Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/b5945d-4915-4bd7-91c1-33e319a454ef/1/yRj0-JrqV79cPXjvp_I6Tk4-pHw.roa
File:                     yRj0-JrqV79cPXjvp_I6Tk4-pHw.roa (raw, json)
Hash identifier:          +okuCuz4VxqxarcqgEvJy71EQKLDG02VSGbx1vFCjnk=
Subject key identifier:   C9:18:F4:F8:9A:EA:57:BF:5C:3D:78:EF:A7:F2:3A:4E:4E:3E:A4:7C
Certificate issuer:       /CN=d68b6cfb720a7c92a180ca614bdb0eda1f1ebe9d
Certificate serial:       018CC86FDE607257895B4267E97BACCB3D7F
Authority key identifier: D6:8B:6C:FB:72:0A:7C:92:A1:80:CA:61:4B:DB:0E:DA:1F:1E:BE:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1ots-3IKfJKhgMphS9sO2h8evp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/b5945d-4915-4bd7-91c1-33e319a454ef/1/yRj0-JrqV79cPXjvp_I6Tk4-pHw.roa
Signing time:             Tue 02 Jan 2024 04:30:23 +0000
ROA not before:           Tue 02 Jan 2024 04:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51480
IP address blocks:        91.217.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/b5945d-4915-4bd7-91c1-33e319a454ef/1/1ots-3IKfJKhgMphS9sO2h8evp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/b5945d-4915-4bd7-91c1-33e319a454ef/1/1ots-3IKfJKhgMphS9sO2h8evp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1ots-3IKfJKhgMphS9sO2h8evp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 22:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:de:60:72:57:89:5b:42:67:e9:7b:ac:cb:3d:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d68b6cfb720a7c92a180ca614bdb0eda1f1ebe9d
        Validity
            Not Before: Jan  2 04:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c918f4f89aea57bf5c3d78efa7f23a4e4e3ea47c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:28:39:1f:4e:fd:ee:bb:07:7a:d6:c9:dd:6f:
                    cc:21:44:77:17:40:67:85:5e:18:a3:4d:af:d5:8b:
                    81:68:97:d7:c4:5a:68:c7:f4:79:29:e3:96:17:6d:
                    15:04:4c:02:40:64:38:b9:8f:bd:14:e6:44:b8:23:
                    3c:b3:33:19:51:54:d5:e5:58:cc:36:d2:8b:03:7a:
                    18:b0:6c:37:db:df:95:6b:56:d8:e6:62:31:f1:c6:
                    d6:3c:72:a3:9c:8a:79:a1:ad:f6:84:f0:ed:fe:c3:
                    01:ab:91:24:3c:80:ba:ce:e4:16:a5:93:a4:5c:39:
                    9b:b5:7f:22:ba:d5:44:c7:49:90:3f:e7:39:01:b2:
                    5f:db:4b:37:31:d6:22:76:d7:16:de:f8:91:51:9d:
                    9d:d7:04:1e:56:39:d8:fa:4e:3d:2c:50:61:ec:e6:
                    76:e6:c7:eb:33:c4:71:0d:b4:61:44:0f:ab:57:33:
                    58:10:8a:8f:99:e6:0b:19:ea:c9:d6:16:61:35:d3:
                    7e:61:67:ea:32:8f:91:15:84:48:3f:8e:5f:9e:5b:
                    be:78:72:d9:3a:07:32:2e:30:5b:53:ec:89:22:b9:
                    0c:b4:4a:b2:8a:ea:26:c2:97:0a:f1:06:ef:84:03:
                    33:66:21:9d:60:88:55:cf:e7:d4:3e:20:73:fd:47:
                    94:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:18:F4:F8:9A:EA:57:BF:5C:3D:78:EF:A7:F2:3A:4E:4E:3E:A4:7C
            X509v3 Authority Key Identifier:
