Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/py65vHjJSOA_bKOI9pXYOFs_ybU.roa
File:                     py65vHjJSOA_bKOI9pXYOFs_ybU.roa (raw, json)
Hash identifier:          OA+a2v0mo0Hh5arF3X/LyvCtA3k9B3JzQIaxyfLjLcU=
Subject key identifier:   A7:2E:B9:BC:78:C9:48:E0:3F:6C:A3:88:F6:95:D8:38:5B:3F:C9:B5
Certificate issuer:       /CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
Certificate serial:       018CC500B48B54F1D6F86110FC16882C968F
Authority key identifier: 9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/py65vHjJSOA_bKOI9pXYOFs_ybU.roa
Signing time:             Mon 01 Jan 2024 12:30:06 +0000
ROA not before:           Mon 01 Jan 2024 12:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203639
IP address blocks:        91.244.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:b4:8b:54:f1:d6:f8:61:10:fc:16:88:2c:96:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
        Validity
            Not Before: Jan  1 12:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a72eb9bc78c948e03f6ca388f695d8385b3fc9b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:72:74:af:e1:be:bf:d3:10:4a:f9:f1:54:ac:
                    ed:52:7c:04:aa:f4:6d:08:c6:48:d2:f6:64:0b:dc:
                    fb:e3:22:52:c1:53:24:7c:fa:6a:f4:99:cb:bb:09:
                    69:0a:2a:b3:98:5a:c2:37:91:e7:88:30:3e:05:b5:
                    21:10:c9:fd:4e:c7:ca:c4:04:26:50:81:06:be:3a:
                    65:bf:bc:ce:1e:5f:65:97:7f:c7:d3:21:91:6b:fd:
                    16:01:25:1f:a2:3c:a7:c9:5d:53:f2:7a:10:37:d2:
                    9a:f3:13:97:fd:00:16:03:e0:47:52:86:b3:f0:ec:
                    c6:55:4f:bc:4c:31:88:b0:37:77:5c:37:32:3f:b4:
                    25:71:7f:11:65:a9:4a:1b:4e:0c:30:aa:40:ed:e1:
                    92:ff:9b:e2:dc:df:2e:e6:61:e4:ed:32:7f:2f:81:
                    33:02:05:ec:7d:bb:95:d4:4e:a6:7b:26:fa:ca:9f:
                    f9:87:3c:82:b3:af:98:96:01:ea:33:82:78:39:a5:
                    40:b5:5f:97:2c:08:2e:24:8b:bd:d9:b1:32:42:bd:
                    6b:3e:a7:e4:62:10:7b:4d:03:ca:22:e4:47:5f:10:
                    8b:ae:96:69:d7:bd:9b:88:f5:6c:d5:cd:9b:86:ac:
                    02:76:6e:85:b5:d8:ae:c6:0b:b8:10:4b:b4:15:49:
                    a6:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:2E:B9:BC:78:C9:48:E0:3F:6C:A3:88:F6:95:D8:38:5B:3F:C9:B5
            X509v3 Authority Key Identifier:
                keyid:9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/py65vHjJSOA_bKOI9pXYOFs_ybU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.244.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:bc:cf:2a:f0:f4:03:55:b2:1d:bb:94:98:2f:a4:de:85:f9:
         2a:1c:16:61:9a:55:45:18:40:4a:f2:d7:b7:d2:e5:81:1c:79:
         b2:40:b8:0c:79:be:82:7c:41:f3:58:75:dc:43:ce:d7:a5:48:
         94:a3:67:25:fa:fe:82:23:ee:a3:50:fb:4e:89:0b:86:ff:01:
         5f:a6:f9:ea:aa:2a:a7:29:30:36:67:50:6d:db:39:55:3c:7f:
         c7:9d:67:80:b4:40:15:59:1b:c9:9c:18:07:5d:b3:b4:6b:bf:
         6d:ee:6e:e7:ee:d4:2a:66:23:31:d3:62:bb:e9:62:d6:08:0d:
         70:51:cc:27:e2:5d:8c:9c:87:05:7d:49:28:c1:ff:6b:99:bb:
         9d:8a:0b:ec:9a:3d:5a:92:a6:ce:98:ae:37:b9:54:55:2a:d8:
         c4:16:2f:3a:01:7c:4d:cd:78:c0:44:eb:fc:94:58:76:bf:c6:
         39:62:1d:b3:ec:67:db:4c:ec:ae:48:6e:db:c1:e0:d0:12:14:
         49:eb:57:ab:21:96:30:95:33:af:bc:a4:40:5e:d1:99:db:e2:
         4a:18:ee:8a:75:ec:e5:9a:d3:dd:3e:a2:8e:d9:0a:77:b1:fa:
         e6:db:1e:a8:bd:c9:b7:17:2e:ac:98:dc:71:58:db:70:99:93:
         d1:57:2b:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFALSLVPHW+GEQ/BaILJaPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMGMwZDA0MjI1NTY2ZGI5NWU5YWQzYjJlZjYwNTAxNDk3
NWFhYTIwHhcNMjQwMTAxMTIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzJlYjliYzc4Yzk0OGUwM2Y2Y2EzODhmNjk1ZDgzODViM2ZjOWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunJ0r+G+v9MQSvnxVKztUnwEqvRt
CMZI0vZkC9z74yJSwVMkfPpq9JnLuwlpCiqzmFrCN5HniDA+BbUhEMn9TsfKxAQm
UIEGvjplv7zOHl9ll3/H0yGRa/0WASUfojynyV1T8noQN9Ka8xOX/QAWA+BHUoaz
8OzGVU+8TDGIsDd3XDcyP7QlcX8RZalKG04MMKpA7eGS/5vi3N8u5mHk7TJ/L4Ez
AgXsfbuV1E6meyb6yp/5hzyCs6+YlgHqM4J4OaVAtV+XLAguJIu92bEyQr1rPqfk
YhB7TQPKIuRHXxCLrpZp172biPVs1c2bhqwCdm6Ftdiuxgu4EEu0FUmmnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKcuubx4yUjgP2yjiPaV2DhbP8m1MB8GA1UdIwQY
MBaAFJsMDQQiVWbblemtOy72BQFJdaqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMt
ZThlZjJmMDk1OThlLzEvcHk2NXZIakpTT0FfYktPSTlwWFlPRnNfeWJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMtZThlZjJmMDk1OThl
LzEvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/THMA0G
CSqGSIb3DQEBCwUAA4IBAQBjvM8q8PQDVbIdu5SYL6TehfkqHBZhmlVFGEBK8te3
0uWBHHmyQLgMeb6CfEHzWHXcQ87XpUiUo2cl+v6CI+6jUPtOiQuG/wFfpvnqqiqn
KTA2Z1Bt2zlVPH/HnWeAtEAVWRvJnBgHXbO0a79t7m7n7tQqZiMx02K76WLWCA1w
Ucwn4l2MnIcFfUkowf9rmbudigvsmj1akqbOmK43uVRVKtjEFi86AXxNzXjAROv8
lFh2v8Y5Yh2z7GfbTOyuSG7bweDQEhRJ61erIZYwlTOvvKRAXtGZ2+JKGO6Kdezl
mtPdPqKO2Qp3sfrm2x6ovcm3Fy6smNxxWNtwmZPRVyut
-----END CERTIFICATE-----