Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/0f6920-2770-4cbe-a64f-2a6bc3832a0a/1/oUxdJenaAsfYsdiQKRbEqlAvlZk.roa
File:                     oUxdJenaAsfYsdiQKRbEqlAvlZk.roa (raw, json)
Hash identifier:          Uz4dstlKVFiG1NPoVxraHG3vmNpZLjZjFBwuKUTWcy8=
Subject key identifier:   A1:4C:5D:25:E9:DA:02:C7:D8:B1:D8:90:29:16:C4:AA:50:2F:95:99
Certificate issuer:       /CN=c97dc6d8df5d084e923063488d37d3ae0114777b
Certificate serial:       018CC8010CF99DBE93081C0768961A79FE1B
Authority key identifier: C9:7D:C6:D8:DF:5D:08:4E:92:30:63:48:8D:37:D3:AE:01:14:77:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yX3G2N9dCE6SMGNIjTfTrgEUd3s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/0f6920-2770-4cbe-a64f-2a6bc3832a0a/1/oUxdJenaAsfYsdiQKRbEqlAvlZk.roa
Signing time:             Tue 02 Jan 2024 02:29:21 +0000
ROA not before:           Tue 02 Jan 2024 02:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57591
IP address blocks:        91.229.130.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/0f6920-2770-4cbe-a64f-2a6bc3832a0a/1/yX3G2N9dCE6SMGNIjTfTrgEUd3s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/0f6920-2770-4cbe-a64f-2a6bc3832a0a/1/yX3G2N9dCE6SMGNIjTfTrgEUd3s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yX3G2N9dCE6SMGNIjTfTrgEUd3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:0c:f9:9d:be:93:08:1c:07:68:96:1a:79:fe:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c97dc6d8df5d084e923063488d37d3ae0114777b
        Validity
            Not Before: Jan  2 02:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a14c5d25e9da02c7d8b1d8902916c4aa502f9599
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:c5:45:4d:02:6c:8d:98:7f:9c:66:14:77:dd:
                    ae:e9:7c:73:6e:ad:b4:f1:8a:f1:bb:7a:b7:3d:fd:
                    35:ab:da:51:be:72:85:38:a3:78:20:08:1b:60:33:
                    98:f2:b7:d8:12:86:1d:2c:f0:74:27:0d:4a:3d:be:
                    73:36:98:7e:ba:d9:5d:fa:2d:b9:95:f1:ae:90:a2:
                    d4:c4:32:50:39:db:a6:18:2b:71:5e:f1:8c:67:f5:
                    d0:db:90:53:68:19:b7:f9:b0:7a:77:74:84:b3:31:
                    fa:46:a4:72:83:27:9d:17:b8:81:56:12:d6:fa:8a:
                    aa:33:12:65:ca:4d:e3:5b:87:07:e2:3e:48:7c:1c:
                    6e:52:1c:1a:b3:4c:9f:f5:0d:a8:ae:70:55:49:ee:
                    f0:5d:4d:a3:84:68:a5:e5:cd:12:9f:48:b7:05:df:
                    43:28:48:b3:e8:13:f7:3f:9b:ce:d5:eb:24:db:44:
                    0e:f9:c9:fe:42:fb:8a:4c:9d:6c:1f:4c:0b:a1:2b:
                    81:40:58:71:b5:9d:b8:e5:e5:95:e5:ce:a0:2d:e7:
                    e7:6f:c8:06:47:8f:e2:1d:27:f4:ae:61:55:e7:3b:
                    99:df:32:3e:dd:a6:23:e5:f1:4a:fc:85:75:5f:98:
                    d2:98:ee:a6:01:d1:9f:fd:dd:54:0f:20:7e:58:37:
                    2d:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:4C:5D:25:E9:DA:02:C7:D8:B1:D8:90:29:16:C4:AA:50:2F:95:99
            X509v3 Authority Key Identifier:
                keyid:C9:7D:C6:D8:DF:5D:08:4E:92:30:63:48:8D:37:D3:AE:01:14:77:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yX3G2N9dCE6SMGNIjTfTrgEUd3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/0f6920-2770-4cbe-a64f-2a6bc3832a0a/1/oUxdJenaAsfYsdiQKRbEqlAvlZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/0f6920-2770-4cbe-a64f-2a6bc3832a0a/1/yX3G2N9dCE6SMGNIjTfTrgEUd3s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         07:bf:fb:98:e9:5a:d1:94:49:69:26:92:1d:3a:eb:be:7a:09:
         a7:3e:cd:80:a1:1b:52:ee:25:d6:b8:84:11:1c:31:e7:f6:ce:
         e1:aa:49:56:69:ee:09:92:5e:06:66:16:59:91:fd:2a:3b:0e:
         da:82:47:84:89:07:5c:af:23:7f:b4:b0:43:60:7e:01:e4:24:
         3a:b3:9b:9f:85:9e:d8:ec:c5:10:6f:c6:e4:b4:b8:05:f7:d1:
         6c:0a:b7:e9:8d:31:95:67:55:ca:0f:e1:98:c1:cf:4c:f3:dc:
         3d:bb:72:69:66:09:4d:2d:73:f9:8a:30:9a:a8:5f:a3:34:ed:
         29:e3:88:b1:ea:16:76:83:d0:05:da:51:df:8a:b3:dc:53:31:
         29:e4:3e:15:93:b9:bd:bb:90:bd:ab:84:ea:71:04:43:1d:ab:
         3e:9c:b3:19:be:e8:0a:02:1d:40:2e:a3:21:0f:ac:3e:c1:73:
         47:7c:a2:f1:87:11:c9:97:fd:6c:02:3a:e4:1a:be:75:9d:27:
         a1:5b:e9:66:94:e5:12:22:0d:3a:1c:b4:94:ae:53:cb:ac:3e:
         78:6b:12:0e:45:db:bb:58:0a:a9:60:06:6c:2c:ed:9e:0b:d4:
         ff:8b:f2:fe:78:e1:60:4d:fe:b8:47:ae:3f:c3:36:34:1f:ea:
         46:3e:37:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAQz5nb6TCBwHaJYaef4bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5N2RjNmQ4ZGY1ZDA4NGU5MjMwNjM0ODhkMzdkM2FlMDEx
NDc3N2IwHhcNMjQwMTAyMDIyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTRjNWQyNWU5ZGEwMmM3ZDhiMWQ4OTAyOTE2YzRhYTUwMmY5NTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMVFTQJsjZh/nGYUd92u6Xxzbq20
8Yrxu3q3Pf01q9pRvnKFOKN4IAgbYDOY8rfYEoYdLPB0Jw1KPb5zNph+utld+i25
lfGukKLUxDJQOdumGCtxXvGMZ/XQ25BTaBm3+bB6d3SEszH6RqRygyedF7iBVhLW
+oqqMxJlyk3jW4cH4j5IfBxuUhwas0yf9Q2ornBVSe7wXU2jhGil5c0Sn0i3Bd9D
KEiz6BP3P5vO1esk20QO+cn+QvuKTJ1sH0wLoSuBQFhxtZ245eWV5c6gLefnb8gG
R4/iHSf0rmFV5zuZ3zI+3aYj5fFK/IV1X5jSmO6mAdGf/d1UDyB+WDctawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKFMXSXp2gLH2LHYkCkWxKpQL5WZMB8GA1UdIwQY
MBaAFMl9xtjfXQhOkjBjSI03064BFHd7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVgzRzJOOWRDRTZTTUdOSWpUZlRyZ0VVZDNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8wZjY5MjAtMjc3MC00Y2JlLWE2NGYt
MmE2YmMzODMyYTBhLzEvb1V4ZEplbmFBc2ZZc2RpUUtSYkVxbEF2bFprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8wZjY5MjAtMjc3MC00Y2JlLWE2NGYtMmE2YmMzODMyYTBh
LzEveVgzRzJOOWRDRTZTTUdOSWpUZlRyZ0VVZDNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+WCMA0G
CSqGSIb3DQEBCwUAA4IBAQAHv/uY6VrRlElpJpIdOuu+egmnPs2AoRtS7iXWuIQR
HDHn9s7hqklWae4Jkl4GZhZZkf0qOw7agkeEiQdcryN/tLBDYH4B5CQ6s5ufhZ7Y
7MUQb8bktLgF99FsCrfpjTGVZ1XKD+GYwc9M89w9u3JpZglNLXP5ijCaqF+jNO0p
44ix6hZ2g9AF2lHfirPcUzEp5D4Vk7m9u5C9q4TqcQRDHas+nLMZvugKAh1ALqMh
D6w+wXNHfKLxhxHJl/1sAjrkGr51nSehW+lmlOUSIg06HLSUrlPLrD54axIORdu7
WAqpYAZsLO2eC9T/i/L+eOFgTf64R64/wzY0H+pGPjd4
-----END CERTIFICATE-----