Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/pbvNlToyhbEyCyynL-ULpUAlGXU.roa
File:                     pbvNlToyhbEyCyynL-ULpUAlGXU.roa (raw, json)
Hash identifier:          LJVWMceroVr1dKry+f79TV5muY3pUYVFTP7kyP1Pt/k=
Subject key identifier:   A5:BB:CD:95:3A:32:85:B1:32:0B:2C:A7:2F:E5:0B:A5:40:25:19:75
Certificate issuer:       /CN=c9d0e9234cc6721957a4ac213eac6753ed85eea7
Certificate serial:       0191B71E0503FB2F49FBD39900FEA4DDE7F5
Authority key identifier: C9:D0:E9:23:4C:C6:72:19:57:A4:AC:21:3E:AC:67:53:ED:85:EE:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydDpI0zGchlXpKwhPqxnU-2F7qc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/pbvNlToyhbEyCyynL-ULpUAlGXU.roa
Signing time:             Tue 03 Sep 2024 09:01:23 +0000
ROA not before:           Tue 03 Sep 2024 09:01:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12480
IP address blocks:        194.59.13.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/ydDpI0zGchlXpKwhPqxnU-2F7qc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/ydDpI0zGchlXpKwhPqxnU-2F7qc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydDpI0zGchlXpKwhPqxnU-2F7qc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b7:1e:05:03:fb:2f:49:fb:d3:99:00:fe:a4:dd:e7:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d0e9234cc6721957a4ac213eac6753ed85eea7
        Validity
            Not Before: Sep  3 09:01:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5bbcd953a3285b1320b2ca72fe50ba540251975
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:20:3e:f1:f7:ef:57:a8:ac:ba:b2:86:3f:5a:
                    05:c7:4f:29:3a:f3:9e:20:4a:5a:15:9e:da:97:20:
                    72:03:27:af:89:65:80:3d:53:89:a9:86:7d:2d:4f:
                    05:45:f9:b8:f3:c0:85:fc:9b:9f:54:ce:c3:6b:56:
                    ed:4f:ea:f6:e5:0d:53:83:d8:d9:bc:19:88:e7:50:
                    73:65:67:fe:b2:b1:d3:64:7d:c4:a4:9b:4b:61:0d:
                    bb:3a:26:95:45:b9:90:13:61:36:e3:af:52:78:9a:
                    36:ab:ad:29:b6:0b:45:c7:fa:53:fd:df:4f:7f:41:
                    d8:f8:f0:68:7e:39:be:0e:af:05:41:eb:6c:1b:e6:
                    41:38:c9:b1:c3:6d:ea:43:e4:be:ba:2e:7d:79:6a:
                    fc:43:67:4c:9d:4f:1a:29:5f:ba:a9:0e:f7:00:c0:
                    17:3d:cd:fd:60:f6:eb:86:48:92:5b:ae:a7:cb:ba:
                    24:74:b7:da:95:23:09:58:43:c2:83:5e:e2:7f:14:
                    1e:c6:6d:7e:92:1c:e1:91:17:d5:b6:03:34:4a:c1:
                    14:48:54:e7:b4:b9:fe:de:50:ea:6c:df:d8:06:ba:
                    1d:42:28:dc:b8:58:e7:f4:06:d8:fc:a4:37:12:0f:
                    a4:9c:6e:9e:0a:2b:99:72:f9:a0:ba:1a:4c:1a:54:
                    88:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:BB:CD:95:3A:32:85:B1:32:0B:2C:A7:2F:E5:0B:A5:40:25:19:75
            X509v3 Authority Key Identifier:
