Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/b2302e-aade-465a-aa9b-32d2bdd4bbb1/1/FTmBchAvHJyZPVpCb_tfpijkjZM.roa
File:                     FTmBchAvHJyZPVpCb_tfpijkjZM.roa (raw, json)
Hash identifier:          OF58/r1xkUeQPIEY2/KNLEni9cvIQrUGXvYI9YF7oeQ=
Subject key identifier:   15:39:81:72:10:2F:1C:9C:99:3D:5A:42:6F:FB:5F:A6:28:E4:8D:93
Certificate issuer:       /CN=34012343a62f3f09b55cdbc01e75c38212a235df
Certificate serial:       018CC8018F8389E28768D44179F2B186B1CA
Authority key identifier: 34:01:23:43:A6:2F:3F:09:B5:5C:DB:C0:1E:75:C3:82:12:A2:35:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NAEjQ6YvPwm1XNvAHnXDghKiNd8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/b2302e-aade-465a-aa9b-32d2bdd4bbb1/1/FTmBchAvHJyZPVpCb_tfpijkjZM.roa
Signing time:             Tue 02 Jan 2024 02:29:54 +0000
ROA not before:           Tue 02 Jan 2024 02:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57593
IP address blocks:        91.233.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/b2302e-aade-465a-aa9b-32d2bdd4bbb1/1/NAEjQ6YvPwm1XNvAHnXDghKiNd8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/b2302e-aade-465a-aa9b-32d2bdd4bbb1/1/NAEjQ6YvPwm1XNvAHnXDghKiNd8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NAEjQ6YvPwm1XNvAHnXDghKiNd8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:02:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:8f:83:89:e2:87:68:d4:41:79:f2:b1:86:b1:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34012343a62f3f09b55cdbc01e75c38212a235df
        Validity
            Not Before: Jan  2 02:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15398172102f1c9c993d5a426ffb5fa628e48d93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:58:78:b2:4b:44:dd:9f:85:b3:7c:71:40:b7:
                    83:67:20:f4:f7:f8:33:e1:a7:17:f0:7b:53:c1:1c:
                    4d:dd:fa:af:8d:8f:b9:6a:74:d9:53:ec:8c:63:ad:
                    4f:a0:0c:2a:ff:9d:9f:c9:75:2b:8d:5c:23:44:2b:
                    fa:e5:15:02:04:a8:ec:3d:1c:cb:f9:1c:fd:27:cd:
                    ef:a1:3c:92:f4:83:5c:70:51:ea:41:9d:68:dc:7e:
                    18:59:5c:ca:da:f9:b9:a7:6c:2e:53:6f:31:fc:c0:
                    00:8c:d5:a0:01:fe:97:2f:b8:f7:06:54:76:23:bb:
                    c3:1c:d9:da:83:12:bc:24:93:c8:ae:7f:2e:68:aa:
                    b2:e1:78:57:e5:b8:10:e9:43:c0:39:02:0e:e5:11:
                    1b:3f:ba:72:57:a0:7e:af:35:24:a0:2b:54:e0:8b:
                    70:94:69:7a:e6:71:f3:40:d3:b2:9f:62:98:de:bd:
                    ca:36:8c:ab:0e:b0:fa:21:01:1a:3b:0c:1d:20:53:
                    79:07:94:d8:26:94:c4:c7:b0:46:80:00:12:e4:77:
                    31:b2:60:ef:79:6f:08:36:2f:4e:7b:4e:8e:2e:2b:
                    77:02:cd:43:47:80:bd:33:6d:10:57:28:e5:f0:8f:
                    6f:10:9e:0f:93:ef:e4:76:5f:06:0c:16:ae:02:c7:
                    29:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:39:81:72:10:2F:1C:9C:99:3D:5A:42:6F:FB:5F:A6:28:E4:8D:93
            X509v3 Authority Key Identifier:
                keyid:34:01:23:43:A6:2F:3F:09:B5:5C:DB:C0:1E:75:C3:82:12:A2:35:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NAEjQ6YvPwm1XNvAHnXDghKiNd8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/b2302e-aade-465a-aa9b-32d2bdd4bbb1/1/FTmBchAvHJyZPVpCb_tfpijkjZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/b2302e-aade-465a-aa9b-32d2bdd4bbb1/1/NAEjQ6YvPwm1XNvAHnXDghKiNd8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:c5:4f:8c:c9:d8:7b:79:32:50:ae:b7:54:ea:7d:20:d8:ca:
         a5:4c:d4:7d:de:30:ce:86:cc:05:8e:05:f6:b8:83:da:ac:42:
         54:40:82:be:a7:7a:a1:60:ad:f2:ac:1d:07:52:c1:c2:61:67:
         3a:9d:ab:d0:4b:50:6f:02:66:b4:b2:13:18:5b:cf:52:5e:08:
         48:35:cc:6c:42:a0:03:c9:c6:26:54:b7:01:9f:c6:8b:b1:cd:
         b8:f4:66:e5:8f:24:83:ec:42:8b:99:f9:3d:36:37:c9:d2:70:
         b0:15:40:7d:ae:63:29:a4:4b:a1:40:1e:9b:2d:25:37:76:4c:
         09:7c:12:45:f4:a2:82:a5:d7:48:4b:c3:70:90:c6:d5:4d:54:
         71:02:f4:46:48:ce:56:22:18:f4:56:df:86:7a:5e:fa:3c:78:
         1f:ed:d7:c6:b1:2a:71:4a:97:51:a2:64:46:03:1d:0a:be:05:
         30:46:24:32:35:27:02:fd:f7:5a:c8:c0:9a:43:79:91:d2:02:
         ac:1d:32:a7:54:ee:64:0a:94:21:00:d8:cb:f4:6f:b5:25:9c:
         4a:dd:0e:43:52:e2:c4:89:a0:5e:b3:38:65:cd:7c:d9:fc:f8:
         fb:45:93:61:6b:83:15:77:eb:56:04:f0:54:29:0a:e9:61:9e:
         48:d3:00:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAY+DieKHaNRBefKxhrHKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MDEyMzQzYTYyZjNmMDliNTVjZGJjMDFlNzVjMzgyMTJh
MjM1ZGYwHhcNMjQwMTAyMDIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTM5ODE3MjEwMmYxYzljOTkzZDVhNDI2ZmZiNWZhNjI4ZTQ4ZDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1h4sktE3Z+Fs3xxQLeDZyD09/gz
4acX8HtTwRxN3fqvjY+5anTZU+yMY61PoAwq/52fyXUrjVwjRCv65RUCBKjsPRzL
+Rz9J83voTyS9INccFHqQZ1o3H4YWVzK2vm5p2wuU28x/MAAjNWgAf6XL7j3BlR2
I7vDHNnagxK8JJPIrn8uaKqy4XhX5bgQ6UPAOQIO5REbP7pyV6B+rzUkoCtU4Itw
lGl65nHzQNOyn2KY3r3KNoyrDrD6IQEaOwwdIFN5B5TYJpTEx7BGgAAS5HcxsmDv
eW8INi9Oe06OLit3As1DR4C9M20QVyjl8I9vEJ4Pk+/kdl8GDBauAscpbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBU5gXIQLxycmT1aQm/7X6Yo5I2TMB8GA1UdIwQY
MBaAFDQBI0OmLz8JtVzbwB51w4ISojXfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkFFalE2WXZQd20xWE52QUhuWERnaEtpTmQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9iMjMwMmUtYWFkZS00NjVhLWFhOWIt
MzJkMmJkZDRiYmIxLzEvRlRtQmNoQXZISnlaUFZwQ2JfdGZwaWpralpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9iMjMwMmUtYWFkZS00NjVhLWFhOWItMzJkMmJkZDRiYmIx
LzEvTkFFalE2WXZQd20xWE52QUhuWERnaEtpTmQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+k8MA0G
CSqGSIb3DQEBCwUAA4IBAQATxU+Mydh7eTJQrrdU6n0g2MqlTNR93jDOhswFjgX2
uIParEJUQIK+p3qhYK3yrB0HUsHCYWc6navQS1BvAma0shMYW89SXghINcxsQqAD
ycYmVLcBn8aLsc249GbljySD7EKLmfk9NjfJ0nCwFUB9rmMppEuhQB6bLSU3dkwJ
fBJF9KKCpddIS8NwkMbVTVRxAvRGSM5WIhj0Vt+Gel76PHgf7dfGsSpxSpdRomRG
Ax0KvgUwRiQyNScC/fdayMCaQ3mR0gKsHTKnVO5kCpQhANjL9G+1JZxK3Q5DUuLE
iaBeszhlzXzZ/Pj7RZNha4MVd+tWBPBUKQrpYZ5I0wAW
-----END CERTIFICATE-----