Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/JnsyhD6c1_JqzhAxKLh4p1KRNrk.roa
File:                     JnsyhD6c1_JqzhAxKLh4p1KRNrk.roa (raw, json)
Hash identifier:          Eb8K7DM8dN0ZBWUmQcf/cPI0fjn9McgQxfvt9nHJW6I=
Subject key identifier:   26:7B:32:84:3E:9C:D7:F2:6A:CE:10:31:28:B8:78:A7:52:91:36:B9
Certificate issuer:       /CN=a4824308bc83b4ee56f1c0c1b9fbfc311b0cd44a
Certificate serial:       018CC94E301D8455185B454C0A6902DEB05B
Authority key identifier: A4:82:43:08:BC:83:B4:EE:56:F1:C0:C1:B9:FB:FC:31:1B:0C:D4:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pIJDCLyDtO5W8cDBufv8MRsM1Eo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/JnsyhD6c1_JqzhAxKLh4p1KRNrk.roa
Signing time:             Tue 02 Jan 2024 08:33:13 +0000
ROA not before:           Tue 02 Jan 2024 08:33:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59460
IP address blocks:        193.91.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/pIJDCLyDtO5W8cDBufv8MRsM1Eo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/pIJDCLyDtO5W8cDBufv8MRsM1Eo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pIJDCLyDtO5W8cDBufv8MRsM1Eo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:30:1d:84:55:18:5b:45:4c:0a:69:02:de:b0:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4824308bc83b4ee56f1c0c1b9fbfc311b0cd44a
        Validity
            Not Before: Jan  2 08:33:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=267b32843e9cd7f26ace103128b878a7529136b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c0:a8:c9:9b:29:75:2a:2a:db:53:be:6b:eb:
                    3f:43:3e:13:49:be:ef:c8:0d:e0:19:31:37:b6:c2:
                    98:04:50:7c:13:a2:91:bb:b3:2e:15:2f:f1:60:48:
                    f8:a8:cd:8e:44:b1:4f:59:49:66:39:4c:5e:8a:b5:
                    be:26:03:3a:7b:95:6d:9f:2b:f0:ba:7e:09:0f:75:
                    db:2a:fe:00:db:9b:96:4d:90:ea:53:14:d8:6e:bd:
                    f8:4c:4a:cc:bf:60:c1:9e:1a:94:97:41:dc:65:b7:
                    1b:e2:8c:75:80:98:cf:4c:9e:9d:14:8c:a9:f7:f3:
                    78:c7:1b:43:5c:ab:81:bd:d5:5c:cf:8f:3d:d4:3c:
                    b1:85:af:5e:fd:4a:0a:4d:0d:cf:8e:4a:ce:8d:e1:
                    b2:de:73:e6:83:b4:57:2b:1a:6d:86:e3:8f:fd:4e:
                    15:dc:6c:3a:bb:93:f4:d2:7a:e1:d8:b8:06:8d:dd:
                    3d:cd:a4:7f:69:7b:83:c9:3d:07:57:ae:07:eb:96:
                    bd:41:90:4f:69:3d:13:48:e5:ca:6c:a1:bb:f9:7f:
                    3e:16:ea:c3:32:4d:e4:dd:f0:03:6b:6e:91:91:ac:
                    d9:cf:0b:20:70:b7:e1:3e:5a:c1:b8:90:7b:a3:44:
                    73:0c:dc:b5:ab:00:6c:56:3c:9f:87:f0:ac:d0:be:
                    95:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:7B:32:84:3E:9C:D7:F2:6A:CE:10:31:28:B8:78:A7:52:91:36:B9
            X509v3 Authority Key Identifier:
