Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/c90869-ee20-4939-840e-640c74a94cc6/1/IVdvCjwN5awaBx5Ys_3rUhe8X-k.roa
File:                     IVdvCjwN5awaBx5Ys_3rUhe8X-k.roa (raw, json)
Hash identifier:          K3qN5E3K3+Dk4y6AFYkfSfFbghynepZiwI7lRk60g+s=
Subject key identifier:   21:57:6F:0A:3C:0D:E5:AC:1A:07:1E:58:B3:FD:EB:52:17:BC:5F:E9
Certificate issuer:       /CN=3546ff45ce50557edc4c0306e1f869482ad423e0
Certificate serial:       018CC26D17A51CB970E10C1A9535C6A105FD
Authority key identifier: 35:46:FF:45:CE:50:55:7E:DC:4C:03:06:E1:F8:69:48:2A:D4:23:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NUb_Rc5QVX7cTAMG4fhpSCrUI-A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/c90869-ee20-4939-840e-640c74a94cc6/1/IVdvCjwN5awaBx5Ys_3rUhe8X-k.roa
Signing time:             Mon 01 Jan 2024 00:29:38 +0000
ROA not before:           Mon 01 Jan 2024 00:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48435
IP address blocks:        91.198.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/c90869-ee20-4939-840e-640c74a94cc6/1/NUb_Rc5QVX7cTAMG4fhpSCrUI-A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/c90869-ee20-4939-840e-640c74a94cc6/1/NUb_Rc5QVX7cTAMG4fhpSCrUI-A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NUb_Rc5QVX7cTAMG4fhpSCrUI-A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 12:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:17:a5:1c:b9:70:e1:0c:1a:95:35:c6:a1:05:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3546ff45ce50557edc4c0306e1f869482ad423e0
        Validity
            Not Before: Jan  1 00:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21576f0a3c0de5ac1a071e58b3fdeb5217bc5fe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:f0:34:32:9a:37:17:69:a0:a7:57:6f:9c:10:
                    cf:28:9a:35:b7:90:d8:3e:42:b2:2a:f0:be:d9:ff:
                    0d:8d:27:54:49:af:09:62:74:d8:84:62:c3:e6:1e:
                    93:c7:2b:a8:cf:1b:28:8c:8c:f6:8f:15:d9:59:d1:
                    96:dd:8e:85:0e:03:b7:09:94:90:1c:c8:40:51:74:
                    92:3b:15:3d:b4:c9:78:95:ce:81:2d:c4:9c:41:d1:
                    a6:11:33:a8:01:a3:1f:63:97:c3:71:b6:be:08:d2:
                    17:e4:f9:23:88:8f:23:43:46:1b:de:0c:0a:54:98:
                    20:43:08:6d:58:a1:3b:8e:83:cb:aa:6a:83:5e:2e:
                    4d:8f:19:f7:68:19:bc:16:41:3c:4a:e1:30:93:e8:
                    1c:c0:31:02:44:07:51:18:60:52:a9:29:d2:b5:84:
                    45:6f:a6:f6:ba:a2:a6:77:aa:af:f4:7e:52:24:7a:
                    37:9e:47:54:b9:35:3d:de:dc:64:9c:36:14:ed:30:
                    14:a9:8e:d1:20:12:88:c7:69:b6:52:fd:29:31:b7:
                    36:cd:85:06:d5:2a:f8:8f:a7:52:3f:f5:20:25:be:
                    b4:3a:c5:67:ad:fe:8b:92:c3:4a:b1:00:92:a9:57:
                    bf:10:fe:14:bf:9c:6c:f5:44:b4:57:63:87:f3:2a:
                    a6:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:57:6F:0A:3C:0D:E5:AC:1A:07:1E:58:B3:FD:EB:52:17:BC:5F:E9
            X509v3 Authority Key Identifier:
