Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/f0ba90-2ce1-4d04-a92a-1130b7798ff4/1/R0XRTHPeG3PQbLnb1ytONK_fOwk.roa
File:                     R0XRTHPeG3PQbLnb1ytONK_fOwk.roa (raw, json)
Hash identifier:          B3aXeK/39jHVkGqLjNRW8EV9jhiFC/bH/XU3OrU6F3Y=
Subject key identifier:   47:45:D1:4C:73:DE:1B:73:D0:6C:B9:DB:D7:2B:4E:34:AF:DF:3B:09
Certificate issuer:       /CN=839c206ef5dcc43770983a48e049aaec3f0b4fec
Certificate serial:       018CC42553FE758AD2E1C2DEB9F1A50DC2DB
Authority key identifier: 83:9C:20:6E:F5:DC:C4:37:70:98:3A:48:E0:49:AA:EC:3F:0B:4F:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g5wgbvXcxDdwmDpI4Emq7D8LT-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/f0ba90-2ce1-4d04-a92a-1130b7798ff4/1/R0XRTHPeG3PQbLnb1ytONK_fOwk.roa
Signing time:             Mon 01 Jan 2024 08:30:29 +0000
ROA not before:           Mon 01 Jan 2024 08:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        91.217.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/f0ba90-2ce1-4d04-a92a-1130b7798ff4/1/g5wgbvXcxDdwmDpI4Emq7D8LT-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/f0ba90-2ce1-4d04-a92a-1130b7798ff4/1/g5wgbvXcxDdwmDpI4Emq7D8LT-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g5wgbvXcxDdwmDpI4Emq7D8LT-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:53:fe:75:8a:d2:e1:c2:de:b9:f1:a5:0d:c2:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=839c206ef5dcc43770983a48e049aaec3f0b4fec
        Validity
            Not Before: Jan  1 08:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4745d14c73de1b73d06cb9dbd72b4e34afdf3b09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b0:37:4e:cf:13:47:67:d5:3c:19:14:fe:58:
                    99:1c:62:dd:d4:f3:ba:47:7e:c4:42:b4:17:41:df:
                    c2:ee:de:8c:12:2d:dd:84:48:e6:99:65:44:76:b4:
                    0a:64:45:1b:2f:08:56:8d:55:ec:82:50:2e:ca:15:
                    a1:f8:ca:05:69:eb:5a:ca:b6:82:ad:bc:ef:92:48:
                    39:fd:69:f3:65:7f:8e:be:4c:32:19:9f:1f:85:03:
                    54:33:a8:d7:62:8a:ed:8e:42:53:73:1a:80:b2:c4:
                    7a:65:b5:ef:3b:87:f6:66:ed:59:80:23:78:ae:d1:
                    cd:d4:b9:7c:2c:63:7e:65:bf:38:e3:08:be:61:8e:
                    a7:65:4a:b7:60:1d:90:1e:0d:25:63:06:81:68:84:
                    00:a7:ea:b0:90:d5:2a:93:b4:47:92:ed:87:55:c1:
                    c2:ba:60:4b:02:3e:40:0b:74:33:85:86:4a:f2:db:
                    98:7c:40:0e:16:f9:e3:85:2f:6d:84:e6:e0:c8:8e:
                    af:bd:4c:9c:c5:61:13:11:3a:f1:ac:8a:bb:54:41:
                    8d:cb:cd:cd:83:22:9f:bf:b6:00:3e:b3:11:19:2c:
                    a4:05:c0:40:7b:57:e4:d3:4a:5a:7a:35:e7:97:1c:
                    86:3f:ca:43:11:e9:63:02:e6:bf:dc:3e:3a:b3:04:
                    9c:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:45:D1:4C:73:DE:1B:73:D0:6C:B9:DB:D7:2B:4E:34:AF:DF:3B:09
            X509v3 Authority Key Identifier:
