Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/913cd7-593f-4e99-b5ee-0d050358e656/1/sWx47EgK5Rc6Vb_KNXhSp-_4P9w.roa
File:                     sWx47EgK5Rc6Vb_KNXhSp-_4P9w.roa (raw, json)
Hash identifier:          jaErkMHr+C5TyJngDeUUuPrv56tkpba5uQucvVVXnIs=
Subject key identifier:   B1:6C:78:EC:48:0A:E5:17:3A:55:BF:CA:35:78:52:A7:EF:F8:3F:DC
Certificate issuer:       /CN=8e7fced4f34e7f37e751b5b45f30b99c6311f97e
Certificate serial:       018CC6B80F3A3DEDA8B39862D3ADFB59F59E
Authority key identifier: 8E:7F:CE:D4:F3:4E:7F:37:E7:51:B5:B4:5F:30:B9:9C:63:11:F9:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jn_O1PNOfzfnUbW0XzC5nGMR-X4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/913cd7-593f-4e99-b5ee-0d050358e656/1/sWx47EgK5Rc6Vb_KNXhSp-_4P9w.roa
Signing time:             Mon 01 Jan 2024 20:30:00 +0000
ROA not before:           Mon 01 Jan 2024 20:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198126
IP address blocks:        91.231.228.0/24 maxlen: 24
                          2001:678:3bc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/913cd7-593f-4e99-b5ee-0d050358e656/1/jn_O1PNOfzfnUbW0XzC5nGMR-X4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/913cd7-593f-4e99-b5ee-0d050358e656/1/jn_O1PNOfzfnUbW0XzC5nGMR-X4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jn_O1PNOfzfnUbW0XzC5nGMR-X4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:02:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:0f:3a:3d:ed:a8:b3:98:62:d3:ad:fb:59:f5:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e7fced4f34e7f37e751b5b45f30b99c6311f97e
        Validity
            Not Before: Jan  1 20:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b16c78ec480ae5173a55bfca357852a7eff83fdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:09:5c:b1:f7:37:c6:eb:6c:ec:5a:c5:06:3a:
                    18:47:3b:8f:27:5e:0c:c8:68:09:30:f4:63:d1:6b:
                    8c:82:58:0d:33:59:8c:c6:d3:a4:e2:d8:88:db:9d:
                    af:c7:54:ff:84:76:b4:1c:c5:47:47:1e:d5:72:3c:
                    a2:2b:3a:bb:b2:e4:cb:82:41:3c:c1:ad:91:50:b1:
                    63:55:7f:17:99:93:89:fa:73:8d:a1:1b:3a:a9:65:
                    ff:e6:38:d1:37:35:fd:ab:48:da:81:ed:78:6f:a5:
                    c7:23:7a:dc:b2:8f:a2:3e:b2:0e:48:2f:6e:5d:39:
                    32:f5:ef:22:30:1a:da:93:e9:bd:89:6c:6b:fc:48:
                    b7:3f:e9:ae:73:c5:66:b6:62:6b:25:32:0f:ce:52:
                    b1:18:3d:54:e5:e6:b4:d9:79:2e:46:3b:04:57:61:
                    1e:2f:f0:3e:9b:56:9d:0b:cf:75:68:c7:ef:b7:fd:
                    b3:f4:c1:16:33:fd:54:cc:e3:55:5c:7e:f9:c2:24:
                    6d:1c:09:af:ca:50:74:83:3c:ab:da:24:55:d0:2e:
                    06:20:31:5b:f3:bb:ed:92:ab:ef:47:d3:32:a3:4c:
                    d4:b8:ec:f3:88:63:e8:1e:06:20:b5:ab:10:6f:f2:
                    2e:86:43:1f:95:24:d5:8b:81:23:69:cd:b7:fb:2b:
                    db:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:6C:78:EC:48:0A:E5:17:3A:55:BF:CA:35:78:52:A7:EF:F8:3F:DC
            X509v3 Authority Key Identifier:
                keyid:8E:7F:CE:D4:F3:4E:7F:37:E7:51:B5:B4:5F:30:B9:9C:63:11:F9:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jn_O1PNOfzfnUbW0XzC5nGMR-X4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/913cd7-593f-4e99-b5ee-0d050358e656/1/sWx47EgK5Rc6Vb_KNXhSp-_4P9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/913cd7-593f-4e99-b5ee-0d050358e656/1/jn_O1PNOfzfnUbW0XzC5nGMR-X4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.228.0/24
                IPv6:
                  2001:678:3bc::/48

    Signature Algorithm: sha256WithRSAEncryption
         ce:67:b0:f1:fe:0c:4e:ed:0e:96:db:29:a9:fe:3f:14:87:a2:
         64:97:18:4b:08:05:46:e3:78:17:2b:d8:f9:d3:91:aa:99:91:
         b9:95:26:b7:ce:36:9c:c4:2b:f7:ba:f8:d6:ce:d7:b0:4a:4d:
         ce:3e:25:a4:b1:44:74:d4:02:e9:f2:ec:1a:bd:96:51:8d:be:
         0b:15:c5:72:36:3d:bd:db:b1:13:a6:0e:ed:a0:a3:f3:3b:04:
         11:f7:da:ab:cf:aa:0d:5f:90:2a:f0:c5:b4:dd:b7:67:d1:2c:
         04:80:28:45:e8:a4:14:88:c8:f6:33:29:a1:d0:d2:f6:48:70:
         8a:b5:78:8a:03:88:4f:2c:c9:93:a6:c5:92:f8:1c:8f:e4:7d:
         9f:2f:e7:e4:78:d0:6b:37:df:e4:1a:d6:5a:86:79:b5:16:be:
         24:60:b4:f7:91:24:cb:8d:f9:32:a8:11:0b:dc:3c:95:b5:db:
         03:b8:cd:6f:12:b2:a0:d4:d7:4b:5f:82:84:5d:66:d9:fc:fb:
         d5:52:1c:b8:30:8f:a6:f3:f6:9a:23:d3:5d:38:34:cd:3e:8e:
         8b:ec:71:05:72:10:2f:75:ec:5f:d1:b8:79:40:e3:00:b5:b6:
         ce:0b:9b:3d:a7:31:d2:f2:0e:99:25:23:66:ce:96:ae:31:37:
         33:53:b3:64
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGuA86Pe2os5hi0637WfWeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlN2ZjZWQ0ZjM0ZTdmMzdlNzUxYjViNDVmMzBiOTljNjMx
MWY5N2UwHhcNMjQwMTAxMjAzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTZjNzhlYzQ4MGFlNTE3M2E1NWJmY2EzNTc4NTJhN2VmZjgzZmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQlcsfc3xuts7FrFBjoYRzuPJ14M
yGgJMPRj0WuMglgNM1mMxtOk4tiI252vx1T/hHa0HMVHRx7VcjyiKzq7suTLgkE8
wa2RULFjVX8XmZOJ+nONoRs6qWX/5jjRNzX9q0jage14b6XHI3rcso+iPrIOSC9u
XTky9e8iMBrak+m9iWxr/Ei3P+muc8VmtmJrJTIPzlKxGD1U5ea02XkuRjsEV2Ee
L/A+m1adC891aMfvt/2z9MEWM/1UzONVXH75wiRtHAmvylB0gzyr2iRV0C4GIDFb
87vtkqvvR9Myo0zUuOzziGPoHgYgtasQb/IuhkMflSTVi4Ejac23+yvbFQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLFseOxICuUXOlW/yjV4Uqfv+D/cMB8GA1UdIwQY
MBaAFI5/ztTzTn8351G1tF8wuZxjEfl+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam5fTzFQTk9memZuVWJXMFh6QzVuR01SLVg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS85MTNjZDctNTkzZi00ZTk5LWI1ZWUt
MGQwNTAzNThlNjU2LzEvc1d4NDdFZ0s1UmM2VmJfS05YaFNwLV80UDl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS85MTNjZDctNTkzZi00ZTk5LWI1ZWUtMGQwNTAzNThlNjU2
LzEvam5fTzFQTk9memZuVWJXMFh6QzVuR01SLVg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW+fkMA8E
AgACMAkDBwAgAQZ4A7wwDQYJKoZIhvcNAQELBQADggEBAM5nsPH+DE7tDpbbKan+
PxSHomSXGEsIBUbjeBcr2PnTkaqZkbmVJrfONpzEK/e6+NbO17BKTc4+JaSxRHTU
Auny7Bq9llGNvgsVxXI2Pb3bsROmDu2go/M7BBH32qvPqg1fkCrwxbTdt2fRLASA
KEXopBSIyPYzKaHQ0vZIcIq1eIoDiE8syZOmxZL4HI/kfZ8v5+R40Gs33+Qa1lqG
ebUWviRgtPeRJMuN+TKoEQvcPJW12wO4zW8SsqDU10tfgoRdZtn8+9VSHLgwj6bz
9poj0104NM0+jovscQVyEC917F/RuHlA4wC1ts4Lmz2nMdLyDpklI2bOlq4xNzNT
s2Q=
-----END CERTIFICATE-----