Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/mf_LtIM1utcdN4JEI4GsEmgO2l0.roa
File:                     mf_LtIM1utcdN4JEI4GsEmgO2l0.roa (raw, json)
Hash identifier:          Qvp1GZ/IhfjYX8lqTMye27O2BlrDTVpCuBK18iWnLyI=
Subject key identifier:   99:FF:CB:B4:83:35:BA:D7:1D:37:82:44:23:81:AC:12:68:0E:DA:5D
Certificate issuer:       /CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Certificate serial:       0190B059D00189576152C931D25D401FA508
Authority key identifier: DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/mf_LtIM1utcdN4JEI4GsEmgO2l0.roa
Signing time:             Sun 14 Jul 2024 08:26:34 +0000
ROA not before:           Sun 14 Jul 2024 08:26:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216271
IP address blocks:        192.162.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b0:59:d0:01:89:57:61:52:c9:31:d2:5d:40:1f:a5:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
        Validity
            Not Before: Jul 14 08:26:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99ffcbb48335bad71d3782442381ac12680eda5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d4:e0:96:28:80:ff:aa:ce:37:30:c1:ed:c5:
                    51:12:c1:8b:0c:24:6b:46:8a:32:03:f4:f2:48:2e:
                    94:fd:4c:84:1e:34:2c:e5:9b:a6:96:b6:07:3e:7b:
                    2b:50:20:72:52:2e:3a:3b:8b:bc:af:dc:22:66:31:
                    af:8a:5c:dd:da:69:03:24:ae:1c:fb:cd:e1:08:33:
                    73:93:a5:ba:d3:40:fc:59:1d:f5:8b:67:fe:cd:58:
                    45:ac:b7:fd:b1:f3:a8:d1:15:70:1e:1f:69:a1:79:
                    c9:c1:40:fd:db:a2:db:fa:d2:d5:d6:56:e9:2a:db:
                    66:ff:f0:31:3d:2c:26:29:a7:88:1e:75:dc:cc:06:
                    a8:5d:b8:1f:04:5a:8a:25:11:15:e6:c9:e9:7f:da:
                    e8:19:47:7e:d8:b5:49:28:b9:e4:67:f7:3f:0c:fb:
                    ac:4b:bd:70:94:e7:74:bb:92:1c:c0:1d:d5:6a:de:
                    c3:f2:25:9e:f9:cb:77:79:79:24:71:ca:e4:80:ad:
                    b9:5e:d3:09:82:a0:4f:ed:c8:88:8f:3c:e9:22:41:
                    c3:2b:ee:9a:54:29:25:3b:55:77:30:86:15:20:5d:
                    3b:18:51:cb:1d:90:db:2c:9c:cb:82:2e:45:1e:9c:
                    4a:50:08:ae:9e:16:00:29:50:0e:e8:6b:11:fc:c0:
                    1c:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:FF:CB:B4:83:35:BA:D7:1D:37:82:44:23:81:AC:12:68:0E:DA:5D
            X509v3 Authority Key Identifier:
                keyid:DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/mf_LtIM1utcdN4JEI4GsEmgO2l0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.162.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:f7:f9:72:23:73:d3:01:46:4a:c8:61:2e:ef:82:a0:1f:0c:
         6a:6b:a9:15:95:e8:2d:62:f3:94:11:ca:95:28:d9:50:aa:40:
         7d:a5:a0:a5:3b:5b:3f:81:b6:7a:84:d3:34:d2:d2:b9:c7:96:
         c0:8a:92:80:e2:73:b7:00:c5:d9:a3:31:d5:b5:0e:d2:ad:9e:
         43:02:4b:e5:01:d5:7f:23:6d:37:17:4b:00:ed:fc:99:85:af:
         7a:cc:23:b4:c6:fa:be:55:5a:cb:f2:5b:08:0a:00:e8:eb:08:
         2b:09:3c:b0:fe:95:2a:fa:b8:0e:30:fc:7b:71:d2:28:2c:de:
         d5:6c:e1:3b:2a:be:14:5a:a3:26:f3:f0:d4:07:09:5b:fb:95:
         4a:2c:f0:3f:52:41:6a:6a:ef:79:72:b0:e0:69:16:73:ce:c3:
         b5:84:a4:68:99:42:f6:a0:f7:4b:6d:19:6a:3a:ec:00:0b:f0:
         53:b8:a1:6a:4e:38:b6:8b:37:7d:c8:55:77:5c:10:08:9f:92:
         55:cf:8c:86:fe:6f:ce:12:90:a1:d0:a1:be:46:2a:5d:4d:dc:
         0d:0f:71:59:b7:c4:1a:bc:13:39:9c:b1:d9:e9:ae:3a:b2:27:
         5e:d0:74:2b:5b:54:43:c1:44:b8:36:93:48:c4:f1:7b:c6:ca:
         ec:41:61:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCwWdABiVdhUskx0l1AH6UIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM5NmRmYTk1MWVjNDE1N2YyMTFlNWVkNzQwZWQ5N2Ux
YjBmM2YwHhcNMjQwNzE0MDgyNjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWZmY2JiNDgzMzViYWQ3MWQzNzgyNDQyMzgxYWMxMjY4MGVkYTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdTgliiA/6rONzDB7cVREsGLDCRr
RooyA/TySC6U/UyEHjQs5ZumlrYHPnsrUCByUi46O4u8r9wiZjGvilzd2mkDJK4c
+83hCDNzk6W600D8WR31i2f+zVhFrLf9sfOo0RVwHh9poXnJwUD926Lb+tLV1lbp
Kttm//AxPSwmKaeIHnXczAaoXbgfBFqKJREV5snpf9roGUd+2LVJKLnkZ/c/DPus
S71wlOd0u5IcwB3Vat7D8iWe+ct3eXkkccrkgK25XtMJgqBP7ciIjzzpIkHDK+6a
VCklO1V3MIYVIF07GFHLHZDbLJzLgi5FHpxKUAiunhYAKVAO6GsR/MAcawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJn/y7SDNbrXHTeCRCOBrBJoDtpdMB8GA1UdIwQY
MBaAFNuzlt+pUexBV/IR5e10Dtl+Gw8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMt
ZGY1NzJmZTk2NzJhLzEvbWZfTHRJTTF1dGNkTjRKRUk0R3NFbWdPMmwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMtZGY1NzJmZTk2NzJh
LzEvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKLHMA0G
CSqGSIb3DQEBCwUAA4IBAQB/9/lyI3PTAUZKyGEu74KgHwxqa6kVlegtYvOUEcqV
KNlQqkB9paClO1s/gbZ6hNM00tK5x5bAipKA4nO3AMXZozHVtQ7SrZ5DAkvlAdV/
I203F0sA7fyZha96zCO0xvq+VVrL8lsICgDo6wgrCTyw/pUq+rgOMPx7cdIoLN7V
bOE7Kr4UWqMm8/DUBwlb+5VKLPA/UkFqau95crDgaRZzzsO1hKRomUL2oPdLbRlq
OuwAC/BTuKFqTji2izd9yFV3XBAIn5JVz4yG/m/OEpCh0KG+RipdTdwND3FZt8Qa
vBM5nLHZ6a46side0HQrW1RDwUS4NpNIxPF7xsrsQWFE
-----END CERTIFICATE-----