Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/13f8c5-ab7a-4f37-b2d7-8b51792c6660/1/XdFZeTorOt_mOBV6FA9Sdw538kI.roa
File:                     XdFZeTorOt_mOBV6FA9Sdw538kI.roa (raw, json)
Hash identifier:          v3st87g5es1G6UScywer8D6jxNnVU/4gU8DoQF6Fl3M=
Subject key identifier:   5D:D1:59:79:3A:2B:3A:DF:E6:38:15:7A:14:0F:52:77:0E:77:F2:42
Certificate issuer:       /CN=1893eddef5cfc38d613eaa81774de30034b19d22
Certificate serial:       018CC86F4F565F6E97E31483EE6F796B2B38
Authority key identifier: 18:93:ED:DE:F5:CF:C3:8D:61:3E:AA:81:77:4D:E3:00:34:B1:9D:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GJPt3vXPw41hPqqBd03jADSxnSI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/13f8c5-ab7a-4f37-b2d7-8b51792c6660/1/XdFZeTorOt_mOBV6FA9Sdw538kI.roa
Signing time:             Tue 02 Jan 2024 04:29:47 +0000
ROA not before:           Tue 02 Jan 2024 04:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31725
IP address blocks:        91.201.244.0/23 maxlen: 23
                          91.201.244.0/22 maxlen: 22
                          91.201.246.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/13f8c5-ab7a-4f37-b2d7-8b51792c6660/1/GJPt3vXPw41hPqqBd03jADSxnSI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/13f8c5-ab7a-4f37-b2d7-8b51792c6660/1/GJPt3vXPw41hPqqBd03jADSxnSI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GJPt3vXPw41hPqqBd03jADSxnSI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 18:17:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:4f:56:5f:6e:97:e3:14:83:ee:6f:79:6b:2b:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1893eddef5cfc38d613eaa81774de30034b19d22
        Validity
            Not Before: Jan  2 04:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5dd159793a2b3adfe638157a140f52770e77f242
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:f7:88:a2:e8:10:01:47:73:1f:a1:35:7c:67:
                    8d:17:93:75:92:dd:36:84:28:8a:b4:87:31:03:7d:
                    24:0b:3d:4b:c7:09:25:88:eb:0e:aa:54:d5:b3:af:
                    15:ca:84:03:8c:f2:15:9f:d3:c1:e2:26:f1:74:76:
                    82:17:cb:08:88:fb:9d:c2:de:e5:85:ac:5f:34:38:
                    1b:a8:e4:6d:df:d5:62:7d:fa:4a:09:17:50:04:da:
                    13:3d:8e:56:ea:6e:f5:3b:73:2d:94:0a:87:df:d7:
                    bf:4e:5a:43:ff:39:94:98:c6:3b:b4:6f:2a:32:75:
                    2a:da:d8:d8:99:73:96:f0:c7:6e:fa:49:91:32:4a:
                    e5:b4:b4:47:73:67:4b:79:d0:3e:74:7f:b6:37:31:
                    52:07:2c:9d:a3:1b:55:74:f7:17:b4:95:73:00:ca:
                    e0:61:a1:92:ee:05:8f:b7:67:99:32:76:33:46:2c:
                    5e:c5:96:f9:64:5d:9b:70:0a:a4:be:eb:61:4f:e6:
                    c5:48:86:bc:dd:66:90:17:87:2e:f8:fc:71:73:d6:
                    db:94:13:74:77:ff:16:7a:03:c4:1e:91:32:05:ca:
                    da:48:09:77:2e:58:b3:27:78:22:2c:3f:23:a7:48:
                    07:47:ae:3e:b3:ab:a2:46:6e:15:0a:ab:40:49:2a:
                    9b:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:D1:59:79:3A:2B:3A:DF:E6:38:15:7A:14:0F:52:77:0E:77:F2:42
