Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/SI5bPKNRwKXVD2IHaXgt8Iaq2dI.roa
File:                     SI5bPKNRwKXVD2IHaXgt8Iaq2dI.roa (raw, json)
Hash identifier:          ZJcXhm7u4shggdhllQO/Q1c4jYENyDddizVnNWIUcHc=
Subject key identifier:   48:8E:5B:3C:A3:51:C0:A5:D5:0F:62:07:69:78:2D:F0:86:AA:D9:D2
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018CC79518A30D2C9104D3A8DCF600B34C6F
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/SI5bPKNRwKXVD2IHaXgt8Iaq2dI.roa
Signing time:             Tue 02 Jan 2024 00:31:26 +0000
ROA not before:           Tue 02 Jan 2024 00:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29226
IP address blocks:        91.229.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 14:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:18:a3:0d:2c:91:04:d3:a8:dc:f6:00:b3:4c:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 00:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=488e5b3ca351c0a5d50f620769782df086aad9d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:36:8a:5e:7f:f2:88:c5:a2:a3:bf:96:d7:5c:
                    d3:1d:4b:b9:8c:6e:a2:0a:36:b5:70:14:3a:8c:04:
                    f0:1f:b6:0c:4b:2e:3f:d4:4a:a7:1a:33:a0:e5:69:
                    23:fb:37:34:4c:cd:0a:f6:e2:7d:22:06:fe:a2:07:
                    33:b2:42:96:44:2f:7c:23:1b:70:37:9a:45:c4:77:
                    82:56:81:a3:7e:d5:ac:0f:d7:0a:a0:bc:a1:63:e4:
                    3a:a9:2d:e1:11:f4:c1:18:3e:7c:ca:9b:32:61:f4:
                    09:a4:b3:61:35:d7:3b:ba:18:88:c3:46:db:e3:cf:
                    e9:b1:71:10:cc:8b:2e:cd:8f:25:5d:14:1e:45:4a:
                    f0:27:64:ed:8a:4d:23:fe:04:1e:a9:45:ed:5a:1e:
                    91:82:dc:81:0a:88:b4:4e:8b:88:1e:fc:dc:db:1f:
                    92:5b:ef:b4:2f:2d:5c:9c:53:8d:86:76:bc:7b:b6:
                    c9:df:03:d6:6f:c2:03:df:de:26:57:12:ed:b2:8b:
                    7e:c9:02:82:74:64:80:d2:0e:53:52:f5:51:73:79:
                    ab:80:ee:87:0d:ea:71:d8:77:1e:9c:63:bc:e2:1e:
                    f7:df:dc:53:3d:d3:cc:4e:53:67:f2:45:80:a4:e2:
                    77:b0:4d:c5:70:21:be:6f:17:69:b8:8d:21:25:29:
                    e2:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:8E:5B:3C:A3:51:C0:A5:D5:0F:62:07:69:78:2D:F0:86:AA:D9:D2
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/SI5bPKNRwKXVD2IHaXgt8Iaq2dI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:f1:ad:e8:2f:58:8b:6f:09:d2:65:bf:e4:21:a2:28:ca:1b:
         47:c4:b2:d2:e9:ab:4c:7e:6b:74:5f:f0:b7:2c:ea:79:e5:11:
         7b:5b:95:1e:5c:ec:b9:50:71:b5:d9:8b:51:4a:46:37:57:22:
         39:18:37:12:91:93:43:91:de:35:e2:2b:8d:8a:87:12:f6:33:
         4e:dd:35:00:b5:0f:f3:ae:35:dd:12:84:9a:9f:9b:13:18:da:
         c6:bf:99:d4:60:9e:70:ec:36:13:1d:86:a2:e5:5c:56:37:58:
         70:8e:91:16:4f:e5:93:fb:55:4a:81:3c:e8:03:b1:46:17:da:
         64:26:da:5d:9e:f8:b4:a0:2f:a8:0b:d3:4e:85:a2:1c:19:5c:
         36:ba:cb:d4:b1:30:f0:c0:1b:61:1c:66:3f:19:40:d5:15:d6:
         80:09:7d:b1:e8:87:05:75:bd:4f:9b:c6:b6:8c:ba:fd:9c:3a:
         52:a4:17:7e:c4:7e:e2:8e:0f:cf:02:56:ea:4f:00:68:d4:98:
         b3:fe:a8:d3:1d:c8:f0:e2:a8:9c:5a:37:1c:63:5d:c2:0a:85:
         98:cb:1c:33:f0:f6:f7:4e:83:ee:87:17:52:6a:47:56:17:b0:
         cb:52:b3:13:6d:b4:14:d1:ca:31:40:be:08:ca:23:5f:e9:39:
         01:c5:89:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlRijDSyRBNOo3PYAs0xvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMTAyMDAzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODhlNWIzY2EzNTFjMGE1ZDUwZjYyMDc2OTc4MmRmMDg2YWFkOWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTaKXn/yiMWio7+W11zTHUu5jG6i
Cja1cBQ6jATwH7YMSy4/1EqnGjOg5Wkj+zc0TM0K9uJ9Igb+ogczskKWRC98Ixtw
N5pFxHeCVoGjftWsD9cKoLyhY+Q6qS3hEfTBGD58ypsyYfQJpLNhNdc7uhiIw0bb
48/psXEQzIsuzY8lXRQeRUrwJ2Ttik0j/gQeqUXtWh6RgtyBCoi0TouIHvzc2x+S
W++0Ly1cnFONhna8e7bJ3wPWb8ID394mVxLtsot+yQKCdGSA0g5TUvVRc3mrgO6H
Depx2HcenGO84h7339xTPdPMTlNn8kWApOJ3sE3FcCG+bxdpuI0hJSnitwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEiOWzyjUcCl1Q9iB2l4LfCGqtnSMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvU0k1YlBLTlJ3S1hWRDJJSGFYZ3Q4SWFxMmRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+V1MA0G
CSqGSIb3DQEBCwUAA4IBAQA18a3oL1iLbwnSZb/kIaIoyhtHxLLS6atMfmt0X/C3
LOp55RF7W5UeXOy5UHG12YtRSkY3VyI5GDcSkZNDkd414iuNiocS9jNO3TUAtQ/z
rjXdEoSan5sTGNrGv5nUYJ5w7DYTHYai5VxWN1hwjpEWT+WT+1VKgTzoA7FGF9pk
Jtpdnvi0oC+oC9NOhaIcGVw2usvUsTDwwBthHGY/GUDVFdaACX2x6IcFdb1Pm8a2
jLr9nDpSpBd+xH7ijg/PAlbqTwBo1Jiz/qjTHcjw4qicWjccY13CCoWYyxwz8Pb3
ToPuhxdSakdWF7DLUrMTbbQU0coxQL4IyiNf6TkBxYno
-----END CERTIFICATE-----