBsZYvpUPwS5pOnKwqQHw6rOaL/X91nLkjzTFW6YSfUaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJF2jGI3i7+7WFQTrZIDFzQPfC7QMB8GA1UdIwQY
MBaAFMnNONHRxKIwU82ZcWMxjWSaeypXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWMwNDBkSEVvakJUelpseFl6R05aSnA3S2xjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8yMmU0OWQtNjk1My00ZmM4LWE4OTYt
YzVjMzU4ODM3YTg0LzEva1hhTVlqZUx2N3RZVkJPdGtnTVhOQTk4THRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8yMmU0OWQtNjk1My00ZmM4LWE4OTYtYzVjMzU4ODM3YTg0
LzEveWMwNDBkSEVvakJUelpseFl6R05aSnA3S2xjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSf9MA0G
CSqGSIb3DQEBCwUAA4IBAQCYd/uLUp443CfAIS/WdUQFcBZLO3yH4NWVTnhid7yO
moBeIGy235vuiJTbtsmatKQtRWWO+lPcBBM9olKtNU5/Zs+gFsYDafXfDHc+/iVn
vqX3GZ7yl8DSwNIllyNj/Y94xEGLBjuTRwuNcU63Lbnqt0bsYv137zO5YAB4VoVk
Z+yKPQs6lLu7ZPIy6D291AMZ9ooB+TJ6kNjfJhVgBMqUl6OtpTIjiIrCrZtfwxNZ
wE9KsRnHQOOrJkWAuk4ZMFz7BKBNIgB+DR2BWFvROmoQMj29+mHE7n1drn55h7Ug
FHxS2Ow1eoAYKHt/HoktRta5qe51a7o+F0TNEQW2TUfN
-----END CERTIFICATE-----