Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/a78ef1-c3c9-43a0-9b1c-1d9d8d004111/1/y8amq4lghkX5hchQdRgxhmSE0oA.roa
File:                     y8amq4lghkX5hchQdRgxhmSE0oA.roa (raw, json)
Hash identifier:          tbzSiCs3pRpP3m1fD+7aVU6065zXO2oYyaoAKzT0lmw=
Subject key identifier:   CB:C6:A6:AB:89:60:86:45:F9:85:C8:50:75:18:31:86:64:84:D2:80
Certificate issuer:       /CN=5f92bff7a89a8590e6abbaec0282b0f24e0afeb2
Certificate serial:       018CCA293B0C819646E6559AA6E80B4AFB89
Authority key identifier: 5F:92:BF:F7:A8:9A:85:90:E6:AB:BA:EC:02:82:B0:F2:4E:0A:FE:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X5K_96iahZDmq7rsAoKw8k4K_rI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/a78ef1-c3c9-43a0-9b1c-1d9d8d004111/1/y8amq4lghkX5hchQdRgxhmSE0oA.roa
Signing time:             Tue 02 Jan 2024 12:32:28 +0000
ROA not before:           Tue 02 Jan 2024 12:32:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46844
IP address blocks:        91.236.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/a78ef1-c3c9-43a0-9b1c-1d9d8d004111/1/X5K_96iahZDmq7rsAoKw8k4K_rI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/a78ef1-c3c9-43a0-9b1c-1d9d8d004111/1/X5K_96iahZDmq7rsAoKw8k4K_rI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X5K_96iahZDmq7rsAoKw8k4K_rI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:3b:0c:81:96:46:e6:55:9a:a6:e8:0b:4a:fb:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f92bff7a89a8590e6abbaec0282b0f24e0afeb2
        Validity
            Not Before: Jan  2 12:32:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbc6a6ab89608645f985c850751831866484d280
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:c8:b7:e4:d1:c9:86:4e:bf:d9:ed:c8:09:f8:
                    22:7e:37:d9:9c:1d:12:ad:85:23:1e:42:2a:28:d2:
                    49:f1:bd:c5:bf:2a:ba:08:fd:50:81:c2:71:67:46:
                    0e:05:de:29:b6:1a:9c:c9:ab:7c:c2:99:21:13:45:
                    e6:a9:11:b7:3a:14:b7:1f:91:c2:d9:a1:56:8e:6d:
                    83:97:4a:43:ff:bf:20:8b:01:fa:06:90:30:8e:8d:
                    5c:3f:1c:33:c7:69:10:89:8b:8a:5d:1a:68:6a:33:
                    63:76:46:ce:bd:dd:1f:c1:6c:1c:df:da:23:14:5d:
                    83:51:52:7e:f5:6e:a4:3b:43:18:09:fd:9d:c8:3f:
                    cd:1d:a8:d9:29:90:9f:a4:7a:89:74:09:c5:44:9c:
                    a2:91:63:5c:48:bf:11:f9:98:60:b7:2f:36:dc:39:
                    a4:3a:c7:d8:c4:d1:c1:b1:3b:f4:23:9d:22:8d:63:
                    e2:ef:a8:2e:3e:45:03:4f:5f:4e:36:91:71:d2:46:
                    8e:94:c2:93:0c:f7:0d:0c:b3:2d:95:44:50:2c:61:
                    01:81:23:f6:15:99:23:f2:70:d1:3b:bd:0d:ea:c9:
                    0b:b2:ae:a8:07:2e:b6:68:7a:41:3f:b5:a1:59:76:
                    30:36:c3:9d:c1:36:e6:c9:41:34:2b:21:47:9d:a5:
                    c8:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:C6:A6:AB:89:60:86:45:F9:85:C8:50:75:18:31:86:64:84:D2:80
            X509v3 Authority Key Identifier:
