Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/TxlPHT7U9Owu4X7AG7nLeFnY3Ik.roa
File:                     TxlPHT7U9Owu4X7AG7nLeFnY3Ik.roa (raw, json)
Hash identifier:          QurnzKRpHmYM1YEq/qfv90v1kP8TwjimfzxVZzVrkDk=
Subject key identifier:   4F:19:4F:1D:3E:D4:F4:EC:2E:E1:7E:C0:1B:B9:CB:78:59:D8:DC:89
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018ED1BE34166F3AA47ABE5529C4A9EB0E81
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/TxlPHT7U9Owu4X7AG7nLeFnY3Ik.roa
Signing time:             Fri 12 Apr 2024 09:58:07 +0000
ROA not before:           Fri 12 Apr 2024 09:58:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50738
IP address blocks:        91.236.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d1:be:34:16:6f:3a:a4:7a:be:55:29:c4:a9:eb:0e:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr 12 09:58:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f194f1d3ed4f4ec2ee17ec01bb9cb7859d8dc89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:ac:52:f9:9d:b4:53:44:ae:1b:fd:2a:d2:52:
                    8c:d9:ca:9c:f8:f9:ce:77:f9:e6:db:e2:dc:52:3b:
                    21:df:53:fa:e8:c0:55:c5:4c:e3:c0:cb:a2:e7:74:
                    66:9a:46:32:72:00:39:59:35:7d:15:b6:cc:39:f8:
                    fa:83:6f:18:e6:e6:a8:d1:7b:1b:b4:45:f6:9c:32:
                    94:51:5d:88:04:c5:8c:dd:c4:07:bd:64:f1:26:ee:
                    27:cb:cd:7b:2c:f7:97:fb:5b:4d:0e:93:c6:9a:4a:
                    bb:48:fa:9b:76:6d:47:31:3e:fe:fc:b0:0b:1f:93:
                    26:19:1d:08:1f:cf:db:38:e6:73:63:26:20:1a:e5:
                    f5:b5:fb:63:97:ff:2b:de:b9:10:42:17:02:34:cc:
                    a8:2a:02:c0:20:2f:af:cf:96:e6:7f:87:af:30:00:
                    dc:1c:7c:19:6a:1e:b1:de:7c:6a:2a:fb:af:24:73:
                    db:74:7b:ee:95:b2:03:da:e1:00:6f:ca:88:5e:a2:
                    ae:c1:17:78:d3:d5:b2:b7:4f:e3:6a:07:13:88:70:
                    bb:ff:5e:0d:92:5e:75:b1:74:58:c6:1c:57:36:5e:
                    a0:e9:7b:ac:9a:bf:b5:29:e6:b5:7a:c5:0b:fe:3e:
                    de:cd:76:35:da:8a:65:9e:b6:34:1e:9c:f0:58:3d:
                    42:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:19:4F:1D:3E:D4:F4:EC:2E:E1:7E:C0:1B:B9:CB:78:59:D8:DC:89
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/TxlPHT7U9Owu4X7AG7nLeFnY3Ik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:a8:18:c1:4e:33:c4:8c:70:fe:99:d7:c6:2b:78:9d:a2:be:
         1c:64:43:c6:01:0d:d7:1d:c7:a9:ee:78:e7:f3:35:49:68:36:
         a4:c5:01:a7:1e:9b:f7:2a:47:94:4f:98:b4:5e:a1:d4:19:9d:
         02:58:6d:42:de:54:7c:a8:b6:21:9b:86:7f:36:b1:64:ca:80:
         0b:23:ee:2d:70:e1:f5:ab:e5:c5:2b:83:75:03:44:d9:13:37:
         67:03:09:5d:a0:23:c0:aa:38:54:80:69:0a:af:d3:38:cd:aa:
         e3:ca:1c:de:ae:5a:31:63:cc:f6:2e:9e:9f:13:ad:aa:29:79:
         4e:88:73:e5:c7:6c:d5:a2:9d:a3:12:79:5c:3f:0c:3e:67:eb:
         4d:2d:bf:0a:97:7b:34:67:78:4c:19:75:49:7f:0c:d1:23:40:
         be:f4:db:88:dd:cb:86:77:58:e4:42:93:d4:72:bf:e5:e9:63:
         d1:90:22:6a:51:d5:6e:a7:97:0a:cd:e0:01:44:a7:20:3e:5e:
         07:65:ef:77:95:10:b1:91:05:41:6b:17:b7:7e:5b:66:3b:d9:
         69:2a:a9:ed:77:90:9c:27:42:1e:72:d7:b7:de:95:c0:d7:d1:
         c6:a0:77:d8:a5:6e:08:47:49:8e:be:85:c4:19:9c:a7:3d:b2:
         fc:f7:1a:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7RvjQWbzqker5VKcSp6w6BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwNDEyMDk1ODA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjE5NGYxZDNlZDRmNGVjMmVlMTdlYzAxYmI5Y2I3ODU5ZDhkYzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6xS+Z20U0SuG/0q0lKM2cqc+PnO
d/nm2+LcUjsh31P66MBVxUzjwMui53RmmkYycgA5WTV9FbbMOfj6g28Y5uao0Xsb
tEX2nDKUUV2IBMWM3cQHvWTxJu4ny817LPeX+1tNDpPGmkq7SPqbdm1HMT7+/LAL
H5MmGR0IH8/bOOZzYyYgGuX1tftjl/8r3rkQQhcCNMyoKgLAIC+vz5bmf4evMADc
HHwZah6x3nxqKvuvJHPbdHvulbID2uEAb8qIXqKuwRd409Wyt0/jagcTiHC7/14N
kl51sXRYxhxXNl6g6Xusmr+1Kea1esUL/j7ezXY12oplnrY0HpzwWD1CXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE8ZTx0+1PTsLuF+wBu5y3hZ2NyJMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvVHhsUEhUN1U5T3d1NFg3QUc3bkxlRm5ZM0lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+xPMA0G
CSqGSIb3DQEBCwUAA4IBAQBlqBjBTjPEjHD+mdfGK3idor4cZEPGAQ3XHcep7njn
8zVJaDakxQGnHpv3KkeUT5i0XqHUGZ0CWG1C3lR8qLYhm4Z/NrFkyoALI+4tcOH1
q+XFK4N1A0TZEzdnAwldoCPAqjhUgGkKr9M4zarjyhzerloxY8z2Lp6fE62qKXlO
iHPlx2zVop2jEnlcPww+Z+tNLb8Kl3s0Z3hMGXVJfwzRI0C+9NuI3cuGd1jkQpPU
cr/l6WPRkCJqUdVup5cKzeABRKcgPl4HZe93lRCxkQVBaxe3fltmO9lpKqntd5Cc
J0Iecte33pXA19HGoHfYpW4IR0mOvoXEGZynPbL89xo7
-----END CERTIFICATE-----