Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/0f6920-2770-4cbe-a64f-2a6bc3832a0a/1/OWo1SFjpEJjOqiAkU84Egdww8pc.roa
File:                     OWo1SFjpEJjOqiAkU84Egdww8pc.roa (raw, json)
Hash identifier:          0jFcfh3NugfC3VeKHdMVkf/WvezTP42zMBhUbN7f5bI=
Subject key identifier:   39:6A:35:48:58:E9:10:98:CE:AA:20:24:53:CE:04:81:DC:30:F2:97
Certificate issuer:       /CN=c97dc6d8df5d084e923063488d37d3ae0114777b
Certificate serial:       018CC8010C7ED9DC594B39C030C995A061E7
Authority key identifier: C9:7D:C6:D8:DF:5D:08:4E:92:30:63:48:8D:37:D3:AE:01:14:77:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yX3G2N9dCE6SMGNIjTfTrgEUd3s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/0f6920-2770-4cbe-a64f-2a6bc3832a0a/1/OWo1SFjpEJjOqiAkU84Egdww8pc.roa
Signing time:             Tue 02 Jan 2024 02:29:21 +0000
ROA not before:           Tue 02 Jan 2024 02:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25540
IP address blocks:        91.226.18.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/0f6920-2770-4cbe-a64f-2a6bc3832a0a/1/yX3G2N9dCE6SMGNIjTfTrgEUd3s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/0f6920-2770-4cbe-a64f-2a6bc3832a0a/1/yX3G2N9dCE6SMGNIjTfTrgEUd3s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yX3G2N9dCE6SMGNIjTfTrgEUd3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:0c:7e:d9:dc:59:4b:39:c0:30:c9:95:a0:61:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c97dc6d8df5d084e923063488d37d3ae0114777b
        Validity
            Not Before: Jan  2 02:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=396a354858e91098ceaa202453ce0481dc30f297
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:59:24:ec:da:70:8f:4d:90:4f:55:45:08:85:
                    ed:79:48:2a:f3:9e:18:60:d7:73:e5:4b:89:6b:b4:
                    ba:b3:8c:40:3f:d3:1c:27:12:51:38:36:9b:0e:ce:
                    a4:eb:78:c9:2e:42:f8:22:eb:32:b5:39:2e:26:a3:
                    42:16:86:a7:c4:8b:d1:43:15:0f:25:86:73:16:7e:
                    ec:19:da:74:0b:73:d9:c0:81:59:33:4d:1b:33:df:
                    89:d8:9a:6c:42:34:c7:7d:ba:db:52:33:d8:6f:fb:
                    7b:3c:0e:77:a6:f0:b5:5f:5c:ec:29:4b:62:df:9f:
                    bb:bd:27:8c:83:80:c7:84:1b:4d:60:70:72:9e:c3:
                    75:fd:aa:8d:c0:fb:cb:9b:c0:c1:99:db:4c:ed:1e:
                    a4:b7:e0:43:25:57:99:a0:6e:47:a4:e4:5f:95:87:
                    2e:0d:4c:36:0c:72:44:d0:1e:ca:6e:a9:34:40:ef:
                    91:f3:b7:70:00:95:8a:48:b2:85:f0:d9:76:f0:37:
                    9a:ff:99:eb:60:02:53:e2:be:d5:93:6c:17:3e:68:
                    65:2c:ee:42:3c:f4:5b:a7:d0:11:49:07:48:93:23:
                    06:62:ff:7c:4b:c2:b8:3f:e9:74:25:34:90:91:dc:
                    2b:05:df:e5:5d:42:38:7d:14:a4:3a:34:12:a3:5b:
                    92:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:6A:35:48:58:E9:10:98:CE:AA:20:24:53:CE:04:81:DC:30:F2:97
            X509v3 Authority Key Identifier:
