Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/c095fc-d573-4ad9-9e2e-bd86d4b32c58/1/xRirJw20mGq4hdey4bo1AGOouDo.roa
File:                     xRirJw20mGq4hdey4bo1AGOouDo.roa (raw, json)
Hash identifier:          Ohk1UIjHlV2oeua2tCZCTr3haFOXdI2oFr8xuiRrAgo=
Subject key identifier:   C5:18:AB:27:0D:B4:98:6A:B8:85:D7:B2:E1:BA:35:00:63:A8:B8:3A
Certificate issuer:       /CN=65b128a5adcbccdf15cb979ad6abf2b9640fdbdb
Certificate serial:       0190C28E0BF0CAA487A7C67C65DE98976EE3
Authority key identifier: 65:B1:28:A5:AD:CB:CC:DF:15:CB:97:9A:D6:AB:F2:B9:64:0F:DB:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbEopa3LzN8Vy5ea1qvyuWQP29s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/c095fc-d573-4ad9-9e2e-bd86d4b32c58/1/xRirJw20mGq4hdey4bo1AGOouDo.roa
Signing time:             Wed 17 Jul 2024 21:16:47 +0000
ROA not before:           Wed 17 Jul 2024 21:16:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56543
IP address blocks:        91.223.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/c095fc-d573-4ad9-9e2e-bd86d4b32c58/1/ZbEopa3LzN8Vy5ea1qvyuWQP29s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/c095fc-d573-4ad9-9e2e-bd86d4b32c58/1/ZbEopa3LzN8Vy5ea1qvyuWQP29s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbEopa3LzN8Vy5ea1qvyuWQP29s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:19:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c2:8e:0b:f0:ca:a4:87:a7:c6:7c:65:de:98:97:6e:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b128a5adcbccdf15cb979ad6abf2b9640fdbdb
        Validity
            Not Before: Jul 17 21:16:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c518ab270db4986ab885d7b2e1ba350063a8b83a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c7:9b:9b:77:fc:94:07:e9:f7:46:61:f5:6f:
                    36:ea:17:23:c2:2f:33:7f:e8:3d:c5:9a:77:6d:e3:
                    ff:53:d9:01:d2:48:44:bd:6e:46:f6:32:8f:7c:aa:
                    f1:28:76:2d:db:ef:37:85:31:7f:45:04:34:d1:33:
                    b4:08:ab:ea:7c:84:45:e6:7d:c4:11:74:82:e7:d7:
                    79:a9:64:03:86:8c:68:d4:f2:b8:a2:ea:1e:01:07:
                    4b:26:b6:de:25:7e:d7:4e:e5:db:ef:39:00:ec:ca:
                    29:69:e8:09:94:d1:bf:65:6d:33:e0:d5:2e:58:9f:
                    f4:9e:32:b2:2a:4e:4a:a8:8d:2b:59:76:a9:2e:9b:
                    7b:b2:8e:1d:e6:1d:b7:c5:c6:fd:2c:6b:ff:1c:d0:
                    30:6d:ae:62:c7:12:bc:bb:43:70:43:8c:3a:70:8c:
                    f3:f5:0c:c8:5d:ca:8d:d4:2a:3d:20:b1:eb:46:58:
                    a7:14:7a:cf:43:4d:85:01:21:6a:01:c2:a2:dc:59:
                    a6:4d:76:fd:b4:e7:98:aa:05:ec:48:7b:3a:7d:36:
                    e5:a0:63:49:26:7d:dd:f7:4d:aa:bb:2b:c1:d7:a6:
                    1a:e9:8b:53:89:c9:3a:a1:24:7f:bd:0c:f5:88:62:
                    d9:a2:e4:2a:e1:03:c8:6a:bb:d7:81:90:65:9e:32:
                    df:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:18:AB:27:0D:B4:98:6A:B8:85:D7:B2:E1:BA:35:00:63:A8:B8:3A
            X509v3 Authority Key Identifier:
                keyid:65:B1:28:A5:AD:CB:CC:DF:15:CB:97:9A:D6:AB:F2:B9:64:0F:DB:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbEopa3LzN8Vy5ea1qvyuWQP29s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/c095fc-d573-4ad9-9e2e-bd86d4b32c58/1/xRirJw20mGq4hdey4bo1AGOouDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/c095fc-d573-4ad9-9e2e-bd86d4b32c58/1/ZbEopa3LzN8Vy5ea1qvyuWQP29s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:91:4b:1d:17:84:fe:9f:6d:f1:f4:d3:26:08:86:94:9b:33:
         d4:3c:d0:60:89:5f:66:7e:1e:fd:20:ec:cf:76:ed:29:8a:cf:
         cd:45:28:27:e5:2c:0d:a6:f3:32:cb:e9:d8:2b:44:66:96:d9:
         b4:a1:bf:73:31:8b:61:5e:5a:82:0b:d8:f9:ff:bc:4f:18:4f:
         45:dd:cd:80:6a:92:06:ed:bc:f2:a9:37:59:c9:49:6f:b6:43:
         d4:79:14:2f:c7:27:8b:91:1e:a7:07:b1:e5:b1:4c:2d:e3:de:
         ba:78:c5:67:91:c4:c7:b1:37:e1:5e:95:2d:82:64:9f:96:4a:
         25:63:fe:f8:2d:b6:8a:84:8c:e5:13:01:4c:4d:ef:76:2d:7f:
         f8:0a:ee:e6:f4:bc:47:c3:8e:25:0f:1c:d5:ac:d5:4c:81:d2:
         00:ad:cc:1a:f3:ce:18:0d:62:00:b1:5c:d9:f4:75:08:dd:d8:
         9e:eb:83:bd:e5:80:44:0a:2a:1f:44:9d:76:99:f6:dc:0a:a7:
         70:eb:51:a7:92:38:ff:92:29:d2:61:ea:61:32:5e:8c:2e:91:
         20:6a:66:7c:57:8d:5d:b5:ea:a9:aa:fc:8c:12:2c:75:5f:3c:
         cf:59:ed:50:ca:50:3c:92:08:59:73:be:8a:79:82:87:cf:a4:
         68:dd:da:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDCjgvwyqSHp8Z8Zd6Yl27jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjEyOGE1YWRjYmNjZGYxNWNiOTc5YWQ2YWJmMmI5NjQw
ZmRiZGIwHhcNMjQwNzE3MjExNjQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTE4YWIyNzBkYjQ5ODZhYjg4NWQ3YjJlMWJhMzUwMDYzYThiODNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsebm3f8lAfp90Zh9W826hcjwi8z
f+g9xZp3beP/U9kB0khEvW5G9jKPfKrxKHYt2+83hTF/RQQ00TO0CKvqfIRF5n3E
EXSC59d5qWQDhoxo1PK4ouoeAQdLJrbeJX7XTuXb7zkA7MopaegJlNG/ZW0z4NUu
WJ/0njKyKk5KqI0rWXapLpt7so4d5h23xcb9LGv/HNAwba5ixxK8u0NwQ4w6cIzz
9QzIXcqN1Co9ILHrRlinFHrPQ02FASFqAcKi3FmmTXb9tOeYqgXsSHs6fTbloGNJ
Jn3d902quyvB16Ya6YtTick6oSR/vQz1iGLZouQq4QPIarvXgZBlnjLfUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMUYqycNtJhquIXXsuG6NQBjqLg6MB8GA1UdIwQY
MBaAFGWxKKWty8zfFcuXmtar8rlkD9vbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJFb3BhM0x6TjhWeTVlYTFxdnl1V1FQMjlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9jMDk1ZmMtZDU3My00YWQ5LTllMmUt
YmQ4NmQ0YjMyYzU4LzEveFJpckp3MjBtR3E0aGRleTRibzFBR09vdURvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9jMDk1ZmMtZDU3My00YWQ5LTllMmUtYmQ4NmQ0YjMyYzU4
LzEvWmJFb3BhM0x6TjhWeTVlYTFxdnl1V1FQMjlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9/jMA0G
CSqGSIb3DQEBCwUAA4IBAQCrkUsdF4T+n23x9NMmCIaUmzPUPNBgiV9mfh79IOzP
du0pis/NRSgn5SwNpvMyy+nYK0Rmltm0ob9zMYthXlqCC9j5/7xPGE9F3c2AapIG
7bzyqTdZyUlvtkPUeRQvxyeLkR6nB7HlsUwt4966eMVnkcTHsTfhXpUtgmSflkol
Y/74LbaKhIzlEwFMTe92LX/4Cu7m9LxHw44lDxzVrNVMgdIArcwa884YDWIAsVzZ
9HUI3die64O95YBECiofRJ12mfbcCqdw61Gnkjj/kinSYephMl6MLpEgamZ8V41d
teqpqvyMEix1XzzPWe1QylA8kghZc76KeYKHz6Ro3do1
-----END CERTIFICATE-----