Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/CLF8XNBXLv-AnoPWKVGSBAuYeBs.roa
File:                     CLF8XNBXLv-AnoPWKVGSBAuYeBs.roa (raw, json)
Hash identifier:          htdpPzucdfLSGfoWYCz5sYDR2YZnZTIhF9o8FSFtHyE=
Subject key identifier:   08:B1:7C:5C:D0:57:2E:FF:80:9E:83:D6:29:51:92:04:0B:98:78:1B
Certificate issuer:       /CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
Certificate serial:       018CC5DBFE1E1188AC04BF039A6C52A55F7C
Authority key identifier: CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/CLF8XNBXLv-AnoPWKVGSBAuYeBs.roa
Signing time:             Mon 01 Jan 2024 16:29:38 +0000
ROA not before:           Mon 01 Jan 2024 16:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35297
IP address blocks:        91.236.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 17:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:fe:1e:11:88:ac:04:bf:03:9a:6c:52:a5:5f:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
        Validity
            Not Before: Jan  1 16:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08b17c5cd0572eff809e83d6295192040b98781b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:a3:59:e4:57:fa:54:af:99:13:c8:3b:10:bc:
                    2d:69:7b:d7:7d:c3:1b:40:d5:85:52:3b:4f:b5:f9:
                    35:89:e9:b2:db:80:58:45:71:18:32:61:94:d0:65:
                    ed:72:b9:54:f2:be:51:b5:a8:bc:ca:3f:13:fe:b3:
                    78:e4:9e:46:fb:85:60:d3:b0:bc:ce:a2:fd:29:97:
                    fd:7b:ef:b6:ff:a8:92:3e:6f:e8:35:98:0d:79:e9:
                    ea:74:49:fe:c8:3c:44:73:1f:8c:27:53:1b:10:a2:
                    58:a4:d7:8d:ed:a4:78:dc:85:0d:f1:9e:f1:b6:91:
                    fb:b4:dd:ac:39:a4:b6:8b:4d:2f:0c:d8:67:e8:ba:
                    59:e5:f0:58:9b:35:ac:4f:87:31:71:31:16:7c:e0:
                    fe:cc:87:ea:18:8b:6a:28:3b:14:67:07:bb:39:df:
                    a7:fe:25:0f:1d:ec:9a:73:ba:b2:bb:54:d3:b3:2a:
                    6c:2b:7c:a3:b1:0b:44:26:a4:b3:72:3c:e1:02:61:
                    1a:84:99:db:da:a7:e1:cc:2a:cc:69:49:05:8e:44:
                    05:af:c5:21:11:81:f7:5c:fc:0d:f4:b8:61:13:e1:
                    b2:bd:28:ec:9a:a6:20:0b:dc:3c:b7:a4:b1:ec:a7:
                    2b:c4:7f:22:74:29:82:49:8e:07:bb:2a:46:53:7d:
                    be:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:B1:7C:5C:D0:57:2E:FF:80:9E:83:D6:29:51:92:04:0B:98:78:1B
            X509v3 Authority Key Identifier:
                keyid:CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/CLF8XNBXLv-AnoPWKVGSBAuYeBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:a6:16:ef:18:36:91:c9:14:0d:f4:0a:12:0c:43:36:29:45:
         79:19:b6:8f:c7:11:aa:75:e2:6c:1e:41:70:ad:b2:6a:f1:94:
         9b:72:6c:e7:92:da:bc:13:b0:76:94:20:9a:05:60:29:ae:36:
         a7:82:1c:d4:fa:72:78:7c:c6:02:15:66:34:53:87:33:f6:e2:
         a0:2d:f1:4c:12:87:8c:74:24:90:53:fb:c7:c6:05:71:7f:66:
         01:84:c5:8e:f9:c9:b5:ad:85:38:17:a3:03:6e:6d:eb:f3:20:
         36:c9:11:26:d1:46:44:cd:8e:14:db:b7:8e:27:c7:15:97:6f:
         5f:89:06:6f:bb:ba:fe:c8:39:51:8f:24:3f:81:91:5b:07:ea:
         3c:ed:44:e2:24:e7:3b:8b:05:c2:a6:86:05:f3:de:f4:d4:e4:
         90:3f:7e:ea:95:a3:6d:2f:f5:47:b3:a1:9e:1c:d3:20:8b:0e:
         69:73:87:3c:74:4e:bd:f1:8b:8f:41:a5:e8:f7:f5:17:b3:60:
         2f:53:67:58:dd:8a:fb:c1:44:71:ae:29:dd:66:94:da:ca:a6:
         fc:d8:b5:4c:43:f3:9d:12:48:52:8a:90:21:5d:3f:56:39:dd:
         da:a1:53:a6:1d:1f:e6:22:66:13:17:3a:e8:40:9c:c2:d5:53:
         99:ba:b4:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/4eEYisBL8DmmxSpV98MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOWNjZDgzMGI3ZTAzMzA4YmY1Y2YyNWU2N2E3ZmMyYmRl
MDk1N2MwHhcNMjQwMTAxMTYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGIxN2M1Y2QwNTcyZWZmODA5ZTgzZDYyOTUxOTIwNDBiOTg3ODFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA56NZ5Ff6VK+ZE8g7ELwtaXvXfcMb
QNWFUjtPtfk1iemy24BYRXEYMmGU0GXtcrlU8r5Rtai8yj8T/rN45J5G+4Vg07C8
zqL9KZf9e++2/6iSPm/oNZgNeenqdEn+yDxEcx+MJ1MbEKJYpNeN7aR43IUN8Z7x
tpH7tN2sOaS2i00vDNhn6LpZ5fBYmzWsT4cxcTEWfOD+zIfqGItqKDsUZwe7Od+n
/iUPHeyac7qyu1TTsypsK3yjsQtEJqSzcjzhAmEahJnb2qfhzCrMaUkFjkQFr8Uh
EYH3XPwN9LhhE+GyvSjsmqYgC9w8t6Sx7KcrxH8idCmCSY4HuypGU32+dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAixfFzQVy7/gJ6D1ilRkgQLmHgbMB8GA1UdIwQY
MBaAFMqczYMLfgMwi/XPJeZ6f8K94JV8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQt
ZDFjZGUyNDY1Zjg5LzEvQ0xGOFhOQlhMdi1Bbm9QV0tWR1NCQXVZZUJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQtZDFjZGUyNDY1Zjg5
LzEveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+yaMA0G
CSqGSIb3DQEBCwUAA4IBAQCVphbvGDaRyRQN9AoSDEM2KUV5GbaPxxGqdeJsHkFw
rbJq8ZSbcmznktq8E7B2lCCaBWAprjanghzU+nJ4fMYCFWY0U4cz9uKgLfFMEoeM
dCSQU/vHxgVxf2YBhMWO+cm1rYU4F6MDbm3r8yA2yREm0UZEzY4U27eOJ8cVl29f
iQZvu7r+yDlRjyQ/gZFbB+o87UTiJOc7iwXCpoYF89701OSQP37qlaNtL/VHs6Ge
HNMgiw5pc4c8dE698YuPQaXo9/UXs2AvU2dY3Yr7wURxrindZpTayqb82LVMQ/Od
EkhSipAhXT9WOd3aoVOmHR/mImYTFzroQJzC1VOZurSp
-----END CERTIFICATE-----