Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/ykDzqLxYQhpwXnX08HmeUqxcfpA.roa
File:                     ykDzqLxYQhpwXnX08HmeUqxcfpA.roa (raw, json)
Hash identifier:          zDUehePsiHje/PItJ3TojUORAqgVbSV35CL0F4IkugI=
Subject key identifier:   CA:40:F3:A8:BC:58:42:1A:70:5E:75:F4:F0:79:9E:52:AC:5C:7E:90
Certificate issuer:       /CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
Certificate serial:       018CC500B32E1471AE7839C9B87481ABB0FC
Authority key identifier: 9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/ykDzqLxYQhpwXnX08HmeUqxcfpA.roa
Signing time:             Mon 01 Jan 2024 12:30:06 +0000
ROA not before:           Mon 01 Jan 2024 12:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199058
IP address blocks:        91.239.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:b3:2e:14:71:ae:78:39:c9:b8:74:81:ab:b0:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
        Validity
            Not Before: Jan  1 12:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca40f3a8bc58421a705e75f4f0799e52ac5c7e90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:0b:58:5c:61:95:48:b4:ba:9d:af:af:96:90:
                    8d:d3:ab:62:87:fb:10:9e:fb:28:ae:fb:5d:b3:ea:
                    df:4e:a8:44:19:66:e6:6d:9e:bb:c0:53:ae:41:b4:
                    a2:c3:d6:64:f9:15:a2:d6:f3:3b:46:9d:f0:24:14:
                    84:ed:d3:43:7e:d1:d4:46:8c:4e:45:b9:dc:f1:20:
                    a1:c8:8d:13:16:1b:e3:e9:49:5e:73:49:bb:99:47:
                    d3:b9:e4:46:3f:cd:d0:00:51:e5:88:6f:b2:9e:99:
                    41:17:9a:b2:45:56:59:17:8f:d6:c1:39:b3:8e:16:
                    87:34:5e:d7:63:33:54:ab:b1:3c:37:c7:81:a2:d9:
                    75:48:d1:d7:d7:d9:21:99:0a:ad:2b:ee:ec:52:cc:
                    41:18:84:49:4e:d1:21:8b:15:4d:ef:8b:85:e2:80:
                    e8:57:51:37:61:a7:ae:c9:08:27:81:69:ea:5f:25:
                    a9:52:41:6e:4a:26:cf:0a:99:9d:9a:0f:8d:f1:a0:
                    bd:47:ac:6e:c1:f2:2a:44:a0:cb:47:3f:45:b1:40:
                    a6:ae:ab:e5:08:5a:e8:ee:50:21:14:b4:6c:bf:dc:
                    51:15:9d:8a:52:92:98:3c:93:b2:ef:3f:de:44:04:
                    8b:77:ef:cc:41:12:4a:5d:7b:ca:02:c5:20:71:6e:
                    42:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:40:F3:A8:BC:58:42:1A:70:5E:75:F4:F0:79:9E:52:AC:5C:7E:90
            X509v3 Authority Key Identifier:
                keyid:9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/ykDzqLxYQhpwXnX08HmeUqxcfpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:2f:01:8a:a8:f4:66:27:39:71:b5:77:dc:5f:84:f7:f9:2b:
         61:ea:95:39:a3:bd:1c:fe:55:2f:a0:d4:fc:2f:39:6b:94:4c:
         9b:c8:59:44:bf:c1:79:c4:14:b3:37:cc:3f:70:51:da:b2:4c:
         06:44:75:fc:27:a5:ad:6f:07:d2:2f:fe:24:60:51:80:7e:5e:
         80:9d:db:c1:86:db:0b:b9:15:52:dc:6f:f5:d4:87:15:3c:dd:
         f2:27:e9:59:2c:c7:19:cc:9f:63:98:8b:8f:5f:e1:a6:39:32:
         a6:6c:07:2f:82:19:e8:71:b1:92:41:13:ea:84:1e:e0:b5:ac:
         bc:1d:6c:32:10:b8:46:54:ce:39:e1:d2:37:69:94:d2:56:1d:
         92:b3:e3:f1:f2:4b:68:3d:84:03:87:ec:0c:bf:49:9b:0a:47:
         72:58:eb:a0:a2:31:4a:98:e7:fa:b1:ba:b9:d7:5e:e3:3c:b1:
         e2:d2:b9:6a:28:3c:e8:00:9b:eb:1d:bc:d5:7d:62:f2:36:8d:
         8b:d1:65:4b:78:c3:5c:6d:d9:43:4e:44:dd:19:32:cc:fa:d0:
         1c:f4:c0:db:7e:af:2e:3d:12:db:2b:bc:de:63:a5:39:e4:26:
         8d:7e:90:e0:e9:e3:3d:9a:d0:75:ed:42:64:a7:05:97:d5:8d:
         08:34:fc:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFALMuFHGueDnJuHSBq7D8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMGMwZDA0MjI1NTY2ZGI5NWU5YWQzYjJlZjYwNTAxNDk3
NWFhYTIwHhcNMjQwMTAxMTIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTQwZjNhOGJjNTg0MjFhNzA1ZTc1ZjRmMDc5OWU1MmFjNWM3ZTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgtYXGGVSLS6na+vlpCN06tih/sQ
nvsorvtds+rfTqhEGWbmbZ67wFOuQbSiw9Zk+RWi1vM7Rp3wJBSE7dNDftHURoxO
Rbnc8SChyI0TFhvj6Ulec0m7mUfTueRGP83QAFHliG+ynplBF5qyRVZZF4/WwTmz
jhaHNF7XYzNUq7E8N8eBotl1SNHX19khmQqtK+7sUsxBGIRJTtEhixVN74uF4oDo
V1E3YaeuyQgngWnqXyWpUkFuSibPCpmdmg+N8aC9R6xuwfIqRKDLRz9FsUCmrqvl
CFro7lAhFLRsv9xRFZ2KUpKYPJOy7z/eRASLd+/MQRJKXXvKAsUgcW5CeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMpA86i8WEIacF519PB5nlKsXH6QMB8GA1UdIwQY
MBaAFJsMDQQiVWbblemtOy72BQFJdaqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMt
ZThlZjJmMDk1OThlLzEveWtEenFMeFlRaHB3WG5YMDhIbWVVcXhjZnBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMtZThlZjJmMDk1OThl
LzEvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW++UMA0G
CSqGSIb3DQEBCwUAA4IBAQBSLwGKqPRmJzlxtXfcX4T3+Sth6pU5o70c/lUvoNT8
LzlrlEybyFlEv8F5xBSzN8w/cFHaskwGRHX8J6WtbwfSL/4kYFGAfl6AndvBhtsL
uRVS3G/11IcVPN3yJ+lZLMcZzJ9jmIuPX+GmOTKmbAcvghnocbGSQRPqhB7gtay8
HWwyELhGVM454dI3aZTSVh2Ss+Px8ktoPYQDh+wMv0mbCkdyWOugojFKmOf6sbq5
117jPLHi0rlqKDzoAJvrHbzVfWLyNo2L0WVLeMNcbdlDTkTdGTLM+tAc9MDbfq8u
PRLbK7zeY6U55CaNfpDg6eM9mtB17UJkpwWX1Y0INPz0
-----END CERTIFICATE-----