Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/fd2efe-1471-42d8-9347-4861d43e24ef/1/JnZta9qoHUln3AomwJu5NyHgCDk.roa
File:                     JnZta9qoHUln3AomwJu5NyHgCDk.roa (raw, json)
Hash identifier:          yZCrLwDcJifsCHMB5seP6o2KLYkb4Cpv9ofu7F4vBa4=
Subject key identifier:   26:76:6D:6B:DA:A8:1D:49:67:DC:0A:26:C0:9B:B9:37:21:E0:08:39
Certificate issuer:       /CN=0d8be474c155fc13847b859501a553cffc3ac4b2
Certificate serial:       018CC86F6BEE51625E44490D2D56B190D7F3
Authority key identifier: 0D:8B:E4:74:C1:55:FC:13:84:7B:85:95:01:A5:53:CF:FC:3A:C4:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DYvkdMFV_BOEe4WVAaVTz_w6xLI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/fd2efe-1471-42d8-9347-4861d43e24ef/1/JnZta9qoHUln3AomwJu5NyHgCDk.roa
Signing time:             Tue 02 Jan 2024 04:29:54 +0000
ROA not before:           Tue 02 Jan 2024 04:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207143
IP address blocks:        91.90.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/fd2efe-1471-42d8-9347-4861d43e24ef/1/DYvkdMFV_BOEe4WVAaVTz_w6xLI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/fd2efe-1471-42d8-9347-4861d43e24ef/1/DYvkdMFV_BOEe4WVAaVTz_w6xLI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DYvkdMFV_BOEe4WVAaVTz_w6xLI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:6b:ee:51:62:5e:44:49:0d:2d:56:b1:90:d7:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d8be474c155fc13847b859501a553cffc3ac4b2
        Validity
            Not Before: Jan  2 04:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26766d6bdaa81d4967dc0a26c09bb93721e00839
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:4c:c9:c3:50:52:1b:72:3d:21:35:b9:dd:4e:
                    39:7f:52:65:8d:59:60:4f:77:be:d7:c4:b9:f1:58:
                    cb:21:20:06:f0:25:ca:4b:2f:a0:c2:56:4a:29:88:
                    65:9e:0f:2f:50:ca:0e:42:45:7b:b7:7d:1b:91:03:
                    a2:9a:e2:96:d9:63:6b:c7:16:fa:7c:d6:bc:1f:89:
                    e4:43:9f:b6:21:49:b5:93:7f:15:5c:9c:d9:36:62:
                    26:ba:35:c4:09:ff:03:8e:72:67:38:29:2e:9b:94:
                    9a:2e:1b:f9:1a:c2:ba:c7:06:a2:d9:f4:bd:f4:3f:
                    f5:4a:8f:f4:8b:12:a8:5f:f5:33:56:48:56:91:bf:
                    79:96:ba:d6:7b:63:53:b3:4e:be:81:18:83:0a:4a:
                    17:98:4a:de:ae:e2:37:0d:22:0a:a0:e9:d6:44:31:
                    e7:1a:79:83:d7:ba:7d:f1:19:36:f1:fc:c3:ee:5e:
                    eb:54:5f:9d:e2:ab:8e:91:a2:e5:23:29:dc:fa:ab:
                    e8:14:5a:71:b7:41:92:2c:5f:78:68:fc:82:18:ac:
                    ee:53:e0:6d:8d:5e:b4:cb:3b:40:2b:1e:65:bd:8f:
                    1f:d4:ee:61:e6:04:3e:e8:bb:cd:40:59:48:f4:f7:
                    b6:e6:f0:c1:af:18:24:b3:ff:9c:91:49:80:a5:14:
                    1c:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:76:6D:6B:DA:A8:1D:49:67:DC:0A:26:C0:9B:B9:37:21:E0:08:39
            X509v3 Authority Key Identifier:
