Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/f52db9-8e25-4297-93fd-55415a0ba73b/1/f55MqkCCRAhXZYFZ4twUk79A1oM.roa
File:                     f55MqkCCRAhXZYFZ4twUk79A1oM.roa (raw, json)
Hash identifier:          q97a6HRFSo8oWun0n8W6Bghcf95F5eIDIda3HeuP9Jw=
Subject key identifier:   7F:9E:4C:AA:40:82:44:08:57:65:81:59:E2:DC:14:93:BF:40:D6:83
Certificate issuer:       /CN=350cce1b9d06dcce8856659536499c1603391370
Certificate serial:       018CC6B7808853878242450AD8062EEDADC5
Authority key identifier: 35:0C:CE:1B:9D:06:DC:CE:88:56:65:95:36:49:9C:16:03:39:13:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NQzOG50G3M6IVmWVNkmcFgM5E3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/f52db9-8e25-4297-93fd-55415a0ba73b/1/f55MqkCCRAhXZYFZ4twUk79A1oM.roa
Signing time:             Mon 01 Jan 2024 20:29:23 +0000
ROA not before:           Mon 01 Jan 2024 20:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48306
IP address blocks:        91.209.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/f52db9-8e25-4297-93fd-55415a0ba73b/1/NQzOG50G3M6IVmWVNkmcFgM5E3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/f52db9-8e25-4297-93fd-55415a0ba73b/1/NQzOG50G3M6IVmWVNkmcFgM5E3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NQzOG50G3M6IVmWVNkmcFgM5E3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:80:88:53:87:82:42:45:0a:d8:06:2e:ed:ad:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=350cce1b9d06dcce8856659536499c1603391370
        Validity
            Not Before: Jan  1 20:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f9e4caa4082440857658159e2dc1493bf40d683
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:39:0e:64:27:66:54:bf:5e:77:19:a1:dd:a4:
                    97:be:1d:f1:f9:e9:5e:42:a2:7e:6f:f7:6e:d4:e2:
                    d4:9e:0f:b3:de:8d:32:93:40:73:7f:0f:5c:ed:6f:
                    ba:63:ac:71:5e:80:70:e7:bb:de:f9:35:f5:1c:b2:
                    c8:a2:aa:53:ab:e4:14:4d:2c:f0:1e:9b:6d:6c:32:
                    10:33:b0:5d:c4:c9:22:83:0e:05:33:42:bc:81:d7:
                    a7:1d:fe:3c:c3:dd:a6:8d:e2:4b:2b:3e:ff:b5:89:
                    44:b0:ed:81:76:06:dc:5e:80:73:59:e9:80:01:69:
                    82:cc:60:9e:34:18:42:52:01:46:7a:82:43:2f:12:
                    cd:df:5a:5b:91:83:09:91:28:68:1a:d5:a1:f9:f4:
                    c1:db:d0:e9:68:e3:26:eb:1d:e0:ba:42:3c:22:cf:
                    fb:8f:c0:75:3e:f3:9f:58:99:00:12:ca:11:3b:0d:
                    0f:54:ae:98:66:4c:57:fc:5b:04:70:2e:d6:45:7d:
                    45:9e:64:ce:83:c2:4b:c4:ec:cc:96:91:1b:1b:d1:
                    8f:da:bf:85:55:ff:7f:13:c1:e9:82:1d:73:f8:04:
                    1c:8e:b2:f5:63:ac:e6:e6:31:ba:88:d5:27:9b:10:
                    fd:06:3e:5a:e5:95:7e:47:5b:83:a7:ce:ae:04:f4:
                    0f:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:9E:4C:AA:40:82:44:08:57:65:81:59:E2:DC:14:93:BF:40:D6:83
            X509v3 Authority Key Identifier:
                keyid:35:0C:CE:1B:9D:06:DC:CE:88:56:65:95:36:49:9C:16:03:39:13:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NQzOG50G3M6IVmWVNkmcFgM5E3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/f52db9-8e25-4297-93fd-55415a0ba73b/1/f55MqkCCRAhXZYFZ4twUk79A1oM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/f52db9-8e25-4297-93fd-55415a0ba73b/1/NQzOG50G3M6IVmWVNkmcFgM5E3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:79:ee:6a:8c:dc:ca:21:61:11:79:97:e7:51:3e:e4:08:1f:
         ae:70:61:b9:1f:82:a9:70:36:54:06:b6:dd:e5:71:b0:ca:db:
         da:8f:6d:20:9e:7a:f2:a8:bd:0e:b8:b9:6f:c0:21:8c:8d:0e:
         9f:95:c6:81:40:3b:1b:eb:33:cd:4e:85:88:b4:e4:6c:dd:4e:
         32:05:50:95:a1:15:6a:6e:20:51:dc:e5:61:1c:67:c2:cf:b8:
         cc:ff:91:86:f2:62:af:15:93:4c:e9:e7:0d:61:d3:90:32:a3:
         0b:70:61:76:7b:f7:6b:95:b9:0a:1e:73:9d:f2:a2:43:16:3c:
         6c:85:64:c8:2f:20:7d:8f:2c:dd:56:c6:47:ab:ab:01:59:28:
         48:95:41:0e:87:a9:e7:a4:cc:76:80:30:0e:61:67:c6:f4:aa:
         7f:8e:b6:33:f1:60:33:ed:55:72:c2:45:34:c7:07:cc:fd:e5:
         42:21:4f:21:4f:f3:14:2a:d9:79:92:99:ce:9f:c7:15:ab:2f:
         0e:f0:10:72:2e:9a:48:fd:6c:ed:d3:b5:80:2d:e1:12:f1:09:
         29:94:a1:11:c2:b5:68:88:df:79:3f:f5:42:b1:76:3a:21:bc:
         5a:b4:b4:05:8c:36:88:f6:0f:bd:f2:4a:16:7e:09:c4:37:bc:
         84:66:61:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt4CIU4eCQkUK2AYu7a3FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MGNjZTFiOWQwNmRjY2U4ODU2NjU5NTM2NDk5YzE2MDMz
OTEzNzAwHhcNMjQwMTAxMjAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjllNGNhYTQwODI0NDA4NTc2NTgxNTllMmRjMTQ5M2JmNDBkNjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzkOZCdmVL9edxmh3aSXvh3x+ele
QqJ+b/du1OLUng+z3o0yk0Bzfw9c7W+6Y6xxXoBw57ve+TX1HLLIoqpTq+QUTSzw
HpttbDIQM7BdxMkigw4FM0K8gdenHf48w92mjeJLKz7/tYlEsO2BdgbcXoBzWemA
AWmCzGCeNBhCUgFGeoJDLxLN31pbkYMJkShoGtWh+fTB29DpaOMm6x3gukI8Is/7
j8B1PvOfWJkAEsoROw0PVK6YZkxX/FsEcC7WRX1FnmTOg8JLxOzMlpEbG9GP2r+F
Vf9/E8Hpgh1z+AQcjrL1Y6zm5jG6iNUnmxD9Bj5a5ZV+R1uDp86uBPQPFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH+eTKpAgkQIV2WBWeLcFJO/QNaDMB8GA1UdIwQY
MBaAFDUMzhudBtzOiFZllTZJnBYDORNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlF6T0c1MEczTTZJVm1XVk5rbWNGZ001RTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9mNTJkYjktOGUyNS00Mjk3LTkzZmQt
NTU0MTVhMGJhNzNiLzEvZjU1TXFrQ0NSQWhYWllGWjR0d1VrNzlBMW9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9mNTJkYjktOGUyNS00Mjk3LTkzZmQtNTU0MTVhMGJhNzNi
LzEvTlF6T0c1MEczTTZJVm1XVk5rbWNGZ001RTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9FYMA0G
CSqGSIb3DQEBCwUAA4IBAQCnee5qjNzKIWEReZfnUT7kCB+ucGG5H4KpcDZUBrbd
5XGwytvaj20gnnryqL0OuLlvwCGMjQ6flcaBQDsb6zPNToWItORs3U4yBVCVoRVq
biBR3OVhHGfCz7jM/5GG8mKvFZNM6ecNYdOQMqMLcGF2e/drlbkKHnOd8qJDFjxs
hWTILyB9jyzdVsZHq6sBWShIlUEOh6nnpMx2gDAOYWfG9Kp/jrYz8WAz7VVywkU0
xwfM/eVCIU8hT/MUKtl5kpnOn8cVqy8O8BByLppI/Wzt07WALeES8QkplKERwrVo
iN95P/VCsXY6IbxatLQFjDaI9g+98koWfgnEN7yEZmGY
-----END CERTIFICATE-----