Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/aa6565-5d97-4a80-9a5d-424c23f50ff3/1/9LfOsmZr40eq7ztYS0r260lPY5E.roa
File:                     9LfOsmZr40eq7ztYS0r260lPY5E.roa (raw, json)
Hash identifier:          A2FD+r8RqVoB3A0XTTp7tjsPBbsYYYRkFJk1HmRE93k=
Subject key identifier:   F4:B7:CE:B2:66:6B:E3:47:AA:EF:3B:58:4B:4A:F6:EB:49:4F:63:91
Certificate issuer:       /CN=3eb91f36cffe80efe0dff26123f8f97c15d9763c
Certificate serial:       018CC424643EB599A3018D8C7586E4552FA6
Authority key identifier: 3E:B9:1F:36:CF:FE:80:EF:E0:DF:F2:61:23:F8:F9:7C:15:D9:76:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PrkfNs_-gO_g3_JhI_j5fBXZdjw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/aa6565-5d97-4a80-9a5d-424c23f50ff3/1/9LfOsmZr40eq7ztYS0r260lPY5E.roa
Signing time:             Mon 01 Jan 2024 08:29:28 +0000
ROA not before:           Mon 01 Jan 2024 08:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43947
IP address blocks:        91.198.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/aa6565-5d97-4a80-9a5d-424c23f50ff3/1/PrkfNs_-gO_g3_JhI_j5fBXZdjw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/aa6565-5d97-4a80-9a5d-424c23f50ff3/1/PrkfNs_-gO_g3_JhI_j5fBXZdjw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PrkfNs_-gO_g3_JhI_j5fBXZdjw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:64:3e:b5:99:a3:01:8d:8c:75:86:e4:55:2f:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3eb91f36cffe80efe0dff26123f8f97c15d9763c
        Validity
            Not Before: Jan  1 08:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4b7ceb2666be347aaef3b584b4af6eb494f6391
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:16:0a:09:09:fe:19:9d:56:69:f8:8a:4f:03:
                    97:4f:a6:23:59:c0:eb:b8:0a:7f:c9:f1:99:03:cf:
                    36:5c:a6:47:48:da:46:42:0e:13:a9:18:d5:5b:27:
                    5f:4d:a4:db:8e:72:f7:3f:15:de:dc:82:a9:31:98:
                    29:00:f2:a9:ae:61:9a:eb:33:d1:25:49:07:4f:91:
                    5c:e7:97:f9:83:f9:95:cf:5d:5d:1a:1b:34:73:90:
                    dd:44:ac:78:f9:df:47:c9:f9:d8:be:7e:30:9b:c7:
                    37:4a:f1:ff:3d:b8:92:31:77:87:59:e0:ec:24:77:
                    1b:fa:37:11:69:33:94:e0:87:84:4e:13:05:78:1d:
                    46:eb:f0:82:1f:e0:6e:56:b2:fa:29:bc:7e:31:a7:
                    de:8a:ed:ae:8b:dc:a1:7b:cb:e1:78:fd:d1:83:3c:
                    b0:4e:3f:1a:27:dc:a8:a2:e4:ac:53:18:51:11:0e:
                    32:8e:c0:ea:ff:7e:f9:aa:d7:67:fc:e6:cc:f1:20:
                    c5:cb:9c:ec:07:8e:a4:45:e4:de:4e:52:98:5d:a9:
                    86:93:90:b4:cf:35:54:7f:0b:7f:62:49:bb:aa:02:
                    f3:05:a1:c7:ff:99:63:5e:a3:53:81:87:de:0f:63:
                    58:be:45:53:12:4f:b5:a6:4c:ad:37:d7:2a:ab:24:
                    eb:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:B7:CE:B2:66:6B:E3:47:AA:EF:3B:58:4B:4A:F6:EB:49:4F:63:91
            X509v3 Authority Key Identifier:
