Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/fc4690-080f-4018-89a1-93b4fe5157ec/1/T5zxNh8Aj-FGrY3OZey0zocsZ08.roa
File:                     T5zxNh8Aj-FGrY3OZey0zocsZ08.roa (raw, json)
Hash identifier:          nHdRuUXFqNulxlN4+d8R6c41HUyc0CHM1HXzYj0FsqQ=
Subject key identifier:   4F:9C:F1:36:1F:00:8F:E1:46:AD:8D:CE:65:EC:B4:CE:87:2C:67:4F
Certificate issuer:       /CN=96f2da2fa1bc8ed2f2bc6b703a8bf15340f97cfa
Certificate serial:       018CC4938263F338DAC0DAD0826868CE7672
Authority key identifier: 96:F2:DA:2F:A1:BC:8E:D2:F2:BC:6B:70:3A:8B:F1:53:40:F9:7C:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lvLaL6G8jtLyvGtwOovxU0D5fPo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/fc4690-080f-4018-89a1-93b4fe5157ec/1/T5zxNh8Aj-FGrY3OZey0zocsZ08.roa
Signing time:             Mon 01 Jan 2024 10:30:50 +0000
ROA not before:           Mon 01 Jan 2024 10:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197645
IP address blocks:        91.223.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/fc4690-080f-4018-89a1-93b4fe5157ec/1/lvLaL6G8jtLyvGtwOovxU0D5fPo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/fc4690-080f-4018-89a1-93b4fe5157ec/1/lvLaL6G8jtLyvGtwOovxU0D5fPo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lvLaL6G8jtLyvGtwOovxU0D5fPo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:82:63:f3:38:da:c0:da:d0:82:68:68:ce:76:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96f2da2fa1bc8ed2f2bc6b703a8bf15340f97cfa
        Validity
            Not Before: Jan  1 10:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f9cf1361f008fe146ad8dce65ecb4ce872c674f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ed:27:30:f8:18:0d:20:b4:97:2f:aa:b4:d4:
                    27:c9:03:6c:8d:74:3e:92:6c:90:53:7d:f3:16:3e:
                    8b:b5:e2:8e:90:cc:c5:97:ed:11:7d:90:6b:03:6f:
                    1d:b0:e7:c8:fe:17:61:39:4e:8f:e9:93:38:2c:88:
                    16:45:fd:12:9c:f6:3c:6a:ea:b0:40:d8:f2:86:06:
                    f8:d7:e5:77:b5:17:fe:ee:5b:9d:df:e1:1f:50:10:
                    54:a5:a7:ca:e3:32:70:5c:01:e6:45:5c:dc:e9:d7:
                    68:4c:a6:13:d2:05:bc:4d:81:14:cf:6c:1a:1e:9e:
                    98:63:35:6c:60:84:9a:93:cb:8a:50:2b:17:a6:10:
                    f3:fb:8e:27:eb:0b:38:12:c5:50:9d:c1:ad:a1:50:
                    2b:44:7a:e0:63:4c:e4:cd:1e:23:14:3a:3a:f7:e8:
                    df:70:b5:11:e1:9e:32:59:44:eb:24:e3:bb:b5:f2:
                    7b:c3:77:ff:5a:ee:c4:b8:c4:9a:76:cf:94:12:58:
                    c4:11:bb:46:84:ef:c9:43:3c:d9:ef:11:7f:bd:d5:
                    26:02:37:25:67:d6:8c:99:9d:28:48:f3:6e:e2:26:
                    af:52:a6:b6:48:48:f8:88:65:26:c5:79:2e:25:b7:
                    0f:83:aa:ea:7a:ca:53:a7:5a:aa:6e:c2:48:3e:7d:
                    02:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:9C:F1:36:1F:00:8F:E1:46:AD:8D:CE:65:EC:B4:CE:87:2C:67:4F
            X509v3 Authority Key Identifier:
                keyid:96:F2:DA:2F:A1:BC:8E:D2:F2:BC:6B:70:3A:8B:F1:53:40:F9:7C:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lvLaL6G8jtLyvGtwOovxU0D5fPo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/fc4690-080f-4018-89a1-93b4fe5157ec/1/T5zxNh8Aj-FGrY3OZey0zocsZ08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/fc4690-080f-4018-89a1-93b4fe5157ec/1/lvLaL6G8jtLyvGtwOovxU0D5fPo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:50:7a:ae:dd:56:d5:68:d9:8e:0a:77:50:d8:e3:c2:54:c3:
         e3:66:fd:87:31:88:13:81:d4:e4:5e:98:26:4d:5f:72:0b:d6:
         5b:b4:cb:b1:9e:48:67:56:e3:b5:92:36:fc:9e:3c:e2:01:36:
         d8:ed:c8:8f:46:d1:22:c7:5f:3a:32:be:3c:ab:e6:15:c1:a4:
         2d:ab:3d:04:4b:25:3f:45:9c:a1:4b:e9:e2:28:bd:de:0d:59:
         01:0b:ed:28:36:a2:49:24:07:72:b8:2c:e8:9d:b5:44:54:06:
         eb:ef:62:91:be:61:dc:0a:30:57:a6:98:c5:dc:87:4e:71:04:
         4a:08:15:eb:20:49:0e:d3:91:38:9b:24:40:4c:4f:ab:39:0e:
         e9:2d:8d:37:e7:52:ea:23:20:d9:fa:a6:e0:32:76:5f:af:2f:
         b7:e8:c6:fc:86:c7:ab:01:15:77:63:bc:55:0a:80:15:c8:45:
         be:c2:91:7f:06:5d:8e:98:41:40:3b:bd:29:ee:f9:db:6f:a2:
         ca:01:46:eb:8d:4b:47:b6:53:59:83:4d:64:12:d3:10:e9:aa:
         c4:ce:ee:59:a9:ef:98:bc:66:39:85:21:d8:bf:bd:a7:fa:43:
         46:3e:20:0d:a4:e7:16:e6:a3:70:3b:9c:4c:88:1a:a0:61:d0:
         23:8c:37:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk4Jj8zjawNrQgmhoznZyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ZjJkYTJmYTFiYzhlZDJmMmJjNmI3MDNhOGJmMTUzNDBm
OTdjZmEwHhcNMjQwMTAxMTAzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjljZjEzNjFmMDA4ZmUxNDZhZDhkY2U2NWVjYjRjZTg3MmM2NzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAku0nMPgYDSC0ly+qtNQnyQNsjXQ+
kmyQU33zFj6LteKOkMzFl+0RfZBrA28dsOfI/hdhOU6P6ZM4LIgWRf0SnPY8auqw
QNjyhgb41+V3tRf+7lud3+EfUBBUpafK4zJwXAHmRVzc6ddoTKYT0gW8TYEUz2wa
Hp6YYzVsYISak8uKUCsXphDz+44n6ws4EsVQncGtoVArRHrgY0zkzR4jFDo69+jf
cLUR4Z4yWUTrJOO7tfJ7w3f/Wu7EuMSads+UEljEEbtGhO/JQzzZ7xF/vdUmAjcl
Z9aMmZ0oSPNu4iavUqa2SEj4iGUmxXkuJbcPg6rqespTp1qqbsJIPn0CRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE+c8TYfAI/hRq2NzmXstM6HLGdPMB8GA1UdIwQY
MBaAFJby2i+hvI7S8rxrcDqL8VNA+Xz6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHZMYUw2RzhqdEx5dkd0d09vdnhVMEQ1ZlBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9mYzQ2OTAtMDgwZi00MDE4LTg5YTEt
OTNiNGZlNTE1N2VjLzEvVDV6eE5oOEFqLUZHclkzT1pleTB6b2NzWjA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9mYzQ2OTAtMDgwZi00MDE4LTg5YTEtOTNiNGZlNTE1N2Vj
LzEvbHZMYUw2RzhqdEx5dkd0d09vdnhVMEQ1ZlBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9/UMA0G
CSqGSIb3DQEBCwUAA4IBAQAqUHqu3VbVaNmOCndQ2OPCVMPjZv2HMYgTgdTkXpgm
TV9yC9ZbtMuxnkhnVuO1kjb8njziATbY7ciPRtEix186Mr48q+YVwaQtqz0ESyU/
RZyhS+niKL3eDVkBC+0oNqJJJAdyuCzonbVEVAbr72KRvmHcCjBXppjF3IdOcQRK
CBXrIEkO05E4myRATE+rOQ7pLY0351LqIyDZ+qbgMnZfry+36Mb8hserARV3Y7xV
CoAVyEW+wpF/Bl2OmEFAO70p7vnbb6LKAUbrjUtHtlNZg01kEtMQ6arEzu5Zqe+Y
vGY5hSHYv72n+kNGPiANpOcW5qNwO5xMiBqgYdAjjDet
-----END CERTIFICATE-----