Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/cd8269-2b7e-4a78-a9c6-ec7a3603e17e/1/xGQPahDqKj3i256JbjAUD1APknw.roa
File:                     xGQPahDqKj3i256JbjAUD1APknw.roa (raw, json)
Hash identifier:          A9F6s58YDqumnldnhU5waoSV6UdQpDxcGU8uj7OQpXU=
Subject key identifier:   C4:64:0F:6A:10:EA:2A:3D:E2:DB:9E:89:6E:30:14:0F:50:0F:92:7C
Certificate issuer:       /CN=96b122a7dba7432930c831f57a9406f73449c5b7
Certificate serial:       018CC3B7313260BC459157E32D9E6D945481
Authority key identifier: 96:B1:22:A7:DB:A7:43:29:30:C8:31:F5:7A:94:06:F7:34:49:C5:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lrEip9unQykwyDH1epQG9zRJxbc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/cd8269-2b7e-4a78-a9c6-ec7a3603e17e/1/xGQPahDqKj3i256JbjAUD1APknw.roa
Signing time:             Mon 01 Jan 2024 06:30:11 +0000
ROA not before:           Mon 01 Jan 2024 06:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213374
IP address blocks:        91.234.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/cd8269-2b7e-4a78-a9c6-ec7a3603e17e/1/lrEip9unQykwyDH1epQG9zRJxbc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/cd8269-2b7e-4a78-a9c6-ec7a3603e17e/1/lrEip9unQykwyDH1epQG9zRJxbc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lrEip9unQykwyDH1epQG9zRJxbc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:31:32:60:bc:45:91:57:e3:2d:9e:6d:94:54:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96b122a7dba7432930c831f57a9406f73449c5b7
        Validity
            Not Before: Jan  1 06:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4640f6a10ea2a3de2db9e896e30140f500f927c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:d2:66:f5:af:f4:d4:2a:59:c8:5a:74:40:4a:
                    c1:95:e1:6c:8d:88:01:4b:c1:81:da:f8:aa:18:46:
                    a7:48:4f:4b:ee:17:57:25:12:4a:68:50:6a:5a:43:
                    21:d7:5d:40:74:e4:01:a3:b8:9e:a6:f1:21:1e:f5:
                    8a:1d:c1:9d:e8:79:98:0f:b1:48:f5:e3:8f:88:d2:
                    a5:a9:d4:67:d7:a6:f0:30:fb:7e:6c:48:f8:ca:fa:
                    5a:b7:8f:13:1b:36:2c:45:c8:c1:b3:a6:0d:11:e5:
                    e0:42:1d:09:fa:82:5d:f7:18:ad:c2:97:43:b8:be:
                    39:00:99:5e:d1:49:4c:f2:97:00:95:a8:09:07:89:
                    86:e8:93:a6:a9:03:e8:bd:f2:f1:a5:74:2c:26:21:
                    d2:d4:ba:7f:c8:e6:2c:71:bb:19:fa:2c:d9:40:e9:
                    4e:f8:04:cb:d4:d8:c4:e0:4a:d1:fa:e5:a8:e5:47:
                    2e:f5:e1:ce:6a:fb:c5:12:43:84:c0:f8:39:9d:b3:
                    7a:32:bc:19:a3:4e:29:30:a9:aa:c7:aa:b7:24:8a:
                    a8:e3:8c:83:0c:ea:48:cd:da:b5:35:1e:45:54:88:
                    31:9f:1d:e2:5a:ad:39:57:8b:18:af:d6:14:63:11:
                    61:e1:7f:30:c5:12:72:2d:2e:33:e9:7c:3e:39:df:
                    23:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:64:0F:6A:10:EA:2A:3D:E2:DB:9E:89:6E:30:14:0F:50:0F:92:7C
            X509v3 Authority Key Identifier:
                keyid:96:B1:22:A7:DB:A7:43:29:30:C8:31:F5:7A:94:06:F7:34:49:C5:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lrEip9unQykwyDH1epQG9zRJxbc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/cd8269-2b7e-4a78-a9c6-ec7a3603e17e/1/xGQPahDqKj3i256JbjAUD1APknw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/cd8269-2b7e-4a78-a9c6-ec7a3603e17e/1/lrEip9unQykwyDH1epQG9zRJxbc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:66:f9:89:b6:97:eb:93:cc:2c:1d:28:0b:5d:72:68:72:5c:
         37:46:71:67:95:08:46:a6:a8:9e:02:8f:ee:82:79:e1:cc:88:
         a3:04:0f:66:ee:f9:ba:5d:08:9e:66:c9:1c:d3:aa:91:76:7a:
         86:af:4b:a9:db:93:96:c7:5c:9a:b9:b5:0a:a7:7b:e8:42:cb:
         1a:d8:a0:2a:ce:c6:2a:6e:48:6c:55:08:b5:48:d7:d4:23:72:
         ae:4a:50:7d:43:a4:b4:cf:a8:06:84:79:53:ef:45:1d:95:cf:
         5f:1c:73:3d:54:56:4c:d0:d4:c9:11:e4:27:e5:75:04:b8:d9:
         88:bf:59:ce:a1:a2:a4:f7:eb:4e:6d:a3:91:99:70:aa:a1:b8:
         c0:09:12:6a:67:82:0b:bc:36:17:d0:18:4a:25:66:82:5f:8f:
         1c:6b:68:10:02:57:cb:c4:a3:02:08:cf:60:b7:28:83:de:e7:
         4f:df:8f:6e:ec:65:04:c7:78:47:0f:df:93:8a:0a:84:66:fd:
         53:bc:96:a2:d4:a4:78:8b:99:3c:5d:e7:6f:d7:71:df:1e:aa:
         b8:4f:03:a1:b6:48:61:94:8f:c1:c8:81:8f:cb:5c:83:0c:6d:
         46:0c:e0:48:3b:ed:f5:16:f2:a5:53:f0:a9:ad:64:a5:b5:ee:
         da:ad:56:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzEyYLxFkVfjLZ5tlFSBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2YjEyMmE3ZGJhNzQzMjkzMGM4MzFmNTdhOTQwNmY3MzQ0
OWM1YjcwHhcNMjQwMTAxMDYzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDY0MGY2YTEwZWEyYTNkZTJkYjllODk2ZTMwMTQwZjUwMGY5MjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkNJm9a/01CpZyFp0QErBleFsjYgB
S8GB2viqGEanSE9L7hdXJRJKaFBqWkMh111AdOQBo7iepvEhHvWKHcGd6HmYD7FI
9eOPiNKlqdRn16bwMPt+bEj4yvpat48TGzYsRcjBs6YNEeXgQh0J+oJd9xitwpdD
uL45AJle0UlM8pcAlagJB4mG6JOmqQPovfLxpXQsJiHS1Lp/yOYscbsZ+izZQOlO
+ATL1NjE4ErR+uWo5Ucu9eHOavvFEkOEwPg5nbN6MrwZo04pMKmqx6q3JIqo44yD
DOpIzdq1NR5FVIgxnx3iWq05V4sYr9YUYxFh4X8wxRJyLS4z6Xw+Od8jhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMRkD2oQ6io94tueiW4wFA9QD5J8MB8GA1UdIwQY
MBaAFJaxIqfbp0MpMMgx9XqUBvc0ScW3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHJFaXA5dW5ReWt3eURIMWVwUUc5elJKeGJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9jZDgyNjktMmI3ZS00YTc4LWE5YzYt
ZWM3YTM2MDNlMTdlLzEveEdRUGFoRHFLajNpMjU2SmJqQVVEMUFQa253LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9jZDgyNjktMmI3ZS00YTc4LWE5YzYtZWM3YTM2MDNlMTdl
LzEvbHJFaXA5dW5ReWt3eURIMWVwUUc5elJKeGJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+ruMA0G
CSqGSIb3DQEBCwUAA4IBAQABZvmJtpfrk8wsHSgLXXJoclw3RnFnlQhGpqieAo/u
gnnhzIijBA9m7vm6XQieZskc06qRdnqGr0up25OWx1yaubUKp3voQssa2KAqzsYq
bkhsVQi1SNfUI3KuSlB9Q6S0z6gGhHlT70Udlc9fHHM9VFZM0NTJEeQn5XUEuNmI
v1nOoaKk9+tObaORmXCqobjACRJqZ4ILvDYX0BhKJWaCX48ca2gQAlfLxKMCCM9g
tyiD3udP349u7GUEx3hHD9+TigqEZv1TvJai1KR4i5k8Xedv13HfHqq4TwOhtkhh
lI/ByIGPy1yDDG1GDOBIO+31FvKlU/CprWSlte7arVaM
-----END CERTIFICATE-----