Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/dda98e-8646-4d07-80ac-a35eaf005af5/1/ha5CH0D9oCRDHAxfubaiHVA-hn8.roa
File:                     ha5CH0D9oCRDHAxfubaiHVA-hn8.roa (raw, json)
Hash identifier:          /M7mPEnWtcgXsA+zpCgGuq9nDqmqSD7Oqd+Z2MQ4iDA=
Subject key identifier:   85:AE:42:1F:40:FD:A0:24:43:1C:0C:5F:B9:B6:A2:1D:50:3E:86:7F
Certificate issuer:       /CN=bd175e878d33b47d806f2cf3e04628220935123d
Certificate serial:       018CC7273AF82436C7A86FE28081705B3763
Authority key identifier: BD:17:5E:87:8D:33:B4:7D:80:6F:2C:F3:E0:46:28:22:09:35:12:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vRdeh40ztH2Abyzz4EYoIgk1Ej0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/dda98e-8646-4d07-80ac-a35eaf005af5/1/ha5CH0D9oCRDHAxfubaiHVA-hn8.roa
Signing time:             Mon 01 Jan 2024 22:31:26 +0000
ROA not before:           Mon 01 Jan 2024 22:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44496
IP address blocks:        91.199.8.0/24 maxlen: 32
                          2001:67c:2f84::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/dda98e-8646-4d07-80ac-a35eaf005af5/1/vRdeh40ztH2Abyzz4EYoIgk1Ej0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/dda98e-8646-4d07-80ac-a35eaf005af5/1/vRdeh40ztH2Abyzz4EYoIgk1Ej0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vRdeh40ztH2Abyzz4EYoIgk1Ej0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:3a:f8:24:36:c7:a8:6f:e2:80:81:70:5b:37:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd175e878d33b47d806f2cf3e04628220935123d
        Validity
            Not Before: Jan  1 22:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85ae421f40fda024431c0c5fb9b6a21d503e867f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:46:6d:14:88:6d:a3:a5:6c:e9:da:d8:dd:93:
                    b2:a6:3a:5b:22:ba:30:d8:f6:b0:f0:28:43:ee:9d:
                    a5:59:ec:4d:18:ce:31:fd:de:19:c5:e5:fe:5a:e6:
                    b3:f0:20:62:6f:99:89:e0:d2:45:df:e4:8f:10:04:
                    2f:ae:ba:35:a4:9c:60:f8:a6:69:b1:9f:a7:81:9b:
                    b3:83:18:0c:5a:92:8d:90:bf:03:52:b2:81:84:7b:
                    49:f6:9f:69:97:5f:3c:e1:99:4d:84:da:ac:48:9a:
                    95:9d:b6:fd:7e:3b:0b:e0:09:e9:7a:4a:82:73:e8:
                    a6:34:44:1c:2c:49:86:4d:a0:cd:b0:12:1c:a6:2b:
                    45:9c:cd:1a:31:61:45:2e:60:87:b8:46:87:6f:7e:
                    95:2b:8b:56:7c:27:7f:59:3a:e1:16:47:50:d8:4e:
                    5c:a3:e8:52:7d:b1:db:e7:55:f3:96:c8:07:bb:24:
                    37:f4:99:77:68:d6:37:38:c0:80:ab:8b:aa:2c:2b:
                    67:08:38:f2:b6:16:bc:c9:93:80:54:48:eb:24:64:
                    e7:7f:44:b0:52:30:8f:1f:76:e8:a9:3d:75:ad:81:
                    af:d2:cd:90:ae:d2:70:d9:ac:42:c7:8b:e3:ae:1b:
                    11:d0:d5:ec:62:12:14:5e:59:34:56:41:c6:bf:ee:
                    0b:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:AE:42:1F:40:FD:A0:24:43:1C:0C:5F:B9:B6:A2:1D:50:3E:86:7F
            X509v3 Authority Key Identifier:
                keyid:BD:17:5E:87:8D:33:B4:7D:80:6F:2C:F3:E0:46:28:22:09:35:12:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vRdeh40ztH2Abyzz4EYoIgk1Ej0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/dda98e-8646-4d07-80ac-a35eaf005af5/1/ha5CH0D9oCRDHAxfubaiHVA-hn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/dda98e-8646-4d07-80ac-a35eaf005af5/1/vRdeh40ztH2Abyzz4EYoIgk1Ej0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.8.0/24
                IPv6:
                  2001:67c:2f84::/48

    Signature Algorithm: sha256WithRSAEncryption
         b3:59:9b:84:77:6f:bc:ef:51:a3:9d:cd:04:0b:a5:91:e6:4b:
         83:28:01:63:66:1b:f0:36:e9:56:1c:ee:6f:b5:d2:4e:62:06:
         d7:ee:71:3a:66:ad:3e:b1:8d:e5:57:9e:11:18:90:e3:55:0a:
         9d:1a:b8:c3:5c:18:7c:d7:67:86:0e:2c:df:06:b3:f2:1f:58:
         21:1d:db:2d:08:0c:e7:03:d6:01:93:1f:38:39:d8:05:50:be:
         bc:22:6a:35:62:f3:1e:c1:6e:6d:35:f5:fa:4d:c4:f8:ef:5c:
         15:67:48:54:fc:01:0b:78:c0:d7:5c:45:eb:18:2d:05:51:15:
         cb:92:17:55:21:20:73:65:22:47:83:ab:cc:77:20:f5:64:cf:
         0c:6d:a5:df:ed:4e:f2:00:07:eb:c2:50:dc:29:77:ff:ae:3c:
         d7:47:02:1d:eb:f9:1c:91:40:8d:19:52:84:fc:d4:74:87:af:
         88:87:38:81:25:d0:2b:42:6c:04:f9:e1:7a:c4:f1:f3:e8:27:
         76:4f:87:ea:5b:b5:a6:55:1d:17:04:9b:4e:2b:bf:be:20:92:
         c4:89:54:47:c3:4a:bb:ce:81:57:c9:99:67:5a:56:d9:39:4a:
         a9:03:78:41:4e:2f:b7:bd:16:83:24:93:98:6a:b7:c7:35:bd:
         bf:3a:b6:0a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHJzr4JDbHqG/igIFwWzdjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMTc1ZTg3OGQzM2I0N2Q4MDZmMmNmM2UwNDYyODIyMDkz
NTEyM2QwHhcNMjQwMTAxMjIzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWFlNDIxZjQwZmRhMDI0NDMxYzBjNWZiOWI2YTIxZDUwM2U4NjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1kZtFIhto6Vs6drY3ZOypjpbIrow
2Paw8ChD7p2lWexNGM4x/d4ZxeX+Wuaz8CBib5mJ4NJF3+SPEAQvrro1pJxg+KZp
sZ+ngZuzgxgMWpKNkL8DUrKBhHtJ9p9pl1884ZlNhNqsSJqVnbb9fjsL4AnpekqC
c+imNEQcLEmGTaDNsBIcpitFnM0aMWFFLmCHuEaHb36VK4tWfCd/WTrhFkdQ2E5c
o+hSfbHb51XzlsgHuyQ39Jl3aNY3OMCAq4uqLCtnCDjytha8yZOAVEjrJGTnf0Sw
UjCPH3boqT11rYGv0s2QrtJw2axCx4vjrhsR0NXsYhIUXlk0VkHGv+4LSwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIWuQh9A/aAkQxwMX7m2oh1QPoZ/MB8GA1UdIwQY
MBaAFL0XXoeNM7R9gG8s8+BGKCIJNRI9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlJkZWg0MHp0SDJBYnl6ejRFWW9JZ2sxRWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9kZGE5OGUtODY0Ni00ZDA3LTgwYWMt
YTM1ZWFmMDA1YWY1LzEvaGE1Q0gwRDlvQ1JESEF4ZnViYWlIVkEtaG44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9kZGE5OGUtODY0Ni00ZDA3LTgwYWMtYTM1ZWFmMDA1YWY1
LzEvdlJkZWg0MHp0SDJBYnl6ejRFWW9JZ2sxRWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW8cIMA8E
AgACMAkDBwAgAQZ8L4QwDQYJKoZIhvcNAQELBQADggEBALNZm4R3b7zvUaOdzQQL
pZHmS4MoAWNmG/A26VYc7m+10k5iBtfucTpmrT6xjeVXnhEYkONVCp0auMNcGHzX
Z4YOLN8Gs/IfWCEd2y0IDOcD1gGTHzg52AVQvrwiajVi8x7Bbm019fpNxPjvXBVn
SFT8AQt4wNdcResYLQVRFcuSF1UhIHNlIkeDq8x3IPVkzwxtpd/tTvIAB+vCUNwp
d/+uPNdHAh3r+RyRQI0ZUoT81HSHr4iHOIEl0CtCbAT54XrE8fPoJ3ZPh+pbtaZV
HRcEm04rv74gksSJVEfDSrvOgVfJmWdaVtk5SqkDeEFOL7e9FoMkk5hqt8c1vb86
tgo=
-----END CERTIFICATE-----