Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/3obiRhX8rAvDSw78utyxJuOGfUQ.roa
File:                     3obiRhX8rAvDSw78utyxJuOGfUQ.roa (raw, json)
Hash identifier:          t8n1zlvuibPTx25qO9i3IrNtPuWL9OqaTZ+++DKoSxM=
Subject key identifier:   DE:86:E2:46:15:FC:AC:0B:C3:4B:0E:FC:BA:DC:B1:26:E3:86:7D:44
Certificate issuer:       /CN=0b5f8c9447d614b86182763d9333250e2d9412e2
Certificate serial:       019343D0AF32C74D441556F663FFD678A1A9
Authority key identifier: 0B:5F:8C:94:47:D6:14:B8:61:82:76:3D:93:33:25:0E:2D:94:12:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C1-MlEfWFLhhgnY9kzMlDi2UEuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/3obiRhX8rAvDSw78utyxJuOGfUQ.roa
Signing time:             Tue 19 Nov 2024 09:46:10 +0000
ROA not before:           Tue 19 Nov 2024 09:46:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5650
IP address blocks:        91.231.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/C1-MlEfWFLhhgnY9kzMlDi2UEuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/C1-MlEfWFLhhgnY9kzMlDi2UEuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C1-MlEfWFLhhgnY9kzMlDi2UEuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:43:d0:af:32:c7:4d:44:15:56:f6:63:ff:d6:78:a1:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b5f8c9447d614b86182763d9333250e2d9412e2
        Validity
            Not Before: Nov 19 09:46:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de86e24615fcac0bc34b0efcbadcb126e3867d44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:b9:a1:33:ee:c1:71:fd:9f:14:14:22:6e:9e:
                    5a:8b:e3:99:22:84:f6:59:7e:f1:c7:74:2a:a7:cf:
                    40:e0:a6:cd:22:42:15:80:36:fd:be:0d:d0:ca:d6:
                    3c:d0:06:96:eb:2b:e2:36:e1:b0:c8:b3:73:55:66:
                    7f:fa:7e:a1:04:a0:66:96:ad:14:f7:74:03:78:3f:
                    0c:aa:6b:f0:1d:c8:ad:39:3b:23:4c:ac:33:3d:53:
                    3b:32:13:56:1d:a1:85:3a:60:6f:48:6c:6a:7c:57:
                    74:ef:d3:67:c7:6d:a4:ee:a6:b2:dd:c3:19:ce:a1:
                    c7:95:2e:17:2c:45:a1:e6:22:2a:78:6b:d1:76:cf:
                    48:52:29:84:e7:16:6c:4a:b2:a0:50:7a:48:57:fb:
                    09:71:00:1e:50:58:a7:f6:ec:19:0b:3b:f3:9d:6f:
                    8e:f7:f0:c7:0e:d1:ca:e0:f3:2f:33:23:48:14:85:
                    c6:a1:c1:74:cd:03:e5:14:f3:1f:8f:3a:43:ac:50:
                    16:93:ed:61:17:a1:3f:61:fc:31:00:97:99:13:9c:
                    b4:5b:f0:a5:e0:c2:7a:ca:9b:b3:96:64:7f:0b:5f:
                    b7:53:9a:42:ab:c2:50:39:73:a6:38:54:fa:d5:ba:
                    b2:36:32:8d:85:55:9c:32:da:a0:0a:51:39:7c:37:
                    ea:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:86:E2:46:15:FC:AC:0B:C3:4B:0E:FC:BA:DC:B1:26:E3:86:7D:44
            X509v3 Authority Key Identifier:
