Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/00f5b4-dfd9-4eb2-afdb-138ed591efaa/1/G10xAYz6bXAfKLdMlYdhK0YUcag.roa
File:                     G10xAYz6bXAfKLdMlYdhK0YUcag.roa (raw, json)
Hash identifier:          E6YntFInqDI3d2Cs0LdJvcQ7vTPy2gUd3Qpn6KgE+PA=
Subject key identifier:   1B:5D:31:01:8C:FA:6D:70:1F:28:B7:4C:95:87:61:2B:46:14:71:A8
Certificate issuer:       /CN=9bae428ee8cd4604c1fbc141278ef0d75376282a
Certificate serial:       018CC6B902BDB4EA69E51B48AAE3AE7F46A6
Authority key identifier: 9B:AE:42:8E:E8:CD:46:04:C1:FB:C1:41:27:8E:F0:D7:53:76:28:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m65CjujNRgTB-8FBJ47w11N2KCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/00f5b4-dfd9-4eb2-afdb-138ed591efaa/1/G10xAYz6bXAfKLdMlYdhK0YUcag.roa
Signing time:             Mon 01 Jan 2024 20:31:02 +0000
ROA not before:           Mon 01 Jan 2024 20:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61213
IP address blocks:        91.123.48.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/00f5b4-dfd9-4eb2-afdb-138ed591efaa/1/m65CjujNRgTB-8FBJ47w11N2KCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/00f5b4-dfd9-4eb2-afdb-138ed591efaa/1/m65CjujNRgTB-8FBJ47w11N2KCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m65CjujNRgTB-8FBJ47w11N2KCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:02:bd:b4:ea:69:e5:1b:48:aa:e3:ae:7f:46:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bae428ee8cd4604c1fbc141278ef0d75376282a
        Validity
            Not Before: Jan  1 20:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b5d31018cfa6d701f28b74c9587612b461471a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:f6:94:33:3b:1a:e6:f8:7c:12:49:63:79:26:
                    0b:db:9b:b1:18:5b:12:cb:1d:a9:95:f9:7f:ae:e6:
                    82:06:b7:27:f2:eb:4f:38:b6:c7:ac:14:ec:75:c3:
                    1e:3e:02:2b:02:f7:e4:13:48:dd:d2:7b:bb:82:eb:
                    48:9a:e9:fb:39:b4:7f:37:63:e4:b7:64:43:33:ba:
                    76:cc:d4:04:e8:81:87:8e:11:f3:4f:0c:05:b0:7e:
                    3f:39:af:75:d6:f5:0d:e7:86:f8:07:28:d7:41:50:
                    60:91:9f:f4:ef:36:10:ed:0d:66:d8:8b:d6:c6:b5:
                    b4:ac:bb:6b:6a:be:3c:9d:58:5f:39:51:c8:4d:60:
                    a1:04:18:56:6a:cd:32:b0:88:f2:70:50:96:2f:d8:
                    2e:62:2f:c9:93:cd:fa:f3:ba:77:e6:1c:ed:eb:b1:
                    4f:6c:85:19:ff:30:24:84:66:95:6c:f5:4b:fa:c3:
                    af:c9:ad:6f:52:c9:55:d3:a4:21:e9:1a:fd:6c:dc:
                    bc:c0:6d:41:16:bf:d8:e6:09:12:e7:13:9f:d2:cc:
                    0a:3e:60:f4:db:da:e3:0f:af:14:f0:22:5b:6b:24:
                    da:3d:60:7d:e4:a9:ca:66:d4:f5:2a:77:cf:2e:c5:
                    95:75:bd:ac:df:5b:4d:76:25:36:2a:3f:c4:64:d6:
                    ed:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:5D:31:01:8C:FA:6D:70:1F:28:B7:4C:95:87:61:2B:46:14:71:A8
            X509v3 Authority Key Identifier:
                keyid:9B:AE:42:8E:E8:CD:46:04:C1:FB:C1:41:27:8E:F0:D7:53:76:28:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m65CjujNRgTB-8FBJ47w11N2KCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/00f5b4-dfd9-4eb2-afdb-138ed591efaa/1/G10xAYz6bXAfKLdMlYdhK0YUcag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/00f5b4-dfd9-4eb2-afdb-138ed591efaa/1/m65CjujNRgTB-8FBJ47w11N2KCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.123.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         25:dd:eb:0e:8b:79:50:2e:26:f9:8a:fa:10:a2:c8:e9:3a:61:
         19:bc:67:5a:6e:32:16:e0:12:d4:d5:09:60:b4:22:cc:49:0a:
         c7:b6:ec:aa:91:10:6c:31:29:68:d5:16:af:71:1e:10:c1:0f:
         67:9b:09:35:69:9e:80:31:6d:72:6e:77:0a:13:87:20:43:ee:
         be:4c:ee:78:63:8f:a1:f9:b8:12:68:30:75:32:1e:d0:cf:a0:
         ca:25:32:d9:62:47:0e:e0:77:08:e4:b8:46:97:f6:9f:5a:cd:
         77:35:d1:2d:8e:a2:7b:88:6b:68:eb:26:d6:3d:64:db:97:6d:
         c5:5f:86:9d:31:79:b7:21:20:34:a5:b3:20:77:ed:80:46:0b:
         21:ad:51:2b:25:ed:80:a3:af:3b:14:58:f8:20:21:19:e6:06:
         89:ca:35:44:60:74:7d:02:0a:da:0e:56:c2:58:06:0c:63:0b:
         04:24:94:93:a3:2b:3f:f1:df:46:df:c9:8a:3b:fa:2a:90:c8:
         fa:e2:ba:da:a5:47:09:ad:ac:00:1f:3a:8c:82:d4:01:b5:39:
         f8:f2:68:17:86:4a:08:d8:fc:7c:b0:14:cb:21:03:a5:a9:7f:
         e5:5d:50:a8:bc:10:f0:2b:79:26:51:ed:11:03:eb:60:1c:e3:
         6c:55:e6:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuQK9tOpp5RtIquOuf0amMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliYWU0MjhlZThjZDQ2MDRjMWZiYzE0MTI3OGVmMGQ3NTM3
NjI4MmEwHhcNMjQwMTAxMjAzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjVkMzEwMThjZmE2ZDcwMWYyOGI3NGM5NTg3NjEyYjQ2MTQ3MWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3faUMzsa5vh8EkljeSYL25uxGFsS
yx2plfl/ruaCBrcn8utPOLbHrBTsdcMePgIrAvfkE0jd0nu7gutImun7ObR/N2Pk
t2RDM7p2zNQE6IGHjhHzTwwFsH4/Oa911vUN54b4ByjXQVBgkZ/07zYQ7Q1m2IvW
xrW0rLtrar48nVhfOVHITWChBBhWas0ysIjycFCWL9guYi/Jk83687p35hzt67FP
bIUZ/zAkhGaVbPVL+sOvya1vUslV06Qh6Rr9bNy8wG1BFr/Y5gkS5xOf0swKPmD0
29rjD68U8CJbayTaPWB95KnKZtT1KnfPLsWVdb2s31tNdiU2Kj/EZNbtsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBtdMQGM+m1wHyi3TJWHYStGFHGoMB8GA1UdIwQY
MBaAFJuuQo7ozUYEwfvBQSeO8NdTdigqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTY1Q2p1ak5SZ1RCLThGQko0N3cxMU4yS0NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy8wMGY1YjQtZGZkOS00ZWIyLWFmZGIt
MTM4ZWQ1OTFlZmFhLzEvRzEweEFZejZiWEFmS0xkTWxZZGhLMFlVY2FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy8wMGY1YjQtZGZkOS00ZWIyLWFmZGItMTM4ZWQ1OTFlZmFh
LzEvbTY1Q2p1ak5SZ1RCLThGQko0N3cxMU4yS0NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEW3swMA0G
CSqGSIb3DQEBCwUAA4IBAQAl3esOi3lQLib5ivoQosjpOmEZvGdabjIW4BLU1Qlg
tCLMSQrHtuyqkRBsMSlo1RavcR4QwQ9nmwk1aZ6AMW1ybncKE4cgQ+6+TO54Y4+h
+bgSaDB1Mh7Qz6DKJTLZYkcO4HcI5LhGl/afWs13NdEtjqJ7iGto6ybWPWTbl23F
X4adMXm3ISA0pbMgd+2ARgshrVErJe2Ao687FFj4ICEZ5gaJyjVEYHR9AgraDlbC
WAYMYwsEJJSToys/8d9G38mKO/oqkMj64rrapUcJrawAHzqMgtQBtTn48mgXhkoI
2Px8sBTLIQOlqX/lXVCovBDwK3kmUe0RA+tgHONsVeYM
-----END CERTIFICATE-----