Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/jq6rjJZ2EZ5bzZ_TWbo7SBhptVo.roa
File:                     jq6rjJZ2EZ5bzZ_TWbo7SBhptVo.roa (raw, json)
Hash identifier:          TCJJjcWaD6DLThC9XrxwDhG0dOXLjcv7IED2zNYNNHo=
Subject key identifier:   8E:AE:AB:8C:96:76:11:9E:5B:CD:9F:D3:59:BA:3B:48:18:69:B5:5A
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       018CC794D93C25F2E7AF1B51679EA26B0C97
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/jq6rjJZ2EZ5bzZ_TWbo7SBhptVo.roa
Signing time:             Tue 02 Jan 2024 00:31:10 +0000
ROA not before:           Tue 02 Jan 2024 00:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210576
IP address blocks:        91.226.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:d9:3c:25:f2:e7:af:1b:51:67:9e:a2:6b:0c:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jan  2 00:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8eaeab8c9676119e5bcd9fd359ba3b481869b55a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:dc:22:5b:89:7e:d1:5e:56:56:e4:a3:ae:c0:
                    09:31:6c:47:ee:27:82:cc:84:2a:ec:28:65:21:6a:
                    32:75:5e:03:30:b7:29:c2:c6:94:4a:61:0a:97:3f:
                    98:01:8a:e4:79:9e:c4:4a:a8:d1:ff:fa:cb:53:2d:
                    cf:1a:0e:b4:b3:61:02:85:72:02:51:1e:d8:0d:4f:
                    41:a5:d2:e8:81:77:25:82:19:8f:10:63:44:05:c9:
                    8c:d1:37:eb:e0:60:c5:ad:97:fb:56:73:69:85:54:
                    c9:03:f9:d5:4b:03:01:ec:2d:22:d1:08:4b:7e:66:
                    3f:fc:78:00:a4:af:9a:80:ca:98:46:7f:1a:ca:d3:
                    3c:c3:b2:fb:43:b6:54:ff:36:db:ff:11:a1:ba:a8:
                    35:2e:0e:db:59:0e:cf:d0:ac:4d:e7:ea:16:ba:f1:
                    b9:be:f7:8d:14:7a:01:f8:5a:a5:88:30:8d:5d:fe:
                    cd:ab:58:74:c1:c0:47:ae:82:f4:61:7b:ba:04:b3:
                    22:7d:f3:fa:ca:06:b9:e4:17:b4:17:c7:06:6d:7e:
                    34:88:bf:50:bc:d2:fe:e2:0b:f9:f1:a5:fd:04:80:
                    46:22:72:25:5d:f1:d6:0c:29:d8:6a:a9:60:c0:6b:
                    02:40:f8:9a:b8:2d:89:60:c6:e3:54:63:84:a0:99:
                    67:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:AE:AB:8C:96:76:11:9E:5B:CD:9F:D3:59:BA:3B:48:18:69:B5:5A
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/jq6rjJZ2EZ5bzZ_TWbo7SBhptVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:0c:db:bf:70:20:19:54:74:2a:6d:bf:3c:da:c4:3e:86:0d:
         04:63:f9:8f:73:58:4b:15:c1:fb:16:44:cb:e4:96:82:9f:9f:
         75:a4:cf:af:1f:76:33:45:1e:93:0a:b4:55:d3:24:db:3f:1b:
         dd:5b:ca:38:5d:c6:15:25:18:91:92:15:fa:41:ec:a5:7e:3c:
         12:a8:2b:60:27:ec:81:f2:c4:72:c6:8a:5b:c4:59:66:df:53:
         5c:a6:79:6a:08:2f:5b:ed:49:50:86:94:32:14:5b:22:2d:c3:
         07:44:94:98:9e:49:8a:ea:e2:2c:07:34:6d:3f:1f:d0:40:47:
         31:9c:78:27:4d:d4:dc:33:6f:85:ca:8d:fd:b3:cc:ea:34:71:
         45:9b:42:6b:06:67:39:80:cf:62:9d:a7:08:69:31:2d:96:25:
         04:eb:7f:6a:8d:04:e8:d3:dd:ba:4c:71:01:90:e5:a1:ad:ab:
         54:4e:21:a3:a1:f6:8d:76:a3:c2:49:90:41:da:0d:03:5b:8c:
         e6:99:e5:9f:14:09:f6:09:22:56:ad:cc:e6:36:95:0c:10:8d:
         62:5b:d4:25:ed:03:d8:e4:dc:3d:ce:b2:b3:a9:ab:7d:a4:80:
         84:e6:75:f5:fa:4e:21:5d:a9:b6:fe:1c:77:84:10:0d:28:84:
         06:50:40:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlNk8JfLnrxtRZ56iawyXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQwMTAyMDAzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWFlYWI4Yzk2NzYxMTllNWJjZDlmZDM1OWJhM2I0ODE4NjliNTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdwiW4l+0V5WVuSjrsAJMWxH7ieC
zIQq7ChlIWoydV4DMLcpwsaUSmEKlz+YAYrkeZ7ESqjR//rLUy3PGg60s2EChXIC
UR7YDU9BpdLogXclghmPEGNEBcmM0Tfr4GDFrZf7VnNphVTJA/nVSwMB7C0i0QhL
fmY//HgApK+agMqYRn8aytM8w7L7Q7ZU/zbb/xGhuqg1Lg7bWQ7P0KxN5+oWuvG5
vveNFHoB+FqliDCNXf7Nq1h0wcBHroL0YXu6BLMiffP6yga55Be0F8cGbX40iL9Q
vNL+4gv58aX9BIBGInIlXfHWDCnYaqlgwGsCQPiauC2JYMbjVGOEoJln7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI6uq4yWdhGeW82f01m6O0gYabVaMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvanE2cmpKWjJFWjVielpfVFdibzdTQmhwdFZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+I5MA0G
CSqGSIb3DQEBCwUAA4IBAQBADNu/cCAZVHQqbb882sQ+hg0EY/mPc1hLFcH7FkTL
5JaCn591pM+vH3YzRR6TCrRV0yTbPxvdW8o4XcYVJRiRkhX6QeylfjwSqCtgJ+yB
8sRyxopbxFlm31NcpnlqCC9b7UlQhpQyFFsiLcMHRJSYnkmK6uIsBzRtPx/QQEcx
nHgnTdTcM2+Fyo39s8zqNHFFm0JrBmc5gM9inacIaTEtliUE639qjQTo0926THEB
kOWhratUTiGjofaNdqPCSZBB2g0DW4zmmeWfFAn2CSJWrczmNpUMEI1iW9Ql7QPY
5Nw9zrKzqat9pICE5nX1+k4hXam2/hx3hBANKIQGUEBo
-----END CERTIFICATE-----