                keyid:5F:92:BF:F7:A8:9A:85:90:E6:AB:BA:EC:02:82:B0:F2:4E:0A:FE:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X5K_96iahZDmq7rsAoKw8k4K_rI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/a78ef1-c3c9-43a0-9b1c-1d9d8d004111/1/y8amq4lghkX5hchQdRgxhmSE0oA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/a78ef1-c3c9-43a0-9b1c-1d9d8d004111/1/X5K_96iahZDmq7rsAoKw8k4K_rI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:98:ec:5e:8d:3f:92:39:da:1d:26:d2:9f:6b:ab:de:f7:44:
         88:4c:3c:04:b6:6a:3c:46:6c:99:5d:ae:fc:a6:d1:80:07:36:
         c0:a6:cb:10:af:33:09:ff:c0:1d:d4:8d:41:ff:85:64:e0:d8:
         fa:57:c4:ed:8a:43:4c:a8:c5:6f:d9:d3:86:c6:ff:b6:2c:81:
         6e:63:fa:4f:ba:bb:54:9a:fd:4f:73:d6:1b:08:e4:c1:74:13:
         e4:1c:94:1e:33:be:17:11:d3:6f:4e:fa:c0:4d:6a:00:da:aa:
         31:b1:90:b0:a0:8c:cc:71:00:f8:39:88:3b:06:18:77:89:e2:
         0f:31:b7:bc:c6:b6:1d:6e:38:30:ba:0e:0e:9f:c9:91:1c:89:
         58:da:35:b2:a6:4f:d0:11:2b:1c:56:1d:e9:43:77:e0:a2:0e:
         30:54:26:c2:b5:9c:4d:8d:16:02:47:de:6e:1e:89:8e:11:02:
         54:15:bc:e2:a8:fc:6b:5e:6e:18:52:c9:86:06:51:67:6f:01:
         65:ed:9b:0e:49:c6:e1:c5:2f:1f:7d:7a:b9:a6:08:f0:76:3d:
         e4:28:63:89:c1:1b:98:71:d8:cc:35:92:6d:24:63:0e:13:bd:
         0e:1c:c0:3e:85:9b:75:67:86:91:c6:4f:52:1e:6d:43:f9:0a:
         16:f1:ce:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKTsMgZZG5lWapugLSvuJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmOTJiZmY3YTg5YTg1OTBlNmFiYmFlYzAyODJiMGYyNGUw
YWZlYjIwHhcNMjQwMTAyMTIzMjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmM2YTZhYjg5NjA4NjQ1Zjk4NWM4NTA3NTE4MzE4NjY0ODRkMjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8i35NHJhk6/2e3ICfgifjfZnB0S
rYUjHkIqKNJJ8b3Fvyq6CP1QgcJxZ0YOBd4pthqcyat8wpkhE0XmqRG3OhS3H5HC
2aFWjm2Dl0pD/78giwH6BpAwjo1cPxwzx2kQiYuKXRpoajNjdkbOvd0fwWwc39oj
FF2DUVJ+9W6kO0MYCf2dyD/NHajZKZCfpHqJdAnFRJyikWNcSL8R+Zhgty823Dmk
OsfYxNHBsTv0I50ijWPi76guPkUDT19ONpFx0kaOlMKTDPcNDLMtlURQLGEBgSP2
FZkj8nDRO70N6skLsq6oBy62aHpBP7WhWXYwNsOdwTbmyUE0KyFHnaXI6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMvGpquJYIZF+YXIUHUYMYZkhNKAMB8GA1UdIwQY
MBaAFF+Sv/eomoWQ5qu67AKCsPJOCv6yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDVLXzk2aWFoWkRtcTdyc0FvS3c4azRLX3JJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9hNzhlZjEtYzNjOS00M2EwLTliMWMt
MWQ5ZDhkMDA0MTExLzEveThhbXE0bGdoa1g1aGNoUWRSZ3hobVNFMG9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9hNzhlZjEtYzNjOS00M2EwLTliMWMtMWQ5ZDhkMDA0MTEx
LzEvWDVLXzk2aWFoWkRtcTdyc0FvS3c4azRLX3JJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+y2MA0G
CSqGSIb3DQEBCwUAA4IBAQCTmOxejT+SOdodJtKfa6ve90SITDwEtmo8RmyZXa78
ptGABzbApssQrzMJ/8Ad1I1B/4Vk4Nj6V8TtikNMqMVv2dOGxv+2LIFuY/pPurtU
mv1Pc9YbCOTBdBPkHJQeM74XEdNvTvrATWoA2qoxsZCwoIzMcQD4OYg7Bhh3ieIP
Mbe8xrYdbjgwug4On8mRHIlY2jWypk/QESscVh3pQ3fgog4wVCbCtZxNjRYCR95u
HomOEQJUFbziqPxrXm4YUsmGBlFnbwFl7ZsOScbhxS8ffXq5pgjwdj3kKGOJwRuY
cdjMNZJtJGMOE70OHMA+hZt1Z4aRxk9SHm1D+QoW8c6r
-----END CERTIFICATE-----