Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/92ecea-3f3c-4baa-834b-126c7b48b847/1/FJoC5BPqEhG5RoMfGpm-W7-5dqI.roa
File:                     FJoC5BPqEhG5RoMfGpm-W7-5dqI.roa (raw, json)
Hash identifier:          WLShRver1oHnvQU1fdBY/a38xDQ4E7nrqCpO3AyYUnI=
Subject key identifier:   14:9A:02:E4:13:EA:12:11:B9:46:83:1F:1A:99:BE:5B:BF:B9:76:A2
Certificate issuer:       /CN=975c9ffa65c3c9b57c549e72cd6dc703005b2e0e
Certificate serial:       018CC87110A4A1C81C3D95952AA221B6F9BE
Authority key identifier: 97:5C:9F:FA:65:C3:C9:B5:7C:54:9E:72:CD:6D:C7:03:00:5B:2E:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l1yf-mXDybV8VJ5yzW3HAwBbLg4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/92ecea-3f3c-4baa-834b-126c7b48b847/1/FJoC5BPqEhG5RoMfGpm-W7-5dqI.roa
Signing time:             Tue 02 Jan 2024 04:31:42 +0000
ROA not before:           Tue 02 Jan 2024 04:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198826
IP address blocks:        91.239.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/92ecea-3f3c-4baa-834b-126c7b48b847/1/l1yf-mXDybV8VJ5yzW3HAwBbLg4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/92ecea-3f3c-4baa-834b-126c7b48b847/1/l1yf-mXDybV8VJ5yzW3HAwBbLg4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l1yf-mXDybV8VJ5yzW3HAwBbLg4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:10:a4:a1:c8:1c:3d:95:95:2a:a2:21:b6:f9:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=975c9ffa65c3c9b57c549e72cd6dc703005b2e0e
        Validity
            Not Before: Jan  2 04:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=149a02e413ea1211b946831f1a99be5bbfb976a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:41:e5:4b:df:41:3f:dd:b5:b5:68:d8:61:2a:
                    5b:df:0d:8f:d1:68:4d:58:f8:26:e6:d1:f2:dd:4c:
                    4f:9b:33:84:5c:c3:3c:c4:5a:e7:f0:e1:78:65:f1:
                    91:3a:b9:10:f1:13:99:fb:98:b5:17:90:b7:23:0b:
                    91:10:3e:71:09:b2:b8:ed:54:19:27:d5:0c:e3:f0:
                    51:91:dc:45:fb:37:93:10:67:c5:15:28:26:b0:3d:
                    51:85:d8:8b:31:3c:d9:ee:e5:53:93:e8:d1:20:98:
                    2e:8b:90:e5:3a:65:06:f1:46:51:fb:89:4f:e4:11:
                    93:7b:8a:f6:ab:91:f2:a9:dd:67:6d:97:e7:67:f5:
                    02:be:28:da:ff:8d:5c:28:79:d0:e4:bc:d2:78:64:
                    e8:fb:1b:35:ed:eb:32:33:79:e7:3d:73:2e:6b:ac:
                    12:6d:b2:a7:6a:0d:b5:7f:9a:2c:1a:20:ba:49:5b:
                    78:55:73:1e:0f:e3:38:88:1c:c4:84:43:ef:dc:cc:
                    60:09:75:82:c9:27:53:c3:22:d2:6e:6a:8f:51:36:
                    0a:83:f7:0f:08:b0:74:22:01:2d:60:c0:bc:80:ee:
                    fc:98:45:06:38:e9:93:c2:cf:99:28:91:d5:2f:9f:
                    80:2f:02:1e:54:73:1b:eb:ac:c4:e3:bb:ae:12:67:
                    a0:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:9A:02:E4:13:EA:12:11:B9:46:83:1F:1A:99:BE:5B:BF:B9:76:A2
            X509v3 Authority Key Identifier:
