Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/jigejzcWzEQzb7A0Jx0UxA_DXIM.roa
File:                     jigejzcWzEQzb7A0Jx0UxA_DXIM.roa (raw, json)
Hash identifier:          qiI6Ox/q//MmhovD/PLEm6jEX/pXO/pznQ9nXYnJBgw=
Subject key identifier:   8E:28:1E:8F:37:16:CC:44:33:6F:B0:34:27:1D:14:C4:0F:C3:5C:83
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018DAC5D2542F530899F258D1373E983D9E0
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/jigejzcWzEQzb7A0Jx0UxA_DXIM.roa
Signing time:             Thu 15 Feb 2024 10:43:21 +0000
ROA not before:           Thu 15 Feb 2024 10:43:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196695
IP address blocks:        91.229.116.0/24 maxlen: 24
                          91.229.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 14:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ac:5d:25:42:f5:30:89:9f:25:8d:13:73:e9:83:d9:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Feb 15 10:43:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e281e8f3716cc44336fb034271d14c40fc35c83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:50:d1:3d:b8:29:b6:bf:f8:0f:20:51:1e:cf:
                    03:8a:0c:d5:55:88:47:cb:0c:c2:d0:47:d3:dd:7b:
                    36:8b:a0:cb:19:12:f9:b5:b5:e2:01:a8:6e:1a:a7:
                    34:49:07:11:9f:30:bd:fa:a9:17:69:3d:4c:93:37:
                    af:bf:f9:be:a5:b0:c7:cf:4f:b1:08:a4:48:26:34:
                    0d:50:34:ef:d4:1f:1b:12:ae:4d:e7:a6:3b:ce:4e:
                    a5:7d:e9:9e:37:64:5d:fe:0d:27:85:d2:bf:92:13:
                    1f:f4:48:1c:e1:cb:77:45:97:17:67:8e:ec:62:33:
                    4b:b8:2d:6f:57:8c:a7:f9:61:c6:84:d4:06:f2:70:
                    94:d9:70:63:88:24:67:d4:4a:4f:08:d2:cd:5f:90:
                    92:c4:88:98:e7:14:19:c1:f7:49:b9:03:f6:0f:5a:
                    77:53:b8:44:92:3f:2d:7a:08:dc:36:69:bc:db:44:
                    c6:23:3a:75:89:5b:28:5f:d1:4e:f6:0f:99:90:a7:
                    c4:08:b1:52:ce:2a:60:a0:26:ca:2b:64:44:25:2f:
                    7e:14:82:fb:6c:4e:8e:74:11:1d:fa:d2:5d:be:d2:
                    ca:97:0a:ee:d2:4a:83:14:03:5b:7b:03:c6:c8:6f:
                    f8:68:de:b5:bc:f7:21:f9:34:62:69:7c:88:c5:d8:
                    1c:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:28:1E:8F:37:16:CC:44:33:6F:B0:34:27:1D:14:C4:0F:C3:5C:83
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/jigejzcWzEQzb7A0Jx0UxA_DXIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:8e:59:c1:58:69:b7:fa:db:76:8a:43:69:46:f1:d9:17:73:
         8b:21:9e:10:55:62:ef:ed:0c:5c:82:63:b0:9f:48:cf:3c:4c:
         eb:43:7d:a6:93:10:bd:f0:f9:60:e4:eb:11:4e:cb:df:a8:5b:
         6c:a4:cc:89:13:72:71:0c:3a:74:c2:84:52:ec:57:f4:f9:eb:
         eb:1e:4f:c3:03:07:63:e0:0f:6a:31:0b:89:cb:46:d0:a4:19:
         5b:f9:de:ec:83:ac:64:92:72:1f:ee:f7:82:f3:d2:7f:2d:30:
         b8:79:a7:6e:ea:df:d3:4a:69:fd:e0:83:56:1a:95:0b:fa:59:
         6e:e1:06:b3:3c:76:81:30:1c:9d:f4:ff:11:31:32:ae:6d:17:
         7b:4d:22:e0:f9:c8:eb:97:ec:54:d0:91:ac:e3:1f:93:94:d9:
         27:fd:cd:75:09:b1:90:22:7f:73:51:41:12:6b:46:2f:78:a3:
         2c:4a:c9:a8:b1:da:53:35:85:ec:48:a8:c9:91:22:7a:98:19:
         35:7e:0f:3c:10:4c:c1:56:c7:76:41:24:a2:70:86:b6:2e:5e:
         db:d7:7c:a9:10:80:26:55:ef:66:4a:e5:e7:d8:c6:95:1e:10:
         dd:d5:2b:04:42:68:cb:d3:fd:16:9f:4a:b0:51:52:0a:42:3b:
         e5:b1:4c:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2sXSVC9TCJnyWNE3Ppg9ngMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMjE1MTA0MzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTI4MWU4ZjM3MTZjYzQ0MzM2ZmIwMzQyNzFkMTRjNDBmYzM1YzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgFDRPbgptr/4DyBRHs8DigzVVYhH
ywzC0EfT3Xs2i6DLGRL5tbXiAahuGqc0SQcRnzC9+qkXaT1Mkzevv/m+pbDHz0+x
CKRIJjQNUDTv1B8bEq5N56Y7zk6lfemeN2Rd/g0nhdK/khMf9Egc4ct3RZcXZ47s
YjNLuC1vV4yn+WHGhNQG8nCU2XBjiCRn1EpPCNLNX5CSxIiY5xQZwfdJuQP2D1p3
U7hEkj8tegjcNmm820TGIzp1iVsoX9FO9g+ZkKfECLFSzipgoCbKK2REJS9+FIL7
bE6OdBEd+tJdvtLKlwru0kqDFANbewPGyG/4aN61vPch+TRiaXyIxdgcNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI4oHo83FsxEM2+wNCcdFMQPw1yDMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvamlnZWp6Y1d6RVF6YjdBMEp4MFV4QV9EWElNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+V0MA0G
CSqGSIb3DQEBCwUAA4IBAQA4jlnBWGm3+tt2ikNpRvHZF3OLIZ4QVWLv7QxcgmOw
n0jPPEzrQ32mkxC98Plg5OsRTsvfqFtspMyJE3JxDDp0woRS7Ff0+evrHk/DAwdj
4A9qMQuJy0bQpBlb+d7sg6xkknIf7veC89J/LTC4eadu6t/TSmn94INWGpUL+llu
4QazPHaBMByd9P8RMTKubRd7TSLg+cjrl+xU0JGs4x+TlNkn/c11CbGQIn9zUUES
a0YveKMsSsmosdpTNYXsSKjJkSJ6mBk1fg88EEzBVsd2QSSicIa2Ll7b13ypEIAm
Ve9mSuXn2MaVHhDd1SsEQmjL0/0Wn0qwUVIKQjvlsUy1
-----END CERTIFICATE-----