Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/fb53d6-ada8-426d-99fb-c5cf4b3b1ca6/1/h5YdmnvV1AQtSkmCWQI_s8TbR68.roa
File:                     h5YdmnvV1AQtSkmCWQI_s8TbR68.roa (raw, json)
Hash identifier:          Q3KRHEm4NFuGLlfKOJgY1hSGzXdFqc7/yE81XLjJwY0=
Subject key identifier:   87:96:1D:9A:7B:D5:D4:04:2D:4A:49:82:59:02:3F:B3:C4:DB:47:AF
Certificate issuer:       /CN=04f46af885d1ccbb0c09b06870785b5e691787e1
Certificate serial:       018CC26D4BDC98FF27FE03D1E411ED2D9CCC
Authority key identifier: 04:F4:6A:F8:85:D1:CC:BB:0C:09:B0:68:70:78:5B:5E:69:17:87:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BPRq-IXRzLsMCbBocHhbXmkXh-E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/fb53d6-ada8-426d-99fb-c5cf4b3b1ca6/1/h5YdmnvV1AQtSkmCWQI_s8TbR68.roa
Signing time:             Mon 01 Jan 2024 00:29:51 +0000
ROA not before:           Mon 01 Jan 2024 00:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        91.235.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/fb53d6-ada8-426d-99fb-c5cf4b3b1ca6/1/BPRq-IXRzLsMCbBocHhbXmkXh-E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/fb53d6-ada8-426d-99fb-c5cf4b3b1ca6/1/BPRq-IXRzLsMCbBocHhbXmkXh-E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BPRq-IXRzLsMCbBocHhbXmkXh-E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:4b:dc:98:ff:27:fe:03:d1:e4:11:ed:2d:9c:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04f46af885d1ccbb0c09b06870785b5e691787e1
        Validity
            Not Before: Jan  1 00:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87961d9a7bd5d4042d4a498259023fb3c4db47af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:95:43:31:fb:28:1d:1c:ad:2f:55:99:b6:17:
                    65:96:20:f3:8f:c7:63:e2:35:7c:53:d3:df:3a:8c:
                    fa:87:e7:0f:d1:a9:0f:0c:52:e7:ee:3f:1e:86:8a:
                    39:ac:57:c7:f7:9b:bb:eb:be:c9:a3:1e:ac:09:8e:
                    27:d0:dd:ed:06:7b:68:49:85:8c:86:05:48:4e:77:
                    f6:87:af:3b:19:7e:e1:06:62:7d:a4:da:3f:3d:97:
                    21:fe:0d:9f:83:15:d5:6b:40:66:a1:3b:8a:a1:a6:
                    19:4c:de:33:62:3f:a1:28:f0:03:b8:42:2b:62:7c:
                    24:d9:b9:23:11:a8:72:ad:ee:eb:0a:02:86:90:40:
                    17:63:06:99:70:14:4f:57:32:b4:01:96:c0:f7:e8:
                    bc:a4:99:83:bc:a1:a0:57:89:a7:fb:85:62:de:d4:
                    29:a5:f5:ba:97:58:22:5a:f7:4b:93:6c:50:a2:0a:
                    33:e3:c9:ef:04:ad:1f:ca:ba:b2:40:aa:bf:79:d4:
                    52:40:60:c4:4d:ab:ed:9a:0d:ea:3d:a5:6c:5a:79:
                    ea:14:65:3d:21:4d:a3:15:04:0f:71:9b:51:34:20:
                    4d:62:d2:10:a6:95:7c:49:04:17:9a:4c:91:9e:d0:
                    7f:c5:6e:c1:bf:43:67:e2:2b:80:7e:68:14:17:93:
                    22:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:96:1D:9A:7B:D5:D4:04:2D:4A:49:82:59:02:3F:B3:C4:DB:47:AF
            X509v3 Authority Key Identifier:
                keyid:04:F4:6A:F8:85:D1:CC:BB:0C:09:B0:68:70:78:5B:5E:69:17:87:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BPRq-IXRzLsMCbBocHhbXmkXh-E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/fb53d6-ada8-426d-99fb-c5cf4b3b1ca6/1/h5YdmnvV1AQtSkmCWQI_s8TbR68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/fb53d6-ada8-426d-99fb-c5cf4b3b1ca6/1/BPRq-IXRzLsMCbBocHhbXmkXh-E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:c1:b2:09:75:ba:ba:df:f9:e4:2c:97:57:9a:0e:68:dd:3a:
         80:33:be:04:3d:8b:98:33:24:b9:cf:3d:17:47:75:13:86:8e:
         8a:64:f3:f9:b4:75:72:61:71:83:2c:a3:c7:df:a9:fa:ca:84:
         b9:72:e0:29:ef:42:b3:5d:36:ac:0f:2a:78:e7:8a:04:4a:55:
         d7:34:e4:88:99:7d:ed:3d:30:1d:13:7e:e7:c3:34:be:13:d2:
         e8:ed:fc:da:42:b2:6b:c5:ac:54:f6:36:c5:12:dc:69:0c:f3:
         c9:78:dd:69:e7:34:59:8d:be:c5:80:28:27:af:29:f6:b4:de:
         dc:71:06:a5:1b:8e:85:78:95:b8:7f:ea:4e:4a:46:a3:8a:5e:
         d5:2c:7c:e7:e3:ac:80:36:a1:af:36:1b:62:32:da:a0:da:7e:
         2f:7e:92:16:4d:25:8e:5d:0a:e6:27:95:d0:d5:d0:49:5c:49:
         c0:41:b6:19:b7:b5:aa:6a:66:59:cb:6d:05:67:59:e4:0b:59:
         cd:60:72:2a:c0:02:a5:a3:e5:26:70:19:3e:0e:62:7e:eb:8c:
         ff:b5:1c:7b:c8:ee:bd:7f:1e:7a:ce:e6:02:b5:d6:9a:62:63:
         38:ee:6e:46:a9:7a:8c:fa:1a:03:b6:33:49:75:1d:ae:2e:3b:
         0d:eb:9e:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbUvcmP8n/gPR5BHtLZzMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0ZjQ2YWY4ODVkMWNjYmIwYzA5YjA2ODcwNzg1YjVlNjkx
Nzg3ZTEwHhcNMjQwMTAxMDAyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Nzk2MWQ5YTdiZDVkNDA0MmQ0YTQ5ODI1OTAyM2ZiM2M0ZGI0N2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJVDMfsoHRytL1WZthdlliDzj8dj
4jV8U9PfOoz6h+cP0akPDFLn7j8ehoo5rFfH95u7677Jox6sCY4n0N3tBntoSYWM
hgVITnf2h687GX7hBmJ9pNo/PZch/g2fgxXVa0BmoTuKoaYZTN4zYj+hKPADuEIr
Ynwk2bkjEahyre7rCgKGkEAXYwaZcBRPVzK0AZbA9+i8pJmDvKGgV4mn+4Vi3tQp
pfW6l1giWvdLk2xQogoz48nvBK0fyrqyQKq/edRSQGDETavtmg3qPaVsWnnqFGU9
IU2jFQQPcZtRNCBNYtIQppV8SQQXmkyRntB/xW7Bv0Nn4iuAfmgUF5MiEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIeWHZp71dQELUpJglkCP7PE20evMB8GA1UdIwQY
MBaAFAT0aviF0cy7DAmwaHB4W15pF4fhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlBScS1JWFJ6THNNQ2JCb2NIaGJYbWtYaC1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9mYjUzZDYtYWRhOC00MjZkLTk5ZmIt
YzVjZjRiM2IxY2E2LzEvaDVZZG1udlYxQVF0U2ttQ1dRSV9zOFRiUjY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9mYjUzZDYtYWRhOC00MjZkLTk5ZmItYzVjZjRiM2IxY2E2
LzEvQlBScS1JWFJ6THNNQ2JCb2NIaGJYbWtYaC1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+s/MA0G
CSqGSIb3DQEBCwUAA4IBAQBDwbIJdbq63/nkLJdXmg5o3TqAM74EPYuYMyS5zz0X
R3UTho6KZPP5tHVyYXGDLKPH36n6yoS5cuAp70KzXTasDyp454oESlXXNOSImX3t
PTAdE37nwzS+E9Lo7fzaQrJrxaxU9jbFEtxpDPPJeN1p5zRZjb7FgCgnryn2tN7c
cQalG46FeJW4f+pOSkajil7VLHzn46yANqGvNhtiMtqg2n4vfpIWTSWOXQrmJ5XQ
1dBJXEnAQbYZt7WqamZZy20FZ1nkC1nNYHIqwAKlo+UmcBk+DmJ+64z/tRx7yO69
fx56zuYCtdaaYmM47m5GqXqM+hoDtjNJdR2uLjsN655L
-----END CERTIFICATE-----