Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/a78ef1-c3c9-43a0-9b1c-1d9d8d004111/1/s9Gqi6-lD6Y5ZykqQlxQ42W2X-0.roa
File:                     s9Gqi6-lD6Y5ZykqQlxQ42W2X-0.roa (raw, json)
Hash identifier:          elVofcyPNutK78jSB4gfvk7J8w54zk+Pk3LJJOOwno0=
Subject key identifier:   B3:D1:AA:8B:AF:A5:0F:A6:39:67:29:2A:42:5C:50:E3:65:B6:5F:ED
Certificate issuer:       /CN=5f92bff7a89a8590e6abbaec0282b0f24e0afeb2
Certificate serial:       018CCA293B3FA447932BA7D9E253311F511D
Authority key identifier: 5F:92:BF:F7:A8:9A:85:90:E6:AB:BA:EC:02:82:B0:F2:4E:0A:FE:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X5K_96iahZDmq7rsAoKw8k4K_rI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/a78ef1-c3c9-43a0-9b1c-1d9d8d004111/1/s9Gqi6-lD6Y5ZykqQlxQ42W2X-0.roa
Signing time:             Tue 02 Jan 2024 12:32:28 +0000
ROA not before:           Tue 02 Jan 2024 12:32:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57920
IP address blocks:        91.236.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/a78ef1-c3c9-43a0-9b1c-1d9d8d004111/1/X5K_96iahZDmq7rsAoKw8k4K_rI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/a78ef1-c3c9-43a0-9b1c-1d9d8d004111/1/X5K_96iahZDmq7rsAoKw8k4K_rI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X5K_96iahZDmq7rsAoKw8k4K_rI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:3b:3f:a4:47:93:2b:a7:d9:e2:53:31:1f:51:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f92bff7a89a8590e6abbaec0282b0f24e0afeb2
        Validity
            Not Before: Jan  2 12:32:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3d1aa8bafa50fa63967292a425c50e365b65fed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b6:ce:cf:ed:8a:89:c8:ea:bc:62:f6:8c:f5:
                    d7:1c:0a:d1:2c:cc:7d:70:9d:c4:3f:6d:26:8a:ba:
                    21:b9:77:39:85:77:17:97:b0:43:09:7c:08:92:52:
                    20:1f:ac:0c:f9:3c:14:2e:ed:54:a5:44:e6:e3:97:
                    66:69:fe:15:0c:28:8f:1a:9a:ac:16:0d:b7:57:5c:
                    df:71:39:68:18:39:c1:6d:78:fc:69:6f:70:7e:42:
                    a4:4a:3d:1d:d5:38:6c:e3:29:4c:f1:1e:4a:c4:9a:
                    7f:aa:5e:e2:d7:3b:8e:01:87:89:0a:27:cd:05:90:
                    3b:5e:22:38:1e:0a:92:07:34:68:7f:14:eb:9b:a1:
                    03:41:c0:c9:27:f4:82:9c:3a:51:37:15:34:64:28:
                    84:97:1b:f3:e1:72:db:a9:ae:1b:2f:71:e9:8f:9a:
                    f8:a3:f9:79:3b:d7:b4:da:83:1b:7c:d2:2e:3b:82:
                    bc:95:35:d7:51:c7:4a:07:0a:b7:c4:66:25:aa:22:
                    20:35:1e:22:35:aa:28:f5:04:2a:b2:ab:87:77:5b:
                    c6:04:6a:dd:d6:8e:b2:1e:c2:60:27:dc:f6:d4:c6:
                    d6:1b:34:2c:b8:a8:92:27:d8:e1:4e:1c:2a:69:5b:
                    e4:77:c2:5b:2f:da:38:e4:76:b2:8c:95:cb:f9:a8:
                    06:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:D1:AA:8B:AF:A5:0F:A6:39:67:29:2A:42:5C:50:E3:65:B6:5F:ED
            X509v3 Authority Key Identifier:
                keyid:5F:92:BF:F7:A8:9A:85:90:E6:AB:BA:EC:02:82:B0:F2:4E:0A:FE:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X5K_96iahZDmq7rsAoKw8k4K_rI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/a78ef1-c3c9-43a0-9b1c-1d9d8d004111/1/s9Gqi6-lD6Y5ZykqQlxQ42W2X-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/a78ef1-c3c9-43a0-9b1c-1d9d8d004111/1/X5K_96iahZDmq7rsAoKw8k4K_rI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:2e:79:95:a5:9c:60:2c:7b:8b:83:09:2a:d8:2d:6b:33:e0:
         37:8c:38:a4:19:9f:87:83:f2:55:e1:5b:55:0d:8c:65:fd:1f:
         c1:85:1f:fb:57:6b:38:86:14:03:f4:fa:89:5a:54:0d:5e:5d:
         ec:ee:ec:c0:dd:a8:86:2d:67:45:7a:9d:09:5f:c7:a2:d9:24:
         25:39:29:de:31:fd:94:16:bc:c9:98:ec:53:9c:3f:12:64:84:
         55:af:16:93:fe:8b:8b:63:fd:00:7b:fd:af:5f:a3:8b:56:6b:
         86:0a:e7:69:3e:92:5b:17:cb:77:4b:f2:d7:df:dd:f8:2b:98:
         bd:82:0a:cb:70:b1:31:cd:72:fd:55:5d:49:ed:29:e7:e3:ee:
         87:18:36:56:81:6d:3f:33:b1:a1:ab:ed:6e:87:c1:f9:52:19:
         1c:28:23:c4:e9:f8:29:9b:f5:4b:b4:4c:83:3d:4c:77:33:f4:
         80:68:5d:ae:3b:a0:a5:5b:f1:18:aa:f1:d5:fb:4a:52:38:29:
         5e:de:1c:ae:63:73:bd:90:cb:f1:47:b0:13:7d:5a:3f:ab:be:
         94:66:68:9e:db:5d:4c:ea:4d:94:92:f6:cd:91:32:9e:72:f8:
         63:47:ce:6b:32:0a:03:e6:e3:3a:2c:1d:d8:a9:08:fe:05:3b:
         29:58:b1:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKTs/pEeTK6fZ4lMxH1EdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmOTJiZmY3YTg5YTg1OTBlNmFiYmFlYzAyODJiMGYyNGUw
YWZlYjIwHhcNMjQwMTAyMTIzMjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2QxYWE4YmFmYTUwZmE2Mzk2NzI5MmE0MjVjNTBlMzY1YjY1ZmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLbOz+2KicjqvGL2jPXXHArRLMx9
cJ3EP20mirohuXc5hXcXl7BDCXwIklIgH6wM+TwULu1UpUTm45dmaf4VDCiPGpqs
Fg23V1zfcTloGDnBbXj8aW9wfkKkSj0d1Ths4ylM8R5KxJp/ql7i1zuOAYeJCifN
BZA7XiI4HgqSBzRofxTrm6EDQcDJJ/SCnDpRNxU0ZCiElxvz4XLbqa4bL3Hpj5r4
o/l5O9e02oMbfNIuO4K8lTXXUcdKBwq3xGYlqiIgNR4iNaoo9QQqsquHd1vGBGrd
1o6yHsJgJ9z21MbWGzQsuKiSJ9jhThwqaVvkd8JbL9o45HayjJXL+agGFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLPRqouvpQ+mOWcpKkJcUONltl/tMB8GA1UdIwQY
MBaAFF+Sv/eomoWQ5qu67AKCsPJOCv6yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDVLXzk2aWFoWkRtcTdyc0FvS3c4azRLX3JJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9hNzhlZjEtYzNjOS00M2EwLTliMWMt
MWQ5ZDhkMDA0MTExLzEvczlHcWk2LWxENlk1WnlrcVFseFE0MlcyWC0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9hNzhlZjEtYzNjOS00M2EwLTliMWMtMWQ5ZDhkMDA0MTEx
LzEvWDVLXzk2aWFoWkRtcTdyc0FvS3c4azRLX3JJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+y2MA0G
CSqGSIb3DQEBCwUAA4IBAQCvLnmVpZxgLHuLgwkq2C1rM+A3jDikGZ+Hg/JV4VtV
DYxl/R/BhR/7V2s4hhQD9PqJWlQNXl3s7uzA3aiGLWdFep0JX8ei2SQlOSneMf2U
FrzJmOxTnD8SZIRVrxaT/ouLY/0Ae/2vX6OLVmuGCudpPpJbF8t3S/LX3934K5i9
ggrLcLExzXL9VV1J7Snn4+6HGDZWgW0/M7Ghq+1uh8H5UhkcKCPE6fgpm/VLtEyD
PUx3M/SAaF2uO6ClW/EYqvHV+0pSOCle3hyuY3O9kMvxR7ATfVo/q76UZmie211M
6k2UkvbNkTKecvhjR85rMgoD5uM6LB3YqQj+BTspWLEd
-----END CERTIFICATE-----