Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/5clKtlIOZorxWwp6Y7OxGAjHjuw.roa
File:                     5clKtlIOZorxWwp6Y7OxGAjHjuw.roa (raw, json)
Hash identifier:          I8++6qJiaC5TuQqdTuPYW+2yKnP123GQCdkZ0ZhBib8=
Subject key identifier:   E5:C9:4A:B6:52:0E:66:8A:F1:5B:0A:7A:63:B3:B1:18:08:C7:8E:EC
Certificate issuer:       /CN=0b5f8c9447d614b86182763d9333250e2d9412e2
Certificate serial:       019343BAB62B20152694C990C155FFEA1D94
Authority key identifier: 0B:5F:8C:94:47:D6:14:B8:61:82:76:3D:93:33:25:0E:2D:94:12:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C1-MlEfWFLhhgnY9kzMlDi2UEuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/5clKtlIOZorxWwp6Y7OxGAjHjuw.roa
Signing time:             Tue 19 Nov 2024 09:22:09 +0000
ROA not before:           Tue 19 Nov 2024 09:22:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197537
IP address blocks:        91.232.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/C1-MlEfWFLhhgnY9kzMlDi2UEuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/C1-MlEfWFLhhgnY9kzMlDi2UEuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C1-MlEfWFLhhgnY9kzMlDi2UEuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:43:ba:b6:2b:20:15:26:94:c9:90:c1:55:ff:ea:1d:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b5f8c9447d614b86182763d9333250e2d9412e2
        Validity
            Not Before: Nov 19 09:22:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5c94ab6520e668af15b0a7a63b3b11808c78eec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ca:a3:b6:6b:94:a0:f8:10:fb:f8:67:95:a2:
                    b8:a4:fa:e9:75:02:dd:63:ce:8d:37:84:0e:23:62:
                    bf:61:bf:b1:9f:94:d3:0d:1c:a1:a3:e6:3a:b6:7a:
                    2a:0b:3d:1e:99:42:2f:13:77:f8:78:6a:ec:ac:93:
                    9a:44:86:4f:fd:c5:72:cd:98:8a:92:cb:87:83:d6:
                    d4:76:69:3e:0f:8f:ed:f2:d0:3c:57:a3:9d:fa:81:
                    87:7b:9c:26:57:a0:54:25:ca:05:e6:8d:f7:be:60:
                    35:d5:8f:88:2f:08:b4:60:13:54:6e:db:b5:2b:e7:
                    2f:44:22:4d:96:a1:e8:04:79:f4:24:c9:12:3f:5b:
                    3c:54:a4:7b:76:bf:c6:c6:13:9d:f9:98:79:ee:07:
                    bb:e8:ea:0c:92:ac:12:10:fe:2e:a4:97:2d:78:8a:
                    a1:3e:05:ee:81:23:e4:a8:8a:5f:43:67:2c:e1:cc:
                    9d:5d:7f:d4:8f:e8:d6:82:39:02:99:69:b0:3d:e2:
                    62:a9:1a:52:0d:d2:24:7d:d6:18:30:c7:a0:74:93:
                    ce:2f:88:c4:19:f8:f6:f4:5f:92:8b:1f:5d:4b:91:
                    7a:1a:76:64:2d:a3:1d:56:36:c2:fa:a9:a5:ac:5d:
                    b2:84:44:e8:43:96:10:3a:5e:af:56:0a:bb:86:2e:
                    b1:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:C9:4A:B6:52:0E:66:8A:F1:5B:0A:7A:63:B3:B1:18:08:C7:8E:EC
            X509v3 Authority Key Identifier:
