Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/DF3Mg7HM-0pHzTN8RaccpSl5hX0.roa
File:                     DF3Mg7HM-0pHzTN8RaccpSl5hX0.roa (raw, json)
Hash identifier:          4CdEXNGY0jFqVEKHE8aE71PoIGd7ZlSxptGmYGAw3WI=
Subject key identifier:   0C:5D:CC:83:B1:CC:FB:4A:47:CD:33:7C:45:A7:1C:A5:29:79:85:7D
Certificate issuer:       /CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
Certificate serial:       018CC49235FEE4995FB1CFFDB0AC874AC4E9
Authority key identifier: A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/DF3Mg7HM-0pHzTN8RaccpSl5hX0.roa
Signing time:             Mon 01 Jan 2024 10:29:25 +0000
ROA not before:           Mon 01 Jan 2024 10:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        91.237.175.0/24 maxlen: 24
                          91.237.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:35:fe:e4:99:5f:b1:cf:fd:b0:ac:87:4a:c4:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
        Validity
            Not Before: Jan  1 10:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c5dcc83b1ccfb4a47cd337c45a71ca52979857d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:11:01:34:52:e4:9c:9e:81:6b:10:98:29:24:
                    4a:c9:9f:4e:3d:b7:19:7b:96:1f:d9:64:27:c8:7b:
                    ca:61:6f:ec:56:dc:cd:fd:cb:a8:c9:ca:ec:5a:cf:
                    e4:19:81:a9:bc:e9:c9:62:77:98:e1:93:0a:94:95:
                    8d:83:da:b9:df:85:1b:c8:75:1b:8a:fc:62:d3:18:
                    be:26:09:6a:46:7a:75:79:07:9d:28:07:e1:40:9c:
                    1d:1f:e1:8c:a2:9c:83:f3:ad:39:48:4c:ad:cf:01:
                    cb:ea:61:93:cb:2f:67:1c:46:d3:dd:ea:01:6a:37:
                    79:6e:d1:6a:09:bf:68:3d:b3:e4:18:67:0e:bd:2a:
                    8a:2b:6a:fa:20:16:b7:2d:3e:75:f4:bc:12:70:85:
                    69:1d:6f:2f:a7:26:1e:0d:66:27:9f:0d:41:f1:58:
                    d6:c3:a2:fe:4e:67:12:d1:46:e0:d9:e1:1e:11:d6:
                    ae:b3:9c:ce:1e:7f:3a:ed:d1:48:32:c0:85:fe:a7:
                    72:da:76:27:49:ef:b7:e0:8f:d8:ce:32:77:c5:f9:
                    2f:75:e0:ae:9a:69:07:13:f1:19:37:6d:b9:3c:bf:
                    65:d1:de:89:00:d1:3a:99:74:6c:71:04:c7:f6:7b:
                    d2:de:d9:13:07:40:36:f0:f3:28:74:97:5c:4f:b7:
                    11:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:5D:CC:83:B1:CC:FB:4A:47:CD:33:7C:45:A7:1C:A5:29:79:85:7D
            X509v3 Authority Key Identifier:
                keyid:A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/DF3Mg7HM-0pHzTN8RaccpSl5hX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:3a:da:e3:15:62:ae:6b:97:88:a1:9e:da:35:8b:3b:17:11:
         61:e4:a0:18:bf:0f:02:50:e1:71:54:15:3f:3f:0a:2e:62:3c:
         c7:9c:9d:df:35:aa:d1:7e:f7:f8:f4:b5:07:74:d7:e2:09:1b:
         60:62:72:45:16:d3:0b:e3:53:63:27:d9:9b:98:8e:8c:00:44:
         71:99:3d:56:8a:59:ce:27:f7:82:7a:bc:e9:9a:1e:7c:b3:b0:
         8a:37:27:49:0a:c3:5c:bb:e4:80:6e:b4:9b:f1:71:bd:cd:72:
         db:80:6f:03:be:d9:94:b3:be:de:b0:34:19:99:3a:85:14:19:
         1e:28:51:ee:1a:3a:e4:0d:e4:5f:c8:ff:f9:ff:d0:4a:9d:56:
         e6:9b:d6:b4:95:12:ba:ec:87:f4:de:0c:a0:f1:0b:73:8a:33:
         36:2d:e7:25:72:9b:02:e1:7d:dd:2d:ee:8f:1c:de:4d:bb:44:
         b7:1a:0d:4a:40:ab:fe:46:4a:cc:f6:52:f6:8b:89:02:c3:72:
         40:3f:6c:2b:36:eb:ce:2a:e9:90:9e:92:6a:46:45:c1:8b:aa:
         ab:a8:ac:35:64:ed:53:6b:13:1c:97:5f:67:27:40:ac:ae:30:
         87:d3:44:f5:6c:ea:81:09:67:39:53:f2:4d:6f:29:0b:bf:67:
         84:94:72:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkjX+5Jlfsc/9sKyHSsTpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YWU4YTNkOGJkYWFiZjQ3NjVmZGE3OWQ1NWVjYThjNjlj
OGJmMmMwHhcNMjQwMTAxMTAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzVkY2M4M2IxY2NmYjRhNDdjZDMzN2M0NWE3MWNhNTI5Nzk4NTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmREBNFLknJ6BaxCYKSRKyZ9OPbcZ
e5Yf2WQnyHvKYW/sVtzN/cuoycrsWs/kGYGpvOnJYneY4ZMKlJWNg9q534UbyHUb
ivxi0xi+JglqRnp1eQedKAfhQJwdH+GMopyD8605SEytzwHL6mGTyy9nHEbT3eoB
ajd5btFqCb9oPbPkGGcOvSqKK2r6IBa3LT519LwScIVpHW8vpyYeDWYnnw1B8VjW
w6L+TmcS0Ubg2eEeEdaus5zOHn867dFIMsCF/qdy2nYnSe+34I/YzjJ3xfkvdeCu
mmkHE/EZN225PL9l0d6JANE6mXRscQTH9nvS3tkTB0A28PModJdcT7cRoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAxdzIOxzPtKR80zfEWnHKUpeYV9MB8GA1UdIwQY
MBaAFKWuij2L2qv0dl/aedVeyoxpyL8sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEt
NDE2Zjg1ZWUyMzdiLzEvREYzTWc3SE0tMHBIelROOFJhY2NwU2w1aFgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEtNDE2Zjg1ZWUyMzdi
LzEvcGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+2uMA0G
CSqGSIb3DQEBCwUAA4IBAQBtOtrjFWKua5eIoZ7aNYs7FxFh5KAYvw8CUOFxVBU/
PwouYjzHnJ3fNarRfvf49LUHdNfiCRtgYnJFFtML41NjJ9mbmI6MAERxmT1WilnO
J/eCerzpmh58s7CKNydJCsNcu+SAbrSb8XG9zXLbgG8DvtmUs77esDQZmTqFFBke
KFHuGjrkDeRfyP/5/9BKnVbmm9a0lRK67If03gyg8QtzijM2LeclcpsC4X3dLe6P
HN5Nu0S3Gg1KQKv+RkrM9lL2i4kCw3JAP2wrNuvOKumQnpJqRkXBi6qrqKw1ZO1T
axMcl19nJ0CsrjCH00T1bOqBCWc5U/JNbykLv2eElHKX
-----END CERTIFICATE-----