                keyid:A4:82:43:08:BC:83:B4:EE:56:F1:C0:C1:B9:FB:FC:31:1B:0C:D4:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pIJDCLyDtO5W8cDBufv8MRsM1Eo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/JnsyhD6c1_JqzhAxKLh4p1KRNrk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/pIJDCLyDtO5W8cDBufv8MRsM1Eo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.91.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:0a:35:b9:72:eb:3d:5a:f9:b7:1e:fe:dd:13:00:41:cd:bb:
         df:fa:97:86:12:62:b8:f7:b9:ed:94:ba:db:03:24:2f:3c:67:
         dc:e2:99:b0:d5:41:4e:1d:3b:42:e0:4f:67:1e:26:88:5d:a8:
         f5:93:dc:a4:4a:e3:db:db:4e:ae:2c:d5:57:09:b0:04:3f:06:
         48:bd:93:18:5f:9b:47:a9:e6:39:3c:10:be:0a:26:62:da:f0:
         b1:87:72:dd:7c:96:e4:c5:4a:d4:d8:16:34:3e:c5:b2:f3:9a:
         06:c9:91:66:e3:14:5b:0a:ae:ea:85:e5:64:d7:ff:71:38:7d:
         06:51:18:ae:ad:c1:9d:bf:24:5c:02:1d:4b:aa:81:8a:85:22:
         95:61:01:58:6e:d6:ff:bc:6c:c3:01:62:42:b9:a8:a5:bb:c4:
         b4:53:38:83:38:73:f0:21:c3:b4:dc:32:58:8e:5a:99:71:e6:
         15:89:07:95:6d:d6:af:77:77:01:c6:48:be:a0:0c:ae:89:d7:
         a8:26:3b:df:af:c9:f1:2f:ca:dd:a4:e1:2f:44:0c:56:bb:41:
         9f:d4:88:99:c5:41:11:36:cf:b5:ff:96:96:31:42:21:0a:d0:
         e7:66:06:62:66:1e:f7:49:e7:7d:9c:bf:e9:69:44:1a:f4:d2:
         18:76:45:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTjAdhFUYW0VMCmkC3rBbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ODI0MzA4YmM4M2I0ZWU1NmYxYzBjMWI5ZmJmYzMxMWIw
Y2Q0NGEwHhcNMjQwMTAyMDgzMzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjdiMzI4NDNlOWNkN2YyNmFjZTEwMzEyOGI4NzhhNzUyOTEzNmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8CoyZspdSoq21O+a+s/Qz4TSb7v
yA3gGTE3tsKYBFB8E6KRu7MuFS/xYEj4qM2ORLFPWUlmOUxeirW+JgM6e5Vtnyvw
un4JD3XbKv4A25uWTZDqUxTYbr34TErMv2DBnhqUl0HcZbcb4ox1gJjPTJ6dFIyp
9/N4xxtDXKuBvdVcz4891Dyxha9e/UoKTQ3PjkrOjeGy3nPmg7RXKxpthuOP/U4V
3Gw6u5P00nrh2LgGjd09zaR/aXuDyT0HV64H65a9QZBPaT0TSOXKbKG7+X8+FurD
Mk3k3fADa26RkazZzwsgcLfhPlrBuJB7o0RzDNy1qwBsVjyfh/Cs0L6VJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCZ7MoQ+nNfyas4QMSi4eKdSkTa5MB8GA1UdIwQY
MBaAFKSCQwi8g7TuVvHAwbn7/DEbDNRKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcElKRENMeUR0TzVXOGNEQnVmdjhNUnNNMUVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS81ZmViMTMtOWU0My00MzI1LTg1Yzkt
MTk2ZTZmMzc1ZmQ2LzEvSm5zeWhENmMxX0pxemhBeEtMaDRwMUtSTnJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS81ZmViMTMtOWU0My00MzI1LTg1YzktMTk2ZTZmMzc1ZmQ2
LzEvcElKRENMeUR0TzVXOGNEQnVmdjhNUnNNMUVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwVsFMA0G
CSqGSIb3DQEBCwUAA4IBAQCpCjW5cus9Wvm3Hv7dEwBBzbvf+peGEmK497ntlLrb
AyQvPGfc4pmw1UFOHTtC4E9nHiaIXaj1k9ykSuPb206uLNVXCbAEPwZIvZMYX5tH
qeY5PBC+CiZi2vCxh3LdfJbkxUrU2BY0PsWy85oGyZFm4xRbCq7qheVk1/9xOH0G
URiurcGdvyRcAh1LqoGKhSKVYQFYbtb/vGzDAWJCuailu8S0UziDOHPwIcO03DJY
jlqZceYViQeVbdavd3cBxki+oAyuideoJjvfr8nxL8rdpOEvRAxWu0Gf1IiZxUER
Ns+1/5aWMUIhCtDnZgZiZh73Sed9nL/paUQa9NIYdkUD
-----END CERTIFICATE-----