Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/d679f2-414e-4538-9c60-295611aa7e92/1/nH1bkW5fYrec1XZWbaIW_NQr-EI.roa
File:                     nH1bkW5fYrec1XZWbaIW_NQr-EI.roa (raw, json)
Hash identifier:          41moE2WZfeAHiQcRBarbP6/AG70pQMAU5cdkkVjC8/4=
Subject key identifier:   9C:7D:5B:91:6E:5F:62:B7:9C:D5:76:56:6D:A2:16:FC:D4:2B:F8:42
Certificate issuer:       /CN=0b5e798db6e8f57c5f4a445150901dee8a96d5e5
Certificate serial:       018CC2DAB117E7C51C192C0965B08F71C543
Authority key identifier: 0B:5E:79:8D:B6:E8:F5:7C:5F:4A:44:51:50:90:1D:EE:8A:96:D5:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C155jbbo9XxfSkRRUJAd7oqW1eU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/d679f2-414e-4538-9c60-295611aa7e92/1/nH1bkW5fYrec1XZWbaIW_NQr-EI.roa
Signing time:             Mon 01 Jan 2024 02:29:21 +0000
ROA not before:           Mon 01 Jan 2024 02:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34024
IP address blocks:        91.199.235.0/24 maxlen: 24
                          193.26.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/d679f2-414e-4538-9c60-295611aa7e92/1/C155jbbo9XxfSkRRUJAd7oqW1eU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/d679f2-414e-4538-9c60-295611aa7e92/1/C155jbbo9XxfSkRRUJAd7oqW1eU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C155jbbo9XxfSkRRUJAd7oqW1eU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 10:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b1:17:e7:c5:1c:19:2c:09:65:b0:8f:71:c5:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b5e798db6e8f57c5f4a445150901dee8a96d5e5
        Validity
            Not Before: Jan  1 02:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c7d5b916e5f62b79cd576566da216fcd42bf842
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:7f:2f:ab:88:68:fc:90:86:ef:db:3c:28:7c:
                    ab:4f:30:a5:d5:c8:f9:41:d1:bd:c3:b0:45:e6:df:
                    1a:61:14:bd:59:e7:fd:78:15:35:91:8e:84:3a:cf:
                    7b:97:54:8c:91:aa:23:0f:5e:0a:b0:4f:8e:fa:5f:
                    e2:cf:d2:e3:e9:99:41:56:9f:cc:e5:49:58:1c:c4:
                    25:19:ea:40:a1:78:9d:34:c5:7d:b1:70:c9:09:0d:
                    0d:0c:7d:c8:58:e2:e1:b2:9e:58:a9:2d:a9:c6:73:
                    0a:f0:ee:87:2e:ce:b6:45:6c:aa:e4:6e:8e:60:e2:
                    30:94:d3:33:b7:85:e5:9b:35:74:09:8b:6f:cb:58:
                    43:4a:f0:1c:75:b2:63:ad:bd:8c:b5:46:47:51:fd:
                    9b:6a:a5:1a:49:a8:b6:37:0a:c1:fc:1b:ed:f6:75:
                    34:92:6d:d8:07:02:84:4b:7d:97:1e:f0:23:0f:bd:
                    ca:98:72:d6:83:b8:a5:5f:45:fb:d1:aa:8e:87:69:
                    e7:08:dc:eb:23:f6:38:47:1c:de:72:7c:e7:44:2f:
                    27:b5:27:52:f2:cf:92:05:fc:3c:cb:12:25:c6:1a:
                    e0:14:2f:ba:3a:09:a8:81:c1:45:28:0c:19:61:94:
                    44:4c:e7:2a:4a:d1:fc:2c:d9:70:f7:e8:ab:b1:39:
                    69:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:7D:5B:91:6E:5F:62:B7:9C:D5:76:56:6D:A2:16:FC:D4:2B:F8:42
            X509v3 Authority Key Identifier:
                keyid:0B:5E:79:8D:B6:E8:F5:7C:5F:4A:44:51:50:90:1D:EE:8A:96:D5:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C155jbbo9XxfSkRRUJAd7oqW1eU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/d679f2-414e-4538-9c60-295611aa7e92/1/nH1bkW5fYrec1XZWbaIW_NQr-EI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/d679f2-414e-4538-9c60-295611aa7e92/1/C155jbbo9XxfSkRRUJAd7oqW1eU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.235.0/24
                  193.26.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:e8:55:c4:56:42:a1:a3:a3:f1:3c:4e:cd:63:b9:e2:9a:43:
         d0:cc:60:c0:83:50:32:84:90:6b:0c:9d:2d:94:2e:eb:96:62:
         1d:e8:3e:c2:9d:3d:e5:59:d4:2d:3a:54:dd:07:4a:25:c6:62:
         56:49:ad:23:f5:8f:01:ff:87:2f:ba:44:9e:3e:af:a1:5d:58:
         9d:f6:5f:dd:2b:eb:5d:11:c9:33:d0:46:9b:96:e9:18:f8:0f:
         5f:ff:a6:2b:b2:f9:a8:00:f5:fc:41:49:94:08:0f:10:69:14:
         d1:bb:73:88:e9:b0:d5:62:21:f5:76:93:8e:bb:96:e9:30:a5:
         2c:d9:66:8f:ef:32:ab:2f:9f:38:f7:63:2e:a4:8f:69:72:67:
         e0:d9:25:9d:b3:1f:0a:e3:ac:99:e3:c6:14:dc:b0:13:5f:bc:
         41:ad:bf:5f:30:61:1e:bb:55:b8:bd:ea:de:46:ec:93:c6:9f:
         04:ee:3a:fc:04:74:69:35:c3:8d:5d:4c:82:00:63:d9:29:ff:
         c8:f0:97:e5:97:b2:00:f5:86:5b:56:c2:35:b0:50:80:8a:a4:
         a7:d2:24:3d:d6:66:75:48:41:32:8c:07:f5:9d:b1:be:4c:39:
         6b:1d:c9:7c:2d:bd:3e:63:c6:0b:6e:b6:bc:94:b5:85:64:82:
         9c:76:e6:71
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2rEX58UcGSwJZbCPccVDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNWU3OThkYjZlOGY1N2M1ZjRhNDQ1MTUwOTAxZGVlOGE5
NmQ1ZTUwHhcNMjQwMTAxMDIyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzdkNWI5MTZlNWY2MmI3OWNkNTc2NTY2ZGEyMTZmY2Q0MmJmODQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtH8vq4ho/JCG79s8KHyrTzCl1cj5
QdG9w7BF5t8aYRS9Wef9eBU1kY6EOs97l1SMkaojD14KsE+O+l/iz9Lj6ZlBVp/M
5UlYHMQlGepAoXidNMV9sXDJCQ0NDH3IWOLhsp5YqS2pxnMK8O6HLs62RWyq5G6O
YOIwlNMzt4XlmzV0CYtvy1hDSvAcdbJjrb2MtUZHUf2baqUaSai2NwrB/Bvt9nU0
km3YBwKES32XHvAjD73KmHLWg7ilX0X70aqOh2nnCNzrI/Y4RxzecnznRC8ntSdS
8s+SBfw8yxIlxhrgFC+6OgmogcFFKAwZYZRETOcqStH8LNlw9+irsTlp+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJx9W5FuX2K3nNV2Vm2iFvzUK/hCMB8GA1UdIwQY
MBaAFAteeY226PV8X0pEUVCQHe6KltXlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzE1NWpiYm85WHhmU2tSUlVKQWQ3b3FXMWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9kNjc5ZjItNDE0ZS00NTM4LTljNjAt
Mjk1NjExYWE3ZTkyLzEvbkgxYmtXNWZZcmVjMVhaV2JhSVdfTlFyLUVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9kNjc5ZjItNDE0ZS00NTM4LTljNjAtMjk1NjExYWE3ZTky
LzEvQzE1NWpiYm85WHhmU2tSUlVKQWQ3b3FXMWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8frAwQA
wRoaMA0GCSqGSIb3DQEBCwUAA4IBAQBY6FXEVkKho6PxPE7NY7nimkPQzGDAg1Ay
hJBrDJ0tlC7rlmId6D7CnT3lWdQtOlTdB0olxmJWSa0j9Y8B/4cvukSePq+hXVid
9l/dK+tdEckz0EablukY+A9f/6YrsvmoAPX8QUmUCA8QaRTRu3OI6bDVYiH1dpOO
u5bpMKUs2WaP7zKrL58492MupI9pcmfg2SWdsx8K46yZ48YU3LATX7xBrb9fMGEe
u1W4vereRuyTxp8E7jr8BHRpNcONXUyCAGPZKf/I8Jfll7IA9YZbVsI1sFCAiqSn
0iQ91mZ1SEEyjAf1nbG+TDlrHcl8Lb0+Y8YLbra8lLWFZIKcduZx
-----END CERTIFICATE-----