                keyid:0B:5F:8C:94:47:D6:14:B8:61:82:76:3D:93:33:25:0E:2D:94:12:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C1-MlEfWFLhhgnY9kzMlDi2UEuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/3obiRhX8rAvDSw78utyxJuOGfUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/C1-MlEfWFLhhgnY9kzMlDi2UEuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:bc:f5:7d:f7:f2:51:df:47:91:10:03:c9:c6:a8:60:a9:c8:
         7a:9e:90:93:f0:1f:cf:d7:69:14:8b:7c:ec:10:95:9d:68:5c:
         36:5e:5c:ef:9b:cc:24:fd:16:f5:9e:78:6e:20:17:cf:ab:25:
         be:dd:02:95:f2:90:23:b4:1b:92:54:29:aa:22:98:c5:b8:47:
         4b:80:ae:18:d9:08:2f:dd:62:9b:df:83:f4:c7:54:5f:f6:20:
         d9:15:13:76:f3:8a:f5:e7:8d:7b:f6:61:99:0c:9d:38:4d:5d:
         1d:78:c3:0a:21:aa:ff:2f:5b:44:ff:c1:2a:ac:92:0b:ef:47:
         d9:09:bf:8a:7d:17:34:a2:2a:17:52:e6:d0:48:b5:a0:f4:2d:
         2a:9b:08:c1:e0:1f:9b:0a:42:85:6f:9d:8d:59:aa:1b:b5:6b:
         c5:74:a5:f0:98:42:93:83:e3:0a:2c:6a:7a:52:9c:93:87:6c:
         28:10:6c:6c:c1:fb:8b:cb:2e:0b:3f:3d:f7:47:dd:fe:5c:4d:
         5d:b9:0c:88:2f:06:c7:64:3f:14:d8:df:0a:ec:5d:ed:da:bd:
         d8:89:e3:b3:d5:28:36:50:c6:ca:d2:2a:c9:2c:3b:5d:9b:88:
         fd:cc:4e:7d:5a:f1:d5:3f:7b:82:81:d9:43:5d:59:15:a6:b9:
         a2:77:e0:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZND0K8yx01EFVb2Y//WeKGpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNWY4Yzk0NDdkNjE0Yjg2MTgyNzYzZDkzMzMyNTBlMmQ5
NDEyZTIwHhcNMjQxMTE5MDk0NjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTg2ZTI0NjE1ZmNhYzBiYzM0YjBlZmNiYWRjYjEyNmUzODY3ZDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLmhM+7Bcf2fFBQibp5ai+OZIoT2
WX7xx3Qqp89A4KbNIkIVgDb9vg3QytY80AaW6yviNuGwyLNzVWZ/+n6hBKBmlq0U
93QDeD8MqmvwHcitOTsjTKwzPVM7MhNWHaGFOmBvSGxqfFd079Nnx22k7qay3cMZ
zqHHlS4XLEWh5iIqeGvRds9IUimE5xZsSrKgUHpIV/sJcQAeUFin9uwZCzvznW+O
9/DHDtHK4PMvMyNIFIXGocF0zQPlFPMfjzpDrFAWk+1hF6E/YfwxAJeZE5y0W/Cl
4MJ6ypuzlmR/C1+3U5pCq8JQOXOmOFT61bqyNjKNhVWcMtqgClE5fDfq4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN6G4kYV/KwLw0sO/LrcsSbjhn1EMB8GA1UdIwQY
MBaAFAtfjJRH1hS4YYJ2PZMzJQ4tlBLiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzEtTWxFZldGTGhoZ25ZOWt6TWxEaTJVRXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9mN2Y2YzAtMDlkMC00OTJjLTkyZTYt
OGE5NWU2Mzc3MzMyLzEvM29iaVJoWDhyQXZEU3c3OHV0eXhKdU9HZlVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9mN2Y2YzAtMDlkMC00OTJjLTkyZTYtOGE5NWU2Mzc3MzMy
LzEvQzEtTWxFZldGTGhoZ25ZOWt6TWxEaTJVRXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+d+MA0G
CSqGSIb3DQEBCwUAA4IBAQBmvPV99/JR30eREAPJxqhgqch6npCT8B/P12kUi3zs
EJWdaFw2Xlzvm8wk/Rb1nnhuIBfPqyW+3QKV8pAjtBuSVCmqIpjFuEdLgK4Y2Qgv
3WKb34P0x1Rf9iDZFRN284r154179mGZDJ04TV0deMMKIar/L1tE/8EqrJIL70fZ
Cb+KfRc0oioXUubQSLWg9C0qmwjB4B+bCkKFb52NWaobtWvFdKXwmEKTg+MKLGp6
UpyTh2woEGxswfuLyy4LPz33R93+XE1duQyILwbHZD8U2N8K7F3t2r3YieOz1Sg2
UMbK0irJLDtdm4j9zE59WvHVP3uCgdlDXVkVprmid+CL
-----END CERTIFICATE-----