            X509v3 Authority Key Identifier:
                keyid:18:93:ED:DE:F5:CF:C3:8D:61:3E:AA:81:77:4D:E3:00:34:B1:9D:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GJPt3vXPw41hPqqBd03jADSxnSI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/13f8c5-ab7a-4f37-b2d7-8b51792c6660/1/XdFZeTorOt_mOBV6FA9Sdw538kI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/13f8c5-ab7a-4f37-b2d7-8b51792c6660/1/GJPt3vXPw41hPqqBd03jADSxnSI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         55:a9:43:a9:bf:d7:ed:5a:c6:e8:19:21:8a:2e:63:e0:7c:27:
         79:85:9f:26:bd:0b:e1:b9:82:6c:4d:93:ed:f3:e1:e8:6f:59:
         1c:25:6c:aa:04:ba:ae:e8:53:35:d6:cb:4a:b5:e0:77:58:b7:
         b9:e7:c3:fd:48:cf:b0:77:b7:ea:0a:01:f4:84:b2:13:0e:68:
         2a:36:71:39:67:bf:02:41:1a:e0:3e:10:d9:6b:0f:27:c9:6b:
         3a:d3:67:b1:13:14:f6:9b:38:26:18:5a:10:7d:cd:ab:ac:c9:
         40:49:69:91:64:71:c4:a0:d5:d4:b9:e6:32:21:7f:11:3d:5d:
         ff:84:5e:47:92:0c:63:a3:d0:19:de:f8:bb:c4:e5:ae:10:5e:
         d1:21:95:cd:c1:12:e1:bc:82:13:50:f6:89:57:a9:b7:8f:ca:
         cc:65:d5:86:40:c6:c7:53:b5:04:0f:f2:1b:fa:e2:50:b0:4e:
         be:0e:f6:dd:16:b2:a4:92:d0:58:c7:58:11:e2:1a:f5:a9:25:
         5e:3d:0f:0d:3c:3c:2f:8c:83:db:20:a8:aa:a7:38:09:ab:3c:
         45:93:0e:4b:5e:56:2c:71:c7:05:cf:1f:22:bd:2e:d6:2b:ad:
         f2:8b:a1:27:18:7c:7b:83:cd:2b:ad:f9:5d:48:fd:5c:33:e8:
         28:fd:cc:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb09WX26X4xSD7m95ays4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OTNlZGRlZjVjZmMzOGQ2MTNlYWE4MTc3NGRlMzAwMzRi
MTlkMjIwHhcNMjQwMTAyMDQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGQxNTk3OTNhMmIzYWRmZTYzODE1N2ExNDBmNTI3NzBlNzdmMjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPeIougQAUdzH6E1fGeNF5N1kt02
hCiKtIcxA30kCz1LxwkliOsOqlTVs68VyoQDjPIVn9PB4ibxdHaCF8sIiPudwt7l
haxfNDgbqORt39ViffpKCRdQBNoTPY5W6m71O3MtlAqH39e/TlpD/zmUmMY7tG8q
MnUq2tjYmXOW8Mdu+kmRMkrltLRHc2dLedA+dH+2NzFSByydoxtVdPcXtJVzAMrg
YaGS7gWPt2eZMnYzRixexZb5ZF2bcAqkvuthT+bFSIa83WaQF4cu+Pxxc9bblBN0
d/8WegPEHpEyBcraSAl3LlizJ3giLD8jp0gHR64+s6uiRm4VCqtASSqbrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF3RWXk6Kzrf5jgVehQPUncOd/JCMB8GA1UdIwQY
MBaAFBiT7d71z8ONYT6qgXdN4wA0sZ0iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0pQdDN2WFB3NDFoUHFxQmQwM2pBRFN4blNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC8xM2Y4YzUtYWI3YS00ZjM3LWIyZDct
OGI1MTc5MmM2NjYwLzEvWGRGWmVUb3JPdF9tT0JWNkZBOVNkdzUzOGtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC8xM2Y4YzUtYWI3YS00ZjM3LWIyZDctOGI1MTc5MmM2NjYw
LzEvR0pQdDN2WFB3NDFoUHFxQmQwM2pBRFN4blNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8n0MA0G
CSqGSIb3DQEBCwUAA4IBAQBVqUOpv9ftWsboGSGKLmPgfCd5hZ8mvQvhuYJsTZPt
8+Hob1kcJWyqBLqu6FM11stKteB3WLe558P9SM+wd7fqCgH0hLITDmgqNnE5Z78C
QRrgPhDZaw8nyWs602exExT2mzgmGFoQfc2rrMlASWmRZHHEoNXUueYyIX8RPV3/
hF5Hkgxjo9AZ3vi7xOWuEF7RIZXNwRLhvIITUPaJV6m3j8rMZdWGQMbHU7UED/Ib
+uJQsE6+DvbdFrKkktBYx1gR4hr1qSVePQ8NPDwvjIPbIKiqpzgJqzxFkw5LXlYs
cccFzx8ivS7WK63yi6EnGHx7g80rrfldSP1cM+go/czC
-----END CERTIFICATE-----