Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/404e64-f981-45b5-9cae-4fb4ef91a82f/1/uU3HCHeeyt6s6SAxTUKKySmSEPw.roa
File:                     uU3HCHeeyt6s6SAxTUKKySmSEPw.roa (raw, json)
Hash identifier:          MbfuMzgOcwxxAYbynWk5FZVO+DIKan1+BfPQD6hVR3o=
Subject key identifier:   B9:4D:C7:08:77:9E:CA:DE:AC:E9:20:31:4D:42:8A:C9:29:92:10:FC
Certificate issuer:       /CN=798e0da4f91007b224768acb4d131f12517d2b7a
Certificate serial:       018CC3B722F9E564D297B015BDAB3BCABB94
Authority key identifier: 79:8E:0D:A4:F9:10:07:B2:24:76:8A:CB:4D:13:1F:12:51:7D:2B:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY4NpPkQB7IkdorLTRMfElF9K3o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/404e64-f981-45b5-9cae-4fb4ef91a82f/1/uU3HCHeeyt6s6SAxTUKKySmSEPw.roa
Signing time:             Mon 01 Jan 2024 06:30:08 +0000
ROA not before:           Mon 01 Jan 2024 06:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13110
IP address blocks:        91.202.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/404e64-f981-45b5-9cae-4fb4ef91a82f/1/eY4NpPkQB7IkdorLTRMfElF9K3o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/404e64-f981-45b5-9cae-4fb4ef91a82f/1/eY4NpPkQB7IkdorLTRMfElF9K3o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY4NpPkQB7IkdorLTRMfElF9K3o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:22:f9:e5:64:d2:97:b0:15:bd:ab:3b:ca:bb:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798e0da4f91007b224768acb4d131f12517d2b7a
        Validity
            Not Before: Jan  1 06:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b94dc708779ecadeace920314d428ac9299210fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:3c:4e:0b:a5:e1:26:7a:35:43:e4:06:27:d4:
                    b2:6c:d3:ca:1f:d1:47:82:59:6f:f6:1f:43:25:c1:
                    7b:fe:4d:01:78:fd:d9:91:f8:a0:5d:db:72:a7:07:
                    46:b3:5d:03:62:c5:f0:78:51:30:39:ab:36:3c:84:
                    ad:da:f3:f9:34:5b:2d:50:c8:66:81:88:94:4a:cd:
                    1d:ef:cb:b6:1a:bb:5d:f5:44:fc:aa:be:23:bf:9f:
                    00:c6:96:7e:4b:b4:db:1e:2f:1e:28:5d:41:cf:20:
                    58:f7:c4:95:d9:69:92:33:fa:8f:7c:86:a7:79:14:
                    57:22:89:21:75:b5:37:df:8b:13:00:c5:31:7b:cc:
                    08:3a:b6:c9:7e:4b:68:3d:f4:05:2a:45:45:9f:a2:
                    e4:da:52:93:c6:62:06:3e:6f:ba:3a:08:8f:83:f9:
                    f5:58:71:31:a7:19:33:cd:f6:cf:23:57:b3:33:39:
                    12:54:18:f0:c4:1c:53:96:36:23:ea:4e:1f:24:8f:
                    8e:34:d1:7e:90:d7:89:01:98:76:eb:db:60:55:5e:
                    17:50:26:ef:37:01:7d:d7:d5:07:5a:7e:53:9d:d8:
                    19:ac:bf:ac:de:ef:c0:73:c2:3c:8b:e7:11:af:0a:
                    f5:5a:58:8b:51:d1:1c:e7:ec:4b:c3:bc:19:1c:53:
                    53:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:4D:C7:08:77:9E:CA:DE:AC:E9:20:31:4D:42:8A:C9:29:92:10:FC
            X509v3 Authority Key Identifier:
                keyid:79:8E:0D:A4:F9:10:07:B2:24:76:8A:CB:4D:13:1F:12:51:7D:2B:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY4NpPkQB7IkdorLTRMfElF9K3o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/404e64-f981-45b5-9cae-4fb4ef91a82f/1/uU3HCHeeyt6s6SAxTUKKySmSEPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/404e64-f981-45b5-9cae-4fb4ef91a82f/1/eY4NpPkQB7IkdorLTRMfElF9K3o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.202.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:4f:bd:88:44:76:81:43:b8:60:d0:93:e6:38:2f:c7:71:9b:
         66:15:a9:b0:8d:9b:51:3c:82:bc:9a:a0:9e:3c:4d:8b:f2:4f:
         13:74:65:68:75:10:09:8e:8e:6c:42:57:64:89:23:8a:08:d4:
         20:b5:a2:e3:c4:db:0d:b9:c4:96:41:99:9d:21:2a:56:65:9f:
         82:55:05:3d:8c:67:6a:bc:d8:da:99:98:05:9a:fb:51:c0:5d:
         3d:2d:89:bc:f8:5d:58:59:e2:cb:6a:3e:a7:c1:d4:1b:a3:28:
         c0:a2:cc:a4:af:b7:77:e9:8f:32:ed:24:4d:25:79:c2:ae:68:
         d7:96:3c:ec:a9:0d:8d:6b:99:94:54:c5:09:ad:f4:41:97:7d:
         f6:2b:2d:ec:e3:ba:67:6a:d3:01:26:a5:3e:32:3a:65:63:88:
         92:fd:3c:c2:5b:0b:83:ea:70:f4:45:b2:b3:b3:de:ff:e0:a0:
         b7:db:fc:e8:99:89:d4:1c:b0:fa:2a:28:55:4f:52:ab:d4:c0:
         7e:58:5b:e2:6f:ef:9b:a9:ca:21:0f:40:a8:36:ef:4c:0c:f6:
         7b:29:2b:1f:f9:95:ab:e0:74:0e:ea:e5:a3:fe:75:4c:85:62:
         01:1d:2d:d4:0f:bc:e7:a9:f4:3f:0f:dd:20:d3:14:f9:87:5f:
         42:ef:14:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtyL55WTSl7AVvas7yruUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGUwZGE0ZjkxMDA3YjIyNDc2OGFjYjRkMTMxZjEyNTE3
ZDJiN2EwHhcNMjQwMTAxMDYzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTRkYzcwODc3OWVjYWRlYWNlOTIwMzE0ZDQyOGFjOTI5OTIxMGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8jxOC6XhJno1Q+QGJ9SybNPKH9FH
gllv9h9DJcF7/k0BeP3ZkfigXdtypwdGs10DYsXweFEwOas2PISt2vP5NFstUMhm
gYiUSs0d78u2Grtd9UT8qr4jv58AxpZ+S7TbHi8eKF1BzyBY98SV2WmSM/qPfIan
eRRXIokhdbU334sTAMUxe8wIOrbJfktoPfQFKkVFn6Lk2lKTxmIGPm+6OgiPg/n1
WHExpxkzzfbPI1ezMzkSVBjwxBxTljYj6k4fJI+ONNF+kNeJAZh269tgVV4XUCbv
NwF919UHWn5TndgZrL+s3u/Ac8I8i+cRrwr1WliLUdEc5+xLw7wZHFNTOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLlNxwh3nsrerOkgMU1CiskpkhD8MB8GA1UdIwQY
MBaAFHmODaT5EAeyJHaKy00THxJRfSt6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk0TnBQa1FCN0lrZG9yTFRSTWZFbEY5SzNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MDRlNjQtZjk4MS00NWI1LTljYWUt
NGZiNGVmOTFhODJmLzEvdVUzSENIZWV5dDZzNlNBeFRVS0t5U21TRVB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MDRlNjQtZjk4MS00NWI1LTljYWUtNGZiNGVmOTFhODJm
LzEvZVk0TnBQa1FCN0lrZG9yTFRSTWZFbEY5SzNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8pmMA0G
CSqGSIb3DQEBCwUAA4IBAQBcT72IRHaBQ7hg0JPmOC/HcZtmFamwjZtRPIK8mqCe
PE2L8k8TdGVodRAJjo5sQldkiSOKCNQgtaLjxNsNucSWQZmdISpWZZ+CVQU9jGdq
vNjamZgFmvtRwF09LYm8+F1YWeLLaj6nwdQboyjAosykr7d36Y8y7SRNJXnCrmjX
ljzsqQ2Na5mUVMUJrfRBl332Ky3s47pnatMBJqU+MjplY4iS/TzCWwuD6nD0RbKz
s97/4KC32/zomYnUHLD6KihVT1Kr1MB+WFvib++bqcohD0CoNu9MDPZ7KSsf+ZWr
4HQO6uWj/nVMhWIBHS3UD7znqfQ/D90g0xT5h19C7xSE
-----END CERTIFICATE-----