Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/82d65a-45e2-4efb-b23c-955ad78bcb07/1/vlKpjnXZcQ7PJza3VfryzalLndQ.roa
File:                     vlKpjnXZcQ7PJza3VfryzalLndQ.roa (raw, json)
Hash identifier:          6xYaOqWvtJ5l/R5jF7TmLQBYg+zpTLA7GcxUDzJXSck=
Subject key identifier:   BE:52:A9:8E:75:D9:71:0E:CF:27:36:B7:55:FA:F2:CD:A9:4B:9D:D4
Certificate issuer:       /CN=d4d86e7d073a9e4d69ec715c3623176805894d5a
Certificate serial:       018CC493107F141767A23FD14D918B6C3898
Authority key identifier: D4:D8:6E:7D:07:3A:9E:4D:69:EC:71:5C:36:23:17:68:05:89:4D:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1NhufQc6nk1p7HFcNiMXaAWJTVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/82d65a-45e2-4efb-b23c-955ad78bcb07/1/vlKpjnXZcQ7PJza3VfryzalLndQ.roa
Signing time:             Mon 01 Jan 2024 10:30:21 +0000
ROA not before:           Mon 01 Jan 2024 10:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62350
IP address blocks:        91.240.236.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/82d65a-45e2-4efb-b23c-955ad78bcb07/1/1NhufQc6nk1p7HFcNiMXaAWJTVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/82d65a-45e2-4efb-b23c-955ad78bcb07/1/1NhufQc6nk1p7HFcNiMXaAWJTVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1NhufQc6nk1p7HFcNiMXaAWJTVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 19:02:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:10:7f:14:17:67:a2:3f:d1:4d:91:8b:6c:38:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4d86e7d073a9e4d69ec715c3623176805894d5a
        Validity
            Not Before: Jan  1 10:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be52a98e75d9710ecf2736b755faf2cda94b9dd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:db:51:1a:f2:ef:d5:e7:fc:c5:02:d9:af:35:
                    6c:d2:34:c2:e4:49:20:1d:fe:4f:71:a4:7a:cb:42:
                    b4:79:aa:0e:64:a7:ba:da:c1:24:84:fc:70:e5:8c:
                    20:d9:e6:95:11:a3:31:2f:65:b4:12:cb:5c:82:f1:
                    01:3d:48:e6:c0:9f:c8:80:1f:a1:df:c2:6c:32:c9:
                    29:73:cd:8c:8e:53:9e:b9:3d:61:d6:08:f4:96:fa:
                    c7:f4:3f:f7:40:e8:84:80:2f:a4:58:f2:88:5c:ab:
                    60:0e:a3:a9:9a:6a:96:0b:dc:c1:f4:1e:be:f6:6d:
                    19:4f:f7:38:0a:de:2b:31:ca:09:fa:57:17:d3:a8:
                    c3:fd:6b:66:e8:c7:bf:f0:80:6f:0e:b0:d5:31:a3:
                    23:8d:1b:8b:db:ab:b2:80:5c:ed:29:d4:8b:1b:6f:
                    eb:26:36:97:8e:5a:3e:0f:53:e2:af:37:67:f9:34:
                    f0:7d:b9:f1:ff:1c:f5:20:5a:89:c5:95:22:e6:c8:
                    99:ff:67:96:88:65:04:9f:74:f7:16:a5:92:2d:db:
                    d0:9f:79:dd:ab:36:96:0d:2a:f9:13:e9:07:27:3a:
                    b5:a0:2f:12:2d:ba:73:5e:77:c5:ad:73:c0:50:39:
                    f4:da:aa:11:bc:99:7a:db:16:81:52:c5:82:19:8f:
                    d7:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:52:A9:8E:75:D9:71:0E:CF:27:36:B7:55:FA:F2:CD:A9:4B:9D:D4
            X509v3 Authority Key Identifier:
                keyid:D4:D8:6E:7D:07:3A:9E:4D:69:EC:71:5C:36:23:17:68:05:89:4D:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1NhufQc6nk1p7HFcNiMXaAWJTVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/82d65a-45e2-4efb-b23c-955ad78bcb07/1/vlKpjnXZcQ7PJza3VfryzalLndQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/82d65a-45e2-4efb-b23c-955ad78bcb07/1/1NhufQc6nk1p7HFcNiMXaAWJTVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         30:b0:07:a2:c5:76:83:14:45:b0:50:ea:47:b6:ff:a9:e4:c4:
         83:eb:cf:fd:9a:0b:28:f0:97:e4:21:f4:84:6b:23:8e:6f:95:
         56:b8:d8:f8:94:5c:a4:36:55:58:cf:8d:04:e6:10:80:b8:79:
         71:75:c6:fa:dc:71:e4:b7:11:0d:46:40:a2:78:66:44:c3:02:
         f3:b5:07:04:57:ef:bf:09:4b:a3:b5:c7:a8:ef:6a:85:46:7e:
         27:59:e6:6b:99:f6:22:06:39:e3:47:e8:98:33:5a:51:64:90:
         87:c2:c7:f5:ee:2f:ea:fe:f8:75:e8:6c:8c:ff:94:34:11:28:
         89:d2:de:50:b2:b9:08:a5:0e:bc:58:f4:36:65:78:3c:e5:48:
         72:e3:c5:8f:08:61:be:1d:d9:a4:c9:82:e8:c1:ca:27:03:7d:
         4f:07:01:62:73:1a:88:7a:52:3b:80:dd:a6:5f:79:7e:e1:6e:
         01:66:74:8c:aa:ae:9a:a2:f5:08:7e:b3:39:e3:05:0b:02:cf:
         6e:4c:e0:74:47:4d:01:e3:06:1b:b3:bb:34:3c:32:66:95:26:
         a9:d0:e4:54:0a:7f:bc:8f:90:f3:7c:e0:52:4a:37:14:cf:8b:
         cc:f6:9b:0a:4f:67:3e:0a:3c:c0:b8:81:a0:4b:c9:9c:d1:5b:
         34:f3:b4:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkxB/FBdnoj/RTZGLbDiYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ZDg2ZTdkMDczYTllNGQ2OWVjNzE1YzM2MjMxNzY4MDU4
OTRkNWEwHhcNMjQwMTAxMTAzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTUyYTk4ZTc1ZDk3MTBlY2YyNzM2Yjc1NWZhZjJjZGE5NGI5ZGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9tRGvLv1ef8xQLZrzVs0jTC5Ekg
Hf5PcaR6y0K0eaoOZKe62sEkhPxw5Ywg2eaVEaMxL2W0EstcgvEBPUjmwJ/IgB+h
38JsMskpc82MjlOeuT1h1gj0lvrH9D/3QOiEgC+kWPKIXKtgDqOpmmqWC9zB9B6+
9m0ZT/c4Ct4rMcoJ+lcX06jD/Wtm6Me/8IBvDrDVMaMjjRuL26uygFztKdSLG2/r
JjaXjlo+D1Pirzdn+TTwfbnx/xz1IFqJxZUi5siZ/2eWiGUEn3T3FqWSLdvQn3nd
qzaWDSr5E+kHJzq1oC8SLbpzXnfFrXPAUDn02qoRvJl62xaBUsWCGY/XrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL5SqY512XEOzyc2t1X68s2pS53UMB8GA1UdIwQY
MBaAFNTYbn0HOp5NaexxXDYjF2gFiU1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU5odWZRYzZuazFwN0hGY05pTVhhQVdKVFZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC84MmQ2NWEtNDVlMi00ZWZiLWIyM2Mt
OTU1YWQ3OGJjYjA3LzEvdmxLcGpuWFpjUTdQSnphM1Zmcnl6YWxMbmRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC84MmQ2NWEtNDVlMi00ZWZiLWIyM2MtOTU1YWQ3OGJjYjA3
LzEvMU5odWZRYzZuazFwN0hGY05pTVhhQVdKVFZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW/DsMA0G
CSqGSIb3DQEBCwUAA4IBAQAwsAeixXaDFEWwUOpHtv+p5MSD68/9mgso8JfkIfSE
ayOOb5VWuNj4lFykNlVYz40E5hCAuHlxdcb63HHktxENRkCieGZEwwLztQcEV++/
CUujtceo72qFRn4nWeZrmfYiBjnjR+iYM1pRZJCHwsf17i/q/vh16GyM/5Q0ESiJ
0t5QsrkIpQ68WPQ2ZXg85Uhy48WPCGG+HdmkyYLowconA31PBwFicxqIelI7gN2m
X3l+4W4BZnSMqq6aovUIfrM54wULAs9uTOB0R00B4wYbs7s0PDJmlSap0ORUCn+8
j5DzfOBSSjcUz4vM9psKT2c+CjzAuIGgS8mc0Vs087To
-----END CERTIFICATE-----