Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/26cc92-8bf7-48e0-937a-7e4e2f8b5b16/1/8Sw9OhoTm_oicEprSpfKDgkFmJg.roa
File:                     8Sw9OhoTm_oicEprSpfKDgkFmJg.roa (raw, json)
Hash identifier:          Bs437V5Md69bhj7D4Ex5ybvDVMNlk7HozNVBWQv9MT8=
Subject key identifier:   F1:2C:3D:3A:1A:13:9B:FA:22:70:4A:6B:4A:97:CA:0E:09:05:98:98
Certificate issuer:       /CN=6319295d3ada7e6eb329844961caa1002caa4d86
Certificate serial:       018D5ACDE69F6576915498E528C8ADDCF622
Authority key identifier: 63:19:29:5D:3A:DA:7E:6E:B3:29:84:49:61:CA:A1:00:2C:AA:4D:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YxkpXTrafm6zKYRJYcqhACyqTYY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/26cc92-8bf7-48e0-937a-7e4e2f8b5b16/1/8Sw9OhoTm_oicEprSpfKDgkFmJg.roa
Signing time:             Tue 30 Jan 2024 14:37:39 +0000
ROA not before:           Tue 30 Jan 2024 14:37:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199131
IP address blocks:        91.244.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/26cc92-8bf7-48e0-937a-7e4e2f8b5b16/1/YxkpXTrafm6zKYRJYcqhACyqTYY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/26cc92-8bf7-48e0-937a-7e4e2f8b5b16/1/YxkpXTrafm6zKYRJYcqhACyqTYY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YxkpXTrafm6zKYRJYcqhACyqTYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5a:cd:e6:9f:65:76:91:54:98:e5:28:c8:ad:dc:f6:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6319295d3ada7e6eb329844961caa1002caa4d86
        Validity
            Not Before: Jan 30 14:37:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f12c3d3a1a139bfa22704a6b4a97ca0e09059898
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b1:9e:2c:c4:5f:87:90:b4:7d:f9:ea:07:26:
                    40:1a:0e:ee:e7:f8:0e:b2:29:44:2b:fd:b3:f3:4f:
                    73:f7:72:73:c9:a7:b7:36:b5:9f:2b:4c:37:e9:cf:
                    69:cd:e9:5e:96:3b:9f:76:db:26:bb:35:82:2e:b5:
                    32:81:ef:31:05:a2:32:24:14:10:dc:c1:7c:aa:66:
                    15:55:49:0c:c2:32:e7:06:84:c8:43:21:54:7f:f0:
                    46:c6:8a:76:a4:02:85:89:1b:72:2f:97:3a:53:b6:
                    a6:05:54:d4:05:2e:88:62:40:5e:bc:b2:12:0e:4d:
                    e3:58:5d:b8:c3:3f:40:ed:ae:d0:28:47:05:92:be:
                    20:2e:3e:23:fe:31:05:fc:c6:7e:bb:45:94:b4:d8:
                    b3:d4:3d:78:45:d4:b3:79:ce:cc:1c:db:92:30:bb:
                    30:0a:52:69:fe:30:2f:bd:f6:51:d7:bb:3a:0a:74:
                    2a:1d:a7:94:a1:79:5e:8e:9e:10:e2:5c:b7:f5:4a:
                    5b:09:45:33:5d:ee:a0:6f:b5:65:4c:50:c8:0b:4c:
                    71:52:a8:aa:c4:b6:6f:36:f5:bc:ca:57:cf:5c:6b:
                    44:7a:df:ee:ce:eb:f4:54:66:8d:cf:1c:28:2c:f2:
                    28:c7:a7:3c:a7:f0:45:25:52:da:89:f3:dd:94:fd:
                    8e:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:2C:3D:3A:1A:13:9B:FA:22:70:4A:6B:4A:97:CA:0E:09:05:98:98
            X509v3 Authority Key Identifier:
                keyid:63:19:29:5D:3A:DA:7E:6E:B3:29:84:49:61:CA:A1:00:2C:AA:4D:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YxkpXTrafm6zKYRJYcqhACyqTYY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/26cc92-8bf7-48e0-937a-7e4e2f8b5b16/1/8Sw9OhoTm_oicEprSpfKDgkFmJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/26cc92-8bf7-48e0-937a-7e4e2f8b5b16/1/YxkpXTrafm6zKYRJYcqhACyqTYY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.244.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:ae:1a:64:fc:57:8b:de:f8:9c:02:13:82:3a:6e:ea:f0:93:
         f5:f1:9d:66:94:67:e8:bb:9c:76:95:b2:b9:55:05:2a:d2:25:
         fa:22:90:e2:98:e1:47:b2:f7:9d:16:05:1b:cf:69:77:be:f5:
         89:e8:89:5a:ac:02:de:be:d2:88:8d:2e:ad:b1:5e:89:e0:e1:
         5a:a5:9e:0b:cf:e3:96:00:3a:a4:b2:ac:52:c5:54:3d:d4:d3:
         d7:96:31:e0:52:05:f6:66:5c:8f:98:a6:8a:8f:8a:6b:09:0a:
         6b:2f:b7:59:81:ae:8d:db:a0:e8:98:3c:50:93:ba:09:5c:10:
         ad:1d:df:3c:1b:60:df:af:83:c6:a2:59:19:40:0f:08:7d:04:
         cd:d9:ca:f8:dc:3f:11:a1:2f:57:17:62:22:86:ad:3b:ac:78:
         f1:f5:16:c5:20:ec:27:b8:e0:4f:a8:d3:40:80:15:47:34:ad:
         1f:85:49:92:8c:48:89:fa:b4:31:5e:bc:3e:84:06:69:5a:3b:
         e2:c3:4d:55:b8:1b:5f:26:91:37:da:27:da:d5:9e:2b:18:62:
         32:42:53:e1:06:32:4b:1d:c9:ff:cf:17:9b:48:92:67:8e:92:
         85:76:50:db:fd:5a:ee:ef:f4:7b:e8:b7:de:87:fa:76:a9:d3:
         9f:b2:77:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1azeafZXaRVJjlKMit3PYiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMTkyOTVkM2FkYTdlNmViMzI5ODQ0OTYxY2FhMTAwMmNh
YTRkODYwHhcNMjQwMTMwMTQzNzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTJjM2QzYTFhMTM5YmZhMjI3MDRhNmI0YTk3Y2EwZTA5MDU5ODk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrGeLMRfh5C0ffnqByZAGg7u5/gO
silEK/2z809z93Jzyae3NrWfK0w36c9pzeleljufdtsmuzWCLrUyge8xBaIyJBQQ
3MF8qmYVVUkMwjLnBoTIQyFUf/BGxop2pAKFiRtyL5c6U7amBVTUBS6IYkBevLIS
Dk3jWF24wz9A7a7QKEcFkr4gLj4j/jEF/MZ+u0WUtNiz1D14RdSzec7MHNuSMLsw
ClJp/jAvvfZR17s6CnQqHaeUoXlejp4Q4ly39UpbCUUzXe6gb7VlTFDIC0xxUqiq
xLZvNvW8ylfPXGtEet/uzuv0VGaNzxwoLPIox6c8p/BFJVLaifPdlP2OPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPEsPToaE5v6InBKa0qXyg4JBZiYMB8GA1UdIwQY
MBaAFGMZKV062n5usymESWHKoQAsqk2GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXhrcFhUcmFmbTZ6S1lSSlljcWhBQ3lxVFlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8yNmNjOTItOGJmNy00OGUwLTkzN2Et
N2U0ZTJmOGI1YjE2LzEvOFN3OU9ob1RtX29pY0VwclNwZktEZ2tGbUpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8yNmNjOTItOGJmNy00OGUwLTkzN2EtN2U0ZTJmOGI1YjE2
LzEvWXhrcFhUcmFmbTZ6S1lSSlljcWhBQ3lxVFlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/TlMA0G
CSqGSIb3DQEBCwUAA4IBAQB7rhpk/FeL3vicAhOCOm7q8JP18Z1mlGfou5x2lbK5
VQUq0iX6IpDimOFHsvedFgUbz2l3vvWJ6IlarALevtKIjS6tsV6J4OFapZ4Lz+OW
ADqksqxSxVQ91NPXljHgUgX2ZlyPmKaKj4prCQprL7dZga6N26DomDxQk7oJXBCt
Hd88G2Dfr4PGolkZQA8IfQTN2cr43D8RoS9XF2Iihq07rHjx9RbFIOwnuOBPqNNA
gBVHNK0fhUmSjEiJ+rQxXrw+hAZpWjviw01VuBtfJpE32ifa1Z4rGGIyQlPhBjJL
Hcn/zxebSJJnjpKFdlDb/Vru7/R76Lfeh/p2qdOfsncI
-----END CERTIFICATE-----