Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/ce9aa9-8793-4863-a059-5a284064fdb6/1/kF7j53zNQa0IJw6u_2sizpqFCRY.roa
File:                     kF7j53zNQa0IJw6u_2sizpqFCRY.roa (raw, json)
Hash identifier:          RHk/rCmLKZGoNXjvf7LSkqs21Q8ovx/Nalh8TpS/fH8=
Subject key identifier:   90:5E:E3:E7:7C:CD:41:AD:08:27:0E:AE:FF:6B:22:CE:9A:85:09:16
Certificate issuer:       /CN=35371996dc555a98404c7ee712ee293ff6045383
Certificate serial:       018F57AE608D9852E0B8A73133C879D2F6FC
Authority key identifier: 35:37:19:96:DC:55:5A:98:40:4C:7E:E7:12:EE:29:3F:F6:04:53:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NTcZltxVWphATH7nEu4pP_YEU4M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/ce9aa9-8793-4863-a059-5a284064fdb6/1/kF7j53zNQa0IJw6u_2sizpqFCRY.roa
Signing time:             Wed 08 May 2024 10:09:56 +0000
ROA not before:           Wed 08 May 2024 10:09:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48866
IP address blocks:        91.223.178.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/ce9aa9-8793-4863-a059-5a284064fdb6/1/NTcZltxVWphATH7nEu4pP_YEU4M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/ce9aa9-8793-4863-a059-5a284064fdb6/1/NTcZltxVWphATH7nEu4pP_YEU4M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NTcZltxVWphATH7nEu4pP_YEU4M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 07:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:57:ae:60:8d:98:52:e0:b8:a7:31:33:c8:79:d2:f6:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35371996dc555a98404c7ee712ee293ff6045383
        Validity
            Not Before: May  8 10:09:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=905ee3e77ccd41ad08270eaeff6b22ce9a850916
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:5d:d4:d1:92:0c:71:dd:fe:77:85:5e:91:c7:
                    fd:45:fb:9e:7c:e1:b8:66:04:ed:57:d3:ad:9e:08:
                    d5:f0:d0:5e:b0:df:0c:e5:d4:76:d6:a6:19:8d:0a:
                    35:34:35:5e:45:60:1d:ac:db:bf:f9:9a:d5:69:e6:
                    1c:fc:45:73:2f:d0:bf:2d:aa:de:b0:a2:3f:79:a7:
                    e1:04:5b:a0:8a:ac:f3:09:37:e2:56:d1:51:6b:fa:
                    ac:5c:82:7c:b2:1d:15:99:12:90:9e:07:bc:36:0b:
                    0f:07:35:98:7b:38:74:0f:33:9b:ca:95:cd:fb:e4:
                    3a:e9:39:7c:c3:ec:1c:1d:0c:84:f1:6c:4f:f6:db:
                    b9:f7:47:80:78:12:4a:d6:84:6d:ba:74:fa:83:b7:
                    03:e7:0d:dc:2f:7b:62:89:7d:15:18:3a:4d:c0:99:
                    be:a2:9a:33:8c:f8:6c:6a:9d:a6:82:21:1c:e6:07:
                    cd:18:3e:e5:72:bc:3b:5b:13:de:d4:c8:c3:e2:eb:
                    93:01:2b:86:4b:c0:c3:54:bc:18:b8:c2:cc:0d:03:
                    1a:e5:8c:b7:46:dc:ae:f3:40:91:68:31:80:48:15:
                    0b:8b:ca:f4:0e:82:82:76:1e:4b:39:52:82:a2:67:
                    f7:20:af:9c:3a:7e:58:a9:90:74:34:f4:9c:7c:ea:
                    a5:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:5E:E3:E7:7C:CD:41:AD:08:27:0E:AE:FF:6B:22:CE:9A:85:09:16
            X509v3 Authority Key Identifier:
                keyid:35:37:19:96:DC:55:5A:98:40:4C:7E:E7:12:EE:29:3F:F6:04:53:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NTcZltxVWphATH7nEu4pP_YEU4M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ce9aa9-8793-4863-a059-5a284064fdb6/1/kF7j53zNQa0IJw6u_2sizpqFCRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ce9aa9-8793-4863-a059-5a284064fdb6/1/NTcZltxVWphATH7nEu4pP_YEU4M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:64:d1:0b:84:7d:6f:d5:e4:86:79:ef:59:b1:f4:bb:da:b8:
         ee:92:48:8c:3d:f6:f8:e8:e8:a0:0f:38:7a:d9:d6:38:4e:da:
         ab:fa:1d:18:9e:29:56:45:56:5a:1a:6d:6c:8e:50:b3:58:9a:
         67:7a:61:e6:d5:ee:23:87:60:6e:fc:44:c8:2d:60:0b:2c:24:
         86:68:3e:25:2b:4c:de:7e:84:50:97:33:a4:77:31:ac:0e:41:
         31:e3:d8:cc:53:65:8c:11:65:55:7e:fe:b8:9c:3c:b5:88:75:
         52:7e:02:c9:e2:9b:b1:5d:1d:31:0d:03:f1:da:76:d1:45:8f:
         6d:3b:58:28:9e:fb:8c:10:66:8e:ec:2c:ae:cd:8f:d0:b9:10:
         69:eb:d1:a8:d5:98:54:c0:95:b5:a3:3c:3e:a0:8e:fb:19:12:
         57:cb:36:e9:4a:1c:ea:5c:3e:6f:d6:c2:5a:5b:f1:93:7e:c4:
         29:18:14:af:1f:a9:ba:e2:f4:80:51:f9:f1:dd:1e:d2:8c:5f:
         1d:8e:17:ac:50:12:3e:f9:7d:63:41:ca:e9:d0:8a:66:ed:56:
         c8:90:89:09:16:b4:50:90:ce:d5:79:70:7a:ef:89:1c:74:e5:
         22:ea:ad:a9:d8:80:b7:c8:4a:da:70:41:af:ca:c0:4c:ea:c8:
         6a:f5:32:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9XrmCNmFLguKcxM8h50vb8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MzcxOTk2ZGM1NTVhOTg0MDRjN2VlNzEyZWUyOTNmZjYw
NDUzODMwHhcNMjQwNTA4MTAwOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDVlZTNlNzdjY2Q0MWFkMDgyNzBlYWVmZjZiMjJjZTlhODUwOTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr13U0ZIMcd3+d4Vekcf9RfuefOG4
ZgTtV9OtngjV8NBesN8M5dR21qYZjQo1NDVeRWAdrNu/+ZrVaeYc/EVzL9C/Lare
sKI/eafhBFugiqzzCTfiVtFRa/qsXIJ8sh0VmRKQnge8NgsPBzWYezh0DzObypXN
++Q66Tl8w+wcHQyE8WxP9tu590eAeBJK1oRtunT6g7cD5w3cL3tiiX0VGDpNwJm+
opozjPhsap2mgiEc5gfNGD7lcrw7WxPe1MjD4uuTASuGS8DDVLwYuMLMDQMa5Yy3
Rtyu80CRaDGASBULi8r0DoKCdh5LOVKComf3IK+cOn5YqZB0NPScfOqltwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJBe4+d8zUGtCCcOrv9rIs6ahQkWMB8GA1UdIwQY
MBaAFDU3GZbcVVqYQEx+5xLuKT/2BFODMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlRjWmx0eFZXcGhBVEg3bkV1NHBQX1lFVTRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9jZTlhYTktODc5My00ODYzLWEwNTkt
NWEyODQwNjRmZGI2LzEva0Y3ajUzek5RYTBJSnc2dV8yc2l6cHFGQ1JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9jZTlhYTktODc5My00ODYzLWEwNTktNWEyODQwNjRmZGI2
LzEvTlRjWmx0eFZXcGhBVEg3bkV1NHBQX1lFVTRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9+yMA0G
CSqGSIb3DQEBCwUAA4IBAQALZNELhH1v1eSGee9ZsfS72rjukkiMPfb46OigDzh6
2dY4Ttqr+h0YnilWRVZaGm1sjlCzWJpnemHm1e4jh2Bu/ETILWALLCSGaD4lK0ze
foRQlzOkdzGsDkEx49jMU2WMEWVVfv64nDy1iHVSfgLJ4puxXR0xDQPx2nbRRY9t
O1gonvuMEGaO7CyuzY/QuRBp69Go1ZhUwJW1ozw+oI77GRJXyzbpShzqXD5v1sJa
W/GTfsQpGBSvH6m64vSAUfnx3R7SjF8djhesUBI++X1jQcrp0Ipm7VbIkIkJFrRQ
kM7VeXB674kcdOUi6q2p2IC3yEracEGvysBM6shq9TIv
-----END CERTIFICATE-----