Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/d3a55c-1f62-4779-86b9-61b50f6a6c02/1/hxAJ-XthZBKmNbrf3yx3HyULKAQ.roa
File:                     hxAJ-XthZBKmNbrf3yx3HyULKAQ.roa (raw, json)
Hash identifier:          g7i78MjpCWHz0BIl9E9bHwVPAdnZuqvySvgqYo5iThg=
Subject key identifier:   87:10:09:F9:7B:61:64:12:A6:35:BA:DF:DF:2C:77:1F:25:0B:28:04
Certificate issuer:       /CN=28843db96e4f459b87df8c279057eed69bb9b862
Certificate serial:       018CC26D02F4D42F42CE40BFAAD6826ADBF2
Authority key identifier: 28:84:3D:B9:6E:4F:45:9B:87:DF:8C:27:90:57:EE:D6:9B:B9:B8:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KIQ9uW5PRZuH34wnkFfu1pu5uGI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/d3a55c-1f62-4779-86b9-61b50f6a6c02/1/hxAJ-XthZBKmNbrf3yx3HyULKAQ.roa
Signing time:             Mon 01 Jan 2024 00:29:33 +0000
ROA not before:           Mon 01 Jan 2024 00:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51404
IP address blocks:        91.217.15.0/24 maxlen: 24
                          91.217.14.0/24 maxlen: 24
                          91.217.14.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/d3a55c-1f62-4779-86b9-61b50f6a6c02/1/KIQ9uW5PRZuH34wnkFfu1pu5uGI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/d3a55c-1f62-4779-86b9-61b50f6a6c02/1/KIQ9uW5PRZuH34wnkFfu1pu5uGI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KIQ9uW5PRZuH34wnkFfu1pu5uGI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:02:f4:d4:2f:42:ce:40:bf:aa:d6:82:6a:db:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28843db96e4f459b87df8c279057eed69bb9b862
        Validity
            Not Before: Jan  1 00:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=871009f97b616412a635badfdf2c771f250b2804
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:96:40:87:7b:02:90:c7:b9:1c:60:e9:a8:4e:
                    d0:93:33:ce:03:3b:c7:f0:5e:5f:5a:df:43:6e:32:
                    94:76:63:a3:1a:45:40:b9:e6:be:b6:1b:8b:28:05:
                    1f:a4:0c:ee:49:4b:a9:35:dc:b3:9f:24:26:44:35:
                    81:47:cb:62:65:c1:0a:50:f7:27:4f:a0:8e:86:8c:
                    b8:d0:ed:72:28:2a:a9:1f:29:0b:a8:31:78:bc:f5:
                    7a:5e:c4:a3:1a:5c:b6:24:36:1e:3e:5f:15:c1:38:
                    cd:c8:09:6e:0a:05:bc:da:9b:cb:53:a0:cb:36:7f:
                    3c:a8:9c:9d:d9:f4:51:9d:eb:3a:ac:3f:9c:47:e6:
                    ee:d3:6e:0b:cf:8b:e8:f5:f2:60:85:61:fb:b5:0a:
                    37:02:26:02:26:c2:66:58:4b:14:75:4c:a9:24:d5:
                    a1:b8:5a:6a:c9:d7:b2:78:8c:1d:3d:3d:b9:b1:f7:
                    50:da:88:2c:c6:7d:6f:26:6b:70:cd:36:fa:c6:9e:
                    2f:12:0b:8f:c3:39:9d:21:d1:37:ae:b5:f2:f1:85:
                    58:77:e1:2d:8e:2a:fa:db:95:a9:e7:0a:3b:7c:60:
                    27:11:6e:1a:78:71:ac:33:80:62:a7:67:35:cf:dd:
                    99:c0:11:5e:66:3c:d3:21:e0:03:a0:44:68:7d:21:
                    9e:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:10:09:F9:7B:61:64:12:A6:35:BA:DF:DF:2C:77:1F:25:0B:28:04
