Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/m0AkQ3FD0f8X5Fms9-GGs1xaDjI.roa
File:                     m0AkQ3FD0f8X5Fms9-GGs1xaDjI.roa (raw, json)
Hash identifier:          kLxjz+5rtR2uerqz4/mY/4+3eNRPvhyTf6GMIor1IWg=
Subject key identifier:   9B:40:24:43:71:43:D1:FF:17:E4:59:AC:F7:E1:86:B3:5C:5A:0E:32
Certificate issuer:       /CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
Certificate serial:       018CC348E2846F12D290E2779C191EA7D289
Authority key identifier: EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/m0AkQ3FD0f8X5Fms9-GGs1xaDjI.roa
Signing time:             Mon 01 Jan 2024 04:29:42 +0000
ROA not before:           Mon 01 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34665
IP address blocks:        92.51.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e2:84:6f:12:d2:90:e2:77:9c:19:1e:a7:d2:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
        Validity
            Not Before: Jan  1 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b4024437143d1ff17e459acf7e186b35c5a0e32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:99:d4:fc:5a:d1:f5:93:e9:40:cb:8c:44:6e:
                    4e:9a:3a:2b:ab:31:2f:9f:43:bc:15:93:9c:65:bf:
                    d6:0f:53:91:d1:e2:cf:a5:11:49:93:ee:32:a6:f9:
                    e0:40:20:ca:63:db:f2:ec:46:29:a5:e6:89:0d:46:
                    9a:2d:7b:9f:a9:9a:24:ff:24:ec:32:e1:e4:07:f7:
                    45:00:fd:08:55:f2:4c:e5:4f:54:e4:ef:bd:db:01:
                    0e:7d:37:66:f3:e0:39:fa:58:29:9f:5e:74:ce:59:
                    79:12:d8:01:6a:e8:9b:1d:2b:b2:f0:74:b5:33:bc:
                    e5:3a:82:db:2d:9e:1d:4e:4d:30:c5:49:68:b3:f1:
                    6d:a2:b9:c8:77:aa:1c:fd:71:a9:bc:87:86:5a:2a:
                    23:b7:b9:3f:eb:14:58:63:56:1d:c8:80:ee:fa:85:
                    ee:a7:cb:39:75:ed:9c:e2:ab:f7:87:73:07:a1:97:
                    48:1d:df:91:50:dd:98:51:3f:b3:ad:89:a5:57:2b:
                    64:eb:32:20:d7:50:bf:87:70:d4:05:58:0a:27:42:
                    2b:aa:ef:da:47:e4:a9:d0:4e:18:dc:db:6b:fc:08:
                    9c:29:0d:fc:c0:b8:4b:d0:3e:d0:e1:0f:03:d3:d0:
                    8b:f9:b5:9c:ff:08:e4:ed:a4:b8:1b:b1:18:cc:cd:
                    6b:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:40:24:43:71:43:D1:FF:17:E4:59:AC:F7:E1:86:B3:5C:5A:0E:32
            X509v3 Authority Key Identifier:
                keyid:EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/m0AkQ3FD0f8X5Fms9-GGs1xaDjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.51.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:77:fd:53:41:cf:9e:e1:69:05:c0:30:ba:ee:30:b9:69:32:
         5f:73:f3:df:a2:99:1f:20:5f:d3:39:0c:9b:59:1d:b7:ca:59:
         20:74:da:7e:86:cb:67:51:ec:a0:c6:e9:1f:6e:f6:b7:28:dc:
         26:78:9a:2d:78:00:c4:5c:de:7a:af:ad:99:9f:23:8f:bc:20:
         cf:87:d3:f9:6c:de:4d:04:4a:53:b0:fb:48:ae:9c:c6:83:c6:
         2c:fb:a6:7c:6d:ad:62:69:be:51:f0:30:3b:a9:81:5d:bd:de:
         f4:05:e5:5e:60:07:d7:fb:56:1a:2d:e6:fc:b2:74:15:ec:73:
         90:99:f6:63:04:7f:b0:32:3c:ba:ae:09:90:63:08:ae:c2:dd:
         95:48:c4:db:6b:ad:3e:39:a7:a9:9e:af:64:9f:ff:d2:2c:b1:
         91:1d:7b:42:dc:a3:25:44:72:08:02:32:68:8b:ab:5e:52:fc:
         1f:c8:68:33:68:72:60:45:3c:d9:68:3a:65:51:3e:45:a9:af:
         a4:e8:9c:a0:47:4c:2f:16:18:91:17:66:88:5a:47:5d:fc:9a:
         ba:0b:89:3c:f7:6f:18:48:6d:d6:96:ef:d5:ac:2f:58:41:ee:
         69:25:a0:d6:30:91:62:e0:f9:33:df:6b:4e:7f:92:b4:6e:aa:
         47:9e:45:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOKEbxLSkOJ3nBkep9KJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTdjMmQ5ZDkzYWM3Y2Y5YjJmMTdjYWE3ODU5YjY5ODVi
MzliOWQwHhcNMjQwMTAxMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjQwMjQ0MzcxNDNkMWZmMTdlNDU5YWNmN2UxODZiMzVjNWEwZTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhZnU/FrR9ZPpQMuMRG5OmjorqzEv
n0O8FZOcZb/WD1OR0eLPpRFJk+4ypvngQCDKY9vy7EYppeaJDUaaLXufqZok/yTs
MuHkB/dFAP0IVfJM5U9U5O+92wEOfTdm8+A5+lgpn150zll5EtgBauibHSuy8HS1
M7zlOoLbLZ4dTk0wxUlos/FtornId6oc/XGpvIeGWiojt7k/6xRYY1YdyIDu+oXu
p8s5de2c4qv3h3MHoZdIHd+RUN2YUT+zrYmlVytk6zIg11C/h3DUBVgKJ0Irqu/a
R+Sp0E4Y3Ntr/AicKQ38wLhL0D7Q4Q8D09CL+bWc/wjk7aS4G7EYzM1rsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJtAJENxQ9H/F+RZrPfhhrNcWg4yMB8GA1UdIwQY
MBaAFO9XwtnZOsfPmy8XyqeFm2mFs5udMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2Njct
OGU2Zjg3OGRiNWY0LzEvbTBBa1EzRkQwZjhYNUZtczktR0dzMXhhRGpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2NjctOGU2Zjg3OGRiNWY0
LzEvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXDMDMA0G
CSqGSIb3DQEBCwUAA4IBAQBVd/1TQc+e4WkFwDC67jC5aTJfc/PfopkfIF/TOQyb
WR23ylkgdNp+hstnUeygxukfbva3KNwmeJoteADEXN56r62ZnyOPvCDPh9P5bN5N
BEpTsPtIrpzGg8Ys+6Z8ba1iab5R8DA7qYFdvd70BeVeYAfX+1YaLeb8snQV7HOQ
mfZjBH+wMjy6rgmQYwiuwt2VSMTba60+Oaepnq9kn//SLLGRHXtC3KMlRHIIAjJo
i6teUvwfyGgzaHJgRTzZaDplUT5Fqa+k6JygR0wvFhiRF2aIWkdd/Jq6C4k8928Y
SG3Wlu/VrC9YQe5pJaDWMJFi4Pkz32tOf5K0bqpHnkWF
-----END CERTIFICATE-----