Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/cccc41-dd2c-41f0-82bf-e92dd8fa6abb/1/jBuRxkE48rwb-6G8o_BW2g0qYF4.roa
File:                     jBuRxkE48rwb-6G8o_BW2g0qYF4.roa (raw, json)
Hash identifier:          ckg5XNEzsYdJLuBhJFWQnUGncwq0SQXcR4GiPDeWc9A=
Subject key identifier:   8C:1B:91:C6:41:38:F2:BC:1B:FB:A1:BC:A3:F0:56:DA:0D:2A:60:5E
Certificate issuer:       /CN=aca2f7748fe363dc5939e9b854fc00403130eba5
Certificate serial:       018CC86FA028C756CE87B9EC7450F28D81D3
Authority key identifier: AC:A2:F7:74:8F:E3:63:DC:59:39:E9:B8:54:FC:00:40:31:30:EB:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rKL3dI_jY9xZOem4VPwAQDEw66U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/cccc41-dd2c-41f0-82bf-e92dd8fa6abb/1/jBuRxkE48rwb-6G8o_BW2g0qYF4.roa
Signing time:             Tue 02 Jan 2024 04:30:07 +0000
ROA not before:           Tue 02 Jan 2024 04:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5391
IP address blocks:        91.239.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/cccc41-dd2c-41f0-82bf-e92dd8fa6abb/1/rKL3dI_jY9xZOem4VPwAQDEw66U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/cccc41-dd2c-41f0-82bf-e92dd8fa6abb/1/rKL3dI_jY9xZOem4VPwAQDEw66U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rKL3dI_jY9xZOem4VPwAQDEw66U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:a0:28:c7:56:ce:87:b9:ec:74:50:f2:8d:81:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aca2f7748fe363dc5939e9b854fc00403130eba5
        Validity
            Not Before: Jan  2 04:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c1b91c64138f2bc1bfba1bca3f056da0d2a605e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:25:bc:24:a7:b7:3f:13:42:77:bc:37:d1:7e:
                    0b:ed:3a:55:40:a1:f8:a1:49:25:e2:73:7f:2c:d2:
                    5b:fb:34:fa:2f:fa:96:2c:f9:64:b2:37:34:6f:e7:
                    62:68:88:d0:f9:94:74:81:66:14:2e:01:27:41:6a:
                    3f:33:31:a6:d8:e5:c6:a8:66:99:e3:69:f0:ca:ed:
                    f9:15:8f:c2:0a:68:80:ae:fd:b3:5e:65:72:13:9e:
                    c9:69:43:80:27:45:b7:db:27:01:a9:75:9e:46:35:
                    c6:83:1e:01:09:e3:72:39:15:5a:0f:fd:06:0f:f4:
                    bf:68:11:3f:a2:4e:bd:e3:20:e4:8d:4c:79:b5:58:
                    75:00:22:34:5b:8c:43:fe:63:ef:7a:ee:5c:1b:8a:
                    eb:17:8a:02:34:0f:3f:74:3b:78:ee:b8:fc:92:c2:
                    fa:3e:ff:72:df:df:ff:10:32:15:96:fd:2d:51:31:
                    dd:95:19:0b:c7:35:2e:9a:12:93:21:d7:e8:a2:18:
                    c7:03:ca:a3:1d:ad:fb:94:41:d8:64:cf:0e:6b:c1:
                    a0:e6:a7:f7:d7:76:96:f8:2e:ca:78:81:ea:da:7c:
                    45:17:3a:81:6c:27:8e:d8:38:ff:fd:6b:62:f8:7b:
                    b3:0a:41:e5:42:7d:4f:dd:57:69:d4:98:cc:6e:7d:
                    b7:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:1B:91:C6:41:38:F2:BC:1B:FB:A1:BC:A3:F0:56:DA:0D:2A:60:5E
            X509v3 Authority Key Identifier:
                keyid:AC:A2:F7:74:8F:E3:63:DC:59:39:E9:B8:54:FC:00:40:31:30:EB:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKL3dI_jY9xZOem4VPwAQDEw66U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/cccc41-dd2c-41f0-82bf-e92dd8fa6abb/1/jBuRxkE48rwb-6G8o_BW2g0qYF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/cccc41-dd2c-41f0-82bf-e92dd8fa6abb/1/rKL3dI_jY9xZOem4VPwAQDEw66U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:dc:d7:1e:58:90:8c:12:07:bf:25:e2:d0:3f:b8:26:3f:48:
         66:8e:01:b1:2a:7c:54:69:90:58:db:37:6b:d4:f4:08:26:86:
         9d:e7:a4:1f:c5:62:41:b4:21:d4:ab:b3:54:0b:d4:cc:d0:45:
         88:8b:5b:2e:ab:61:07:9a:82:e8:d9:03:ba:1a:d2:3c:a8:4e:
         b6:14:9b:3a:56:78:88:ad:73:b2:d3:ad:c2:df:bb:bf:29:64:
         87:83:33:4c:e1:40:39:4d:80:68:f5:6b:74:6d:90:39:c7:7f:
         45:73:62:d4:d4:80:aa:c4:f3:a2:89:7c:05:4d:35:fb:5c:78:
         11:7b:63:45:d0:e4:98:12:85:15:f6:ce:92:3e:b6:15:5b:24:
         37:55:7d:37:a6:73:31:4c:20:68:56:8f:19:55:9c:19:5e:32:
         79:61:1d:e3:e6:b7:a3:54:e3:bb:15:db:c3:da:a8:b1:cb:40:
         66:ae:e8:45:a8:9c:48:96:6d:0b:d3:2d:6a:2e:4d:90:7d:35:
         8b:41:55:7a:1e:03:79:46:fa:9c:ce:26:f4:28:06:05:51:ae:
         0d:bb:c0:20:e2:63:c1:c9:41:65:6b:80:a4:c0:48:4c:68:4c:
         af:e1:6c:5f:f6:d5:3b:fb:6e:0b:ef:fe:ef:6e:cd:34:a1:bd:
         67:57:47:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb6Aox1bOh7nsdFDyjYHTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTJmNzc0OGZlMzYzZGM1OTM5ZTliODU0ZmMwMDQwMzEz
MGViYTUwHhcNMjQwMTAyMDQzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzFiOTFjNjQxMzhmMmJjMWJmYmExYmNhM2YwNTZkYTBkMmE2MDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyW8JKe3PxNCd7w30X4L7TpVQKH4
oUkl4nN/LNJb+zT6L/qWLPlksjc0b+diaIjQ+ZR0gWYULgEnQWo/MzGm2OXGqGaZ
42nwyu35FY/CCmiArv2zXmVyE57JaUOAJ0W32ycBqXWeRjXGgx4BCeNyORVaD/0G
D/S/aBE/ok694yDkjUx5tVh1ACI0W4xD/mPveu5cG4rrF4oCNA8/dDt47rj8ksL6
Pv9y39//EDIVlv0tUTHdlRkLxzUumhKTIdfoohjHA8qjHa37lEHYZM8Oa8Gg5qf3
13aW+C7KeIHq2nxFFzqBbCeO2Dj//Wti+HuzCkHlQn1P3Vdp1JjMbn23ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIwbkcZBOPK8G/uhvKPwVtoNKmBeMB8GA1UdIwQY
MBaAFKyi93SP42PcWTnpuFT8AEAxMOulMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktMM2RJX2pZOXhaT2VtNFZQd0FRREV3NjZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9jY2NjNDEtZGQyYy00MWYwLTgyYmYt
ZTkyZGQ4ZmE2YWJiLzEvakJ1UnhrRTQ4cndiLTZHOG9fQlcyZzBxWUY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9jY2NjNDEtZGQyYy00MWYwLTgyYmYtZTkyZGQ4ZmE2YWJi
LzEvcktMM2RJX2pZOXhaT2VtNFZQd0FRREV3NjZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+94MA0G
CSqGSIb3DQEBCwUAA4IBAQAP3NceWJCMEge/JeLQP7gmP0hmjgGxKnxUaZBY2zdr
1PQIJoad56QfxWJBtCHUq7NUC9TM0EWIi1suq2EHmoLo2QO6GtI8qE62FJs6VniI
rXOy063C37u/KWSHgzNM4UA5TYBo9Wt0bZA5x39Fc2LU1ICqxPOiiXwFTTX7XHgR
e2NF0OSYEoUV9s6SPrYVWyQ3VX03pnMxTCBoVo8ZVZwZXjJ5YR3j5rejVOO7FdvD
2qixy0BmruhFqJxIlm0L0y1qLk2QfTWLQVV6HgN5Rvqczib0KAYFUa4Nu8Ag4mPB
yUFla4CkwEhMaEyv4Wxf9tU7+24L7/7vbs00ob1nV0dE
-----END CERTIFICATE-----