                keyid:35:46:FF:45:CE:50:55:7E:DC:4C:03:06:E1:F8:69:48:2A:D4:23:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NUb_Rc5QVX7cTAMG4fhpSCrUI-A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/c90869-ee20-4939-840e-640c74a94cc6/1/IVdvCjwN5awaBx5Ys_3rUhe8X-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/c90869-ee20-4939-840e-640c74a94cc6/1/NUb_Rc5QVX7cTAMG4fhpSCrUI-A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:0c:a5:96:fc:cf:5d:fb:a0:5a:a0:52:72:f5:24:9d:1a:8b:
         50:1b:83:33:9a:d9:01:b1:9c:f0:39:3b:f3:b5:b3:5a:f6:af:
         d6:4d:30:66:22:81:79:1a:b6:62:0b:2f:0e:a7:da:67:5f:0e:
         6c:4c:a8:b4:cc:cc:42:34:3d:e6:62:83:77:05:09:c8:06:40:
         dd:07:bd:e8:46:c4:5d:fd:ce:25:85:8e:59:4e:5e:de:e3:44:
         48:5d:2b:95:70:87:f2:01:ec:f4:2a:0e:ee:51:d2:3c:3a:18:
         62:b7:36:3d:e7:d9:bf:28:31:73:7b:56:bc:d6:55:1f:07:83:
         c9:3a:62:12:7a:20:be:84:13:71:8f:a4:ec:a6:8f:ff:37:10:
         3d:62:76:a3:6d:dc:94:a0:e2:3b:66:c1:10:8d:5f:c9:27:9b:
         6b:a8:3c:6d:b9:71:06:06:39:ff:d3:92:e5:75:3f:1a:bb:ff:
         c1:08:ff:03:79:76:21:19:6d:e2:d7:0f:aa:01:9a:43:90:2f:
         98:9e:9f:bc:8d:d6:8c:c3:85:60:0f:bd:7c:e3:0f:23:70:d8:
         a4:32:8a:ca:cd:a8:de:eb:05:dc:02:3d:c2:00:91:21:01:bc:
         56:c8:47:63:a8:2f:60:16:60:52:b6:07:85:0f:7c:3a:6a:b4:
         78:68:e1:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbRelHLlw4QwalTXGoQX9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NDZmZjQ1Y2U1MDU1N2VkYzRjMDMwNmUxZjg2OTQ4MmFk
NDIzZTAwHhcNMjQwMTAxMDAyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTU3NmYwYTNjMGRlNWFjMWEwNzFlNThiM2ZkZWI1MjE3YmM1ZmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPA0Mpo3F2mgp1dvnBDPKJo1t5DY
PkKyKvC+2f8NjSdUSa8JYnTYhGLD5h6TxyuozxsojIz2jxXZWdGW3Y6FDgO3CZSQ
HMhAUXSSOxU9tMl4lc6BLcScQdGmETOoAaMfY5fDcba+CNIX5PkjiI8jQ0Yb3gwK
VJggQwhtWKE7joPLqmqDXi5Njxn3aBm8FkE8SuEwk+gcwDECRAdRGGBSqSnStYRF
b6b2uqKmd6qv9H5SJHo3nkdUuTU93txknDYU7TAUqY7RIBKIx2m2Uv0pMbc2zYUG
1Sr4j6dSP/UgJb60OsVnrf6LksNKsQCSqVe/EP4Uv5xs9US0V2OH8yqmHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCFXbwo8DeWsGgceWLP961IXvF/pMB8GA1UdIwQY
MBaAFDVG/0XOUFV+3EwDBuH4aUgq1CPgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlViX1JjNVFWWDdjVEFNRzRmaHBTQ3JVSS1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9jOTA4NjktZWUyMC00OTM5LTg0MGUt
NjQwYzc0YTk0Y2M2LzEvSVZkdkNqd041YXdhQng1WXNfM3JVaGU4WC1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9jOTA4NjktZWUyMC00OTM5LTg0MGUtNjQwYzc0YTk0Y2M2
LzEvTlViX1JjNVFWWDdjVEFNRzRmaHBTQ3JVSS1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8Y3MA0G
CSqGSIb3DQEBCwUAA4IBAQBBDKWW/M9d+6BaoFJy9SSdGotQG4MzmtkBsZzwOTvz
tbNa9q/WTTBmIoF5GrZiCy8Op9pnXw5sTKi0zMxCND3mYoN3BQnIBkDdB73oRsRd
/c4lhY5ZTl7e40RIXSuVcIfyAez0Kg7uUdI8OhhitzY959m/KDFze1a81lUfB4PJ
OmISeiC+hBNxj6Tspo//NxA9YnajbdyUoOI7ZsEQjV/JJ5trqDxtuXEGBjn/05Ll
dT8au//BCP8DeXYhGW3i1w+qAZpDkC+Ynp+8jdaMw4VgD7184w8jcNikMorKzaje
6wXcAj3CAJEhAbxWyEdjqC9gFmBStgeFD3w6arR4aOFW
-----END CERTIFICATE-----