Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/5db5a3-a5e6-46c8-aa8e-251f5dce7e4d/1/AbFUu7NgWsTd2Sp4L3XEsWgjSSk.roa
File:                     AbFUu7NgWsTd2Sp4L3XEsWgjSSk.roa (raw, json)
Hash identifier:          VdxtG1ubUZ4p/AJXOGXKIdiyKq24yE+SQmyCdsNT43U=
Subject key identifier:   01:B1:54:BB:B3:60:5A:C4:DD:D9:2A:78:2F:75:C4:B1:68:23:49:29
Certificate issuer:       /CN=76aa51f2014fa0fd7117069d88a679f1670c32a4
Certificate serial:       018CC94C2252C009D86728AE08CE4E214EB4
Authority key identifier: 76:AA:51:F2:01:4F:A0:FD:71:17:06:9D:88:A6:79:F1:67:0C:32:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dqpR8gFPoP1xFwadiKZ58WcMMqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/5db5a3-a5e6-46c8-aa8e-251f5dce7e4d/1/AbFUu7NgWsTd2Sp4L3XEsWgjSSk.roa
Signing time:             Tue 02 Jan 2024 08:30:59 +0000
ROA not before:           Tue 02 Jan 2024 08:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20559
IP address blocks:        91.234.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/5db5a3-a5e6-46c8-aa8e-251f5dce7e4d/1/dqpR8gFPoP1xFwadiKZ58WcMMqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/5db5a3-a5e6-46c8-aa8e-251f5dce7e4d/1/dqpR8gFPoP1xFwadiKZ58WcMMqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dqpR8gFPoP1xFwadiKZ58WcMMqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:22:52:c0:09:d8:67:28:ae:08:ce:4e:21:4e:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76aa51f2014fa0fd7117069d88a679f1670c32a4
        Validity
            Not Before: Jan  2 08:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01b154bbb3605ac4ddd92a782f75c4b168234929
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:5c:8b:7d:14:00:be:fd:6c:66:54:e5:0b:1c:
                    db:c4:78:c0:01:65:5e:f7:79:c4:13:8b:6d:40:c0:
                    fc:e5:be:1b:c2:f4:89:fe:bb:ed:d2:de:d1:06:86:
                    e1:34:a8:5b:f8:d2:78:56:50:98:65:67:9b:44:de:
                    9c:4c:e4:f1:97:c4:c9:ff:68:9b:49:34:fb:7c:43:
                    4c:97:f9:c6:46:04:71:c1:b1:51:df:94:8a:d7:63:
                    13:79:22:ac:9c:2e:c8:64:40:7a:32:d5:9a:22:21:
                    5e:63:5b:57:8c:6b:92:2d:15:55:51:a6:71:d8:59:
                    18:5f:ea:33:ee:51:c7:af:04:44:7b:00:5d:39:c6:
                    79:06:32:7c:e9:e3:9f:78:a6:71:39:67:eb:a8:73:
                    25:0b:fd:7d:7c:c1:dc:4c:0a:bb:ba:39:74:f3:d2:
                    f8:69:16:dc:af:63:37:fa:b3:0d:79:91:d2:29:67:
                    82:b0:c2:ae:09:b3:d7:b9:ed:46:f6:af:8a:99:02:
                    e9:5b:78:a9:49:ff:73:7f:62:b5:14:51:2d:97:3a:
                    e6:41:86:7c:bf:37:72:12:a0:13:db:24:97:69:43:
                    a0:5b:86:e7:8e:36:64:be:7d:14:51:ea:84:27:f4:
                    0a:a3:2a:f5:81:3f:d4:b8:a6:ab:72:18:14:c5:34:
                    17:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:B1:54:BB:B3:60:5A:C4:DD:D9:2A:78:2F:75:C4:B1:68:23:49:29
            X509v3 Authority Key Identifier:
                keyid:76:AA:51:F2:01:4F:A0:FD:71:17:06:9D:88:A6:79:F1:67:0C:32:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dqpR8gFPoP1xFwadiKZ58WcMMqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/5db5a3-a5e6-46c8-aa8e-251f5dce7e4d/1/AbFUu7NgWsTd2Sp4L3XEsWgjSSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/5db5a3-a5e6-46c8-aa8e-251f5dce7e4d/1/dqpR8gFPoP1xFwadiKZ58WcMMqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:95:99:b3:04:20:0a:70:38:f9:b7:67:ac:6e:ca:21:f7:a9:
         a6:81:d2:f4:d8:c7:9b:29:49:fe:d6:0b:f9:c4:42:50:6f:fd:
         5f:29:41:45:d2:f1:7c:1a:7f:b3:f7:a2:f2:6c:7f:5e:bc:d7:
         67:c6:e4:a1:45:4e:c5:f0:40:6b:a3:c9:21:d0:fa:fe:39:32:
         a6:42:59:df:67:61:2f:28:46:96:68:79:91:44:63:79:96:9c:
         fc:a9:18:86:40:97:1f:a2:14:c7:24:64:9c:6b:04:3b:44:b7:
         94:65:fb:1d:32:c1:d6:1e:7d:76:9e:45:ac:bd:62:62:f5:d6:
         9e:10:4b:5f:f2:13:7f:bd:b6:73:35:91:6a:77:84:60:db:a3:
         e9:14:1e:27:0e:4d:d7:f5:04:d5:06:dd:3d:f9:d3:ba:fa:ae:
         e9:38:4e:fd:1d:f0:d3:52:b5:d6:1d:49:82:df:63:b2:4b:59:
         c4:d3:01:9d:a5:8f:a0:45:af:4e:5c:a6:cd:7c:44:d8:0d:c0:
         64:d1:7a:b3:0e:aa:97:1c:5b:ec:6e:96:ac:76:5c:bc:7e:82:
         be:18:7f:02:71:9d:72:93:be:0b:05:3f:38:5c:d8:8c:31:05:
         9e:7c:f3:8b:65:09:fb:c4:88:90:a4:f7:b8:1f:87:e9:16:61:
         2a:c2:70:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTCJSwAnYZyiuCM5OIU60MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YWE1MWYyMDE0ZmEwZmQ3MTE3MDY5ZDg4YTY3OWYxNjcw
YzMyYTQwHhcNMjQwMTAyMDgzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWIxNTRiYmIzNjA1YWM0ZGRkOTJhNzgyZjc1YzRiMTY4MjM0OTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgVyLfRQAvv1sZlTlCxzbxHjAAWVe
93nEE4ttQMD85b4bwvSJ/rvt0t7RBobhNKhb+NJ4VlCYZWebRN6cTOTxl8TJ/2ib
STT7fENMl/nGRgRxwbFR35SK12MTeSKsnC7IZEB6MtWaIiFeY1tXjGuSLRVVUaZx
2FkYX+oz7lHHrwREewBdOcZ5BjJ86eOfeKZxOWfrqHMlC/19fMHcTAq7ujl089L4
aRbcr2M3+rMNeZHSKWeCsMKuCbPXue1G9q+KmQLpW3ipSf9zf2K1FFEtlzrmQYZ8
vzdyEqAT2ySXaUOgW4bnjjZkvn0UUeqEJ/QKoyr1gT/UuKarchgUxTQX3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAGxVLuzYFrE3dkqeC91xLFoI0kpMB8GA1UdIwQY
MBaAFHaqUfIBT6D9cRcGnYimefFnDDKkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHFwUjhnRlBvUDF4RndhZGlLWjU4V2NNTXFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS81ZGI1YTMtYTVlNi00NmM4LWFhOGUt
MjUxZjVkY2U3ZTRkLzEvQWJGVXU3TmdXc1RkMlNwNEwzWEVzV2dqU1NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS81ZGI1YTMtYTVlNi00NmM4LWFhOGUtMjUxZjVkY2U3ZTRk
LzEvZHFwUjhnRlBvUDF4RndhZGlLWjU4V2NNTXFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+rBMA0G
CSqGSIb3DQEBCwUAA4IBAQAmlZmzBCAKcDj5t2esbsoh96mmgdL02MebKUn+1gv5
xEJQb/1fKUFF0vF8Gn+z96LybH9evNdnxuShRU7F8EBro8kh0Pr+OTKmQlnfZ2Ev
KEaWaHmRRGN5lpz8qRiGQJcfohTHJGScawQ7RLeUZfsdMsHWHn12nkWsvWJi9dae
EEtf8hN/vbZzNZFqd4Rg26PpFB4nDk3X9QTVBt09+dO6+q7pOE79HfDTUrXWHUmC
32OyS1nE0wGdpY+gRa9OXKbNfETYDcBk0XqzDqqXHFvsbpasdly8foK+GH8CcZ1y
k74LBT84XNiMMQWefPOLZQn7xIiQpPe4H4fpFmEqwnCZ
-----END CERTIFICATE-----