Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/1Sk1udfBVE5sDOUYQt0O9e5GG4I.roa
File:                     1Sk1udfBVE5sDOUYQt0O9e5GG4I.roa (raw, json)
Hash identifier:          A7pM7FXv2ERZAgQn4T9cJ7TgZIRe5Uv4mpyW61WwGTI=
Subject key identifier:   D5:29:35:B9:D7:C1:54:4E:6C:0C:E5:18:42:DD:0E:F5:EE:46:1B:82
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018CC79523E6FA1CB8EC425C814981F258D6
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/1Sk1udfBVE5sDOUYQt0O9e5GG4I.roa
Signing time:             Tue 02 Jan 2024 00:31:29 +0000
ROA not before:           Tue 02 Jan 2024 00:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56915
IP address blocks:        91.229.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:23:e6:fa:1c:b8:ec:42:5c:81:49:81:f2:58:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 00:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d52935b9d7c1544e6c0ce51842dd0ef5ee461b82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:42:8c:08:22:e7:0d:38:71:0a:e7:cc:41:c0:
                    84:6c:0e:6b:d4:72:ad:2a:78:59:36:58:f4:c3:63:
                    d9:8b:62:9d:33:46:b2:e4:72:ac:3a:ff:a6:0a:10:
                    e6:2f:d1:01:6d:b5:80:34:dd:ee:28:50:c4:df:b8:
                    02:eb:5a:4e:70:2e:a6:6a:ab:b7:00:2a:52:0c:18:
                    fb:19:72:9b:ad:46:87:8b:f9:a2:39:ef:e8:b4:0d:
                    fd:69:52:3f:53:8e:66:01:af:3a:74:91:61:87:da:
                    f6:a0:79:7e:f0:4d:d7:2e:9b:21:0b:61:ec:18:ec:
                    cd:62:5f:ff:b2:4d:de:0d:72:42:20:96:6c:26:6c:
                    51:c5:bd:2a:24:5a:4b:5e:28:40:c4:37:91:75:52:
                    59:41:17:0e:4b:b6:78:b3:60:d0:53:f0:26:18:66:
                    2b:58:76:b2:92:09:96:d8:6f:13:db:a9:e8:a3:63:
                    60:f1:c3:26:76:c6:73:b1:30:b6:99:23:5c:21:a6:
                    c0:2f:16:79:ac:99:4c:7b:74:ac:c5:47:77:1a:24:
                    5a:92:a4:ec:f4:97:dc:aa:af:cd:db:cb:0a:1c:67:
                    81:1b:d7:c8:0b:1f:7d:b0:84:ca:7d:bc:c2:2e:63:
                    d3:08:a9:16:af:2f:40:09:fc:49:10:a0:7c:07:4b:
                    17:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:29:35:B9:D7:C1:54:4E:6C:0C:E5:18:42:DD:0E:F5:EE:46:1B:82
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/1Sk1udfBVE5sDOUYQt0O9e5GG4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:f2:41:50:b6:52:1e:5e:dd:80:3d:bc:30:e1:e4:4a:9a:07:
         32:80:a3:0d:3d:40:77:f9:0a:c8:6d:56:09:b7:c4:ab:27:8a:
         75:83:a7:46:bd:0c:52:b4:f3:d8:44:88:8d:1f:af:aa:59:99:
         85:de:d6:af:8e:9e:08:3b:98:f7:4f:76:6b:62:3a:ff:76:45:
         55:bd:10:e7:ff:29:13:94:41:de:bd:a5:d0:b0:29:40:5f:72:
         c0:62:38:28:e2:95:3d:9a:92:fe:54:27:d7:c4:36:1d:3a:d9:
         55:12:be:89:3f:7d:02:35:c2:61:19:80:f7:f0:03:96:4b:e5:
         77:5c:46:be:eb:06:80:29:9f:fe:8b:91:6e:fb:8e:7a:29:18:
         e9:23:14:49:22:c8:6f:69:e9:00:d3:f2:6b:6b:bc:7d:eb:28:
         03:ef:bc:87:05:01:fe:ef:d7:b6:46:0d:af:e4:d1:6c:91:9b:
         5c:05:a1:9b:be:66:b6:a9:6f:f5:89:90:b1:ea:51:42:fb:bb:
         d9:6b:a5:6d:ad:b9:07:60:6c:bd:d1:15:ee:a5:70:fa:2d:55:
         8c:ad:d6:57:73:3f:26:93:d5:29:f8:22:2d:f8:70:3b:73:30:
         c2:36:8c:36:6b:b2:d2:9e:f7:d4:0c:a1:0a:f3:70:b7:9a:6e:
         21:7c:53:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSPm+hy47EJcgUmB8ljWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMTAyMDAzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTI5MzViOWQ3YzE1NDRlNmMwY2U1MTg0MmRkMGVmNWVlNDYxYjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUKMCCLnDThxCufMQcCEbA5r1HKt
KnhZNlj0w2PZi2KdM0ay5HKsOv+mChDmL9EBbbWANN3uKFDE37gC61pOcC6maqu3
ACpSDBj7GXKbrUaHi/miOe/otA39aVI/U45mAa86dJFhh9r2oHl+8E3XLpshC2Hs
GOzNYl//sk3eDXJCIJZsJmxRxb0qJFpLXihAxDeRdVJZQRcOS7Z4s2DQU/AmGGYr
WHaykgmW2G8T26noo2Ng8cMmdsZzsTC2mSNcIabALxZ5rJlMe3SsxUd3GiRakqTs
9Jfcqq/N28sKHGeBG9fICx99sITKfbzCLmPTCKkWry9ACfxJEKB8B0sXyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNUpNbnXwVRObAzlGELdDvXuRhuCMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvMVNrMXVkZkJWRTVzRE9VWVF0ME85ZTVHRzRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+V3MA0G
CSqGSIb3DQEBCwUAA4IBAQB48kFQtlIeXt2APbww4eRKmgcygKMNPUB3+QrIbVYJ
t8SrJ4p1g6dGvQxStPPYRIiNH6+qWZmF3tavjp4IO5j3T3ZrYjr/dkVVvRDn/ykT
lEHevaXQsClAX3LAYjgo4pU9mpL+VCfXxDYdOtlVEr6JP30CNcJhGYD38AOWS+V3
XEa+6waAKZ/+i5Fu+456KRjpIxRJIshvaekA0/Jra7x96ygD77yHBQH+79e2Rg2v
5NFskZtcBaGbvma2qW/1iZCx6lFC+7vZa6VtrbkHYGy90RXupXD6LVWMrdZXcz8m
k9Up+CIt+HA7czDCNow2a7LSnvfUDKEK83C3mm4hfFPb
-----END CERTIFICATE-----