                keyid:C9:D0:E9:23:4C:C6:72:19:57:A4:AC:21:3E:AC:67:53:ED:85:EE:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydDpI0zGchlXpKwhPqxnU-2F7qc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/pbvNlToyhbEyCyynL-ULpUAlGXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/ydDpI0zGchlXpKwhPqxnU-2F7qc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:e4:f9:94:0d:bb:75:36:48:30:32:53:96:5f:0a:06:23:f4:
         98:d4:60:22:0e:79:f8:19:26:e4:1b:3f:67:34:60:27:11:ec:
         cc:70:88:44:fb:ea:85:28:41:48:d7:7b:9a:3d:96:98:bb:17:
         b4:83:53:b4:df:2a:63:de:89:19:1b:3e:d6:9a:b3:68:04:66:
         76:4d:ec:e1:f7:23:76:8f:af:1b:70:a9:28:88:cb:0d:9e:e3:
         c2:43:33:3b:ab:62:df:7b:23:32:da:08:db:48:d7:49:d7:e2:
         53:aa:9d:8a:4d:6a:ca:75:d1:c0:60:53:28:ed:05:1c:74:83:
         9d:fc:27:1b:70:56:b6:d3:4d:c4:3b:cd:59:a8:1d:f4:7a:0b:
         b0:27:0c:f4:89:33:78:ae:6c:ce:4b:a8:16:ce:b4:82:3c:cc:
         1f:1b:ce:78:22:f5:3f:b6:10:75:fd:a9:d9:3d:02:e6:73:48:
         f8:8c:ec:ac:6e:2e:13:09:ee:dd:e8:42:80:c1:ca:0c:92:ad:
         8e:6e:ac:4e:57:b1:37:56:68:59:d5:7f:5d:6c:a5:b8:0b:b0:
         83:76:85:28:cb:b0:75:8b:2f:be:d5:74:37:5b:c6:e5:d5:5b:
         91:63:0f:4f:4d:91:62:d5:8b:98:25:4f:b8:4b:70:7a:f6:41:
         dc:1a:d3:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZG3HgUD+y9J+9OZAP6k3ef1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDBlOTIzNGNjNjcyMTk1N2E0YWMyMTNlYWM2NzUzZWQ4
NWVlYTcwHhcNMjQwOTAzMDkwMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWJiY2Q5NTNhMzI4NWIxMzIwYjJjYTcyZmU1MGJhNTQwMjUxOTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5CA+8ffvV6isurKGP1oFx08pOvOe
IEpaFZ7alyByAyeviWWAPVOJqYZ9LU8FRfm488CF/JufVM7Da1btT+r25Q1Tg9jZ
vBmI51BzZWf+srHTZH3EpJtLYQ27OiaVRbmQE2E2469SeJo2q60ptgtFx/pT/d9P
f0HY+PBofjm+Dq8FQetsG+ZBOMmxw23qQ+S+ui59eWr8Q2dMnU8aKV+6qQ73AMAX
Pc39YPbrhkiSW66ny7okdLfalSMJWEPCg17ifxQexm1+khzhkRfVtgM0SsEUSFTn
tLn+3lDqbN/YBrodQijcuFjn9AbY/KQ3Eg+knG6eCiuZcvmguhpMGlSIGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKW7zZU6MoWxMgsspy/lC6VAJRl1MB8GA1UdIwQY
MBaAFMnQ6SNMxnIZV6SsIT6sZ1Pthe6nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWREcEkwekdjaGxYcEt3aFBxeG5VLTJGN3FjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83YzAyNzQtNzRjNi00NDIzLTlhODgt
OWEzMDBiMGE3ZWQyLzEvcGJ2TmxUb3loYkV5Q3l5bkwtVUxwVUFsR1hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83YzAyNzQtNzRjNi00NDIzLTlhODgtOWEzMDBiMGE3ZWQy
LzEveWREcEkwekdjaGxYcEt3aFBxeG5VLTJGN3FjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjsNMA0G
CSqGSIb3DQEBCwUAA4IBAQBs5PmUDbt1NkgwMlOWXwoGI/SY1GAiDnn4GSbkGz9n
NGAnEezMcIhE++qFKEFI13uaPZaYuxe0g1O03ypj3okZGz7WmrNoBGZ2Tezh9yN2
j68bcKkoiMsNnuPCQzM7q2LfeyMy2gjbSNdJ1+JTqp2KTWrKddHAYFMo7QUcdIOd
/CcbcFa2003EO81ZqB30eguwJwz0iTN4rmzOS6gWzrSCPMwfG854IvU/thB1/anZ
PQLmc0j4jOysbi4TCe7d6EKAwcoMkq2ObqxOV7E3VmhZ1X9dbKW4C7CDdoUoy7B1
iy++1XQ3W8bl1VuRYw9PTZFi1YuYJU+4S3B69kHcGtPD
-----END CERTIFICATE-----