Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/802e05-0d5b-4589-916b-90c17eb751f4/1/ZSoqxxffRR1tTo4RWeB_PBTch6U.roa
File:                     ZSoqxxffRR1tTo4RWeB_PBTch6U.roa (raw, json)
Hash identifier:          jjuV884UiD9XRG8LrgAWaL4uCQzjdyQRrpwzcXyGMS8=
Subject key identifier:   65:2A:2A:C7:17:DF:45:1D:6D:4E:8E:11:59:E0:7F:3C:14:DC:87:A5
Certificate issuer:       /CN=5e868b02e519dd7e694c7af1e708bdd66369bddf
Certificate serial:       018CC8015B95FEC94C8724F982B8794937A2
Authority key identifier: 5E:86:8B:02:E5:19:DD:7E:69:4C:7A:F1:E7:08:BD:D6:63:69:BD:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XoaLAuUZ3X5pTHrx5wi91mNpvd8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/802e05-0d5b-4589-916b-90c17eb751f4/1/ZSoqxxffRR1tTo4RWeB_PBTch6U.roa
Signing time:             Tue 02 Jan 2024 02:29:41 +0000
ROA not before:           Tue 02 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196772
IP address blocks:        91.212.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/802e05-0d5b-4589-916b-90c17eb751f4/1/XoaLAuUZ3X5pTHrx5wi91mNpvd8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/802e05-0d5b-4589-916b-90c17eb751f4/1/XoaLAuUZ3X5pTHrx5wi91mNpvd8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XoaLAuUZ3X5pTHrx5wi91mNpvd8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5b:95:fe:c9:4c:87:24:f9:82:b8:79:49:37:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e868b02e519dd7e694c7af1e708bdd66369bddf
        Validity
            Not Before: Jan  2 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=652a2ac717df451d6d4e8e1159e07f3c14dc87a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c8:e6:c7:e2:f1:4b:cb:82:ea:67:61:e9:22:
                    33:b0:0c:e8:0e:f5:6c:b9:0c:b9:f2:1a:cd:fc:3d:
                    38:6f:1c:ee:e9:ea:a4:e5:9d:5a:52:24:dd:40:94:
                    3e:e5:b6:a7:0c:67:8b:5a:82:15:21:4a:9b:cd:86:
                    0e:73:48:65:8f:bd:43:a0:49:42:8a:78:ab:d3:89:
                    1e:5b:b5:07:e8:07:1d:73:40:4b:2b:f5:03:df:fc:
                    b0:ec:27:5b:fd:89:c4:e9:0a:b7:e3:26:a6:92:0c:
                    62:b3:4c:e2:c5:94:e1:a0:bf:34:72:e7:ea:84:43:
                    56:2a:f9:a4:58:73:17:e6:6e:c9:42:b9:ac:86:5d:
                    43:d6:92:6c:4a:e2:11:d7:71:6d:58:aa:05:82:3a:
                    c6:a9:4f:f7:e6:35:e6:ff:f0:2a:a8:a6:74:b4:c1:
                    6f:e4:d5:ea:70:fc:ee:9a:56:88:0e:86:c5:84:d7:
                    53:9b:97:46:0f:a3:cf:df:ad:98:54:82:f3:ce:55:
                    ff:dd:f0:dd:49:d8:ec:b5:37:37:44:ea:4d:5e:0d:
                    f0:d6:78:74:59:4c:46:73:9d:74:01:88:f1:7f:49:
                    75:91:27:f7:ed:10:25:af:6a:3d:84:8c:47:4d:a4:
                    5b:1b:af:1e:7d:fc:8d:c0:fa:d9:e6:58:38:d2:f0:
                    bc:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:2A:2A:C7:17:DF:45:1D:6D:4E:8E:11:59:E0:7F:3C:14:DC:87:A5
            X509v3 Authority Key Identifier:
                keyid:5E:86:8B:02:E5:19:DD:7E:69:4C:7A:F1:E7:08:BD:D6:63:69:BD:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XoaLAuUZ3X5pTHrx5wi91mNpvd8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/802e05-0d5b-4589-916b-90c17eb751f4/1/ZSoqxxffRR1tTo4RWeB_PBTch6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/802e05-0d5b-4589-916b-90c17eb751f4/1/XoaLAuUZ3X5pTHrx5wi91mNpvd8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:44:a3:da:21:81:83:e9:70:62:a9:df:c5:5b:f5:f2:80:8f:
         6c:f5:17:31:db:ec:13:c2:58:f6:2f:ba:66:b0:0d:02:ff:67:
         28:7c:64:b8:12:fa:18:d7:79:c6:51:a0:f1:30:dd:81:d3:fa:
         8c:15:54:58:44:41:f8:b7:36:33:18:53:72:9b:d9:5d:16:1f:
         37:c7:ec:1f:f3:ec:a6:d1:3e:87:be:08:67:5f:2f:c4:54:93:
         72:b4:3b:d5:7e:44:a0:50:10:12:5a:5f:da:6a:fa:bb:80:8c:
         e3:75:87:c4:52:d0:02:0d:f2:c7:ec:5a:e4:fe:c1:f5:9a:08:
         d9:ae:5f:4d:63:28:27:9a:01:75:61:88:22:3e:fa:1e:62:81:
         e1:cb:a5:6c:a6:70:eb:79:69:5e:4f:61:f2:ea:00:16:20:5a:
         45:56:9f:66:1d:7d:89:6c:a0:68:02:f4:31:b1:b2:a3:8f:12:
         c4:30:4e:61:6c:47:24:00:bc:a3:25:a1:ea:cd:75:c9:ee:63:
         d4:87:9a:c9:b1:65:4b:07:03:92:40:40:ba:1b:6b:aa:66:5a:
         ba:03:d6:3f:62:f0:72:fe:8d:40:a8:84:cd:d9:8d:a7:fd:ff:
         91:0e:c3:18:a4:21:27:05:45:bf:62:ef:e6:fc:0b:0a:12:de:
         fe:fc:11:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAVuV/slMhyT5grh5STeiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlODY4YjAyZTUxOWRkN2U2OTRjN2FmMWU3MDhiZGQ2NjM2
OWJkZGYwHhcNMjQwMTAyMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTJhMmFjNzE3ZGY0NTFkNmQ0ZThlMTE1OWUwN2YzYzE0ZGM4N2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMjmx+LxS8uC6mdh6SIzsAzoDvVs
uQy58hrN/D04bxzu6eqk5Z1aUiTdQJQ+5banDGeLWoIVIUqbzYYOc0hlj71DoElC
inir04keW7UH6Acdc0BLK/UD3/yw7Cdb/YnE6Qq34yamkgxis0zixZThoL80cufq
hENWKvmkWHMX5m7JQrmshl1D1pJsSuIR13FtWKoFgjrGqU/35jXm//AqqKZ0tMFv
5NXqcPzumlaIDobFhNdTm5dGD6PP362YVILzzlX/3fDdSdjstTc3ROpNXg3w1nh0
WUxGc510AYjxf0l1kSf37RAlr2o9hIxHTaRbG68effyNwPrZ5lg40vC85QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGUqKscX30UdbU6OEVngfzwU3IelMB8GA1UdIwQY
MBaAFF6GiwLlGd1+aUx68ecIvdZjab3fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG9hTEF1VVozWDVwVEhyeDV3aTkxbU5wdmQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS84MDJlMDUtMGQ1Yi00NTg5LTkxNmIt
OTBjMTdlYjc1MWY0LzEvWlNvcXh4ZmZSUjF0VG80UldlQl9QQlRjaDZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS84MDJlMDUtMGQ1Yi00NTg5LTkxNmItOTBjMTdlYjc1MWY0
LzEvWG9hTEF1VVozWDVwVEhyeDV3aTkxbU5wdmQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9THMA0G
CSqGSIb3DQEBCwUAA4IBAQCyRKPaIYGD6XBiqd/FW/XygI9s9Rcx2+wTwlj2L7pm
sA0C/2cofGS4EvoY13nGUaDxMN2B0/qMFVRYREH4tzYzGFNym9ldFh83x+wf8+ym
0T6HvghnXy/EVJNytDvVfkSgUBASWl/aavq7gIzjdYfEUtACDfLH7Frk/sH1mgjZ
rl9NYygnmgF1YYgiPvoeYoHhy6VspnDreWleT2Hy6gAWIFpFVp9mHX2JbKBoAvQx
sbKjjxLEME5hbEckALyjJaHqzXXJ7mPUh5rJsWVLBwOSQEC6G2uqZlq6A9Y/YvBy
/o1AqITN2Y2n/f+RDsMYpCEnBUW/Yu/m/AsKEt7+/BEu
-----END CERTIFICATE-----