Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/V8nWP9tj3PZ8Y9_LJ4vlX785LB8.roa
File:                     V8nWP9tj3PZ8Y9_LJ4vlX785LB8.roa (raw, json)
Hash identifier:          9kwvkNza9Ld1zF0bmJVWciFUgmlKZE6HbPlQRLwmrRY=
Subject key identifier:   57:C9:D6:3F:DB:63:DC:F6:7C:63:DF:CB:27:8B:E5:5F:BF:39:2C:1F
Certificate issuer:       /CN=b498c97b14c374a52833db6a4007b54b4662c5a9
Certificate serial:       018EF3AC19B14EEF1618877DF5B1B72D9971
Authority key identifier: B4:98:C9:7B:14:C3:74:A5:28:33:DB:6A:40:07:B5:4B:46:62:C5:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tJjJexTDdKUoM9tqQAe1S0Zixak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/V8nWP9tj3PZ8Y9_LJ4vlX785LB8.roa
Signing time:             Fri 19 Apr 2024 00:05:26 +0000
ROA not before:           Fri 19 Apr 2024 00:05:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52208
IP address blocks:        91.196.161.0/24 maxlen: 24
                          91.196.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/tJjJexTDdKUoM9tqQAe1S0Zixak.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/tJjJexTDdKUoM9tqQAe1S0Zixak.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tJjJexTDdKUoM9tqQAe1S0Zixak.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f3:ac:19:b1:4e:ef:16:18:87:7d:f5:b1:b7:2d:99:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b498c97b14c374a52833db6a4007b54b4662c5a9
        Validity
            Not Before: Apr 19 00:05:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57c9d63fdb63dcf67c63dfcb278be55fbf392c1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:01:72:00:4c:ff:d4:6f:80:c1:ad:60:44:2d:
                    c9:35:84:ad:ba:28:51:89:d6:26:84:47:96:09:1d:
                    83:c2:a1:21:67:f8:98:79:28:6e:2a:95:3e:67:77:
                    63:3b:98:e0:46:8e:f3:d9:d0:b4:5e:ce:71:7e:99:
                    af:ec:62:d6:bb:04:58:de:d7:86:00:06:b3:f6:93:
                    9c:82:d1:71:e5:5c:da:34:a5:e5:2d:46:19:32:18:
                    e1:2a:d0:61:8f:76:b3:5f:f2:7f:84:14:bf:0d:73:
                    c9:3d:f1:89:76:81:fd:50:fe:bd:b2:12:37:85:51:
                    28:52:b6:ce:88:8e:dc:bb:ec:52:b2:61:cc:63:9c:
                    c6:1a:6c:49:61:3a:fa:f1:ee:ed:64:00:7b:5e:f7:
                    55:2c:19:1e:1a:86:ff:15:9f:83:62:85:2f:36:28:
                    b1:6f:21:a0:fa:eb:b6:b1:c9:67:3c:f4:66:cb:28:
                    2a:7b:df:5a:21:da:2e:54:41:a4:1a:42:9f:b3:bf:
                    7a:f7:2b:8a:67:a7:6c:70:50:e5:7c:14:50:d9:cb:
                    56:9e:18:dc:14:f2:5a:e2:b0:eb:5f:d9:a2:7e:8b:
                    ab:d4:fc:83:69:e3:cd:f7:40:a0:0b:f8:0c:d7:62:
                    68:f7:bd:93:cc:d9:60:de:e3:26:0a:59:42:98:f3:
                    14:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:C9:D6:3F:DB:63:DC:F6:7C:63:DF:CB:27:8B:E5:5F:BF:39:2C:1F
            X509v3 Authority Key Identifier:
