Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/RkOUywZ9B93YnUITBazxlVBd_VY.roa
File:                     RkOUywZ9B93YnUITBazxlVBd_VY.roa (raw, json)
Hash identifier:          xMgkChapnGr1HIgIESQcHmiaRRKhzwbN27q06Bs7Xs0=
Subject key identifier:   46:43:94:CB:06:7D:07:DD:D8:9D:42:13:05:AC:F1:95:50:5D:FD:56
Certificate issuer:       /CN=5e8d07b45f7d83124c9f8c0fac03bec02468b37e
Certificate serial:       018CC86EFFF7B3C5506FFD4E36B5B28CF1F8
Authority key identifier: 5E:8D:07:B4:5F:7D:83:12:4C:9F:8C:0F:AC:03:BE:C0:24:68:B3:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xo0HtF99gxJMn4wPrAO-wCRos34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/RkOUywZ9B93YnUITBazxlVBd_VY.roa
Signing time:             Tue 02 Jan 2024 04:29:26 +0000
ROA not before:           Tue 02 Jan 2024 04:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211936
IP address blocks:        91.198.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/Xo0HtF99gxJMn4wPrAO-wCRos34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/Xo0HtF99gxJMn4wPrAO-wCRos34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xo0HtF99gxJMn4wPrAO-wCRos34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:ff:f7:b3:c5:50:6f:fd:4e:36:b5:b2:8c:f1:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e8d07b45f7d83124c9f8c0fac03bec02468b37e
        Validity
            Not Before: Jan  2 04:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=464394cb067d07ddd89d421305acf195505dfd56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:8f:40:a8:58:ff:ef:8a:6f:71:53:59:dc:16:
                    7d:e2:c2:77:9d:82:4f:c5:10:37:65:b2:e3:49:50:
                    76:0f:34:2e:e0:dc:c5:d2:dd:82:b2:2e:27:fb:b9:
                    d5:96:61:a8:9e:ca:cf:5f:cd:ee:11:d3:fd:f5:30:
                    5c:b3:2b:a6:e8:f7:dd:9c:82:47:be:9c:f3:f2:a4:
                    8f:f9:09:32:e7:2d:90:29:0f:25:ec:19:ae:a7:18:
                    39:dd:dd:66:af:02:75:e7:f8:e6:c4:d3:6c:e6:64:
                    39:25:32:28:fe:43:91:50:63:fe:08:dc:ad:f5:57:
                    d3:38:00:8a:a7:e9:10:fa:58:c8:23:84:55:a9:f0:
                    70:06:95:e7:e4:83:c1:78:69:52:c9:ee:d6:88:d3:
                    f6:f5:3d:29:42:7b:a3:c0:e3:b4:75:3f:00:ae:10:
                    f9:cf:ed:e8:27:e5:ac:ed:58:25:3e:dc:8d:52:33:
                    e7:ce:49:e6:87:ba:91:1b:68:b8:b2:9a:04:bc:bc:
                    59:ef:e6:d2:5d:76:a9:1a:dc:4e:a6:01:4d:86:a5:
                    f0:f3:9c:84:a6:5d:36:dd:de:e3:7b:bc:cd:51:03:
                    97:6c:73:57:05:1d:60:2d:bd:36:e2:22:d0:67:e0:
                    50:9d:fb:76:09:5d:b0:06:22:41:b8:53:12:9b:78:
                    63:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:43:94:CB:06:7D:07:DD:D8:9D:42:13:05:AC:F1:95:50:5D:FD:56
            X509v3 Authority Key Identifier:
                keyid:5E:8D:07:B4:5F:7D:83:12:4C:9F:8C:0F:AC:03:BE:C0:24:68:B3:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xo0HtF99gxJMn4wPrAO-wCRos34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/RkOUywZ9B93YnUITBazxlVBd_VY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/Xo0HtF99gxJMn4wPrAO-wCRos34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:7e:2b:35:33:8f:9b:1e:1d:cd:b2:da:ec:60:65:85:57:45:
         0b:73:96:67:13:7b:b7:0a:b3:3d:a2:00:ab:e3:23:68:fc:80:
         f1:e5:b1:66:50:84:6b:3e:14:d3:da:0c:57:d9:e2:6d:e0:52:
         2c:77:ba:c5:20:37:f5:2d:17:36:b5:86:08:71:38:65:78:c5:
         27:64:e5:de:c5:07:f0:38:d8:bf:f2:2c:ea:1d:ea:47:83:71:
         54:7f:0d:06:b1:48:3a:8e:a7:53:c4:32:01:13:31:2b:72:bb:
         bf:72:42:38:a5:00:f5:fb:0f:14:72:4e:e6:d4:54:d1:93:18:
         a1:c2:c3:16:cb:c6:86:e9:8c:ff:91:a2:7d:e2:33:05:33:1e:
         8c:99:64:80:2c:34:ee:4c:25:7f:68:84:a5:2a:fd:5b:86:55:
         60:f4:a3:be:29:ca:12:c4:33:5f:bf:ad:8c:7f:58:13:83:10:
         03:99:63:33:98:e3:d4:18:82:05:f3:50:cb:30:c8:8a:a5:96:
         03:8e:50:83:18:80:58:e0:49:bb:e1:72:45:57:ef:6e:6e:7f:
         79:8b:6b:0c:82:2f:87:e6:21:38:c4:89:2b:ee:c0:04:9f:91:
         b9:39:36:9f:32:15:ae:41:a9:a6:5a:9a:b3:94:bf:96:29:5a:
         ac:30:c3:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbv/3s8VQb/1ONrWyjPH4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlOGQwN2I0NWY3ZDgzMTI0YzlmOGMwZmFjMDNiZWMwMjQ2
OGIzN2UwHhcNMjQwMTAyMDQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjQzOTRjYjA2N2QwN2RkZDg5ZDQyMTMwNWFjZjE5NTUwNWRmZDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArY9AqFj/74pvcVNZ3BZ94sJ3nYJP
xRA3ZbLjSVB2DzQu4NzF0t2Csi4n+7nVlmGonsrPX83uEdP99TBcsyum6PfdnIJH
vpzz8qSP+Qky5y2QKQ8l7Bmupxg53d1mrwJ15/jmxNNs5mQ5JTIo/kORUGP+CNyt
9VfTOACKp+kQ+ljII4RVqfBwBpXn5IPBeGlSye7WiNP29T0pQnujwOO0dT8ArhD5
z+3oJ+Ws7VglPtyNUjPnzknmh7qRG2i4spoEvLxZ7+bSXXapGtxOpgFNhqXw85yE
pl023d7je7zNUQOXbHNXBR1gLb024iLQZ+BQnft2CV2wBiJBuFMSm3hjxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEZDlMsGfQfd2J1CEwWs8ZVQXf1WMB8GA1UdIwQY
MBaAFF6NB7RffYMSTJ+MD6wDvsAkaLN+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG8wSHRGOTlneEpNbjR3UHJBTy13Q1JvczM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9hMTY4ZTktZDA3MC00NGUwLTk0YTQt
NmM4ZmQ4NGJiNWY1LzEvUmtPVXl3WjlCOTNZblVJVEJhenhsVkJkX1ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9hMTY4ZTktZDA3MC00NGUwLTk0YTQtNmM4ZmQ4NGJiNWY1
LzEvWG8wSHRGOTlneEpNbjR3UHJBTy13Q1JvczM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8ZRMA0G
CSqGSIb3DQEBCwUAA4IBAQC0fis1M4+bHh3NstrsYGWFV0ULc5ZnE3u3CrM9ogCr
4yNo/IDx5bFmUIRrPhTT2gxX2eJt4FIsd7rFIDf1LRc2tYYIcThleMUnZOXexQfw
ONi/8izqHepHg3FUfw0GsUg6jqdTxDIBEzErcru/ckI4pQD1+w8Uck7m1FTRkxih
wsMWy8aG6Yz/kaJ94jMFMx6MmWSALDTuTCV/aISlKv1bhlVg9KO+KcoSxDNfv62M
f1gTgxADmWMzmOPUGIIF81DLMMiKpZYDjlCDGIBY4Em74XJFV+9ubn95i2sMgi+H
5iE4xIkr7sAEn5G5OTafMhWuQammWpqzlL+WKVqsMMPR
-----END CERTIFICATE-----