                keyid:3E:B9:1F:36:CF:FE:80:EF:E0:DF:F2:61:23:F8:F9:7C:15:D9:76:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PrkfNs_-gO_g3_JhI_j5fBXZdjw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/aa6565-5d97-4a80-9a5d-424c23f50ff3/1/9LfOsmZr40eq7ztYS0r260lPY5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/aa6565-5d97-4a80-9a5d-424c23f50ff3/1/PrkfNs_-gO_g3_JhI_j5fBXZdjw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:de:95:43:f2:2e:ed:3b:3d:73:1c:73:1d:56:b9:c8:f6:53:
         f1:f8:a9:90:36:aa:df:7e:29:a8:4b:36:8a:0c:99:9e:92:8e:
         c8:ff:18:38:f3:f1:95:94:5c:a3:94:ef:67:d0:4f:e1:d0:a3:
         4e:b5:80:fe:c9:52:7b:f0:14:f8:42:54:b3:c9:9f:ee:16:aa:
         d1:e7:82:3f:99:bf:21:64:99:75:52:0e:82:12:e6:23:1f:7f:
         25:40:f7:72:c0:46:0c:15:21:fe:96:33:6c:0e:39:43:0c:96:
         98:73:e7:a2:61:fb:22:56:c5:a9:79:5f:81:0d:0c:ef:a8:5b:
         f1:51:18:08:1f:b6:fe:19:0f:fc:ab:58:83:e6:9e:f9:c2:a3:
         fb:90:8f:6b:54:70:bd:57:9a:e8:0e:dd:1c:b0:b7:9b:c0:ac:
         32:cc:99:26:8c:06:f8:db:3e:9b:d4:f5:80:5a:96:3a:cd:77:
         68:1f:f8:0d:92:97:7b:45:bd:46:ac:95:26:a9:b3:fd:52:0f:
         32:cb:a1:3c:09:cb:c6:fc:9b:e0:8b:40:e2:d5:0f:af:a4:90:
         a3:2d:30:71:ba:55:b9:dd:a9:62:56:02:96:1c:b4:e6:de:c4:
         d1:72:41:24:d1:57:df:2a:e1:6e:14:84:60:b1:4e:b7:0a:b1:
         ae:be:30:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJGQ+tZmjAY2MdYbkVS+mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYjkxZjM2Y2ZmZTgwZWZlMGRmZjI2MTIzZjhmOTdjMTVk
OTc2M2MwHhcNMjQwMTAxMDgyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGI3Y2ViMjY2NmJlMzQ3YWFlZjNiNTg0YjRhZjZlYjQ5NGY2MzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxYKCQn+GZ1WafiKTwOXT6YjWcDr
uAp/yfGZA882XKZHSNpGQg4TqRjVWydfTaTbjnL3PxXe3IKpMZgpAPKprmGa6zPR
JUkHT5Fc55f5g/mVz11dGhs0c5DdRKx4+d9HyfnYvn4wm8c3SvH/PbiSMXeHWeDs
JHcb+jcRaTOU4IeEThMFeB1G6/CCH+BuVrL6Kbx+Mafeiu2ui9yhe8vheP3Rgzyw
Tj8aJ9yoouSsUxhREQ4yjsDq/375qtdn/ObM8SDFy5zsB46kReTeTlKYXamGk5C0
zzVUfwt/Ykm7qgLzBaHH/5ljXqNTgYfeD2NYvkVTEk+1pkytN9cqqyTr8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPS3zrJma+NHqu87WEtK9utJT2ORMB8GA1UdIwQY
MBaAFD65HzbP/oDv4N/yYSP4+XwV2XY8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHJrZk5zXy1nT19nM19KaElfajVmQlhaZGp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9hYTY1NjUtNWQ5Ny00YTgwLTlhNWQt
NDI0YzIzZjUwZmYzLzEvOUxmT3NtWnI0MGVxN3p0WVMwcjI2MGxQWTVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9hYTY1NjUtNWQ5Ny00YTgwLTlhNWQtNDI0YzIzZjUwZmYz
LzEvUHJrZk5zXy1nT19nM19KaElfajVmQlhaZGp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8bbMA0G
CSqGSIb3DQEBCwUAA4IBAQAZ3pVD8i7tOz1zHHMdVrnI9lPx+KmQNqrffimoSzaK
DJmeko7I/xg48/GVlFyjlO9n0E/h0KNOtYD+yVJ78BT4QlSzyZ/uFqrR54I/mb8h
ZJl1Ug6CEuYjH38lQPdywEYMFSH+ljNsDjlDDJaYc+eiYfsiVsWpeV+BDQzvqFvx
URgIH7b+GQ/8q1iD5p75wqP7kI9rVHC9V5roDt0csLebwKwyzJkmjAb42z6b1PWA
WpY6zXdoH/gNkpd7Rb1GrJUmqbP9Ug8yy6E8CcvG/Jvgi0Di1Q+vpJCjLTBxulW5
3aliVgKWHLTm3sTRckEk0VffKuFuFIRgsU63CrGuvjB1
-----END CERTIFICATE-----