                keyid:B4:98:C9:7B:14:C3:74:A5:28:33:DB:6A:40:07:B5:4B:46:62:C5:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tJjJexTDdKUoM9tqQAe1S0Zixak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/V8nWP9tj3PZ8Y9_LJ4vlX785LB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/tJjJexTDdKUoM9tqQAe1S0Zixak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.161.0/24
                  91.196.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:34:c7:ce:5f:e1:d2:0b:e3:b3:8b:e4:93:88:33:67:35:b7:
         ef:0b:10:09:a3:aa:76:4c:14:36:db:33:54:f1:f1:60:80:34:
         72:e8:90:c7:de:d7:81:f9:ab:b3:de:f3:4d:60:c4:21:ae:23:
         97:53:1f:11:7f:4e:bc:32:a2:1d:9d:0b:19:c1:13:43:24:63:
         98:78:32:44:62:36:01:6f:31:45:92:c1:0d:9e:4d:b9:8f:6a:
         79:03:59:66:91:4a:de:db:dc:90:47:d3:3f:56:57:37:04:64:
         61:fc:1a:29:7d:29:60:65:4d:7c:5e:26:b6:9c:50:d5:62:10:
         7f:70:13:91:39:9a:a9:22:68:63:ee:c9:06:7d:bf:38:ce:20:
         09:0f:d0:e0:1f:5a:c0:84:24:b2:c8:56:b3:09:0e:40:04:e8:
         b3:cb:ab:57:76:3a:67:fd:66:fb:41:d5:38:2b:06:d3:d4:7a:
         9a:46:b4:d0:b7:fa:ee:9e:39:ae:a0:03:aa:22:05:6f:0a:18:
         d6:68:cd:3d:75:3e:1e:49:8d:64:5a:a4:f7:f8:61:be:bc:fd:
         08:c3:68:87:cf:fe:28:4b:2a:be:db:0f:08:e0:f3:38:71:52:
         f9:ef:44:e2:40:8e:6a:c1:ed:0a:8f:2b:32:84:e8:e3:b3:ef:
         7c:a5:f9:94
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7zrBmxTu8WGId99bG3LZlxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0OThjOTdiMTRjMzc0YTUyODMzZGI2YTQwMDdiNTRiNDY2
MmM1YTkwHhcNMjQwNDE5MDAwNTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2M5ZDYzZmRiNjNkY2Y2N2M2M2RmY2IyNzhiZTU1ZmJmMzkyYzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwFyAEz/1G+Awa1gRC3JNYStuihR
idYmhEeWCR2DwqEhZ/iYeShuKpU+Z3djO5jgRo7z2dC0Xs5xfpmv7GLWuwRY3teG
AAaz9pOcgtFx5VzaNKXlLUYZMhjhKtBhj3azX/J/hBS/DXPJPfGJdoH9UP69shI3
hVEoUrbOiI7cu+xSsmHMY5zGGmxJYTr68e7tZAB7XvdVLBkeGob/FZ+DYoUvNiix
byGg+uu2sclnPPRmyygqe99aIdouVEGkGkKfs7969yuKZ6dscFDlfBRQ2ctWnhjc
FPJa4rDrX9mifour1PyDaePN90CgC/gM12Jo972TzNlg3uMmCllCmPMUfwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFfJ1j/bY9z2fGPfyyeL5V+/OSwfMB8GA1UdIwQY
MBaAFLSYyXsUw3SlKDPbakAHtUtGYsWpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEpqSmV4VERkS1VvTTl0cVFBZTFTMFppeGFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC8xNDcwZjUtYzMxNi00ZmZmLTljMzct
ODY1NDI2NjQ1N2M2LzEvVjhuV1A5dGozUFo4WTlfTEo0dmxYNzg1TEI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC8xNDcwZjUtYzMxNi00ZmZmLTljMzctODY1NDI2NjQ1N2M2
LzEvdEpqSmV4VERkS1VvTTl0cVFBZTFTMFppeGFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8ShAwQA
W8SjMA0GCSqGSIb3DQEBCwUAA4IBAQAuNMfOX+HSC+Ozi+STiDNnNbfvCxAJo6p2
TBQ22zNU8fFggDRy6JDH3teB+auz3vNNYMQhriOXUx8Rf068MqIdnQsZwRNDJGOY
eDJEYjYBbzFFksENnk25j2p5A1lmkUre29yQR9M/Vlc3BGRh/BopfSlgZU18Xia2
nFDVYhB/cBOROZqpImhj7skGfb84ziAJD9DgH1rAhCSyyFazCQ5ABOizy6tXdjpn
/Wb7QdU4KwbT1HqaRrTQt/runjmuoAOqIgVvChjWaM09dT4eSY1kWqT3+GG+vP0I
w2iHz/4oSyq+2w8I4PM4cVL570TiQI5qwe0KjysyhOjjs+98pfmU
-----END CERTIFICATE-----