Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/227e6b-02e4-4108-8b33-63dd275300bc/1/yE6jcIwte5Looql5iM86S7f0MmI.roa
File:                     yE6jcIwte5Looql5iM86S7f0MmI.roa (raw, json)
Hash identifier:          fZlrBywKOAtE517xVKB4/pE2NCOoeSywAxZbxxY+/ro=
Subject key identifier:   C8:4E:A3:70:8C:2D:7B:92:E8:A2:A9:79:88:CF:3A:4B:B7:F4:32:62
Certificate issuer:       /CN=819901b64fe22656b8f2db260b453f279352b7d0
Certificate serial:       018CC726C6C682801AA575EDF963AA247F3C
Authority key identifier: 81:99:01:B6:4F:E2:26:56:B8:F2:DB:26:0B:45:3F:27:93:52:B7:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZkBtk_iJla48tsmC0U_J5NSt9A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/227e6b-02e4-4108-8b33-63dd275300bc/1/yE6jcIwte5Looql5iM86S7f0MmI.roa
Signing time:             Mon 01 Jan 2024 22:30:56 +0000
ROA not before:           Mon 01 Jan 2024 22:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50572
IP address blocks:        91.238.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/227e6b-02e4-4108-8b33-63dd275300bc/1/gZkBtk_iJla48tsmC0U_J5NSt9A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/227e6b-02e4-4108-8b33-63dd275300bc/1/gZkBtk_iJla48tsmC0U_J5NSt9A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZkBtk_iJla48tsmC0U_J5NSt9A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:c6:c6:82:80:1a:a5:75:ed:f9:63:aa:24:7f:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=819901b64fe22656b8f2db260b453f279352b7d0
        Validity
            Not Before: Jan  1 22:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c84ea3708c2d7b92e8a2a97988cf3a4bb7f43262
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:d7:30:a1:b7:2c:a5:7d:c7:6f:d1:65:53:f6:
                    5b:e5:92:78:ec:4e:97:b2:86:2f:f0:16:8c:a1:85:
                    e2:aa:f5:8c:ed:79:84:fc:c1:0d:2d:d6:9e:23:1b:
                    88:6c:d5:f9:96:2a:c0:ad:74:4e:ce:dd:c1:e9:0f:
                    79:5a:48:02:6d:35:5c:36:93:6c:dc:7a:ea:32:52:
                    9b:d8:41:05:23:13:da:cc:8e:5c:0a:2d:7a:83:03:
                    d2:14:bb:5d:76:9b:38:f4:67:bb:5a:21:f1:e3:06:
                    1f:e3:79:41:3d:2c:36:6e:8e:c0:8d:88:59:5b:85:
                    ec:b0:f1:30:d9:e3:61:d7:15:e0:56:f1:a1:41:ce:
                    d2:e7:b7:a7:17:04:b0:71:58:68:1e:e9:e1:c7:83:
                    d1:9f:1b:a8:ef:57:f5:1e:7b:e3:46:e8:27:da:a4:
                    28:5f:1b:f7:34:11:24:97:11:5c:da:3a:6a:18:ed:
                    31:c6:8a:24:e9:bd:cc:96:b5:39:07:5f:8c:99:ce:
                    dd:af:24:97:e2:32:38:9f:fa:c9:b8:b7:8a:c4:5a:
                    cf:8f:bf:b7:b5:6f:ef:f9:29:9f:0f:ef:b1:fb:60:
                    9d:e5:77:cf:62:41:85:c7:a4:84:39:b7:07:5e:d0:
                    be:f3:9a:a8:91:20:bf:05:4a:61:c0:91:1f:fe:38:
                    56:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:4E:A3:70:8C:2D:7B:92:E8:A2:A9:79:88:CF:3A:4B:B7:F4:32:62
            X509v3 Authority Key Identifier:
                keyid:81:99:01:B6:4F:E2:26:56:B8:F2:DB:26:0B:45:3F:27:93:52:B7:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZkBtk_iJla48tsmC0U_J5NSt9A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/227e6b-02e4-4108-8b33-63dd275300bc/1/yE6jcIwte5Looql5iM86S7f0MmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/227e6b-02e4-4108-8b33-63dd275300bc/1/gZkBtk_iJla48tsmC0U_J5NSt9A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:8a:9c:dc:f0:d9:38:4d:9b:e6:ec:d1:3f:68:9f:f2:d8:98:
         15:01:06:a8:c1:7f:df:29:8a:21:9f:4c:14:36:4a:a6:1c:30:
         90:8a:f4:45:ff:5f:a8:db:84:72:dd:3e:ac:a8:5e:3e:48:ef:
         94:31:a7:24:28:b4:02:5f:96:6d:98:89:6d:5a:07:df:c1:e7:
         c7:a1:9f:29:04:8b:a1:d5:e4:49:f4:3b:33:ae:2b:93:7e:4d:
         84:32:86:49:29:26:24:ee:72:c8:0c:bb:90:78:6f:91:36:a8:
         32:ac:65:f8:b8:41:22:6c:0d:0c:7d:fb:c1:af:22:79:af:42:
         2b:06:69:df:59:b4:f8:24:6b:11:e4:95:ac:af:0b:10:1b:83:
         42:ff:cb:0c:ea:0e:19:60:45:19:3e:cc:81:54:1f:12:d8:52:
         f1:76:dc:93:f7:94:75:ba:65:a9:74:dd:89:13:68:30:3e:2a:
         64:5e:2e:5b:80:bd:29:a4:7f:39:df:f0:08:8d:42:99:fc:3a:
         de:9f:fd:1c:73:92:e0:3f:3c:6d:fc:fc:1c:fe:25:11:2f:9e:
         18:94:95:6e:fb:e6:d1:9b:31:92:85:47:e6:34:f9:42:bd:00:
         83:6b:17:ba:d5:81:47:02:23:5e:94:3b:fe:e4:c6:6f:b3:19:
         43:d5:0b:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJsbGgoAapXXt+WOqJH88MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTkwMWI2NGZlMjI2NTZiOGYyZGIyNjBiNDUzZjI3OTM1
MmI3ZDAwHhcNMjQwMTAxMjIzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODRlYTM3MDhjMmQ3YjkyZThhMmE5Nzk4OGNmM2E0YmI3ZjQzMjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydcwobcspX3Hb9FlU/Zb5ZJ47E6X
soYv8BaMoYXiqvWM7XmE/MENLdaeIxuIbNX5lirArXROzt3B6Q95WkgCbTVcNpNs
3HrqMlKb2EEFIxPazI5cCi16gwPSFLtddps49Ge7WiHx4wYf43lBPSw2bo7AjYhZ
W4XssPEw2eNh1xXgVvGhQc7S57enFwSwcVhoHunhx4PRnxuo71f1HnvjRugn2qQo
Xxv3NBEklxFc2jpqGO0xxook6b3MlrU5B1+Mmc7drySX4jI4n/rJuLeKxFrPj7+3
tW/v+SmfD++x+2Cd5XfPYkGFx6SEObcHXtC+85qokSC/BUphwJEf/jhWDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMhOo3CMLXuS6KKpeYjPOku39DJiMB8GA1UdIwQY
MBaAFIGZAbZP4iZWuPLbJgtFPyeTUrfQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1prQnRrX2lKbGE0OHRzbUMwVV9KNU5TdDlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8yMjdlNmItMDJlNC00MTA4LThiMzMt
NjNkZDI3NTMwMGJjLzEveUU2amNJd3RlNUxvb3FsNWlNODZTN2YwTW1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8yMjdlNmItMDJlNC00MTA4LThiMzMtNjNkZDI3NTMwMGJj
LzEvZ1prQnRrX2lKbGE0OHRzbUMwVV9KNU5TdDlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+4zMA0G
CSqGSIb3DQEBCwUAA4IBAQBqipzc8Nk4TZvm7NE/aJ/y2JgVAQaowX/fKYohn0wU
NkqmHDCQivRF/1+o24Ry3T6sqF4+SO+UMackKLQCX5ZtmIltWgffwefHoZ8pBIuh
1eRJ9DszriuTfk2EMoZJKSYk7nLIDLuQeG+RNqgyrGX4uEEibA0MffvBryJ5r0Ir
BmnfWbT4JGsR5JWsrwsQG4NC/8sM6g4ZYEUZPsyBVB8S2FLxdtyT95R1umWpdN2J
E2gwPipkXi5bgL0ppH853/AIjUKZ/Dren/0cc5LgPzxt/Pwc/iURL54YlJVu++bR
mzGShUfmNPlCvQCDaxe61YFHAiNelDv+5MZvsxlD1QvL
-----END CERTIFICATE-----