Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/s5c4K7uf9-cRRmHfxBdi0q2p9co.roa
File:                     s5c4K7uf9-cRRmHfxBdi0q2p9co.roa (raw, json)
Hash identifier:          XfXub7M054WBQ1tkxFvQGcH1DlPWBy53dTg6zKvq+Ww=
Subject key identifier:   B3:97:38:2B:BB:9F:F7:E7:11:46:61:DF:C4:17:62:D2:AD:A9:F5:CA
Certificate issuer:       /CN=8c96c66af331c985b859d403b36974c0632e1ef2
Certificate serial:       018CC64B1A378EEBBB75F2F203FFDEA24428
Authority key identifier: 8C:96:C6:6A:F3:31:C9:85:B8:59:D4:03:B3:69:74:C0:63:2E:1E:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jJbGavMxyYW4WdQDs2l0wGMuHvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/s5c4K7uf9-cRRmHfxBdi0q2p9co.roa
Signing time:             Mon 01 Jan 2024 18:30:59 +0000
ROA not before:           Mon 01 Jan 2024 18:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        91.233.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/jJbGavMxyYW4WdQDs2l0wGMuHvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/jJbGavMxyYW4WdQDs2l0wGMuHvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jJbGavMxyYW4WdQDs2l0wGMuHvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 07:02:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:1a:37:8e:eb:bb:75:f2:f2:03:ff:de:a2:44:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c96c66af331c985b859d403b36974c0632e1ef2
        Validity
            Not Before: Jan  1 18:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b397382bbb9ff7e7114661dfc41762d2ada9f5ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:e9:b0:55:d0:d5:36:41:c4:de:07:84:20:6e:
                    36:42:a8:3e:bd:63:69:19:d1:28:5f:f6:a5:68:c0:
                    98:26:f3:7a:88:c3:ce:b6:d3:c9:a9:18:69:a4:5a:
                    27:7f:24:04:66:18:c4:60:81:cd:cc:f6:e0:32:3a:
                    3f:44:bf:32:38:a7:5f:e3:5a:3a:e2:d0:09:37:1b:
                    50:c6:7e:21:d5:29:5b:4f:47:14:5e:05:31:40:63:
                    6a:a4:cb:b7:f3:03:07:fa:17:fe:a2:d2:83:53:e2:
                    98:cd:c5:55:a4:99:f1:f2:fc:fa:d5:67:3b:2e:42:
                    b5:09:2e:70:28:74:e0:e1:33:1b:e9:33:fe:23:f4:
                    42:3b:ba:f5:aa:f8:c8:1f:4c:84:57:4e:97:ea:e4:
                    31:e3:a1:d2:37:dd:e2:56:a7:7d:d6:c3:51:fc:bb:
                    1b:f0:6b:39:4a:8c:d6:c3:a0:fa:94:dd:29:9d:ce:
                    08:bd:36:83:eb:fb:30:ae:2d:ef:93:64:ff:cd:5d:
                    51:84:f2:ef:d4:01:82:ea:56:7f:fd:9c:a8:2e:20:
                    19:c7:4a:c1:09:6b:0b:db:79:36:d7:df:95:f3:3f:
                    a4:8a:37:49:67:1a:78:1b:3b:68:9f:3d:4a:56:bc:
                    6d:c7:90:e8:1d:2d:07:78:bb:a9:9a:c2:10:02:d6:
                    5f:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:97:38:2B:BB:9F:F7:E7:11:46:61:DF:C4:17:62:D2:AD:A9:F5:CA
            X509v3 Authority Key Identifier:
                keyid:8C:96:C6:6A:F3:31:C9:85:B8:59:D4:03:B3:69:74:C0:63:2E:1E:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jJbGavMxyYW4WdQDs2l0wGMuHvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/s5c4K7uf9-cRRmHfxBdi0q2p9co.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/jJbGavMxyYW4WdQDs2l0wGMuHvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:1b:8f:7a:3b:4c:4f:9e:79:d1:64:74:4e:85:5b:6f:3c:73:
         13:ff:e7:2f:bc:a4:77:88:c8:3c:8d:ec:f3:d7:c2:4b:9d:2e:
         fe:b3:e9:91:68:c4:3c:ce:e0:a4:1a:5c:03:18:ea:73:9a:3b:
         85:c6:43:ce:bd:1d:34:61:38:bc:60:60:4a:ee:4e:a7:7d:06:
         1c:85:96:5c:57:f9:e1:21:ab:b2:2c:21:9a:83:26:87:ee:23:
         9c:c2:77:90:21:4b:25:90:b4:49:c1:96:05:2a:e1:97:e4:a1:
         a0:4a:ed:14:0d:78:f6:3e:c1:23:6d:db:3d:b4:32:54:47:e0:
         39:52:22:3f:e3:78:46:a8:6d:e7:4e:f8:26:dc:c6:4a:28:e0:
         87:9e:44:7e:97:26:45:4b:bf:f3:e0:5c:ed:b9:ee:b4:11:f3:
         e7:09:10:9e:07:8e:0c:2b:26:3a:9c:4c:d1:12:6b:df:c2:8d:
         32:f7:86:61:ab:39:e3:be:62:83:b4:52:0b:4c:5c:72:2e:2c:
         db:62:81:a2:06:2d:e8:f9:f1:9a:4b:ac:c7:88:51:a2:48:6b:
         65:e3:22:57:26:a4:35:5f:c7:e0:86:42:d5:3a:e7:a0:7f:c4:
         c9:eb:12:8e:3b:e2:5d:f9:33:ed:e9:c6:d0:0c:07:96:0c:00:
         3a:fc:c0:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSxo3juu7dfLyA//eokQoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjOTZjNjZhZjMzMWM5ODViODU5ZDQwM2IzNjk3NGMwNjMy
ZTFlZjIwHhcNMjQwMTAxMTgzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzk3MzgyYmJiOWZmN2U3MTE0NjYxZGZjNDE3NjJkMmFkYTlmNWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlOmwVdDVNkHE3geEIG42Qqg+vWNp
GdEoX/alaMCYJvN6iMPOttPJqRhppFonfyQEZhjEYIHNzPbgMjo/RL8yOKdf41o6
4tAJNxtQxn4h1SlbT0cUXgUxQGNqpMu38wMH+hf+otKDU+KYzcVVpJnx8vz61Wc7
LkK1CS5wKHTg4TMb6TP+I/RCO7r1qvjIH0yEV06X6uQx46HSN93iVqd91sNR/Lsb
8Gs5SozWw6D6lN0pnc4IvTaD6/swri3vk2T/zV1RhPLv1AGC6lZ//ZyoLiAZx0rB
CWsL23k219+V8z+kijdJZxp4Gztonz1KVrxtx5DoHS0HeLupmsIQAtZfgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLOXOCu7n/fnEUZh38QXYtKtqfXKMB8GA1UdIwQY
MBaAFIyWxmrzMcmFuFnUA7NpdMBjLh7yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakpiR2F2TXh5WVc0V2RRRHMybDB3R011SHZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC85N2UwNTctMGY2MC00YWFmLTlhNDgt
ODNhNDQzMTBhOTY0LzEvczVjNEs3dWY5LWNSUm1IZnhCZGkwcTJwOWNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC85N2UwNTctMGY2MC00YWFmLTlhNDgtODNhNDQzMTBhOTY0
LzEvakpiR2F2TXh5WVc0V2RRRHMybDB3R011SHZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+lDMA0G
CSqGSIb3DQEBCwUAA4IBAQAsG496O0xPnnnRZHROhVtvPHMT/+cvvKR3iMg8jezz
18JLnS7+s+mRaMQ8zuCkGlwDGOpzmjuFxkPOvR00YTi8YGBK7k6nfQYchZZcV/nh
IauyLCGagyaH7iOcwneQIUslkLRJwZYFKuGX5KGgSu0UDXj2PsEjbds9tDJUR+A5
UiI/43hGqG3nTvgm3MZKKOCHnkR+lyZFS7/z4Fztue60EfPnCRCeB44MKyY6nEzR
Emvfwo0y94ZhqznjvmKDtFILTFxyLizbYoGiBi3o+fGaS6zHiFGiSGtl4yJXJqQ1
X8fghkLVOuegf8TJ6xKOO+Jd+TPt6cbQDAeWDAA6/MBp
-----END CERTIFICATE-----