Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/805356-959f-41c5-99b6-9274920dcaa1/1/_thevjZUVsO_XMk4gENhWRqOHd8.roa
File:                     _thevjZUVsO_XMk4gENhWRqOHd8.roa (raw, json)
Hash identifier:          aaZCjaBehVHSIUd4pApJtnpWI44fJ4vdcSHhddXrOgk=
Subject key identifier:   FE:D8:5E:BE:36:54:56:C3:BF:5C:C9:38:80:43:61:59:1A:8E:1D:DF
Certificate issuer:       /CN=0ef15428a4b5be5e73e7d2282b51c819aea38f9b
Certificate serial:       018CC8DCE6E64695F0A38A0DF03B02541168
Authority key identifier: 0E:F1:54:28:A4:B5:BE:5E:73:E7:D2:28:2B:51:C8:19:AE:A3:8F:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvFUKKS1vl5z59IoK1HIGa6jj5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/805356-959f-41c5-99b6-9274920dcaa1/1/_thevjZUVsO_XMk4gENhWRqOHd8.roa
Signing time:             Tue 02 Jan 2024 06:29:29 +0000
ROA not before:           Tue 02 Jan 2024 06:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43854
IP address blocks:        91.198.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/805356-959f-41c5-99b6-9274920dcaa1/1/DvFUKKS1vl5z59IoK1HIGa6jj5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/805356-959f-41c5-99b6-9274920dcaa1/1/DvFUKKS1vl5z59IoK1HIGa6jj5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DvFUKKS1vl5z59IoK1HIGa6jj5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 12:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:e6:e6:46:95:f0:a3:8a:0d:f0:3b:02:54:11:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef15428a4b5be5e73e7d2282b51c819aea38f9b
        Validity
            Not Before: Jan  2 06:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fed85ebe365456c3bf5cc938804361591a8e1ddf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:be:c6:5e:e5:e2:02:22:dd:b9:71:1f:51:09:
                    d3:56:1b:32:4f:30:0c:8c:06:f9:0e:fd:a5:91:0f:
                    81:d5:2a:db:0d:50:a8:54:fe:08:71:10:ff:0e:55:
                    7e:35:b8:d7:b3:36:5c:31:25:03:b8:a5:06:55:d7:
                    6a:49:59:17:b1:39:f7:ee:e4:35:77:6d:91:e5:d1:
                    95:17:22:ed:a6:23:bc:73:7e:ef:67:e1:ba:83:54:
                    bd:40:aa:cf:79:73:83:bf:1c:de:ea:a7:e5:8a:22:
                    9d:ce:e2:76:45:b2:d6:bd:fe:75:09:96:9d:f6:6b:
                    d5:3a:65:7f:37:9d:1c:af:2d:ca:07:ac:63:09:c4:
                    74:ff:11:25:0b:65:79:0d:3a:23:73:6d:b7:52:68:
                    42:70:42:3e:25:70:75:e2:b1:6a:ab:4f:90:6e:67:
                    4e:2d:73:bf:0e:57:57:5a:cf:cd:6b:b2:3c:d3:c0:
                    d6:dd:e1:af:0e:6f:58:a4:d4:a7:0d:c8:6a:28:8d:
                    97:16:fc:8e:d4:bf:90:9b:bc:25:f3:f4:f5:0f:19:
                    78:ba:e4:3a:0e:59:5c:d3:bf:58:66:a0:ed:53:da:
                    84:e0:c9:24:b2:32:f1:19:98:16:02:83:83:19:97:
                    2d:43:a0:da:5f:cd:60:95:7c:54:97:62:5b:65:ee:
                    6f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:D8:5E:BE:36:54:56:C3:BF:5C:C9:38:80:43:61:59:1A:8E:1D:DF
            X509v3 Authority Key Identifier:
                keyid:0E:F1:54:28:A4:B5:BE:5E:73:E7:D2:28:2B:51:C8:19:AE:A3:8F:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvFUKKS1vl5z59IoK1HIGa6jj5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/805356-959f-41c5-99b6-9274920dcaa1/1/_thevjZUVsO_XMk4gENhWRqOHd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/805356-959f-41c5-99b6-9274920dcaa1/1/DvFUKKS1vl5z59IoK1HIGa6jj5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:45:5f:90:45:4f:34:99:f5:b5:b8:db:6a:df:51:8f:37:0d:
         a0:3e:77:3c:2b:39:e6:56:1d:26:d7:29:1c:54:6a:a9:8e:72:
         48:72:f5:46:8f:2d:6d:07:96:70:4b:01:d3:56:57:d9:a4:6a:
         ec:2f:91:20:b6:b7:47:40:41:a3:4a:ae:1a:64:c1:21:75:25:
         3b:66:1a:85:b0:11:62:9e:10:b7:9a:8a:45:ff:06:7b:46:6d:
         fd:ac:85:99:e0:17:ec:b2:ba:82:4d:36:7b:5f:64:71:b4:05:
         df:44:fa:49:c0:28:97:75:da:68:61:75:2f:fc:03:d0:60:53:
         18:32:5e:8a:89:09:60:30:9a:5e:22:25:ea:1c:22:10:c0:c4:
         c2:84:8a:6b:d3:29:bd:33:0e:ef:9e:a8:c6:d6:7f:fe:d4:69:
         5a:9a:49:37:aa:86:f9:cc:f2:b4:21:cc:a3:ff:62:4a:ac:60:
         3b:f8:23:fe:25:58:26:a7:bd:dd:86:72:77:7e:7a:f1:c8:70:
         ef:dd:8a:a6:84:2f:6c:26:1d:96:0b:08:98:59:44:5f:34:09:
         4f:94:b9:ab:e5:4b:d2:26:18:08:b4:45:98:e7:90:d1:c0:ad:
         48:8c:8a:69:a6:8d:4b:e1:6d:bc:50:a2:c3:16:48:89:e9:ab:
         3b:c1:64:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3ObmRpXwo4oN8DsCVBFoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjE1NDI4YTRiNWJlNWU3M2U3ZDIyODJiNTFjODE5YWVh
MzhmOWIwHhcNMjQwMTAyMDYyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWQ4NWViZTM2NTQ1NmMzYmY1Y2M5Mzg4MDQzNjE1OTFhOGUxZGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjL7GXuXiAiLduXEfUQnTVhsyTzAM
jAb5Dv2lkQ+B1SrbDVCoVP4IcRD/DlV+NbjXszZcMSUDuKUGVddqSVkXsTn37uQ1
d22R5dGVFyLtpiO8c37vZ+G6g1S9QKrPeXODvxze6qfliiKdzuJ2RbLWvf51CZad
9mvVOmV/N50cry3KB6xjCcR0/xElC2V5DTojc223UmhCcEI+JXB14rFqq0+QbmdO
LXO/DldXWs/Na7I808DW3eGvDm9YpNSnDchqKI2XFvyO1L+Qm7wl8/T1Dxl4uuQ6
Dllc079YZqDtU9qE4MkksjLxGZgWAoODGZctQ6DaX81glXxUl2JbZe5vuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP7YXr42VFbDv1zJOIBDYVkajh3fMB8GA1UdIwQY
MBaAFA7xVCiktb5ec+fSKCtRyBmuo4+bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZGVUtLUzF2bDV6NTlJb0sxSElHYTZqajVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS84MDUzNTYtOTU5Zi00MWM1LTk5YjYt
OTI3NDkyMGRjYWExLzEvX3RoZXZqWlVWc09fWE1rNGdFTmhXUnFPSGQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS84MDUzNTYtOTU5Zi00MWM1LTk5YjYtOTI3NDkyMGRjYWEx
LzEvRHZGVUtLUzF2bDV6NTlJb0sxSElHYTZqajVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8a+MA0G
CSqGSIb3DQEBCwUAA4IBAQBRRV+QRU80mfW1uNtq31GPNw2gPnc8KznmVh0m1ykc
VGqpjnJIcvVGjy1tB5ZwSwHTVlfZpGrsL5EgtrdHQEGjSq4aZMEhdSU7ZhqFsBFi
nhC3mopF/wZ7Rm39rIWZ4BfssrqCTTZ7X2RxtAXfRPpJwCiXddpoYXUv/APQYFMY
Ml6KiQlgMJpeIiXqHCIQwMTChIpr0ym9Mw7vnqjG1n/+1Glamkk3qob5zPK0Icyj
/2JKrGA7+CP+JVgmp73dhnJ3fnrxyHDv3YqmhC9sJh2WCwiYWURfNAlPlLmr5UvS
JhgItEWY55DRwK1IjIpppo1L4W28UKLDFkiJ6as7wWTa
-----END CERTIFICATE-----