Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/F3VJ-SO0zfNM5tCuf5y9LalK4bg.roa
File:                     F3VJ-SO0zfNM5tCuf5y9LalK4bg.roa (raw, json)
Hash identifier:          Yr9ksVdEepicmoi74xs3Oi5TlcU7+hziHQ/2kPr9V9A=
Subject key identifier:   17:75:49:F9:23:B4:CD:F3:4C:E6:D0:AE:7F:9C:BD:2D:A9:4A:E1:B8
Certificate issuer:       /CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
Certificate serial:       018CC500B0229FF9062EE8FDEF80C9D65249
Authority key identifier: 9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/F3VJ-SO0zfNM5tCuf5y9LalK4bg.roa
Signing time:             Mon 01 Jan 2024 12:30:05 +0000
ROA not before:           Mon 01 Jan 2024 12:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        91.239.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:b0:22:9f:f9:06:2e:e8:fd:ef:80:c9:d6:52:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
        Validity
            Not Before: Jan  1 12:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=177549f923b4cdf34ce6d0ae7f9cbd2da94ae1b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:cc:1f:de:a9:ee:d7:26:53:15:81:0c:d1:39:
                    4d:7b:14:04:8f:ff:d6:35:31:56:4e:47:08:f1:9f:
                    c0:82:e7:f5:43:f1:e9:e4:1c:e6:72:a3:b2:75:c6:
                    e2:f3:0d:94:00:9c:57:a2:75:2f:bb:e8:9b:3d:32:
                    7e:92:c9:ca:23:f9:60:b1:bc:4f:03:d2:14:1b:46:
                    bc:ab:b1:31:94:c7:b7:9c:ab:bb:26:07:98:0b:d4:
                    bd:3f:5d:31:bc:3f:52:ac:4d:d2:48:78:d8:c2:bc:
                    e9:6d:41:81:b8:cf:ac:84:ab:1a:76:99:2e:39:bb:
                    9c:5d:38:6f:b4:c8:4c:d7:10:5d:53:03:0f:81:25:
                    5f:e3:98:20:6e:2d:1f:52:d0:14:ce:e2:c1:60:5e:
                    01:70:9b:ec:65:70:6b:95:60:31:a6:4e:b8:93:a3:
                    25:0b:a3:54:86:8e:00:20:5e:05:80:d9:64:f7:d9:
                    39:b2:3e:c3:61:18:bd:0d:8b:1e:9c:80:5a:f0:09:
                    1f:d7:c0:10:a4:28:46:77:e3:7a:b0:78:e7:60:d9:
                    8f:be:d4:08:04:ec:77:13:1b:b6:78:f2:cf:a2:63:
                    26:0a:75:43:47:48:2a:4d:92:22:f6:c2:a4:64:70:
                    cf:21:0c:bb:68:27:b0:b2:b6:08:91:16:85:b7:66:
                    59:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:75:49:F9:23:B4:CD:F3:4C:E6:D0:AE:7F:9C:BD:2D:A9:4A:E1:B8
            X509v3 Authority Key Identifier:
                keyid:9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/F3VJ-SO0zfNM5tCuf5y9LalK4bg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:32:94:89:01:bb:e5:91:5a:27:72:74:69:a0:fb:21:84:69:
         5a:be:e6:69:e6:29:50:54:9d:c7:ea:a4:ae:09:fc:91:75:20:
         b1:c3:e4:21:a9:8f:ea:9d:e7:64:69:7d:4b:40:cc:39:08:37:
         3b:68:6d:87:fc:a7:47:53:90:1d:8d:3e:eb:c2:9d:fa:36:c2:
         4d:67:e9:f8:4e:92:9d:0d:05:9e:d2:ed:7d:5a:51:68:1f:cc:
         2f:45:39:f5:55:53:d4:94:e6:c0:c5:ad:b7:b1:6e:83:fb:e5:
         3e:c6:14:74:85:af:73:6d:bd:4e:66:69:04:a3:e0:5d:50:cd:
         56:f6:c0:ed:a5:11:dd:20:4e:5b:9a:11:66:5b:be:a0:5f:88:
         08:f3:b5:6f:73:0d:09:4e:eb:b0:5e:32:f3:95:42:c9:c3:c7:
         fa:87:18:b9:eb:10:a6:50:f5:7b:e3:a1:ff:76:c9:0a:b9:d5:
         06:2c:ab:e6:39:3e:5e:eb:d3:02:0d:6f:f5:02:80:66:97:63:
         b2:d4:8d:17:72:99:9d:f4:41:1c:13:50:ff:bb:8c:6a:60:8f:
         e6:aa:d7:97:77:74:d1:71:bc:d6:5a:3f:4b:07:af:c6:18:49:
         d4:1a:51:ee:6a:f1:93:d1:36:af:17:c0:08:b4:2d:2b:07:a6:
         f4:a5:22:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFALAin/kGLuj974DJ1lJJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMGMwZDA0MjI1NTY2ZGI5NWU5YWQzYjJlZjYwNTAxNDk3
NWFhYTIwHhcNMjQwMTAxMTIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzc1NDlmOTIzYjRjZGYzNGNlNmQwYWU3ZjljYmQyZGE5NGFlMWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Mwf3qnu1yZTFYEM0TlNexQEj//W
NTFWTkcI8Z/Aguf1Q/Hp5BzmcqOydcbi8w2UAJxXonUvu+ibPTJ+ksnKI/lgsbxP
A9IUG0a8q7ExlMe3nKu7JgeYC9S9P10xvD9SrE3SSHjYwrzpbUGBuM+shKsadpku
ObucXThvtMhM1xBdUwMPgSVf45ggbi0fUtAUzuLBYF4BcJvsZXBrlWAxpk64k6Ml
C6NUho4AIF4FgNlk99k5sj7DYRi9DYsenIBa8Akf18AQpChGd+N6sHjnYNmPvtQI
BOx3Exu2ePLPomMmCnVDR0gqTZIi9sKkZHDPIQy7aCewsrYIkRaFt2ZZ5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBd1SfkjtM3zTObQrn+cvS2pSuG4MB8GA1UdIwQY
MBaAFJsMDQQiVWbblemtOy72BQFJdaqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMt
ZThlZjJmMDk1OThlLzEvRjNWSi1TTzB6Zk5NNXRDdWY1eTlMYWxLNGJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMtZThlZjJmMDk1OThl
LzEvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW++VMA0G
CSqGSIb3DQEBCwUAA4IBAQCUMpSJAbvlkVoncnRpoPshhGlavuZp5ilQVJ3H6qSu
CfyRdSCxw+QhqY/qnedkaX1LQMw5CDc7aG2H/KdHU5AdjT7rwp36NsJNZ+n4TpKd
DQWe0u19WlFoH8wvRTn1VVPUlObAxa23sW6D++U+xhR0ha9zbb1OZmkEo+BdUM1W
9sDtpRHdIE5bmhFmW76gX4gI87Vvcw0JTuuwXjLzlULJw8f6hxi56xCmUPV746H/
dskKudUGLKvmOT5e69MCDW/1AoBml2Oy1I0Xcpmd9EEcE1D/u4xqYI/mqteXd3TR
cbzWWj9LB6/GGEnUGlHuavGT0TavF8AItC0rB6b0pSK3
-----END CERTIFICATE-----