                keyid:C9:7D:C6:D8:DF:5D:08:4E:92:30:63:48:8D:37:D3:AE:01:14:77:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yX3G2N9dCE6SMGNIjTfTrgEUd3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/0f6920-2770-4cbe-a64f-2a6bc3832a0a/1/OWo1SFjpEJjOqiAkU84Egdww8pc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/0f6920-2770-4cbe-a64f-2a6bc3832a0a/1/yX3G2N9dCE6SMGNIjTfTrgEUd3s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:fa:5b:ce:85:43:61:06:4c:09:de:69:17:42:ba:11:a1:6a:
         8c:74:64:f5:c2:4d:cf:b0:3d:6b:2c:0f:3e:ba:ca:e7:4c:b5:
         54:fd:8f:1b:54:6c:31:4c:47:27:d2:c5:f7:20:aa:97:1c:36:
         fe:61:a0:fb:22:3a:c7:5a:3d:0b:18:4e:57:59:6c:2a:58:c6:
         16:cb:d2:c9:4a:7f:d0:22:6e:d9:a2:5e:c2:ac:2f:a4:dd:d3:
         30:cc:03:a6:ec:58:3e:52:19:db:e0:13:fc:2d:ef:1e:76:2e:
         f3:de:9e:98:7b:5d:31:72:b3:c5:f2:e2:dc:b7:e6:7a:6e:95:
         59:d4:63:0f:30:08:58:c0:68:1f:67:b1:07:fb:e0:92:80:ac:
         ac:82:10:2c:32:33:54:0b:1d:b3:8d:d8:35:83:1d:4e:da:f1:
         a1:7a:b0:09:8a:7c:b7:f5:c4:29:64:e6:6b:13:f1:10:57:37:
         f6:87:3d:0a:50:e2:3f:62:0d:5a:e0:62:73:75:3a:21:73:ba:
         22:88:5e:c6:79:72:3b:86:74:cc:b1:53:c3:50:ec:3f:e4:3d:
         4e:d4:69:8f:94:88:a8:cb:5f:eb:69:ca:f6:30:de:f3:fb:16:
         e5:87:d0:b0:a5:14:6a:66:2e:f6:76:0d:6e:bb:af:c8:02:32:
         31:47:da:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAQx+2dxZSznAMMmVoGHnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5N2RjNmQ4ZGY1ZDA4NGU5MjMwNjM0ODhkMzdkM2FlMDEx
NDc3N2IwHhcNMjQwMTAyMDIyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTZhMzU0ODU4ZTkxMDk4Y2VhYTIwMjQ1M2NlMDQ4MWRjMzBmMjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFkk7Npwj02QT1VFCIXteUgq854Y
YNdz5UuJa7S6s4xAP9McJxJRODabDs6k63jJLkL4IusytTkuJqNCFoanxIvRQxUP
JYZzFn7sGdp0C3PZwIFZM00bM9+J2JpsQjTHfbrbUjPYb/t7PA53pvC1X1zsKUti
35+7vSeMg4DHhBtNYHBynsN1/aqNwPvLm8DBmdtM7R6kt+BDJVeZoG5HpORflYcu
DUw2DHJE0B7Kbqk0QO+R87dwAJWKSLKF8Nl28Dea/5nrYAJT4r7Vk2wXPmhlLO5C
PPRbp9ARSQdIkyMGYv98S8K4P+l0JTSQkdwrBd/lXUI4fRSkOjQSo1uS2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDlqNUhY6RCYzqogJFPOBIHcMPKXMB8GA1UdIwQY
MBaAFMl9xtjfXQhOkjBjSI03064BFHd7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVgzRzJOOWRDRTZTTUdOSWpUZlRyZ0VVZDNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8wZjY5MjAtMjc3MC00Y2JlLWE2NGYt
MmE2YmMzODMyYTBhLzEvT1dvMVNGanBFSmpPcWlBa1U4NEVnZHd3OHBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8wZjY5MjAtMjc3MC00Y2JlLWE2NGYtMmE2YmMzODMyYTBh
LzEveVgzRzJOOWRDRTZTTUdOSWpUZlRyZ0VVZDNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+ISMA0G
CSqGSIb3DQEBCwUAA4IBAQAb+lvOhUNhBkwJ3mkXQroRoWqMdGT1wk3PsD1rLA8+
usrnTLVU/Y8bVGwxTEcn0sX3IKqXHDb+YaD7IjrHWj0LGE5XWWwqWMYWy9LJSn/Q
Im7Zol7CrC+k3dMwzAOm7Fg+Uhnb4BP8Le8edi7z3p6Ye10xcrPF8uLct+Z6bpVZ
1GMPMAhYwGgfZ7EH++CSgKysghAsMjNUCx2zjdg1gx1O2vGherAJiny39cQpZOZr
E/EQVzf2hz0KUOI/Yg1a4GJzdTohc7oiiF7GeXI7hnTMsVPDUOw/5D1O1GmPlIio
y1/racr2MN7z+xblh9CwpRRqZi72dg1uu6/IAjIxR9o6
-----END CERTIFICATE-----