                keyid:97:5C:9F:FA:65:C3:C9:B5:7C:54:9E:72:CD:6D:C7:03:00:5B:2E:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l1yf-mXDybV8VJ5yzW3HAwBbLg4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/92ecea-3f3c-4baa-834b-126c7b48b847/1/FJoC5BPqEhG5RoMfGpm-W7-5dqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/92ecea-3f3c-4baa-834b-126c7b48b847/1/l1yf-mXDybV8VJ5yzW3HAwBbLg4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:67:68:2d:6c:c7:49:2c:d0:f6:6a:69:0a:21:0e:1a:63:5e:
         f2:ed:fd:0b:6a:71:7a:c2:7c:88:2b:38:21:4f:98:a6:0c:cc:
         fb:e8:bd:43:b7:82:0a:82:aa:8d:aa:1b:e0:e6:23:f5:ca:ba:
         86:37:93:9d:ee:1f:62:77:ba:a8:a4:8a:a8:e1:d7:91:89:5b:
         bc:8e:11:3f:01:1a:9f:d0:a3:e8:46:67:d9:fb:8e:45:93:89:
         2e:9d:b0:07:11:18:be:7e:e6:2a:04:5a:3c:8c:e8:cf:f9:70:
         73:c0:ea:1e:7f:6f:2a:1e:93:f4:9f:13:1e:4a:45:a1:52:eb:
         4b:dd:2f:57:ec:da:91:52:2e:c8:b3:38:07:c6:61:32:b7:a6:
         5c:3d:44:ce:46:2e:56:b8:1c:53:25:fc:43:ae:c8:15:e9:28:
         d5:da:ad:23:dd:56:61:f2:31:6b:04:c0:cb:a8:9c:10:7a:20:
         37:c2:80:80:c5:ff:ed:1a:49:7d:4e:3d:03:67:76:a7:21:af:
         17:06:95:8a:d2:17:8f:b2:2b:21:d5:f5:f1:54:c9:c2:e8:f5:
         6b:9a:b7:d8:f2:e9:dd:6d:9e:64:4a:0b:08:55:cb:16:3e:4d:
         83:66:e3:d9:51:91:b7:49:4e:60:87:07:b4:73:72:0c:65:27:
         4d:78:b8:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcRCkocgcPZWVKqIhtvm+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3NWM5ZmZhNjVjM2M5YjU3YzU0OWU3MmNkNmRjNzAzMDA1
YjJlMGUwHhcNMjQwMTAyMDQzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDlhMDJlNDEzZWExMjExYjk0NjgzMWYxYTk5YmU1YmJmYjk3NmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz0HlS99BP921tWjYYSpb3w2P0WhN
WPgm5tHy3UxPmzOEXMM8xFrn8OF4ZfGROrkQ8ROZ+5i1F5C3IwuRED5xCbK47VQZ
J9UM4/BRkdxF+zeTEGfFFSgmsD1RhdiLMTzZ7uVTk+jRIJgui5DlOmUG8UZR+4lP
5BGTe4r2q5Hyqd1nbZfnZ/UCvija/41cKHnQ5LzSeGTo+xs17esyM3nnPXMua6wS
bbKnag21f5osGiC6SVt4VXMeD+M4iBzEhEPv3MxgCXWCySdTwyLSbmqPUTYKg/cP
CLB0IgEtYMC8gO78mEUGOOmTws+ZKJHVL5+ALwIeVHMb66zE47uuEmegTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBSaAuQT6hIRuUaDHxqZvlu/uXaiMB8GA1UdIwQY
MBaAFJdcn/plw8m1fFSecs1txwMAWy4OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDF5Zi1tWER5YlY4Vko1eXpXM0hBd0JiTGc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC85MmVjZWEtM2YzYy00YmFhLTgzNGIt
MTI2YzdiNDhiODQ3LzEvRkpvQzVCUHFFaEc1Um9NZkdwbS1XNy01ZHFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC85MmVjZWEtM2YzYy00YmFhLTgzNGItMTI2YzdiNDhiODQ3
LzEvbDF5Zi1tWER5YlY4Vko1eXpXM0hBd0JiTGc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+9wMA0G
CSqGSIb3DQEBCwUAA4IBAQCgZ2gtbMdJLND2amkKIQ4aY17y7f0LanF6wnyIKzgh
T5imDMz76L1Dt4IKgqqNqhvg5iP1yrqGN5Od7h9id7qopIqo4deRiVu8jhE/ARqf
0KPoRmfZ+45Fk4kunbAHERi+fuYqBFo8jOjP+XBzwOoef28qHpP0nxMeSkWhUutL
3S9X7NqRUi7IszgHxmEyt6ZcPUTORi5WuBxTJfxDrsgV6SjV2q0j3VZh8jFrBMDL
qJwQeiA3woCAxf/tGkl9Tj0DZ3anIa8XBpWK0hePsish1fXxVMnC6PVrmrfY8und
bZ5kSgsIVcsWPk2DZuPZUZG3SU5ghwe0c3IMZSdNeLjH
-----END CERTIFICATE-----