Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/24xQZ5GeEZicZ6eO1GoHSOOFrSY.roa
File:                     24xQZ5GeEZicZ6eO1GoHSOOFrSY.roa (raw, json)
Hash identifier:          TvM/klG8BAVwuBv2o4xlqafjXwI8pF+DqVXOZFHCJac=
Subject key identifier:   DB:8C:50:67:91:9E:11:98:9C:67:A7:8E:D4:6A:07:48:E3:85:AD:26
Certificate issuer:       /CN=c398060f1bf22f0999cb071b1b42696dbc43e10c
Certificate serial:       018CC8016C5E67173BDCB849C38FE9F6331A
Authority key identifier: C3:98:06:0F:1B:F2:2F:09:99:CB:07:1B:1B:42:69:6D:BC:43:E1:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/24xQZ5GeEZicZ6eO1GoHSOOFrSY.roa
Signing time:             Tue 02 Jan 2024 02:29:45 +0000
ROA not before:           Tue 02 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47628
IP address blocks:        91.224.54.0/24 maxlen: 24
                          91.224.55.0/24 maxlen: 24
                          185.57.140.0/24 maxlen: 24
                          185.57.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/w5gGDxvyLwmZywcbG0JpbbxD4Qw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/w5gGDxvyLwmZywcbG0JpbbxD4Qw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6c:5e:67:17:3b:dc:b8:49:c3:8f:e9:f6:33:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c398060f1bf22f0999cb071b1b42696dbc43e10c
        Validity
            Not Before: Jan  2 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db8c5067919e11989c67a78ed46a0748e385ad26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:01:89:9d:37:26:83:fc:42:06:a8:ab:1b:ef:
                    2c:6a:55:fa:0c:35:f5:d7:09:63:f0:cc:4c:13:2e:
                    3d:df:6e:69:b5:06:fc:8d:04:ef:c7:ee:58:28:2d:
                    9b:70:ee:4a:25:51:ab:13:8b:24:35:24:a9:e8:c4:
                    de:10:dc:2f:11:32:c7:ff:98:f4:9c:f4:9b:1b:64:
                    6f:32:6b:a5:4e:a1:ee:a6:f7:7f:30:b6:a9:b7:a3:
                    ff:03:54:70:70:ed:f9:41:4f:23:df:bc:04:95:44:
                    d7:b0:b3:41:44:3a:b7:11:96:79:2d:73:10:71:48:
                    68:a8:f1:85:13:2d:18:5c:19:88:1f:3e:40:42:66:
                    ec:4a:9c:a5:5a:db:ed:89:2f:c1:f1:03:71:c7:ee:
                    27:11:4f:60:f4:9d:b0:8f:6e:09:1d:8f:d7:9a:89:
                    d3:41:95:4a:05:fd:a3:a4:3a:de:c2:74:c5:44:0c:
                    52:d9:5b:94:72:39:af:42:a2:72:0b:e9:34:33:49:
                    d5:dd:26:9e:c9:2f:9d:69:a9:88:80:28:74:9b:df:
                    ec:ed:0c:86:af:30:27:b2:c7:87:33:c6:ee:8a:47:
                    e0:6b:b8:6c:51:d5:a3:53:db:c6:0c:6a:6c:c9:fa:
                    c2:2b:e2:19:bf:90:94:63:5e:fa:fe:ac:9f:b0:89:
                    e0:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:8C:50:67:91:9E:11:98:9C:67:A7:8E:D4:6A:07:48:E3:85:AD:26
            X509v3 Authority Key Identifier:
