Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/69e7e4-e3ea-46a5-9867-1c8132d5f4b4/1/HaYLzZspWW2PoxLoeW3YNO3HSh4.roa
File:                     HaYLzZspWW2PoxLoeW3YNO3HSh4.roa (raw, json)
Hash identifier:          nd55cP6Q/YMOgZPQ/SMEeXIm2xxH9M95qoHgQgOFUjo=
Subject key identifier:   1D:A6:0B:CD:9B:29:59:6D:8F:A3:12:E8:79:6D:D8:34:ED:C7:4A:1E
Certificate issuer:       /CN=5ac8f68ac415059d56d1938c375a5986a6fff4b1
Certificate serial:       018D5A54565F69C7CFBC75A673EDFD0BC4BE
Authority key identifier: 5A:C8:F6:8A:C4:15:05:9D:56:D1:93:8C:37:5A:59:86:A6:FF:F4:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wsj2isQVBZ1W0ZOMN1pZhqb_9LE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/69e7e4-e3ea-46a5-9867-1c8132d5f4b4/1/HaYLzZspWW2PoxLoeW3YNO3HSh4.roa
Signing time:             Tue 30 Jan 2024 12:24:52 +0000
ROA not before:           Tue 30 Jan 2024 12:24:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196731
IP address blocks:        91.212.87.0/24 maxlen: 24
                          2001:67c:db0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/69e7e4-e3ea-46a5-9867-1c8132d5f4b4/1/Wsj2isQVBZ1W0ZOMN1pZhqb_9LE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/69e7e4-e3ea-46a5-9867-1c8132d5f4b4/1/Wsj2isQVBZ1W0ZOMN1pZhqb_9LE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wsj2isQVBZ1W0ZOMN1pZhqb_9LE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 06:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5a:54:56:5f:69:c7:cf:bc:75:a6:73:ed:fd:0b:c4:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ac8f68ac415059d56d1938c375a5986a6fff4b1
        Validity
            Not Before: Jan 30 12:24:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1da60bcd9b29596d8fa312e8796dd834edc74a1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:77:a9:cb:31:e8:2f:50:95:ee:1b:30:60:31:
                    2d:a8:ae:ab:f9:5d:a8:bb:e6:9b:d5:bf:15:b0:39:
                    65:90:74:c8:d3:53:b0:06:b8:a3:5a:69:2d:75:99:
                    bd:0d:be:79:1d:75:fd:ff:06:a8:69:b2:66:66:a0:
                    3c:46:22:54:6d:c6:ad:ae:ca:2f:9c:64:b3:6b:ae:
                    f8:fc:56:3a:77:23:38:d9:f8:a0:cf:11:7f:9f:d9:
                    02:ed:6f:91:65:e1:24:a9:e0:94:e8:bc:8c:aa:25:
                    ec:6e:f0:81:35:8d:a2:70:7f:b8:7c:4d:fe:08:a0:
                    50:03:29:11:0a:0b:60:1f:64:e9:b3:22:3a:cb:0f:
                    55:09:2c:7f:7e:0f:9a:e7:93:ca:89:d2:85:51:ff:
                    bb:17:e3:07:36:a0:51:0e:57:9b:2d:23:20:e0:aa:
                    ff:0a:40:9c:47:2f:ba:98:a8:91:6b:a5:8e:a3:36:
                    2c:67:eb:46:2a:c0:a3:80:39:81:9c:d6:fa:98:7f:
                    11:2c:b9:0f:47:ee:82:4a:ae:01:29:0a:6e:6e:5a:
                    80:fe:ba:4d:ca:29:6d:b0:16:5c:1a:bf:dc:15:90:
                    b8:4d:7d:b0:64:d6:89:17:e0:5a:c0:69:c3:a7:d1:
                    f7:f1:01:8f:e2:4b:52:7b:05:af:a6:a4:78:dd:89:
                    26:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:A6:0B:CD:9B:29:59:6D:8F:A3:12:E8:79:6D:D8:34:ED:C7:4A:1E
            X509v3 Authority Key Identifier:
                keyid:5A:C8:F6:8A:C4:15:05:9D:56:D1:93:8C:37:5A:59:86:A6:FF:F4:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wsj2isQVBZ1W0ZOMN1pZhqb_9LE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/69e7e4-e3ea-46a5-9867-1c8132d5f4b4/1/HaYLzZspWW2PoxLoeW3YNO3HSh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/69e7e4-e3ea-46a5-9867-1c8132d5f4b4/1/Wsj2isQVBZ1W0ZOMN1pZhqb_9LE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.87.0/24
                IPv6:
                  2001:67c:db0::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:8f:e4:c4:a9:8d:73:4e:31:6c:5f:8b:a7:ce:98:17:b1:f7:
         cc:89:10:03:3d:be:1c:39:b0:ec:2b:de:26:bf:87:6f:2f:d1:
         cc:b3:45:d7:f5:14:5c:8d:31:da:f7:69:bf:61:2d:c0:57:8a:
         1a:99:24:d0:4a:53:8a:12:af:c3:d4:83:eb:66:34:e2:b4:86:
         86:50:e3:d8:59:4a:be:6a:70:98:27:e9:cc:49:b5:88:11:ef:
         0f:30:ab:62:5a:f8:6a:bb:33:ab:a9:2a:ff:9e:44:96:2d:ad:
         bb:4e:5a:d1:68:38:db:d5:06:60:25:42:55:2d:5a:fb:9e:7a:
         1e:70:65:e0:be:7f:36:ed:a9:3b:84:5c:1d:13:69:fd:34:9e:
         fe:e8:bd:e0:73:78:ca:cd:42:61:3e:92:e8:67:b6:94:5d:e9:
         bb:f0:a7:10:19:ee:cb:7d:cf:91:ab:fa:c2:b3:24:01:d9:4c:
         3c:8e:31:34:5d:17:3c:f0:5d:2a:8f:42:e7:5e:44:ab:1f:0d:
         78:67:8b:1e:b3:1a:c1:47:ea:6b:a4:c4:32:e1:30:94:33:7d:
         82:07:60:06:d1:37:dc:62:84:c0:48:14:34:ed:d2:2c:d6:f0:
         96:56:1b:0f:57:97:ce:ee:0d:39:8c:dd:e2:29:5e:a2:83:91:
         96:d0:9a:23
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY1aVFZfacfPvHWmc+39C8S+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhYzhmNjhhYzQxNTA1OWQ1NmQxOTM4YzM3NWE1OTg2YTZm
ZmY0YjEwHhcNMjQwMTMwMTIyNDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGE2MGJjZDliMjk1OTZkOGZhMzEyZTg3OTZkZDgzNGVkYzc0YTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHepyzHoL1CV7hswYDEtqK6r+V2o
u+ab1b8VsDllkHTI01OwBrijWmktdZm9Db55HXX9/waoabJmZqA8RiJUbcatrsov
nGSza674/FY6dyM42figzxF/n9kC7W+RZeEkqeCU6LyMqiXsbvCBNY2icH+4fE3+
CKBQAykRCgtgH2TpsyI6yw9VCSx/fg+a55PKidKFUf+7F+MHNqBRDlebLSMg4Kr/
CkCcRy+6mKiRa6WOozYsZ+tGKsCjgDmBnNb6mH8RLLkPR+6CSq4BKQpublqA/rpN
yiltsBZcGr/cFZC4TX2wZNaJF+BawGnDp9H38QGP4ktSewWvpqR43YkmzQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB2mC82bKVltj6MS6Hlt2DTtx0oeMB8GA1UdIwQY
MBaAFFrI9orEFQWdVtGTjDdaWYam//SxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3NqMmlzUVZCWjFXMFpPTU4xcFpocWJfOUxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC82OWU3ZTQtZTNlYS00NmE1LTk4Njct
MWM4MTMyZDVmNGI0LzEvSGFZTHpac3BXVzJQb3hMb2VXM1lOTzNIU2g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC82OWU3ZTQtZTNlYS00NmE1LTk4NjctMWM4MTMyZDVmNGI0
LzEvV3NqMmlzUVZCWjFXMFpPTU4xcFpocWJfOUxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9RXMA8E
AgACMAkDBwAgAQZ8DbAwDQYJKoZIhvcNAQELBQADggEBAG+P5MSpjXNOMWxfi6fO
mBex98yJEAM9vhw5sOwr3ia/h28v0cyzRdf1FFyNMdr3ab9hLcBXihqZJNBKU4oS
r8PUg+tmNOK0hoZQ49hZSr5qcJgn6cxJtYgR7w8wq2Ja+Gq7M6upKv+eRJYtrbtO
WtFoONvVBmAlQlUtWvueeh5wZeC+fzbtqTuEXB0Taf00nv7oveBzeMrNQmE+kuhn
tpRd6bvwpxAZ7st9z5Gr+sKzJAHZTDyOMTRdFzzwXSqPQudeRKsfDXhnix6zGsFH
6mukxDLhMJQzfYIHYAbRN9xihMBIFDTt0izW8JZWGw9Xl87uDTmM3eIpXqKDkZbQ
miM=
-----END CERTIFICATE-----