Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/f5fafc-668d-4ada-8ec6-2449a3ec923e/1/1tWUQzOjOiuMQjPWuP1yT3t6QXU.roa
File:                     1tWUQzOjOiuMQjPWuP1yT3t6QXU.roa (raw, json)
Hash identifier:          aPOV/HBGx7gXZPrSE/9CN35JE8+w7fIiy8b+3+ih1L8=
Subject key identifier:   D6:D5:94:43:33:A3:3A:2B:8C:42:33:D6:B8:FD:72:4F:7B:7A:41:75
Certificate issuer:       /CN=2fc20be6167890247303214197658ca7c9676150
Certificate serial:       018CC56EA88C898B11843BD542320806C366
Authority key identifier: 2F:C2:0B:E6:16:78:90:24:73:03:21:41:97:65:8C:A7:C9:67:61:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L8IL5hZ4kCRzAyFBl2WMp8lnYVA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/f5fafc-668d-4ada-8ec6-2449a3ec923e/1/1tWUQzOjOiuMQjPWuP1yT3t6QXU.roa
Signing time:             Mon 01 Jan 2024 14:30:12 +0000
ROA not before:           Mon 01 Jan 2024 14:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31898
IP address blocks:        91.223.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/f5fafc-668d-4ada-8ec6-2449a3ec923e/1/L8IL5hZ4kCRzAyFBl2WMp8lnYVA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/f5fafc-668d-4ada-8ec6-2449a3ec923e/1/L8IL5hZ4kCRzAyFBl2WMp8lnYVA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L8IL5hZ4kCRzAyFBl2WMp8lnYVA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:a8:8c:89:8b:11:84:3b:d5:42:32:08:06:c3:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fc20be6167890247303214197658ca7c9676150
        Validity
            Not Before: Jan  1 14:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6d5944333a33a2b8c4233d6b8fd724f7b7a4175
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:8b:0a:30:2c:0a:4e:e6:84:07:b7:47:bc:e1:
                    e9:9a:7f:19:35:55:4b:3a:59:98:02:6d:c3:57:86:
                    9e:a4:f4:08:a8:b5:de:da:a5:72:62:a5:32:9c:26:
                    20:98:0e:9c:8f:bf:12:69:05:97:5f:38:76:04:a8:
                    6c:d8:a8:86:e8:f2:eb:5a:c1:41:d2:70:07:03:23:
                    17:c9:7b:62:5b:7f:57:0c:f1:48:6b:4e:c6:a9:8f:
                    3e:3e:76:ed:58:86:83:bd:83:7a:9c:6c:9e:4d:21:
                    1d:c0:c9:9f:70:85:37:31:70:44:8a:09:79:58:16:
                    25:05:71:e7:cc:40:dd:0a:3c:44:3f:b5:ae:84:51:
                    4f:be:2c:aa:48:cc:90:3a:45:9c:50:04:81:5e:13:
                    c3:51:19:43:be:b9:e4:85:6b:75:77:18:32:68:17:
                    11:4e:5e:41:8b:ff:14:96:19:78:32:a5:5c:bf:84:
                    75:e4:75:ec:4b:f9:96:4c:89:bc:98:68:d5:1c:50:
                    fb:de:92:a9:b6:04:a9:0b:9c:31:2f:60:dc:8e:3d:
                    8e:50:4a:80:0b:89:1d:01:42:93:bb:bc:9b:32:c7:
                    ba:75:b0:64:c7:12:e9:8e:a1:f4:16:a8:68:f6:3c:
                    8a:63:5f:79:bf:67:00:ae:6d:8f:6b:28:13:98:2d:
                    d5:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:D5:94:43:33:A3:3A:2B:8C:42:33:D6:B8:FD:72:4F:7B:7A:41:75
            X509v3 Authority Key Identifier:
                keyid:2F:C2:0B:E6:16:78:90:24:73:03:21:41:97:65:8C:A7:C9:67:61:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L8IL5hZ4kCRzAyFBl2WMp8lnYVA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/f5fafc-668d-4ada-8ec6-2449a3ec923e/1/1tWUQzOjOiuMQjPWuP1yT3t6QXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/f5fafc-668d-4ada-8ec6-2449a3ec923e/1/L8IL5hZ4kCRzAyFBl2WMp8lnYVA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:d1:4d:0d:4c:1e:eb:14:3e:75:2a:68:2f:c9:62:23:ea:77:
         1d:3a:4a:03:6c:f8:25:cd:9b:bf:a6:af:f4:fc:92:95:2a:bc:
         f9:20:52:e6:8e:f9:97:82:c3:f7:39:b1:0b:54:46:7d:ad:ea:
         11:64:d3:1f:0b:90:e0:68:4e:f9:5c:e6:11:67:4b:04:cd:21:
         17:91:13:00:69:36:e7:a0:84:41:91:ce:1a:19:9a:20:ea:a2:
         cb:8b:6c:86:68:40:62:01:7f:83:13:d5:79:fe:5d:97:1c:5a:
         a2:c0:8f:1a:b4:4b:79:ab:a9:4a:44:8f:7b:a5:44:23:23:8f:
         12:ba:9a:77:a9:e6:50:43:39:d5:fa:e4:37:b5:d5:cc:5c:9c:
         8a:34:49:9a:f8:ca:bb:ec:d6:3f:a9:71:e3:28:b5:cb:01:96:
         28:7d:a7:a5:54:86:ad:28:9f:03:54:b9:9e:3f:e3:ad:6b:6b:
         93:9a:a1:71:29:f7:7f:c9:c1:8f:4b:66:96:92:78:a5:d4:55:
         e5:e3:0a:9c:6d:95:81:38:11:c5:ba:63:74:8f:22:ef:2e:1a:
         ce:2a:54:ec:15:f3:11:f8:5c:72:3e:00:d5:d9:e1:36:13:de:
         bd:08:20:5e:7e:1c:9b:19:02:3d:a9:0c:a9:9c:4e:31:19:b5:
         b2:69:5b:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbqiMiYsRhDvVQjIIBsNmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYzIwYmU2MTY3ODkwMjQ3MzAzMjE0MTk3NjU4Y2E3Yzk2
NzYxNTAwHhcNMjQwMTAxMTQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmQ1OTQ0MzMzYTMzYTJiOGM0MjMzZDZiOGZkNzI0ZjdiN2E0MTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIsKMCwKTuaEB7dHvOHpmn8ZNVVL
OlmYAm3DV4aepPQIqLXe2qVyYqUynCYgmA6cj78SaQWXXzh2BKhs2KiG6PLrWsFB
0nAHAyMXyXtiW39XDPFIa07GqY8+PnbtWIaDvYN6nGyeTSEdwMmfcIU3MXBEigl5
WBYlBXHnzEDdCjxEP7WuhFFPviyqSMyQOkWcUASBXhPDURlDvrnkhWt1dxgyaBcR
Tl5Bi/8Ulhl4MqVcv4R15HXsS/mWTIm8mGjVHFD73pKptgSpC5wxL2Dcjj2OUEqA
C4kdAUKTu7ybMse6dbBkxxLpjqH0Fqho9jyKY195v2cArm2PaygTmC3VowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNbVlEMzozorjEIz1rj9ck97ekF1MB8GA1UdIwQY
MBaAFC/CC+YWeJAkcwMhQZdljKfJZ2FQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDhJTDVoWjRrQ1J6QXlGQmwyV01wOGxuWVZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9mNWZhZmMtNjY4ZC00YWRhLThlYzYt
MjQ0OWEzZWM5MjNlLzEvMXRXVVF6T2pPaXVNUWpQV3VQMXlUM3Q2UVhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9mNWZhZmMtNjY4ZC00YWRhLThlYzYtMjQ0OWEzZWM5MjNl
LzEvTDhJTDVoWjRrQ1J6QXlGQmwyV01wOGxuWVZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9/tMA0G
CSqGSIb3DQEBCwUAA4IBAQCw0U0NTB7rFD51KmgvyWIj6ncdOkoDbPglzZu/pq/0
/JKVKrz5IFLmjvmXgsP3ObELVEZ9reoRZNMfC5DgaE75XOYRZ0sEzSEXkRMAaTbn
oIRBkc4aGZog6qLLi2yGaEBiAX+DE9V5/l2XHFqiwI8atEt5q6lKRI97pUQjI48S
upp3qeZQQznV+uQ3tdXMXJyKNEma+Mq77NY/qXHjKLXLAZYofaelVIatKJ8DVLme
P+Ota2uTmqFxKfd/ycGPS2aWknil1FXl4wqcbZWBOBHFumN0jyLvLhrOKlTsFfMR
+FxyPgDV2eE2E969CCBefhybGQI9qQypnE4xGbWyaVv2
-----END CERTIFICATE-----