Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/c65aab-8a52-476f-9e32-10959aaa8b3e/1/5NSYUOXj5LO5RBveLimm0dMK87A.roa
File:                     5NSYUOXj5LO5RBveLimm0dMK87A.roa (raw, json)
Hash identifier:          26b/pGHQTwXlbmbG5ThZm5FqoNcPxzjE+DZsdMKKur0=
Subject key identifier:   E4:D4:98:50:E5:E3:E4:B3:B9:44:1B:DE:2E:29:A6:D1:D3:0A:F3:B0
Certificate issuer:       /CN=c4ff23b1c371352f39b73d39a4e07f8ca98ccd67
Certificate serial:       0194258FBCC34F0BDD9A8F38A780233939E2
Authority key identifier: C4:FF:23:B1:C3:71:35:2F:39:B7:3D:39:A4:E0:7F:8C:A9:8C:CD:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xP8jscNxNS85tz05pOB_jKmMzWc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/c65aab-8a52-476f-9e32-10959aaa8b3e/1/5NSYUOXj5LO5RBveLimm0dMK87A.roa
Signing time:             Thu 02 Jan 2025 05:49:24 +0000
ROA not before:           Thu 02 Jan 2025 05:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13008
IP address blocks:        91.235.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/c65aab-8a52-476f-9e32-10959aaa8b3e/1/xP8jscNxNS85tz05pOB_jKmMzWc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/c65aab-8a52-476f-9e32-10959aaa8b3e/1/xP8jscNxNS85tz05pOB_jKmMzWc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xP8jscNxNS85tz05pOB_jKmMzWc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 23:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:bc:c3:4f:0b:dd:9a:8f:38:a7:80:23:39:39:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ff23b1c371352f39b73d39a4e07f8ca98ccd67
        Validity
            Not Before: Jan  2 05:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4d49850e5e3e4b3b9441bde2e29a6d1d30af3b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:5c:17:ff:34:79:1f:b2:6f:ba:4d:2d:2d:89:
                    c2:44:cc:7e:b9:ac:43:28:60:23:a8:23:20:57:94:
                    67:0a:5d:f1:07:74:7f:e3:99:18:ab:05:8a:3e:35:
                    a1:ba:0d:31:a9:2a:fe:14:a1:af:a6:19:67:4f:2c:
                    e4:c9:9d:e1:49:d4:b8:d4:46:3f:7e:f3:64:73:c6:
                    68:12:ef:67:b8:c2:81:25:85:9c:69:bb:e1:ba:6c:
                    7c:06:1f:99:ee:34:2b:b3:4c:1b:59:01:b3:eb:8b:
                    35:c8:a4:82:77:94:34:0f:77:10:46:54:76:bc:13:
                    18:3e:3b:d3:13:53:b8:86:64:22:36:07:23:78:f5:
                    44:83:65:24:47:6a:9b:6c:4f:79:59:ee:4d:17:af:
                    5d:6e:33:5e:64:dc:41:67:50:b4:c2:74:c2:2d:e2:
                    47:0e:7e:04:28:ec:94:1f:b9:69:17:4b:bb:ff:c5:
                    78:2b:d1:5d:9e:90:53:4b:7d:3e:70:d2:51:34:c1:
                    24:b5:91:70:22:be:06:c8:d4:a3:26:44:fd:66:47:
                    cb:76:87:57:c1:ee:4f:54:1e:db:70:46:47:8f:89:
                    2c:46:95:a7:e7:8d:e0:5a:b1:af:ed:6c:21:3a:f9:
                    59:b4:41:cd:76:27:4c:ee:31:ad:b5:6f:e8:7f:66:
                    d6:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:D4:98:50:E5:E3:E4:B3:B9:44:1B:DE:2E:29:A6:D1:D3:0A:F3:B0
            X509v3 Authority Key Identifier:
                keyid:C4:FF:23:B1:C3:71:35:2F:39:B7:3D:39:A4:E0:7F:8C:A9:8C:CD:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xP8jscNxNS85tz05pOB_jKmMzWc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c65aab-8a52-476f-9e32-10959aaa8b3e/1/5NSYUOXj5LO5RBveLimm0dMK87A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c65aab-8a52-476f-9e32-10959aaa8b3e/1/xP8jscNxNS85tz05pOB_jKmMzWc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:fa:f6:3d:3e:91:f3:8a:b5:ff:dd:f4:72:45:13:79:62:37:
         e9:a2:09:b0:50:f1:93:a2:4e:52:fc:c0:a9:82:e0:28:a3:6c:
         3d:31:3b:9d:c3:6a:1d:88:86:61:da:0f:68:d8:04:f1:0f:0d:
         82:52:eb:9f:53:48:bb:65:47:e8:30:96:c8:55:e1:30:a3:26:
         5d:21:e0:a3:e9:6e:61:44:5a:2d:10:64:7b:68:67:ce:9f:e2:
         45:66:51:b0:8e:8c:c6:c8:16:56:b1:1c:08:de:c5:09:43:ed:
         fe:92:d6:8f:84:1c:3b:39:26:78:e4:19:c5:98:36:96:95:7a:
         cb:60:a1:40:80:31:aa:4f:60:be:f3:9a:71:cd:ed:af:7b:cc:
         88:ca:45:c7:5e:70:ca:5c:ff:2b:b1:66:36:b9:53:88:b4:73:
         ce:96:08:42:0f:f6:38:e7:cb:6b:c3:fd:a4:98:5b:b0:55:cf:
         ec:a3:d6:ce:b5:2f:dc:88:10:52:49:e7:2b:e6:6e:e1:b3:6f:
         5c:65:bc:de:fc:58:4c:e6:2e:70:9d:cf:7c:16:a8:56:6a:dc:
         70:20:b0:98:da:02:de:b3:34:5e:85:8b:fb:fa:30:9f:d1:45:
         f3:79:fe:9b:49:c2:ad:27:18:0e:db:89:7e:f6:c1:31:3e:76:
         ca:b0:b7:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj7zDTwvdmo84p4AjOTniMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZmYyM2IxYzM3MTM1MmYzOWI3M2QzOWE0ZTA3ZjhjYTk4
Y2NkNjcwHhcNMjUwMTAyMDU0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGQ0OTg1MGU1ZTNlNGIzYjk0NDFiZGUyZTI5YTZkMWQzMGFmM2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFwX/zR5H7Jvuk0tLYnCRMx+uaxD
KGAjqCMgV5RnCl3xB3R/45kYqwWKPjWhug0xqSr+FKGvphlnTyzkyZ3hSdS41EY/
fvNkc8ZoEu9nuMKBJYWcabvhumx8Bh+Z7jQrs0wbWQGz64s1yKSCd5Q0D3cQRlR2
vBMYPjvTE1O4hmQiNgcjePVEg2UkR2qbbE95We5NF69dbjNeZNxBZ1C0wnTCLeJH
Dn4EKOyUH7lpF0u7/8V4K9FdnpBTS30+cNJRNMEktZFwIr4GyNSjJkT9ZkfLdodX
we5PVB7bcEZHj4ksRpWn543gWrGv7WwhOvlZtEHNdidM7jGttW/of2bWoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOTUmFDl4+SzuUQb3i4pptHTCvOwMB8GA1UdIwQY
MBaAFMT/I7HDcTUvObc9OaTgf4ypjM1nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFA4anNjTnhOUzg1dHowNXBPQl9qS21NeldjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9jNjVhYWItOGE1Mi00NzZmLTllMzIt
MTA5NTlhYWE4YjNlLzEvNU5TWVVPWGo1TE81UkJ2ZUxpbW0wZE1LODdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9jNjVhYWItOGE1Mi00NzZmLTllMzItMTA5NTlhYWE4YjNl
LzEveFA4anNjTnhOUzg1dHowNXBPQl9qS21NeldjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+t3MA0G
CSqGSIb3DQEBCwUAA4IBAQBF+vY9PpHzirX/3fRyRRN5YjfpogmwUPGTok5S/MCp
guAoo2w9MTudw2odiIZh2g9o2ATxDw2CUuufU0i7ZUfoMJbIVeEwoyZdIeCj6W5h
RFotEGR7aGfOn+JFZlGwjozGyBZWsRwI3sUJQ+3+ktaPhBw7OSZ45BnFmDaWlXrL
YKFAgDGqT2C+85pxze2ve8yIykXHXnDKXP8rsWY2uVOItHPOlghCD/Y458trw/2k
mFuwVc/so9bOtS/ciBBSSecr5m7hs29cZbze/FhM5i5wnc98FqhWatxwILCY2gLe
szRehYv7+jCf0UXzef6bScKtJxgO24l+9sExPnbKsLee
-----END CERTIFICATE-----