Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/a8c553-3b9e-4edd-a7bb-5237c03b8813/1/vA5K6RkcDNvIfBHlXsqXk2h3eqE.roa
File:                     vA5K6RkcDNvIfBHlXsqXk2h3eqE.roa (raw, json)
Hash identifier:          4MHkLAZ2l7gq3LE/4REJZ9A/Mqz7tZyzTYD56y7oDas=
Subject key identifier:   BC:0E:4A:E9:19:1C:0C:DB:C8:7C:11:E5:5E:CA:97:93:68:77:7A:A1
Certificate issuer:       /CN=9c7ef2852d4cb2eabc978ec1c5a1a4d09e04afb5
Certificate serial:       018CC8015FFC2BE36769F98D933AB6B2F934
Authority key identifier: 9C:7E:F2:85:2D:4C:B2:EA:BC:97:8E:C1:C5:A1:A4:D0:9E:04:AF:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nH7yhS1Msuq8l47BxaGk0J4Er7U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/a8c553-3b9e-4edd-a7bb-5237c03b8813/1/vA5K6RkcDNvIfBHlXsqXk2h3eqE.roa
Signing time:             Tue 02 Jan 2024 02:29:42 +0000
ROA not before:           Tue 02 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200019
IP address blocks:        91.199.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/a8c553-3b9e-4edd-a7bb-5237c03b8813/1/nH7yhS1Msuq8l47BxaGk0J4Er7U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/a8c553-3b9e-4edd-a7bb-5237c03b8813/1/nH7yhS1Msuq8l47BxaGk0J4Er7U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nH7yhS1Msuq8l47BxaGk0J4Er7U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 15 May 2024 08:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5f:fc:2b:e3:67:69:f9:8d:93:3a:b6:b2:f9:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c7ef2852d4cb2eabc978ec1c5a1a4d09e04afb5
        Validity
            Not Before: Jan  2 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc0e4ae9191c0cdbc87c11e55eca979368777aa1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e3:95:70:32:f4:99:5f:1a:bf:9d:39:78:43:
                    0d:32:66:f3:05:94:b9:38:28:64:1c:66:91:b9:35:
                    ba:2e:77:3e:63:f7:1b:0f:92:07:9e:81:d4:65:68:
                    23:68:a6:dd:83:16:6d:ff:9d:5e:55:dd:e7:48:a1:
                    26:48:10:aa:d7:87:22:03:92:8e:42:f0:60:2c:5f:
                    d5:42:e1:43:37:cb:9f:76:ca:a1:1d:9f:b8:b2:bc:
                    41:d4:8e:c3:5f:61:66:45:8e:54:59:1f:21:05:24:
                    b5:6a:6d:4c:45:e1:da:e8:20:f7:b3:a4:6d:1f:d1:
                    6c:18:1b:ad:17:7b:6d:ca:44:8e:f7:bf:1e:1b:04:
                    9a:19:bf:50:02:1b:a1:28:c3:82:f6:d9:0e:95:ae:
                    50:b9:8f:7c:ac:11:9e:77:cb:f0:79:5d:e3:38:a6:
                    63:bb:46:61:d8:7f:6a:a1:d5:ff:7c:82:93:88:66:
                    7e:cf:7b:ef:6c:0a:e8:57:2c:d8:cb:91:48:8e:79:
                    5e:d9:6c:cf:33:03:f6:42:4e:69:de:e7:cd:18:5f:
                    40:2a:ff:3e:2f:5c:da:81:9f:ef:38:08:7c:13:4d:
                    7d:0d:bf:5c:2a:6b:25:48:9b:05:1f:41:ee:02:2b:
                    86:52:f0:84:fa:22:0b:2c:ba:f1:01:bc:f5:13:e2:
                    a8:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:0E:4A:E9:19:1C:0C:DB:C8:7C:11:E5:5E:CA:97:93:68:77:7A:A1
            X509v3 Authority Key Identifier:
                keyid:9C:7E:F2:85:2D:4C:B2:EA:BC:97:8E:C1:C5:A1:A4:D0:9E:04:AF:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nH7yhS1Msuq8l47BxaGk0J4Er7U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a8c553-3b9e-4edd-a7bb-5237c03b8813/1/vA5K6RkcDNvIfBHlXsqXk2h3eqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a8c553-3b9e-4edd-a7bb-5237c03b8813/1/nH7yhS1Msuq8l47BxaGk0J4Er7U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:da:4c:4d:8d:b0:30:27:87:80:86:ec:ee:e1:33:dc:5b:c8:
         af:61:74:56:1c:14:26:ab:72:9a:fe:b2:88:ac:0f:57:24:5f:
         74:83:26:3b:bb:ee:b2:ec:ff:94:8d:5a:58:0f:00:bd:6c:a8:
         ac:b8:8e:be:51:b4:b7:6d:51:76:b6:5e:4b:71:44:d2:93:14:
         4e:07:6c:26:56:d5:37:19:44:0f:7b:fd:f1:c3:06:29:ea:5d:
         fa:77:5d:38:51:44:20:44:a9:31:49:20:29:f0:ca:bc:e6:66:
         01:fb:af:c6:3f:3f:2e:08:60:8f:74:58:a6:ec:a4:96:48:b1:
         86:22:4e:61:d4:d0:f6:aa:48:4f:42:ef:17:55:e7:ca:ea:83:
         13:74:92:7b:29:28:0d:0a:6d:a1:93:dc:5b:e9:e4:49:e6:9c:
         6a:00:c4:a9:01:23:a8:96:6c:c7:e6:45:23:93:ae:59:58:a3:
         e3:4d:41:fe:26:97:2c:95:3f:ea:cd:8a:1e:72:b1:85:bb:af:
         56:61:91:f9:a9:fa:9f:b6:51:16:e6:55:7b:f9:1c:ba:74:77:
         70:c9:a8:b3:bd:1f:41:3c:7b:f5:37:93:12:ea:5f:1b:0b:0b:
         94:0f:a9:20:c7:ee:f9:ea:2e:99:29:da:ce:ce:14:6d:5b:11:
         2b:95:8e:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAV/8K+NnafmNkzq2svk0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljN2VmMjg1MmQ0Y2IyZWFiYzk3OGVjMWM1YTFhNGQwOWUw
NGFmYjUwHhcNMjQwMTAyMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzBlNGFlOTE5MWMwY2RiYzg3YzExZTU1ZWNhOTc5MzY4Nzc3YWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+OVcDL0mV8av505eEMNMmbzBZS5
OChkHGaRuTW6Lnc+Y/cbD5IHnoHUZWgjaKbdgxZt/51eVd3nSKEmSBCq14ciA5KO
QvBgLF/VQuFDN8ufdsqhHZ+4srxB1I7DX2FmRY5UWR8hBSS1am1MReHa6CD3s6Rt
H9FsGButF3ttykSO978eGwSaGb9QAhuhKMOC9tkOla5QuY98rBGed8vweV3jOKZj
u0Zh2H9qodX/fIKTiGZ+z3vvbAroVyzYy5FIjnle2WzPMwP2Qk5p3ufNGF9AKv8+
L1zagZ/vOAh8E019Db9cKmslSJsFH0HuAiuGUvCE+iILLLrxAbz1E+KoIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLwOSukZHAzbyHwR5V7Kl5Nod3qhMB8GA1UdIwQY
MBaAFJx+8oUtTLLqvJeOwcWhpNCeBK+1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkg3eWhTMU1zdXE4bDQ3QnhhR2swSjRFcjdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9hOGM1NTMtM2I5ZS00ZWRkLWE3YmIt
NTIzN2MwM2I4ODEzLzEvdkE1SzZSa2NETnZJZkJIbFhzcVhrMmgzZXFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9hOGM1NTMtM2I5ZS00ZWRkLWE3YmItNTIzN2MwM2I4ODEz
LzEvbkg3eWhTMU1zdXE4bDQ3QnhhR2swSjRFcjdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8eFMA0G
CSqGSIb3DQEBCwUAA4IBAQBP2kxNjbAwJ4eAhuzu4TPcW8ivYXRWHBQmq3Ka/rKI
rA9XJF90gyY7u+6y7P+UjVpYDwC9bKisuI6+UbS3bVF2tl5LcUTSkxROB2wmVtU3
GUQPe/3xwwYp6l36d104UUQgRKkxSSAp8Mq85mYB+6/GPz8uCGCPdFim7KSWSLGG
Ik5h1ND2qkhPQu8XVefK6oMTdJJ7KSgNCm2hk9xb6eRJ5pxqAMSpASOolmzH5kUj
k65ZWKPjTUH+JpcslT/qzYoecrGFu69WYZH5qfqftlEW5lV7+Ry6dHdwyaizvR9B
PHv1N5MS6l8bCwuUD6kgx+756i6ZKdrOzhRtWxErlY6r
-----END CERTIFICATE-----