Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/84e3f6-6931-4693-9579-1b3235babe27/1/jgL9i6k6hUTzexxKi9nSwm4QtOQ.roa
File:                     jgL9i6k6hUTzexxKi9nSwm4QtOQ.roa (raw, json)
Hash identifier:          vihQJGIfXAFdhrwbbg3f4EsLUrkCRO5GYA3+ibJDENA=
Subject key identifier:   8E:02:FD:8B:A9:3A:85:44:F3:7B:1C:4A:8B:D9:D2:C2:6E:10:B4:E4
Certificate issuer:       /CN=cbf6f8aeabeb3167d1192d628480c7e2bfd97248
Certificate serial:       018CC94DA7DA7899F8C7344914CFC5390724
Authority key identifier: CB:F6:F8:AE:AB:EB:31:67:D1:19:2D:62:84:80:C7:E2:BF:D9:72:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y_b4rqvrMWfRGS1ihIDH4r_Zckg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/84e3f6-6931-4693-9579-1b3235babe27/1/jgL9i6k6hUTzexxKi9nSwm4QtOQ.roa
Signing time:             Tue 02 Jan 2024 08:32:38 +0000
ROA not before:           Tue 02 Jan 2024 08:32:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200062
IP address blocks:        91.103.12.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/84e3f6-6931-4693-9579-1b3235babe27/1/y_b4rqvrMWfRGS1ihIDH4r_Zckg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/84e3f6-6931-4693-9579-1b3235babe27/1/y_b4rqvrMWfRGS1ihIDH4r_Zckg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y_b4rqvrMWfRGS1ihIDH4r_Zckg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:a7:da:78:99:f8:c7:34:49:14:cf:c5:39:07:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbf6f8aeabeb3167d1192d628480c7e2bfd97248
        Validity
            Not Before: Jan  2 08:32:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e02fd8ba93a8544f37b1c4a8bd9d2c26e10b4e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:9a:25:c1:7b:a1:12:e7:e8:21:b1:41:89:a8:
                    04:85:50:41:88:53:7e:23:3f:62:6d:0a:3d:ba:9e:
                    a6:d2:98:de:54:73:f9:86:a7:d5:c7:06:55:54:7a:
                    55:ac:4b:5c:e8:34:c7:33:e0:df:33:af:7b:39:1c:
                    1e:21:78:70:96:82:8a:c0:b8:01:a1:a2:98:f2:ad:
                    4d:cc:ca:66:a5:b6:38:db:2c:0d:04:87:e8:c3:b3:
                    dc:d0:f6:d1:74:63:cc:cf:75:9e:8b:47:a0:d6:be:
                    c5:ad:1c:e3:26:33:2e:4f:42:65:92:d6:a3:75:6a:
                    09:b3:3b:65:92:57:ba:2b:73:1e:c2:d7:b9:ab:0e:
                    8e:29:f6:0b:b0:69:ad:17:42:1c:99:10:79:f9:3e:
                    22:72:aa:94:be:06:77:8b:5f:57:eb:59:40:8c:89:
                    f7:2f:89:64:b7:e1:d2:d5:07:be:85:73:a7:cb:03:
                    2b:9b:c2:57:34:c4:e3:d0:80:15:ef:e5:1c:2e:25:
                    6e:40:00:f3:50:b0:e6:b3:1b:52:50:0a:c7:7e:c4:
                    4d:68:8f:a1:93:58:ff:54:53:31:e2:94:50:a0:f5:
                    82:aa:93:e5:90:46:52:75:b6:c5:e4:0f:c2:46:bf:
                    74:ae:c2:83:62:c2:4e:72:8f:0f:d6:18:fe:82:06:
                    87:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:02:FD:8B:A9:3A:85:44:F3:7B:1C:4A:8B:D9:D2:C2:6E:10:B4:E4
            X509v3 Authority Key Identifier:
                keyid:CB:F6:F8:AE:AB:EB:31:67:D1:19:2D:62:84:80:C7:E2:BF:D9:72:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y_b4rqvrMWfRGS1ihIDH4r_Zckg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/84e3f6-6931-4693-9579-1b3235babe27/1/jgL9i6k6hUTzexxKi9nSwm4QtOQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/84e3f6-6931-4693-9579-1b3235babe27/1/y_b4rqvrMWfRGS1ihIDH4r_Zckg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.103.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         e7:ad:e1:9a:7b:11:bf:28:27:a2:52:74:75:85:9e:75:62:71:
         1b:09:78:8a:9f:42:d8:26:21:f9:75:f4:08:e9:ab:bf:b8:db:
         2e:17:e7:90:fd:d5:0a:b3:0c:e9:cf:bb:1c:e9:fd:c1:e6:71:
         a1:4c:08:fb:22:9f:ce:12:3d:95:02:b8:bb:5f:e4:54:a6:55:
         e8:66:3d:e3:1d:8a:12:04:95:f5:27:be:98:98:ba:e6:95:c5:
         72:37:1f:43:7d:d9:65:b9:4b:5e:1d:a2:ab:8a:44:5c:d5:62:
         68:be:27:b1:5b:86:20:11:e6:f0:77:0e:c7:c4:25:6d:ef:33:
         ec:b8:54:83:cf:98:f7:1b:69:37:50:85:e6:5d:0c:dd:ed:8c:
         29:6d:e6:dd:78:08:27:7c:92:7c:7f:56:4d:7d:24:3a:d9:13:
         94:ad:3b:7d:12:14:c8:03:66:88:04:a4:8b:71:32:5e:94:28:
         7f:4e:83:52:73:4a:89:95:28:19:44:bb:b4:3b:1c:a7:35:88:
         c4:d6:8f:f4:66:df:a0:4c:e7:65:14:18:23:db:eb:a0:a4:01:
         53:af:a9:59:66:84:5a:a7:c0:f8:06:5d:42:6c:0a:b3:f2:49:
         a9:c6:e1:2b:95:12:48:af:6d:65:df:bf:ff:e0:1c:16:ca:fe:
         9d:d3:0f:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTafaeJn4xzRJFM/FOQckMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZjZmOGFlYWJlYjMxNjdkMTE5MmQ2Mjg0ODBjN2UyYmZk
OTcyNDgwHhcNMjQwMTAyMDgzMjM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTAyZmQ4YmE5M2E4NTQ0ZjM3YjFjNGE4YmQ5ZDJjMjZlMTBiNGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZolwXuhEufoIbFBiagEhVBBiFN+
Iz9ibQo9up6m0pjeVHP5hqfVxwZVVHpVrEtc6DTHM+DfM697ORweIXhwloKKwLgB
oaKY8q1NzMpmpbY42ywNBIfow7Pc0PbRdGPMz3Wei0eg1r7FrRzjJjMuT0Jlktaj
dWoJsztlkle6K3Mewte5qw6OKfYLsGmtF0IcmRB5+T4icqqUvgZ3i19X61lAjIn3
L4lkt+HS1Qe+hXOnywMrm8JXNMTj0IAV7+UcLiVuQADzULDmsxtSUArHfsRNaI+h
k1j/VFMx4pRQoPWCqpPlkEZSdbbF5A/CRr90rsKDYsJOco8P1hj+ggaH/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI4C/YupOoVE83scSovZ0sJuELTkMB8GA1UdIwQY
MBaAFMv2+K6r6zFn0RktYoSAx+K/2XJIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveV9iNHJxdnJNV2ZSR1MxaWhJREg0cl9aY2tnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC84NGUzZjYtNjkzMS00NjkzLTk1Nzkt
MWIzMjM1YmFiZTI3LzEvamdMOWk2azZoVVR6ZXh4S2k5blN3bTRRdE9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC84NGUzZjYtNjkzMS00NjkzLTk1NzktMWIzMjM1YmFiZTI3
LzEveV9iNHJxdnJNV2ZSR1MxaWhJREg0cl9aY2tnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW2cMMA0G
CSqGSIb3DQEBCwUAA4IBAQDnreGaexG/KCeiUnR1hZ51YnEbCXiKn0LYJiH5dfQI
6au/uNsuF+eQ/dUKswzpz7sc6f3B5nGhTAj7Ip/OEj2VAri7X+RUplXoZj3jHYoS
BJX1J76YmLrmlcVyNx9DfdlluUteHaKrikRc1WJoviexW4YgEebwdw7HxCVt7zPs
uFSDz5j3G2k3UIXmXQzd7YwpbebdeAgnfJJ8f1ZNfSQ62ROUrTt9EhTIA2aIBKSL
cTJelCh/ToNSc0qJlSgZRLu0OxynNYjE1o/0Zt+gTOdlFBgj2+ugpAFTr6lZZoRa
p8D4Bl1CbAqz8kmpxuErlRJIr21l37//4BwWyv6d0w8b
-----END CERTIFICATE-----