                keyid:C3:98:06:0F:1B:F2:2F:09:99:CB:07:1B:1B:42:69:6D:BC:43:E1:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/24xQZ5GeEZicZ6eO1GoHSOOFrSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/w5gGDxvyLwmZywcbG0JpbbxD4Qw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.54.0/23
                  185.57.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         94:85:d5:f2:07:6a:16:e2:d9:36:50:45:f2:88:cd:34:6b:cb:
         9f:5a:19:e4:1b:04:5f:cb:ee:19:54:f9:83:e5:64:9c:a5:cc:
         1b:70:d5:3d:0e:52:25:56:ea:20:45:5a:7e:63:c5:a6:59:78:
         fa:d6:1d:08:9e:3e:f9:c0:ff:37:45:e8:75:9b:d5:1c:63:9a:
         6c:98:38:79:fa:d3:fe:bb:62:11:8e:6c:6d:20:9d:92:f3:8b:
         fc:6e:6c:ad:f8:9c:f4:e2:f6:c6:83:68:87:60:7d:15:9c:46:
         f6:09:79:80:a8:be:9e:7a:fa:ab:46:7e:68:9e:77:02:1c:2b:
         bd:0b:7d:52:9c:b9:8f:38:2a:29:48:69:1a:e0:41:c4:fa:96:
         81:bf:3d:5a:85:75:41:61:bd:fb:99:eb:89:19:d9:3f:e0:fb:
         2f:a7:27:88:b2:19:a2:46:52:02:14:f5:6a:0d:a4:62:45:a7:
         81:c2:f8:8f:7e:04:40:da:ee:11:4d:3c:c2:e8:be:56:57:0c:
         58:20:6a:29:7a:63:86:87:d5:e9:f3:d4:36:9d:d0:da:ba:2f:
         83:17:6c:4a:b6:e4:8d:80:61:df:d9:7d:2e:ea:d8:d0:d5:57:
         f0:d9:89:0a:b1:77:e5:b0:74:4c:55:32:e6:dd:0d:ae:07:84:
         01:79:68:40
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAWxeZxc73LhJw4/p9jMaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzOTgwNjBmMWJmMjJmMDk5OWNiMDcxYjFiNDI2OTZkYmM0
M2UxMGMwHhcNMjQwMTAyMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjhjNTA2NzkxOWUxMTk4OWM2N2E3OGVkNDZhMDc0OGUzODVhZDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQGJnTcmg/xCBqirG+8salX6DDX1
1wlj8MxMEy49325ptQb8jQTvx+5YKC2bcO5KJVGrE4skNSSp6MTeENwvETLH/5j0
nPSbG2RvMmulTqHupvd/MLapt6P/A1RwcO35QU8j37wElUTXsLNBRDq3EZZ5LXMQ
cUhoqPGFEy0YXBmIHz5AQmbsSpylWtvtiS/B8QNxx+4nEU9g9J2wj24JHY/XmonT
QZVKBf2jpDrewnTFRAxS2VuUcjmvQqJyC+k0M0nV3SaeyS+daamIgCh0m9/s7QyG
rzAnsseHM8buikfga7hsUdWjU9vGDGpsyfrCK+IZv5CUY176/qyfsIng4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNuMUGeRnhGYnGenjtRqB0jjha0mMB8GA1UdIwQY
MBaAFMOYBg8b8i8JmcsHGxtCaW28Q+EMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzVnR0R4dnlMd21aeXdjYkcwSnBiYnhENFF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8zYmZjMzEtZGMzMi00NTQxLTg0NjAt
YzkyN2I4YzJjN2M0LzEvMjR4UVo1R2VFWmljWjZlTzFHb0hTT09GclNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8zYmZjMzEtZGMzMi00NTQxLTg0NjAtYzkyN2I4YzJjN2M0
LzEvdzVnR0R4dnlMd21aeXdjYkcwSnBiYnhENFF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+A2AwQB
uTmMMA0GCSqGSIb3DQEBCwUAA4IBAQCUhdXyB2oW4tk2UEXyiM00a8ufWhnkGwRf
y+4ZVPmD5WScpcwbcNU9DlIlVuogRVp+Y8WmWXj61h0Inj75wP83Reh1m9UcY5ps
mDh5+tP+u2IRjmxtIJ2S84v8bmyt+Jz04vbGg2iHYH0VnEb2CXmAqL6eevqrRn5o
nncCHCu9C31SnLmPOCopSGka4EHE+paBvz1ahXVBYb37meuJGdk/4PsvpyeIshmi
RlICFPVqDaRiRaeBwviPfgRA2u4RTTzC6L5WVwxYIGopemOGh9Xp89Q2ndDaui+D
F2xKtuSNgGHf2X0u6tjQ1Vfw2YkKsXflsHRMVTLm3Q2uB4QBeWhA
-----END CERTIFICATE-----