                keyid:0B:5F:8C:94:47:D6:14:B8:61:82:76:3D:93:33:25:0E:2D:94:12:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C1-MlEfWFLhhgnY9kzMlDi2UEuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/5clKtlIOZorxWwp6Y7OxGAjHjuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/C1-MlEfWFLhhgnY9kzMlDi2UEuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:da:e9:bf:ea:ca:d2:0c:3e:ef:43:f9:b1:75:18:e2:98:60:
         5d:5b:47:3e:b6:eb:2f:68:fb:f1:e7:eb:c8:1a:de:a5:ca:af:
         9b:43:ae:33:2b:20:98:7a:5d:a4:2e:78:11:23:d6:9a:1d:14:
         19:b9:a6:be:30:63:3a:9d:7e:30:92:61:e6:9d:f4:38:f6:09:
         6d:ec:8e:82:92:c6:00:3b:e8:b0:9a:0a:e9:ed:06:44:a7:0a:
         2d:51:9a:c4:47:aa:d7:2e:2b:87:d8:f2:f2:fc:1a:1a:39:87:
         71:15:34:d7:96:d3:c0:09:40:be:2d:1c:18:a5:30:56:b0:ee:
         00:a9:f9:90:5c:74:ed:2f:7d:3e:f0:aa:36:24:a6:34:d7:d6:
         26:a6:fb:8a:b4:5b:b3:1d:0d:24:d9:3e:41:d2:13:13:c8:b3:
         12:3b:73:fc:9b:79:46:e4:51:ac:39:02:2f:2b:5b:06:6e:a0:
         5f:38:8e:93:c4:00:65:13:bf:4a:fb:e5:b9:ef:98:a8:8b:cc:
         80:4d:10:b6:3e:ab:b7:66:be:c7:12:4a:f9:4a:cb:8b:3b:f5:
         15:9a:e2:c4:e8:8c:52:d6:4a:bc:61:00:b4:49:37:55:34:f3:
         e5:e7:0f:8b:57:f8:7a:30:3f:e6:af:8b:ce:d7:5c:5a:87:5a:
         4e:ff:6c:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNDurYrIBUmlMmQwVX/6h2UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNWY4Yzk0NDdkNjE0Yjg2MTgyNzYzZDkzMzMyNTBlMmQ5
NDEyZTIwHhcNMjQxMTE5MDkyMjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWM5NGFiNjUyMGU2NjhhZjE1YjBhN2E2M2IzYjExODA4Yzc4ZWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsqjtmuUoPgQ+/hnlaK4pPrpdQLd
Y86NN4QOI2K/Yb+xn5TTDRyho+Y6tnoqCz0emUIvE3f4eGrsrJOaRIZP/cVyzZiK
ksuHg9bUdmk+D4/t8tA8V6Od+oGHe5wmV6BUJcoF5o33vmA11Y+ILwi0YBNUbtu1
K+cvRCJNlqHoBHn0JMkSP1s8VKR7dr/GxhOd+Zh57ge76OoMkqwSEP4upJcteIqh
PgXugSPkqIpfQ2cs4cydXX/Uj+jWgjkCmWmwPeJiqRpSDdIkfdYYMMegdJPOL4jE
Gfj29F+Six9dS5F6GnZkLaMdVjbC+qmlrF2yhEToQ5YQOl6vVgq7hi6x2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOXJSrZSDmaK8VsKemOzsRgIx47sMB8GA1UdIwQY
MBaAFAtfjJRH1hS4YYJ2PZMzJQ4tlBLiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzEtTWxFZldGTGhoZ25ZOWt6TWxEaTJVRXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9mN2Y2YzAtMDlkMC00OTJjLTkyZTYt
OGE5NWU2Mzc3MzMyLzEvNWNsS3RsSU9ab3J4V3dwNlk3T3hHQWpIanV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9mN2Y2YzAtMDlkMC00OTJjLTkyZTYtOGE5NWU2Mzc3MzMy
LzEvQzEtTWxFZldGTGhoZ25ZOWt6TWxEaTJVRXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+hjMA0G
CSqGSIb3DQEBCwUAA4IBAQCS2um/6srSDD7vQ/mxdRjimGBdW0c+tusvaPvx5+vI
Gt6lyq+bQ64zKyCYel2kLngRI9aaHRQZuaa+MGM6nX4wkmHmnfQ49glt7I6CksYA
O+iwmgrp7QZEpwotUZrER6rXLiuH2PLy/BoaOYdxFTTXltPACUC+LRwYpTBWsO4A
qfmQXHTtL30+8Ko2JKY019YmpvuKtFuzHQ0k2T5B0hMTyLMSO3P8m3lG5FGsOQIv
K1sGbqBfOI6TxABlE79K++W575ioi8yATRC2Pqu3Zr7HEkr5SsuLO/UVmuLE6IxS
1kq8YQC0STdVNPPl5w+LV/h6MD/mr4vO11xah1pO/2ym
-----END CERTIFICATE-----