Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/U9fFQvnQ5J4f5vqCpk8QJGHWW64.roa
File:                     U9fFQvnQ5J4f5vqCpk8QJGHWW64.roa (raw, json)
Hash identifier:          NTbsW6be/zE/pYAqfiC/Z+0HoEY44dZ0oAgxLUsgGOQ=
Subject key identifier:   53:D7:C5:42:F9:D0:E4:9E:1F:E6:FA:82:A6:4F:10:24:61:D6:5B:AE
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019156A1A623A59B9B783B35F890540B327E
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/U9fFQvnQ5J4f5vqCpk8QJGHWW64.roa
Signing time:             Thu 15 Aug 2024 15:21:59 +0000
ROA not before:           Thu 15 Aug 2024 15:21:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29802
IP address blocks:        213.108.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:56:a1:a6:23:a5:9b:9b:78:3b:35:f8:90:54:0b:32:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Aug 15 15:21:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53d7c542f9d0e49e1fe6fa82a64f102461d65bae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:71:c0:3a:ee:52:51:07:92:6a:86:fe:8b:69:
                    2c:4d:9b:f0:51:2e:dc:e6:3e:37:a8:c6:ab:13:92:
                    40:c9:24:f9:f1:aa:15:f3:38:a3:71:3c:81:96:f3:
                    a1:ad:db:aa:24:20:88:d5:83:50:d7:dc:cc:86:89:
                    5e:b8:af:86:9b:44:f5:40:22:52:e0:46:6b:1a:11:
                    a2:c7:45:a8:e2:9c:e3:e9:29:ae:44:90:0c:2c:78:
                    c7:c1:53:b4:fb:d3:90:08:c3:a1:87:a5:34:56:f9:
                    27:d6:89:9e:42:de:5e:57:f7:ca:c8:b9:8f:66:2c:
                    e7:e2:3a:94:ca:86:2b:e6:0f:8f:43:1a:3d:68:06:
                    b5:da:e7:bf:4b:6a:dd:52:c9:5f:dd:14:35:f1:e3:
                    79:40:97:13:b3:85:97:ab:d9:90:61:64:29:d7:8f:
                    7c:9d:f3:e9:7f:4e:ce:87:a5:38:db:5e:ed:fe:8c:
                    a0:c5:fb:f9:40:f8:85:1d:6f:37:f1:4e:b3:db:a1:
                    68:4b:f9:fc:29:05:25:75:f1:a2:f2:27:7a:c6:f8:
                    39:48:0b:e8:09:00:db:28:c2:45:2e:f2:cd:3f:5f:
                    37:22:6e:b2:58:06:ad:3f:47:4a:f3:c9:bd:1d:c6:
                    7a:8b:84:c6:20:5e:04:30:45:a4:41:20:01:2c:8a:
                    7b:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:D7:C5:42:F9:D0:E4:9E:1F:E6:FA:82:A6:4F:10:24:61:D6:5B:AE
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/U9fFQvnQ5J4f5vqCpk8QJGHWW64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.108.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:4c:22:96:92:e9:0c:55:d9:d8:51:5a:51:de:19:cd:64:1f:
         a8:33:6a:b2:3f:59:74:a7:9c:34:63:ff:8e:cd:a0:a5:d6:b7:
         46:0c:53:69:87:7e:11:4c:40:6a:f9:44:4d:72:73:1d:24:79:
         2d:dc:31:85:99:cc:55:bb:3a:ae:cb:d3:30:5a:be:67:51:0e:
         77:d1:4e:e2:7d:78:bf:76:08:35:79:16:46:a3:7f:54:9a:e8:
         92:3d:eb:4a:cc:d4:34:86:07:49:06:bb:e4:40:a8:df:58:70:
         38:1f:bc:02:5d:20:dd:1c:33:a4:ac:94:9c:47:36:4d:3b:ba:
         79:6d:07:cd:3f:02:0c:e7:db:08:2b:27:07:0c:00:13:a2:86:
         6f:d3:c5:58:3f:96:3a:06:ee:0c:7b:92:30:b8:b0:19:6d:eb:
         0e:25:0f:27:6b:32:07:0c:0b:fa:f0:d9:7f:24:50:52:be:8a:
         a3:35:1d:60:d1:2e:87:1c:ca:61:f7:89:aa:9c:49:cf:f0:2a:
         bd:7b:16:71:7a:c5:c3:b0:7b:94:f7:54:c4:b4:8e:89:3e:d5:
         1a:bb:fa:d5:c2:8d:75:b2:3f:57:8d:f2:a8:e3:8f:5c:50:6e:
         57:ff:35:fd:43:73:02:c0:4f:ba:73:c0:80:ef:70:51:24:82:
         28:97:77:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFWoaYjpZubeDs1+JBUCzJ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwODE1MTUyMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2Q3YzU0MmY5ZDBlNDllMWZlNmZhODJhNjRmMTAyNDYxZDY1YmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3HAOu5SUQeSaob+i2ksTZvwUS7c
5j43qMarE5JAyST58aoV8zijcTyBlvOhrduqJCCI1YNQ19zMholeuK+Gm0T1QCJS
4EZrGhGix0Wo4pzj6SmuRJAMLHjHwVO0+9OQCMOhh6U0Vvkn1omeQt5eV/fKyLmP
Zizn4jqUyoYr5g+PQxo9aAa12ue/S2rdUslf3RQ18eN5QJcTs4WXq9mQYWQp1498
nfPpf07Oh6U4217t/oygxfv5QPiFHW838U6z26FoS/n8KQUldfGi8id6xvg5SAvo
CQDbKMJFLvLNP183Im6yWAatP0dK88m9HcZ6i4TGIF4EMEWkQSABLIp7YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPXxUL50OSeH+b6gqZPECRh1luuMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvVTlmRlF2blE1SjRmNXZxQ3BrOFFKR0hXVzY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1WzGMA0G
CSqGSIb3DQEBCwUAA4IBAQCTTCKWkukMVdnYUVpR3hnNZB+oM2qyP1l0p5w0Y/+O
zaCl1rdGDFNph34RTEBq+URNcnMdJHkt3DGFmcxVuzquy9MwWr5nUQ530U7ifXi/
dgg1eRZGo39UmuiSPetKzNQ0hgdJBrvkQKjfWHA4H7wCXSDdHDOkrJScRzZNO7p5
bQfNPwIM59sIKycHDAATooZv08VYP5Y6Bu4Me5IwuLAZbesOJQ8nazIHDAv68Nl/
JFBSvoqjNR1g0S6HHMph94mqnEnP8Cq9exZxesXDsHuU91TEtI6JPtUau/rVwo11
sj9XjfKo449cUG5X/zX9Q3MCwE+6c8CA73BRJIIol3dA
-----END CERTIFICATE-----