Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/a78ef1-c3c9-43a0-9b1c-1d9d8d004111/1/2iOAzdGXyJ7stYatNKd5HZ0gQ5w.roa
File:                     2iOAzdGXyJ7stYatNKd5HZ0gQ5w.roa (raw, json)
Hash identifier:          kCwrtU5YUPk1j3ARC+T/MgjLOcUI7lhQttQwoK56DQo=
Subject key identifier:   DA:23:80:CD:D1:97:C8:9E:EC:B5:86:AD:34:A7:79:1D:9D:20:43:9C
Certificate issuer:       /CN=5f92bff7a89a8590e6abbaec0282b0f24e0afeb2
Certificate serial:       018CCA293AC8597334DDDFE1BC2AD88D449D
Authority key identifier: 5F:92:BF:F7:A8:9A:85:90:E6:AB:BA:EC:02:82:B0:F2:4E:0A:FE:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X5K_96iahZDmq7rsAoKw8k4K_rI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/a78ef1-c3c9-43a0-9b1c-1d9d8d004111/1/2iOAzdGXyJ7stYatNKd5HZ0gQ5w.roa
Signing time:             Tue 02 Jan 2024 12:32:28 +0000
ROA not before:           Tue 02 Jan 2024 12:32:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41075
IP address blocks:        91.236.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/a78ef1-c3c9-43a0-9b1c-1d9d8d004111/1/X5K_96iahZDmq7rsAoKw8k4K_rI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/a78ef1-c3c9-43a0-9b1c-1d9d8d004111/1/X5K_96iahZDmq7rsAoKw8k4K_rI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X5K_96iahZDmq7rsAoKw8k4K_rI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:3a:c8:59:73:34:dd:df:e1:bc:2a:d8:8d:44:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f92bff7a89a8590e6abbaec0282b0f24e0afeb2
        Validity
            Not Before: Jan  2 12:32:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da2380cdd197c89eecb586ad34a7791d9d20439c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e9:02:61:b2:c7:24:66:19:66:57:b5:4f:c5:
                    69:a7:4f:07:5c:79:f9:45:d9:18:1c:16:9a:f9:4d:
                    54:2e:c1:45:5b:1a:c9:12:af:ee:7f:9a:3c:2e:83:
                    5b:f9:38:d7:8d:23:ad:81:2a:d7:68:d7:b9:a6:b5:
                    67:55:ba:f6:f9:69:dd:e6:92:80:64:3a:12:b7:cc:
                    0f:1c:9c:97:d3:a5:c5:33:5d:26:57:95:10:c9:f1:
                    c9:4d:36:5e:82:e4:2b:59:cd:91:7b:5b:47:1d:6a:
                    26:d4:56:f8:4e:02:f3:53:0f:ab:8b:df:78:ed:79:
                    4f:32:f9:29:f1:34:21:e8:16:92:9f:a2:ba:42:48:
                    af:24:74:2e:24:8b:2b:82:63:a2:6b:ac:58:bd:4f:
                    d2:da:f8:a2:f2:c6:11:0a:72:26:ec:74:6d:54:83:
                    fb:4a:7e:c4:d1:20:b0:30:5c:2f:1d:ce:3a:93:3a:
                    e7:9b:5a:a2:4d:72:ee:cb:d4:27:ee:24:2f:c6:b8:
                    dc:b6:75:d6:7f:6d:e8:b8:f2:cc:bf:d3:0f:d8:11:
                    0f:2e:05:31:cb:ab:a1:3f:be:4b:46:fd:8a:c0:58:
                    bc:c7:40:7b:20:9a:23:13:fd:f5:e6:3e:c8:30:f2:
                    c9:a6:22:17:10:a9:6d:00:d5:c3:14:e2:09:87:85:
                    40:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:23:80:CD:D1:97:C8:9E:EC:B5:86:AD:34:A7:79:1D:9D:20:43:9C
            X509v3 Authority Key Identifier:
                keyid:5F:92:BF:F7:A8:9A:85:90:E6:AB:BA:EC:02:82:B0:F2:4E:0A:FE:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X5K_96iahZDmq7rsAoKw8k4K_rI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/a78ef1-c3c9-43a0-9b1c-1d9d8d004111/1/2iOAzdGXyJ7stYatNKd5HZ0gQ5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/a78ef1-c3c9-43a0-9b1c-1d9d8d004111/1/X5K_96iahZDmq7rsAoKw8k4K_rI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:e2:ef:ad:59:81:da:78:e1:c3:55:d9:df:27:14:bb:77:f8:
         a4:ea:98:92:6b:01:12:f2:f2:3e:f6:0c:f3:fc:67:22:6e:fa:
         c0:98:05:59:ac:4c:4b:cf:56:58:9a:51:c7:46:f7:22:d5:7c:
         7f:0d:9a:ee:62:0b:67:23:31:da:5d:07:ac:79:57:1e:57:77:
         90:27:20:47:8d:04:df:44:ef:6d:7c:7c:4e:b3:09:8d:ed:01:
         01:e2:e3:af:3a:3c:87:e7:7c:f6:cb:b3:9d:36:69:35:36:bb:
         6e:2b:67:bf:7b:de:35:3d:30:18:48:4e:62:6f:8b:33:80:d8:
         03:d5:16:ed:bf:81:31:61:14:df:a4:34:2e:fd:63:90:e2:3a:
         9d:88:17:5c:55:84:d0:cc:2d:99:09:ed:a7:3b:11:4d:ec:2e:
         f7:c5:73:66:d5:d0:bf:8e:a4:6e:bb:55:c5:55:a4:a2:35:78:
         dc:c5:a2:36:8b:da:e7:ff:61:2f:6c:85:39:4e:9b:0f:43:a2:
         36:97:66:5b:1d:e8:e9:f9:14:85:ac:76:00:52:2c:06:ab:0d:
         aa:99:24:d5:92:71:5b:ef:45:64:86:f7:db:83:b9:5b:69:a5:
         c5:db:c1:52:7e:70:0a:bd:83:65:f6:4f:5b:60:27:3b:ea:59:
         3f:9b:c6:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKTrIWXM03d/hvCrYjUSdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmOTJiZmY3YTg5YTg1OTBlNmFiYmFlYzAyODJiMGYyNGUw
YWZlYjIwHhcNMjQwMTAyMTIzMjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTIzODBjZGQxOTdjODllZWNiNTg2YWQzNGE3NzkxZDlkMjA0MzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+kCYbLHJGYZZle1T8Vpp08HXHn5
RdkYHBaa+U1ULsFFWxrJEq/uf5o8LoNb+TjXjSOtgSrXaNe5prVnVbr2+Wnd5pKA
ZDoSt8wPHJyX06XFM10mV5UQyfHJTTZeguQrWc2Re1tHHWom1Fb4TgLzUw+ri994
7XlPMvkp8TQh6BaSn6K6QkivJHQuJIsrgmOia6xYvU/S2vii8sYRCnIm7HRtVIP7
Sn7E0SCwMFwvHc46kzrnm1qiTXLuy9Qn7iQvxrjctnXWf23ouPLMv9MP2BEPLgUx
y6uhP75LRv2KwFi8x0B7IJojE/315j7IMPLJpiIXEKltANXDFOIJh4VA2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNojgM3Rl8ie7LWGrTSneR2dIEOcMB8GA1UdIwQY
MBaAFF+Sv/eomoWQ5qu67AKCsPJOCv6yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDVLXzk2aWFoWkRtcTdyc0FvS3c4azRLX3JJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9hNzhlZjEtYzNjOS00M2EwLTliMWMt
MWQ5ZDhkMDA0MTExLzEvMmlPQXpkR1h5SjdzdFlhdE5LZDVIWjBnUTV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9hNzhlZjEtYzNjOS00M2EwLTliMWMtMWQ5ZDhkMDA0MTEx
LzEvWDVLXzk2aWFoWkRtcTdyc0FvS3c4azRLX3JJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+y2MA0G
CSqGSIb3DQEBCwUAA4IBAQCj4u+tWYHaeOHDVdnfJxS7d/ik6piSawES8vI+9gzz
/GcibvrAmAVZrExLz1ZYmlHHRvci1Xx/DZruYgtnIzHaXQeseVceV3eQJyBHjQTf
RO9tfHxOswmN7QEB4uOvOjyH53z2y7OdNmk1NrtuK2e/e941PTAYSE5ib4szgNgD
1Rbtv4ExYRTfpDQu/WOQ4jqdiBdcVYTQzC2ZCe2nOxFN7C73xXNm1dC/jqRuu1XF
VaSiNXjcxaI2i9rn/2EvbIU5TpsPQ6I2l2ZbHejp+RSFrHYAUiwGqw2qmSTVknFb
70Vkhvfbg7lbaaXF28FSfnAKvYNl9k9bYCc76lk/m8ay
-----END CERTIFICATE-----