                keyid:83:9C:20:6E:F5:DC:C4:37:70:98:3A:48:E0:49:AA:EC:3F:0B:4F:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g5wgbvXcxDdwmDpI4Emq7D8LT-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/f0ba90-2ce1-4d04-a92a-1130b7798ff4/1/R0XRTHPeG3PQbLnb1ytONK_fOwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/f0ba90-2ce1-4d04-a92a-1130b7798ff4/1/g5wgbvXcxDdwmDpI4Emq7D8LT-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:30:6d:0e:41:02:fe:8c:5c:26:13:88:6f:5f:2a:7a:54:eb:
         3e:f8:12:69:99:12:bd:ca:bf:99:a8:e1:b7:9c:9b:f9:15:f6:
         02:78:6f:6b:bd:72:a6:b3:47:9c:dc:f3:34:ce:9a:bd:3d:87:
         6a:9b:52:1d:63:17:b5:19:b1:12:4e:17:5d:3e:c1:59:6d:29:
         7d:19:97:e5:55:fa:77:48:28:42:73:38:ce:c0:42:9c:04:f0:
         22:af:b5:73:9a:f2:a8:7e:ff:23:28:96:38:d0:27:ee:6e:5b:
         5f:30:02:1c:46:a7:86:e0:db:ab:8a:bb:d5:0d:22:1c:8c:69:
         3c:a7:ca:40:11:0b:a8:03:1f:5d:1d:7b:e3:a8:01:76:c0:fd:
         6f:4c:82:8b:f5:f7:7e:49:de:dd:1a:4e:56:75:79:2d:19:d2:
         af:cb:67:cc:c3:f7:7c:c1:a6:43:03:03:19:e7:e9:cd:5d:0b:
         ee:a9:27:c0:da:b3:7d:2b:73:4d:a0:4c:6e:5c:72:c2:24:78:
         c6:f5:8b:a5:87:35:44:98:cc:d9:73:9a:c9:16:23:93:95:2c:
         1b:d6:da:96:8f:18:39:40:83:5f:74:45:88:4a:40:06:ae:fe:
         18:53:0c:2d:ba:6b:3a:72:97:d5:52:12:65:11:59:7d:f3:48:
         e7:c3:52:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVP+dYrS4cLeufGlDcLbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzOWMyMDZlZjVkY2M0Mzc3MDk4M2E0OGUwNDlhYWVjM2Yw
YjRmZWMwHhcNMjQwMTAxMDgzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzQ1ZDE0YzczZGUxYjczZDA2Y2I5ZGJkNzJiNGUzNGFmZGYzYjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7A3Ts8TR2fVPBkU/liZHGLd1PO6
R37EQrQXQd/C7t6MEi3dhEjmmWVEdrQKZEUbLwhWjVXsglAuyhWh+MoFaetayraC
rbzvkkg5/WnzZX+OvkwyGZ8fhQNUM6jXYortjkJTcxqAssR6ZbXvO4f2Zu1ZgCN4
rtHN1Ll8LGN+Zb844wi+YY6nZUq3YB2QHg0lYwaBaIQAp+qwkNUqk7RHku2HVcHC
umBLAj5AC3QzhYZK8tuYfEAOFvnjhS9thObgyI6vvUycxWETETrxrIq7VEGNy83N
gyKfv7YAPrMRGSykBcBAe1fk00paejXnlxyGP8pDEeljAua/3D46swScfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEdF0Uxz3htz0Gy529crTjSv3zsJMB8GA1UdIwQY
MBaAFIOcIG713MQ3cJg6SOBJquw/C0/sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzV3Z2J2WGN4RGR3bURwSTRFbXE3RDhMVC13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9mMGJhOTAtMmNlMS00ZDA0LWE5MmEt
MTEzMGI3Nzk4ZmY0LzEvUjBYUlRIUGVHM1BRYkxuYjF5dE9OS19mT3drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9mMGJhOTAtMmNlMS00ZDA0LWE5MmEtMTEzMGI3Nzk4ZmY0
LzEvZzV3Z2J2WGN4RGR3bURwSTRFbXE3RDhMVC13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9nfMA0G
CSqGSIb3DQEBCwUAA4IBAQDAMG0OQQL+jFwmE4hvXyp6VOs++BJpmRK9yr+ZqOG3
nJv5FfYCeG9rvXKms0ec3PM0zpq9PYdqm1IdYxe1GbESThddPsFZbSl9GZflVfp3
SChCczjOwEKcBPAir7VzmvKofv8jKJY40CfubltfMAIcRqeG4NurirvVDSIcjGk8
p8pAEQuoAx9dHXvjqAF2wP1vTIKL9fd+Sd7dGk5WdXktGdKvy2fMw/d8waZDAwMZ
5+nNXQvuqSfA2rN9K3NNoExuXHLCJHjG9YulhzVEmMzZc5rJFiOTlSwb1tqWjxg5
QINfdEWISkAGrv4YUwwtums6cpfVUhJlEVl980jnw1Lq
-----END CERTIFICATE-----