Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/ObC-IJXgzioX5wtz8AJnRsGanJ8.roa
File:                     ObC-IJXgzioX5wtz8AJnRsGanJ8.roa (raw, json)
Hash identifier:          429l9uTSu1n2GtHtxnCg451FNEjkSOVQ35BfhEpnIMI=
Subject key identifier:   39:B0:BE:20:95:E0:CE:2A:17:E7:0B:73:F0:02:67:46:C1:9A:9C:9F
Certificate issuer:       /CN=05e9fca0a8584feb1c12319071423061b08fe456
Certificate serial:       018CC4932E6E5C8EA04AA4C3582F4C886320
Authority key identifier: 05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/ObC-IJXgzioX5wtz8AJnRsGanJ8.roa
Signing time:             Mon 01 Jan 2024 10:30:29 +0000
ROA not before:           Mon 01 Jan 2024 10:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61960
IP address blocks:        185.54.48.0/22 maxlen: 24
                          91.243.120.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:2e:6e:5c:8e:a0:4a:a4:c3:58:2f:4c:88:63:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05e9fca0a8584feb1c12319071423061b08fe456
        Validity
            Not Before: Jan  1 10:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39b0be2095e0ce2a17e70b73f0026746c19a9c9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:24:67:09:4c:8f:9d:a7:b2:5f:fa:35:b9:4d:
                    40:de:95:c1:35:1d:0e:0b:e7:d7:95:e0:ca:c4:5e:
                    a7:1e:f4:28:19:2a:03:de:61:7a:41:17:54:81:77:
                    3f:11:fd:ae:74:f4:e3:d9:e6:a6:2c:ca:b3:f1:71:
                    b2:17:98:4b:bd:4d:45:d6:f5:5b:18:73:b9:f3:d5:
                    0e:ec:da:27:04:ab:93:8e:28:4a:51:a5:08:36:a3:
                    14:6e:68:83:e2:eb:b0:61:eb:eb:91:14:77:84:82:
                    ce:04:bb:62:4e:16:dd:5c:4b:1d:88:a5:60:39:7f:
                    80:0d:a9:51:d4:f0:97:1b:e0:fd:35:18:08:28:5f:
                    d0:ea:3b:11:d9:47:11:75:21:a2:60:09:32:8c:0b:
                    d2:91:d7:f2:27:73:a1:dd:6d:ec:95:a7:48:8a:0a:
                    74:bd:10:58:c3:b6:98:11:ab:7f:e3:c8:da:4a:48:
                    eb:5b:90:d6:38:09:f7:29:00:97:40:b3:12:44:aa:
                    f2:6a:36:ac:08:22:62:35:45:b7:c7:43:5b:74:0c:
                    14:7e:a9:43:b8:b4:55:ad:32:8e:5b:9a:47:b9:3d:
                    cb:bd:bd:ff:02:f6:13:48:07:c8:d2:0c:8b:45:bd:
                    d9:6f:ad:c7:e2:d6:37:d6:c6:b7:11:9e:fb:55:6c:
                    04:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:B0:BE:20:95:E0:CE:2A:17:E7:0B:73:F0:02:67:46:C1:9A:9C:9F
            X509v3 Authority Key Identifier:
                keyid:05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/ObC-IJXgzioX5wtz8AJnRsGanJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.243.120.0/23
                  185.54.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         88:9b:f2:19:4d:98:1e:cb:38:de:57:4e:72:cb:28:ec:ed:22:
         57:ba:21:ff:69:ad:63:2f:44:83:01:fb:43:a1:a3:fb:99:b1:
         22:2a:54:44:75:d8:85:63:a4:6f:d9:8b:11:1f:24:b9:88:fa:
         84:70:7b:1b:c5:db:ae:ec:67:fb:75:7d:a4:af:ac:a2:b5:6c:
         e3:aa:af:75:b2:30:87:a4:9d:53:f4:28:ab:f0:a2:0e:21:39:
         fd:9c:a4:4f:52:88:b0:94:76:f4:3a:5a:0a:47:0a:16:71:2a:
         ff:5c:ac:97:08:24:88:3f:ef:be:b8:17:13:02:b8:a6:39:90:
         62:76:08:d7:d3:ed:69:50:e5:1c:70:6e:96:74:08:4d:be:82:
         22:a9:4f:31:ac:b0:3a:21:7a:9f:b9:24:f3:7f:d0:8b:f0:f4:
         a5:b1:fa:d8:d0:69:63:2a:a0:08:b5:4f:b7:7e:e5:84:dd:ad:
         da:de:c2:4e:35:e5:3d:40:19:ee:a7:d0:ac:7e:22:6e:01:00:
         ff:b3:c3:c4:dc:3c:d3:a9:c4:d9:06:cd:b1:65:5e:af:79:5d:
         99:86:1c:f7:6b:48:fa:c5:96:13:ac:47:46:e2:97:21:d1:99:
         95:5f:d5:fa:40:b5:b2:23:36:d3:ac:f8:a1:dc:7f:95:a0:fe:
         23:ac:10:31
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEky5uXI6gSqTDWC9MiGMgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZTlmY2EwYTg1ODRmZWIxYzEyMzE5MDcxNDIzMDYxYjA4
ZmU0NTYwHhcNMjQwMTAxMTAzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWIwYmUyMDk1ZTBjZTJhMTdlNzBiNzNmMDAyNjc0NmMxOWE5YzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCRnCUyPnaeyX/o1uU1A3pXBNR0O
C+fXleDKxF6nHvQoGSoD3mF6QRdUgXc/Ef2udPTj2eamLMqz8XGyF5hLvU1F1vVb
GHO589UO7NonBKuTjihKUaUINqMUbmiD4uuwYevrkRR3hILOBLtiThbdXEsdiKVg
OX+ADalR1PCXG+D9NRgIKF/Q6jsR2UcRdSGiYAkyjAvSkdfyJ3Oh3W3sladIigp0
vRBYw7aYEat/48jaSkjrW5DWOAn3KQCXQLMSRKryajasCCJiNUW3x0NbdAwUfqlD
uLRVrTKOW5pHuT3Lvb3/AvYTSAfI0gyLRb3Zb63H4tY31sa3EZ77VWwEqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDmwviCV4M4qF+cLc/ACZ0bBmpyfMB8GA1UdIwQY
MBaAFAXp/KCoWE/rHBIxkHFCMGGwj+RWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMt
ZGVlM2VkNDk3YWVlLzEvT2JDLUlKWGd6aW9YNXd0ejhBSm5Sc0dhbko4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMtZGVlM2VkNDk3YWVl
LzEvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW/N4AwQC
uTYwMA0GCSqGSIb3DQEBCwUAA4IBAQCIm/IZTZgeyzjeV05yyyjs7SJXuiH/aa1j
L0SDAftDoaP7mbEiKlREddiFY6Rv2YsRHyS5iPqEcHsbxduu7Gf7dX2kr6yitWzj
qq91sjCHpJ1T9Cir8KIOITn9nKRPUoiwlHb0OloKRwoWcSr/XKyXCCSIP+++uBcT
ArimOZBidgjX0+1pUOUccG6WdAhNvoIiqU8xrLA6IXqfuSTzf9CL8PSlsfrY0Glj
KqAItU+3fuWE3a3a3sJONeU9QBnup9CsfiJuAQD/s8PE3DzTqcTZBs2xZV6veV2Z
hhz3a0j6xZYTrEdG4pch0ZmVX9X6QLWyIzbTrPih3H+VoP4jrBAx
-----END CERTIFICATE-----