            X509v3 Authority Key Identifier:
                keyid:28:84:3D:B9:6E:4F:45:9B:87:DF:8C:27:90:57:EE:D6:9B:B9:B8:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KIQ9uW5PRZuH34wnkFfu1pu5uGI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/d3a55c-1f62-4779-86b9-61b50f6a6c02/1/hxAJ-XthZBKmNbrf3yx3HyULKAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/d3a55c-1f62-4779-86b9-61b50f6a6c02/1/KIQ9uW5PRZuH34wnkFfu1pu5uGI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:25:69:39:ff:9d:96:70:63:df:3c:43:ab:aa:26:e7:fc:77:
         bc:d2:a5:53:fe:53:71:c6:9c:09:b4:04:68:d5:76:86:f8:c9:
         9a:0f:33:73:21:61:30:7e:cb:8a:f5:88:e8:48:8f:a4:89:11:
         b2:43:e2:48:8e:de:cc:56:a4:5f:8d:bd:e4:f5:ce:3a:5a:a2:
         93:ac:7b:cf:5d:c2:12:fd:92:c5:e7:b4:c7:cd:c6:c2:ff:8a:
         c7:bb:96:81:da:0a:e5:89:94:34:0f:18:3b:39:68:76:5e:62:
         cb:0c:cf:a1:57:f0:cb:6c:f4:c6:b3:48:b3:d4:e1:92:77:ea:
         db:06:98:59:b0:c6:c4:e9:17:91:38:c3:05:22:85:64:7d:c8:
         9c:77:9e:5b:f5:b7:89:c8:59:b7:bb:8f:59:15:02:8e:5b:57:
         cf:84:84:1c:74:c7:72:a9:c2:5d:ec:4e:81:7f:82:d4:4e:e4:
         5f:d6:99:7b:cb:08:c0:cb:d9:be:43:4c:fe:df:9d:bf:80:83:
         6b:5b:f1:ab:b4:3a:b2:6a:ec:fb:28:ef:05:13:a5:cc:94:1c:
         60:61:9e:3b:8a:ef:d8:4a:1b:5e:be:01:3a:f7:c9:97:f1:51:
         13:f2:a3:06:78:25:a5:32:48:5f:97:e4:f6:0d:fb:84:f0:a2:
         c7:ad:c1:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQL01C9CzkC/qtaCatvyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ODQzZGI5NmU0ZjQ1OWI4N2RmOGMyNzkwNTdlZWQ2OWJi
OWI4NjIwHhcNMjQwMTAxMDAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzEwMDlmOTdiNjE2NDEyYTYzNWJhZGZkZjJjNzcxZjI1MGIyODA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi5ZAh3sCkMe5HGDpqE7QkzPOAzvH
8F5fWt9DbjKUdmOjGkVAuea+thuLKAUfpAzuSUupNdyznyQmRDWBR8tiZcEKUPcn
T6COhoy40O1yKCqpHykLqDF4vPV6XsSjGly2JDYePl8VwTjNyAluCgW82pvLU6DL
Nn88qJyd2fRRnes6rD+cR+bu024Lz4vo9fJghWH7tQo3AiYCJsJmWEsUdUypJNWh
uFpqydeyeIwdPT25sfdQ2ogsxn1vJmtwzTb6xp4vEguPwzmdIdE3rrXy8YVYd+Et
jir625Wp5wo7fGAnEW4aeHGsM4Bip2c1z92ZwBFeZjzTIeADoERofSGeMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcQCfl7YWQSpjW6398sdx8lCygEMB8GA1UdIwQY
MBaAFCiEPbluT0Wbh9+MJ5BX7tabubhiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0lROXVXNVBSWnVIMzR3bmtGZnUxcHU1dUdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9kM2E1NWMtMWY2Mi00Nzc5LTg2Yjkt
NjFiNTBmNmE2YzAyLzEvaHhBSi1YdGhaQkttTmJyZjN5eDNIeVVMS0FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9kM2E1NWMtMWY2Mi00Nzc5LTg2YjktNjFiNTBmNmE2YzAy
LzEvS0lROXVXNVBSWnVIMzR3bmtGZnUxcHU1dUdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW9kOMA0G
CSqGSIb3DQEBCwUAA4IBAQASJWk5/52WcGPfPEOrqibn/He80qVT/lNxxpwJtARo
1XaG+MmaDzNzIWEwfsuK9YjoSI+kiRGyQ+JIjt7MVqRfjb3k9c46WqKTrHvPXcIS
/ZLF57THzcbC/4rHu5aB2grliZQ0Dxg7OWh2XmLLDM+hV/DLbPTGs0iz1OGSd+rb
BphZsMbE6ReROMMFIoVkfcicd55b9beJyFm3u49ZFQKOW1fPhIQcdMdyqcJd7E6B
f4LUTuRf1pl7ywjAy9m+Q0z+352/gINrW/GrtDqyauz7KO8FE6XMlBxgYZ47iu/Y
ShtevgE698mX8VET8qMGeCWlMkhfl+T2DfuE8KLHrcFD
-----END CERTIFICATE-----