Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/c5c595-2673-4d5f-8a85-ae8c81f96f42/1/CD0VZBi5-qqM8C-6Z5F4l0a0HSQ.roa
File:                     CD0VZBi5-qqM8C-6Z5F4l0a0HSQ.roa (raw, json)
Hash identifier:          m/EzCC5ykIUMMAg8jmdA7PnlAXBGlYKrqb0zMkhXiKM=
Subject key identifier:   08:3D:15:64:18:B9:FA:AA:8C:F0:2F:BA:67:91:78:97:46:B4:1D:24
Certificate issuer:       /CN=4ce488c6401c8f5e969e15d64651fb4b2d2dcdf7
Certificate serial:       018CCA2A35D54E301094A64E16F5F0CC93FF
Authority key identifier: 4C:E4:88:C6:40:1C:8F:5E:96:9E:15:D6:46:51:FB:4B:2D:2D:CD:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TOSIxkAcj16WnhXWRlH7Sy0tzfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/c5c595-2673-4d5f-8a85-ae8c81f96f42/1/CD0VZBi5-qqM8C-6Z5F4l0a0HSQ.roa
Signing time:             Tue 02 Jan 2024 12:33:33 +0000
ROA not before:           Tue 02 Jan 2024 12:33:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51735
IP address blocks:        91.220.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/c5c595-2673-4d5f-8a85-ae8c81f96f42/1/TOSIxkAcj16WnhXWRlH7Sy0tzfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/c5c595-2673-4d5f-8a85-ae8c81f96f42/1/TOSIxkAcj16WnhXWRlH7Sy0tzfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TOSIxkAcj16WnhXWRlH7Sy0tzfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:35:d5:4e:30:10:94:a6:4e:16:f5:f0:cc:93:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ce488c6401c8f5e969e15d64651fb4b2d2dcdf7
        Validity
            Not Before: Jan  2 12:33:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=083d156418b9faaa8cf02fba6791789746b41d24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:56:52:1a:87:eb:70:a2:af:99:26:cd:49:be:
                    e5:f7:cf:ed:ed:e2:5f:58:b1:5b:d9:a7:11:4e:06:
                    24:9b:46:4a:29:0c:ac:b1:46:ef:56:41:64:09:ac:
                    4d:55:06:10:01:67:9d:12:fe:45:21:a9:91:df:74:
                    b4:b2:5b:ad:9e:cc:8b:6f:35:69:77:08:23:6d:aa:
                    31:d6:b4:b1:9a:41:8f:0c:ee:6c:89:27:98:ae:56:
                    a8:94:c4:45:f9:08:14:2d:49:27:80:26:a5:51:ef:
                    30:6c:a5:93:55:96:d2:e9:2b:ec:05:dd:17:cf:9b:
                    24:25:81:bb:b6:00:ec:fd:e8:1d:0d:2c:b0:25:d0:
                    13:b6:55:0c:16:83:31:88:e9:d8:84:7b:d5:f7:ec:
                    a7:b1:a5:7b:db:61:a4:62:c6:dc:b3:24:c3:6b:5b:
                    a4:8c:44:46:7b:c3:9a:5b:c5:61:06:84:73:73:ad:
                    14:4e:fb:cd:92:8d:10:c5:52:24:e4:2b:1a:34:fe:
                    a9:0d:77:7e:ba:aa:68:c5:57:29:2f:a5:40:86:ad:
                    c7:4b:b0:58:df:56:2c:fa:9a:1b:3d:dc:81:df:c1:
                    32:c4:5a:11:11:55:6a:4e:c4:1d:92:d9:2b:91:ea:
                    6d:9d:03:57:f7:f4:ba:4c:d8:b8:66:2d:0b:cd:39:
                    63:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:3D:15:64:18:B9:FA:AA:8C:F0:2F:BA:67:91:78:97:46:B4:1D:24
            X509v3 Authority Key Identifier:
                keyid:4C:E4:88:C6:40:1C:8F:5E:96:9E:15:D6:46:51:FB:4B:2D:2D:CD:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TOSIxkAcj16WnhXWRlH7Sy0tzfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/c5c595-2673-4d5f-8a85-ae8c81f96f42/1/CD0VZBi5-qqM8C-6Z5F4l0a0HSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/c5c595-2673-4d5f-8a85-ae8c81f96f42/1/TOSIxkAcj16WnhXWRlH7Sy0tzfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:85:37:97:ec:90:86:9a:16:84:64:6c:44:57:9c:40:f6:b5:
         18:3e:ae:c0:cf:13:b9:04:29:b9:69:57:2a:de:49:91:49:11:
         fc:4e:96:18:e9:1a:35:31:1c:7e:5d:d1:cc:1d:a9:ca:46:11:
         5b:f0:dd:93:be:19:dd:69:0f:96:56:87:87:4f:9a:70:89:2a:
         63:7b:d4:b0:54:d6:f2:04:67:be:5a:69:36:73:e2:63:69:e8:
         81:c5:ea:33:b3:64:93:51:ad:65:74:f0:7f:ab:9e:6a:75:20:
         29:d7:65:60:d9:84:2f:8a:e9:b5:75:b0:e2:ba:4d:1c:93:4a:
         92:55:cc:58:36:90:18:e4:03:6d:f0:af:74:bf:10:74:35:af:
         d9:25:d8:34:28:68:78:ed:32:20:6c:7f:80:f3:0e:b1:41:65:
         98:e5:97:88:1e:ee:88:9d:b4:21:bd:84:4e:44:93:a0:61:37:
         de:ee:19:30:3e:8c:33:ff:5b:fa:b4:39:75:58:32:8e:a3:aa:
         74:13:ae:2f:90:a8:69:22:18:28:7c:72:0d:56:7d:8a:fe:46:
         42:17:29:c2:65:0f:95:72:d7:c7:c2:dd:12:83:1e:fe:f7:12:
         5f:9d:cd:87:cd:36:75:2b:21:19:5c:26:d7:df:41:11:99:a7:
         31:08:60:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKjXVTjAQlKZOFvXwzJP/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZTQ4OGM2NDAxYzhmNWU5NjllMTVkNjQ2NTFmYjRiMmQy
ZGNkZjcwHhcNMjQwMTAyMTIzMzMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODNkMTU2NDE4YjlmYWFhOGNmMDJmYmE2NzkxNzg5NzQ2YjQxZDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1ZSGofrcKKvmSbNSb7l98/t7eJf
WLFb2acRTgYkm0ZKKQyssUbvVkFkCaxNVQYQAWedEv5FIamR33S0slutnsyLbzVp
dwgjbaox1rSxmkGPDO5siSeYrlaolMRF+QgULUkngCalUe8wbKWTVZbS6SvsBd0X
z5skJYG7tgDs/egdDSywJdATtlUMFoMxiOnYhHvV9+ynsaV722GkYsbcsyTDa1uk
jERGe8OaW8VhBoRzc60UTvvNko0QxVIk5CsaNP6pDXd+uqpoxVcpL6VAhq3HS7BY
31Ys+pobPdyB38EyxFoREVVqTsQdktkrkeptnQNX9/S6TNi4Zi0LzTljXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAg9FWQYufqqjPAvumeReJdGtB0kMB8GA1UdIwQY
MBaAFEzkiMZAHI9elp4V1kZR+0stLc33MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVE9TSXhrQWNqMTZXbmhYV1JsSDdTeTB0emZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9jNWM1OTUtMjY3My00ZDVmLThhODUt
YWU4YzgxZjk2ZjQyLzEvQ0QwVlpCaTUtcXFNOEMtNlo1RjRsMGEwSFNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9jNWM1OTUtMjY3My00ZDVmLThhODUtYWU4YzgxZjk2ZjQy
LzEvVE9TSXhrQWNqMTZXbmhYV1JsSDdTeTB0emZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9xOMA0G
CSqGSIb3DQEBCwUAA4IBAQAThTeX7JCGmhaEZGxEV5xA9rUYPq7AzxO5BCm5aVcq
3kmRSRH8TpYY6Ro1MRx+XdHMHanKRhFb8N2TvhndaQ+WVoeHT5pwiSpje9SwVNby
BGe+Wmk2c+JjaeiBxeozs2STUa1ldPB/q55qdSAp12Vg2YQvium1dbDiuk0ck0qS
VcxYNpAY5ANt8K90vxB0Na/ZJdg0KGh47TIgbH+A8w6xQWWY5ZeIHu6InbQhvYRO
RJOgYTfe7hkwPowz/1v6tDl1WDKOo6p0E64vkKhpIhgofHINVn2K/kZCFynCZQ+V
ctfHwt0Sgx7+9xJfnc2HzTZ1KyEZXCbX30ERmacxCGBA
-----END CERTIFICATE-----