                keyid:D6:8B:6C:FB:72:0A:7C:92:A1:80:CA:61:4B:DB:0E:DA:1F:1E:BE:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1ots-3IKfJKhgMphS9sO2h8evp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/b5945d-4915-4bd7-91c1-33e319a454ef/1/yRj0-JrqV79cPXjvp_I6Tk4-pHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/b5945d-4915-4bd7-91c1-33e319a454ef/1/1ots-3IKfJKhgMphS9sO2h8evp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:8e:07:54:11:69:28:ea:bb:4d:c0:8f:4a:22:3f:c5:36:a8:
         f9:83:98:8d:7d:c9:c1:84:19:f2:04:d4:47:f7:2c:2f:5d:b5:
         97:eb:2a:52:e3:e4:7d:34:c3:2b:59:e9:98:e3:80:75:a0:8c:
         5f:1d:a6:a0:db:f7:98:fd:1d:29:ae:f5:6e:41:82:9a:e8:a0:
         11:e7:c6:53:e6:93:3f:0e:2f:32:e9:f0:6c:91:7c:a8:50:0d:
         e2:8b:b3:20:71:14:e9:18:66:93:01:0b:bf:ed:16:79:57:41:
         fa:16:05:dd:64:10:ea:d4:33:bf:7c:fd:21:b7:3a:8a:14:f0:
         c4:57:04:a5:1c:5b:7d:d8:bb:25:66:69:d0:17:68:a2:6f:b6:
         66:74:c7:33:5a:0b:8a:83:ec:91:81:57:7b:80:ad:b1:3f:34:
         bf:52:c5:7a:d9:ca:c8:9f:5c:22:57:30:4c:3f:05:80:26:00:
         50:e8:29:03:23:bb:53:c7:74:1d:96:36:37:0a:64:ff:b5:71:
         d3:00:24:29:bf:30:ae:79:23:95:ab:e7:e3:57:ea:9e:9c:22:
         ae:a0:43:cd:d3:b3:84:39:b1:67:5c:cf:03:b9:4c:7b:9b:6b:
         fa:54:f2:bd:be:1b:65:49:a0:d7:97:fe:a8:90:f1:b4:d6:7b:
         9f:41:53:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb95gcleJW0Jn6Xusyz1/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2OGI2Y2ZiNzIwYTdjOTJhMTgwY2E2MTRiZGIwZWRhMWYx
ZWJlOWQwHhcNMjQwMTAyMDQzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTE4ZjRmODlhZWE1N2JmNWMzZDc4ZWZhN2YyM2E0ZTRlM2VhNDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnig5H0797rsHetbJ3W/MIUR3F0Bn
hV4Yo02v1YuBaJfXxFpox/R5KeOWF20VBEwCQGQ4uY+9FOZEuCM8szMZUVTV5VjM
NtKLA3oYsGw329+Va1bY5mIx8cbWPHKjnIp5oa32hPDt/sMBq5EkPIC6zuQWpZOk
XDmbtX8iutVEx0mQP+c5AbJf20s3MdYidtcW3viRUZ2d1wQeVjnY+k49LFBh7OZ2
5sfrM8RxDbRhRA+rVzNYEIqPmeYLGerJ1hZhNdN+YWfqMo+RFYRIP45fnlu+eHLZ
OgcyLjBbU+yJIrkMtEqyiuomwpcK8QbvhAMzZiGdYIhVz+fUPiBz/UeU3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMkY9Pia6le/XD1476fyOk5OPqR8MB8GA1UdIwQY
MBaAFNaLbPtyCnySoYDKYUvbDtofHr6dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW90cy0zSUtmSktoZ01waFM5c08yaDhldnAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9iNTk0NWQtNDkxNS00YmQ3LTkxYzEt
MzNlMzE5YTQ1NGVmLzEveVJqMC1KcnFWNzljUFhqdnBfSTZUazQtcEh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9iNTk0NWQtNDkxNS00YmQ3LTkxYzEtMzNlMzE5YTQ1NGVm
LzEvMW90cy0zSUtmSktoZ01waFM5c08yaDhldnAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9m7MA0G
CSqGSIb3DQEBCwUAA4IBAQBjjgdUEWko6rtNwI9KIj/FNqj5g5iNfcnBhBnyBNRH
9ywvXbWX6ypS4+R9NMMrWemY44B1oIxfHaag2/eY/R0prvVuQYKa6KAR58ZT5pM/
Di8y6fBskXyoUA3ii7MgcRTpGGaTAQu/7RZ5V0H6FgXdZBDq1DO/fP0htzqKFPDE
VwSlHFt92LslZmnQF2iib7ZmdMczWguKg+yRgVd7gK2xPzS/UsV62crIn1wiVzBM
PwWAJgBQ6CkDI7tTx3QdljY3CmT/tXHTACQpvzCueSOVq+fjV+qenCKuoEPN07OE
ObFnXM8DuUx7m2v6VPK9vhtlSaDXl/6okPG01nufQVNU
-----END CERTIFICATE-----