Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/42888b-aa3f-4611-803d-2db44c91ae60/1/_f-zbCw-S4f6YtnKrZ7Szhziq0Q.roa
File:                     _f-zbCw-S4f6YtnKrZ7Szhziq0Q.roa (raw, json)
Hash identifier:          Xc0Em6YEACcG2CxW5UGWpMH/Gi/GqPndY2YMBGSppAs=
Subject key identifier:   FD:FF:B3:6C:2C:3E:4B:87:FA:62:D9:CA:AD:9E:D2:CE:1C:E2:AB:44
Certificate issuer:       /CN=533dfd6cc140c68a3d3bba86ba57cf3b8ba6a9b7
Certificate serial:       018CC801A35B97391FE3EECF623751CD3C69
Authority key identifier: 53:3D:FD:6C:C1:40:C6:8A:3D:3B:BA:86:BA:57:CF:3B:8B:A6:A9:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uz39bMFAxoo9O7qGulfPO4umqbc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/42888b-aa3f-4611-803d-2db44c91ae60/1/_f-zbCw-S4f6YtnKrZ7Szhziq0Q.roa
Signing time:             Tue 02 Jan 2024 02:29:59 +0000
ROA not before:           Tue 02 Jan 2024 02:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198701
IP address blocks:        91.238.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/42888b-aa3f-4611-803d-2db44c91ae60/1/Uz39bMFAxoo9O7qGulfPO4umqbc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/42888b-aa3f-4611-803d-2db44c91ae60/1/Uz39bMFAxoo9O7qGulfPO4umqbc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uz39bMFAxoo9O7qGulfPO4umqbc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:a3:5b:97:39:1f:e3:ee:cf:62:37:51:cd:3c:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=533dfd6cc140c68a3d3bba86ba57cf3b8ba6a9b7
        Validity
            Not Before: Jan  2 02:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdffb36c2c3e4b87fa62d9caad9ed2ce1ce2ab44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:fa:2e:92:e6:ce:1a:88:42:68:93:a9:41:3c:
                    53:66:95:e6:95:74:08:0f:8d:61:1c:90:0e:23:57:
                    87:01:d7:56:0a:79:87:c4:f6:be:df:45:d9:66:0b:
                    fc:aa:43:bf:ba:1c:8a:8f:aa:d4:af:5b:07:be:70:
                    c3:db:d0:a7:75:65:a0:66:88:ff:82:24:45:8e:dd:
                    b7:62:40:2f:86:06:fa:c8:37:86:ec:58:17:b9:89:
                    3d:97:50:d4:f6:69:77:81:59:ea:f1:46:73:ba:27:
                    35:08:d5:0e:dc:58:e1:2f:30:a3:f2:00:fa:dc:1a:
                    ca:4d:6d:8d:ee:a5:1f:a7:44:cd:8e:05:be:ce:1c:
                    56:fd:c8:da:7b:7b:3a:85:5a:ef:13:f2:2e:4c:dc:
                    8b:80:5e:4e:82:ca:ef:7e:de:e3:7b:4d:72:65:90:
                    bc:59:0a:44:ec:16:e2:31:5b:71:5f:29:1a:27:a2:
                    28:90:d5:ea:ed:8a:35:14:e6:c9:01:6d:a0:39:7a:
                    b0:92:11:e4:9c:b5:7b:7f:2b:ca:81:36:20:33:45:
                    dd:f7:f7:f8:c8:a7:61:d3:de:00:51:8c:b5:45:f1:
                    19:81:67:11:dc:eb:b2:15:fd:52:7b:96:e2:39:3f:
                    8b:30:0c:e7:06:2c:39:9e:14:10:4e:dc:e0:58:c6:
                    1e:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:FF:B3:6C:2C:3E:4B:87:FA:62:D9:CA:AD:9E:D2:CE:1C:E2:AB:44
            X509v3 Authority Key Identifier:
                keyid:53:3D:FD:6C:C1:40:C6:8A:3D:3B:BA:86:BA:57:CF:3B:8B:A6:A9:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uz39bMFAxoo9O7qGulfPO4umqbc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/42888b-aa3f-4611-803d-2db44c91ae60/1/_f-zbCw-S4f6YtnKrZ7Szhziq0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/42888b-aa3f-4611-803d-2db44c91ae60/1/Uz39bMFAxoo9O7qGulfPO4umqbc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:ff:03:ad:6c:16:a9:51:8b:bc:3d:67:f1:5c:3c:8f:0f:c2:
         3a:a5:9b:28:e8:21:f9:c8:6e:f9:a8:1e:5c:fa:0c:d0:c6:7f:
         fe:2c:9c:d4:67:b6:cc:23:f8:41:3b:44:6b:ca:6f:5e:9f:6f:
         2d:52:b9:b3:0e:d4:3b:59:da:a1:59:f1:a1:97:00:23:56:e0:
         b0:74:c8:31:56:9d:5f:3f:6a:23:f4:f9:da:3b:80:15:5b:ec:
         2f:05:66:d6:94:10:cd:36:01:82:61:2d:a9:38:d3:d7:3d:e9:
         85:3e:c1:4c:d9:f5:81:45:d7:22:ce:97:1d:fc:95:91:ae:89:
         55:b3:28:20:d2:f0:9d:9a:68:79:0d:c3:95:8d:77:d8:e3:74:
         82:14:6b:0e:67:1b:d1:9c:5b:48:82:6c:a8:2c:84:22:72:87:
         87:32:f5:92:2c:d6:99:5a:92:5d:af:0f:ca:f1:1d:54:82:43:
         56:fc:e8:28:96:94:99:7a:2a:e6:a2:f6:67:c6:45:e9:ae:14:
         b6:03:25:7a:1e:c7:a0:7b:12:bc:53:bf:03:25:aa:f2:b5:3e:
         65:a5:96:2e:a7:fa:b1:7f:9c:8e:2f:34:84:32:f3:fb:f8:92:
         33:96:3a:92:4f:e1:51:eb:4b:0c:53:47:1c:29:49:7b:1d:cf:
         a6:97:9d:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAaNblzkf4+7PYjdRzTxpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzM2RmZDZjYzE0MGM2OGEzZDNiYmE4NmJhNTdjZjNiOGJh
NmE5YjcwHhcNMjQwMTAyMDIyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGZmYjM2YzJjM2U0Yjg3ZmE2MmQ5Y2FhZDllZDJjZTFjZTJhYjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvoukubOGohCaJOpQTxTZpXmlXQI
D41hHJAOI1eHAddWCnmHxPa+30XZZgv8qkO/uhyKj6rUr1sHvnDD29CndWWgZoj/
giRFjt23YkAvhgb6yDeG7FgXuYk9l1DU9ml3gVnq8UZzuic1CNUO3FjhLzCj8gD6
3BrKTW2N7qUfp0TNjgW+zhxW/cjae3s6hVrvE/IuTNyLgF5Ogsrvft7je01yZZC8
WQpE7BbiMVtxXykaJ6IokNXq7Yo1FObJAW2gOXqwkhHknLV7fyvKgTYgM0Xd9/f4
yKdh094AUYy1RfEZgWcR3OuyFf1Se5biOT+LMAznBiw5nhQQTtzgWMYeUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP3/s2wsPkuH+mLZyq2e0s4c4qtEMB8GA1UdIwQY
MBaAFFM9/WzBQMaKPTu6hrpXzzuLpqm3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXozOWJNRkF4b285TzdxR3VsZlBPNHVtcWJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80Mjg4OGItYWEzZi00NjExLTgwM2Qt
MmRiNDRjOTFhZTYwLzEvX2YtemJDdy1TNGY2WXRuS3JaN1N6aHppcTBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80Mjg4OGItYWEzZi00NjExLTgwM2QtMmRiNDRjOTFhZTYw
LzEvVXozOWJNRkF4b285TzdxR3VsZlBPNHVtcWJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+4WMA0G
CSqGSIb3DQEBCwUAA4IBAQCc/wOtbBapUYu8PWfxXDyPD8I6pZso6CH5yG75qB5c
+gzQxn/+LJzUZ7bMI/hBO0Rrym9en28tUrmzDtQ7WdqhWfGhlwAjVuCwdMgxVp1f
P2oj9PnaO4AVW+wvBWbWlBDNNgGCYS2pONPXPemFPsFM2fWBRdcizpcd/JWRrolV
sygg0vCdmmh5DcOVjXfY43SCFGsOZxvRnFtIgmyoLIQicoeHMvWSLNaZWpJdrw/K
8R1UgkNW/OgolpSZeirmovZnxkXprhS2AyV6HsegexK8U78DJarytT5lpZYup/qx
f5yOLzSEMvP7+JIzljqST+FR60sMU0ccKUl7Hc+ml51B
-----END CERTIFICATE-----