Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/hv57qJCUzv7f02qF9M6UX_KF3NM.roa
File:                     hv57qJCUzv7f02qF9M6UX_KF3NM.roa (raw, json)
Hash identifier:          F5iEjuY+kevqd/aGnagHl/grBXuKSr/MeLBg3N96Uio=
Subject key identifier:   86:FE:7B:A8:90:94:CE:FE:DF:D3:6A:85:F4:CE:94:5F:F2:85:DC:D3
Certificate issuer:       /CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
Certificate serial:       018CC4245557CEBB3B7BE0BCEE03F05BB06B
Authority key identifier: 62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/hv57qJCUzv7f02qF9M6UX_KF3NM.roa
Signing time:             Mon 01 Jan 2024 08:29:24 +0000
ROA not before:           Mon 01 Jan 2024 08:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47133
IP address blocks:        91.108.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 07:02:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:55:57:ce:bb:3b:7b:e0:bc:ee:03:f0:5b:b0:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
        Validity
            Not Before: Jan  1 08:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86fe7ba89094cefedfd36a85f4ce945ff285dcd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:46:ec:7e:8a:b8:3d:aa:8c:03:e1:53:1e:39:
                    b0:a9:7a:4e:90:1b:f8:ed:64:dc:25:4e:2a:d8:10:
                    5f:8a:fa:24:ed:0a:7b:2f:2d:e7:00:81:c4:47:2e:
                    f4:bb:39:ba:57:2c:5f:41:8f:65:7b:e0:df:26:92:
                    39:c1:5e:af:09:08:3f:f5:e7:fa:21:91:6c:91:72:
                    b8:65:2c:23:a5:d9:ad:4e:1f:8b:4e:33:74:8b:fa:
                    c5:53:20:60:62:4e:79:c2:47:35:6e:aa:bd:a9:7f:
                    11:b6:41:4b:f4:99:82:42:61:23:e8:6c:db:05:8d:
                    0a:d8:dc:18:91:ee:aa:3b:83:69:c7:6e:e1:be:b6:
                    e4:e4:fd:43:5d:89:e2:90:13:8b:6a:b8:9d:6b:70:
                    29:42:ee:98:aa:c7:aa:c5:2b:2f:38:eb:c6:fc:18:
                    7f:a6:7f:a3:e1:71:6d:e8:b0:19:92:06:45:01:ba:
                    48:33:2a:79:9c:21:51:f0:01:17:73:94:c6:dc:c0:
                    01:d5:51:9d:6e:78:ca:ce:ec:ab:2e:3f:8c:5d:d5:
                    d5:69:3b:d7:77:ef:1b:97:24:38:b4:5e:fc:43:09:
                    c5:f1:ce:18:b6:aa:23:c0:41:00:6c:e3:53:6a:a9:
                    4f:7e:8b:0c:d2:7e:da:93:4c:71:b5:74:32:ed:c0:
                    30:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:FE:7B:A8:90:94:CE:FE:DF:D3:6A:85:F4:CE:94:5F:F2:85:DC:D3
            X509v3 Authority Key Identifier:
                keyid:62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/hv57qJCUzv7f02qF9M6UX_KF3NM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:26:1c:c1:df:e7:ea:cc:8f:a0:f0:e3:50:21:76:cb:28:dc:
         3a:09:36:5d:91:5b:3a:9c:f6:d8:7f:71:66:b9:fe:8b:b7:ac:
         de:4a:a3:62:b4:f0:69:fa:7a:0c:e6:0f:c6:80:6a:69:cd:6a:
         85:e1:ac:ff:12:43:d6:e7:67:da:a0:df:1d:2c:c0:6d:5b:16:
         78:58:87:ce:4d:a8:d0:bf:28:b2:9c:0c:2a:e8:9c:17:cf:16:
         26:7c:a4:6b:18:61:2a:b3:59:14:02:ee:53:bb:db:dc:99:b6:
         93:cb:be:0f:f7:0e:d5:0f:68:ba:88:a2:76:a1:71:1c:10:f1:
         00:09:31:40:b1:66:0f:b3:52:c5:73:3b:4d:4f:ac:06:ce:e6:
         68:69:f8:7a:db:21:3a:1a:ca:7f:79:e1:ad:13:ff:8b:36:74:
         19:9d:eb:76:f4:f6:e8:95:ec:bb:b1:21:73:50:dd:e9:2a:00:
         0f:6a:9e:d6:28:f0:6e:24:34:eb:93:30:3f:49:9e:08:54:c1:
         c7:4c:80:2e:4d:9d:fc:d4:a4:6a:d6:9c:f2:52:20:65:c1:3f:
         54:dd:b9:bd:05:d0:22:4b:8b:49:30:90:ba:1f:1a:e2:3a:98:
         1a:23:61:6e:08:1e:3b:20:41:b0:86:17:4d:88:5a:16:05:4e:
         15:53:eb:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFVXzrs7e+C87gPwW7BrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjhlN2UwMWZhZGE0OWMxYTUyZmExM2YzNjI2YzQxYjQx
YTUxYjgwHhcNMjQwMTAxMDgyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmZlN2JhODkwOTRjZWZlZGZkMzZhODVmNGNlOTQ1ZmYyODVkY2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEbsfoq4PaqMA+FTHjmwqXpOkBv4
7WTcJU4q2BBfivok7Qp7Ly3nAIHERy70uzm6VyxfQY9le+DfJpI5wV6vCQg/9ef6
IZFskXK4ZSwjpdmtTh+LTjN0i/rFUyBgYk55wkc1bqq9qX8RtkFL9JmCQmEj6Gzb
BY0K2NwYke6qO4Npx27hvrbk5P1DXYnikBOLarida3ApQu6YqseqxSsvOOvG/Bh/
pn+j4XFt6LAZkgZFAbpIMyp5nCFR8AEXc5TG3MAB1VGdbnjKzuyrLj+MXdXVaTvX
d+8blyQ4tF78QwnF8c4YtqojwEEAbONTaqlPfosM0n7ak0xxtXQy7cAwdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIb+e6iQlM7+39NqhfTOlF/yhdzTMB8GA1UdIwQY
MBaAFGIo5+AfraScGlL6E/NibEG0GlG4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUt
NzY3NDE2NTI1MTBkLzEvaHY1N3FKQ1V6djdmMDJxRjlNNlVYX0tGM05NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUtNzY3NDE2NTI1MTBk
LzEvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2wjMA0G
CSqGSIb3DQEBCwUAA4IBAQBdJhzB3+fqzI+g8ONQIXbLKNw6CTZdkVs6nPbYf3Fm
uf6Lt6zeSqNitPBp+noM5g/GgGppzWqF4az/EkPW52faoN8dLMBtWxZ4WIfOTajQ
vyiynAwq6JwXzxYmfKRrGGEqs1kUAu5Tu9vcmbaTy74P9w7VD2i6iKJ2oXEcEPEA
CTFAsWYPs1LFcztNT6wGzuZoafh62yE6Gsp/eeGtE/+LNnQZnet29Pboley7sSFz
UN3pKgAPap7WKPBuJDTrkzA/SZ4IVMHHTIAuTZ381KRq1pzyUiBlwT9U3bm9BdAi
S4tJMJC6HxriOpgaI2FuCB47IEGwhhdNiFoWBU4VU+v+
-----END CERTIFICATE-----