                keyid:0D:8B:E4:74:C1:55:FC:13:84:7B:85:95:01:A5:53:CF:FC:3A:C4:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DYvkdMFV_BOEe4WVAaVTz_w6xLI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/fd2efe-1471-42d8-9347-4861d43e24ef/1/JnZta9qoHUln3AomwJu5NyHgCDk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/fd2efe-1471-42d8-9347-4861d43e24ef/1/DYvkdMFV_BOEe4WVAaVTz_w6xLI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.90.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:7c:8d:bb:34:f5:88:43:bd:71:13:2d:7e:df:e3:c4:7e:48:
         a0:7c:05:48:f0:3e:ff:fa:1d:6d:c7:3e:5a:26:75:0e:6a:c3:
         fb:2c:16:26:66:b3:d0:65:d5:f0:36:e5:bb:a9:d7:1a:c9:0d:
         35:bf:f5:dc:5e:dc:8d:1d:9d:a6:d2:7a:bf:73:dc:81:42:77:
         f9:7b:90:17:2b:64:8d:fe:1f:33:57:e9:a1:68:ba:75:10:4d:
         1f:ce:ee:69:a4:30:be:78:86:ef:34:a5:9f:88:e8:52:e9:1d:
         4b:17:f5:72:2f:03:8c:cd:28:68:14:62:be:4a:4f:80:64:ea:
         d9:f9:0b:8f:5a:6c:cd:8a:6f:7a:a7:79:2f:4e:b0:57:fd:de:
         58:92:db:05:3f:35:74:ff:e2:91:88:ab:5c:b2:01:83:e4:18:
         cf:0c:6f:46:35:d3:a3:95:ac:97:0d:0b:4e:3d:92:d0:fc:77:
         1d:1c:3b:6d:f9:2f:d6:f5:a8:0b:2d:03:64:fb:60:38:d2:3e:
         3a:00:a2:1a:38:6e:bb:58:06:71:f7:9f:97:4a:e0:94:db:2e:
         cc:a7:b4:8e:a9:d4:7e:d7:1c:58:f5:d0:bd:7e:ad:46:60:ee:
         bc:32:b7:fb:02:87:be:09:e4:99:e6:99:bf:96:a9:20:f5:86:
         75:49:ee:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb2vuUWJeREkNLVaxkNfzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkOGJlNDc0YzE1NWZjMTM4NDdiODU5NTAxYTU1M2NmZmMz
YWM0YjIwHhcNMjQwMTAyMDQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjc2NmQ2YmRhYTgxZDQ5NjdkYzBhMjZjMDliYjkzNzIxZTAwODM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEzJw1BSG3I9ITW53U45f1JljVlg
T3e+18S58VjLISAG8CXKSy+gwlZKKYhlng8vUMoOQkV7t30bkQOimuKW2WNrxxb6
fNa8H4nkQ5+2IUm1k38VXJzZNmImujXECf8DjnJnOCkum5SaLhv5GsK6xwai2fS9
9D/1So/0ixKoX/UzVkhWkb95lrrWe2NTs06+gRiDCkoXmEreruI3DSIKoOnWRDHn
GnmD17p98Rk28fzD7l7rVF+d4quOkaLlIync+qvoFFpxt0GSLF94aPyCGKzuU+Bt
jV60yztAKx5lvY8f1O5h5gQ+6LvNQFlI9Pe25vDBrxgks/+ckUmApRQcTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCZ2bWvaqB1JZ9wKJsCbuTch4Ag5MB8GA1UdIwQY
MBaAFA2L5HTBVfwThHuFlQGlU8/8OsSyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFl2a2RNRlZfQk9FZTRXVkFhVlR6X3c2eExJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9mZDJlZmUtMTQ3MS00MmQ4LTkzNDct
NDg2MWQ0M2UyNGVmLzEvSm5adGE5cW9IVWxuM0FvbXdKdTVOeUhnQ0RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9mZDJlZmUtMTQ3MS00MmQ4LTkzNDctNDg2MWQ0M2UyNGVm
LzEvRFl2a2RNRlZfQk9FZTRXVkFhVlR6X3c2eExJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW1qmMA0G
CSqGSIb3DQEBCwUAA4IBAQAufI27NPWIQ71xEy1+3+PEfkigfAVI8D7/+h1txz5a
JnUOasP7LBYmZrPQZdXwNuW7qdcayQ01v/XcXtyNHZ2m0nq/c9yBQnf5e5AXK2SN
/h8zV+mhaLp1EE0fzu5ppDC+eIbvNKWfiOhS6R1LF/VyLwOMzShoFGK+Sk+AZOrZ
+QuPWmzNim96p3kvTrBX/d5YktsFPzV0/+KRiKtcsgGD5BjPDG9GNdOjlayXDQtO
PZLQ/HcdHDtt+S/W9agLLQNk+2A40j46AKIaOG67WAZx95+XSuCU2y7Mp7SOqdR+
1xxY9dC9fq1GYO68Mrf7Aoe+CeSZ5pm/lqkg9YZ1Se6V
-----END CERTIFICATE-----