Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/715e1c-5512-4eb4-9ba3-3a003135aad1/1/MIxzHIwriFCHPy_ErR-F7Zsymv8.roa
File:                     MIxzHIwriFCHPy_ErR-F7Zsymv8.roa (raw, json)
Hash identifier:          ldoXg75/ZQ9Ti8aPcytOYccCRMJWdB6px2d3fGhFI9w=
Subject key identifier:   30:8C:73:1C:8C:2B:88:50:87:3F:2F:C4:AD:1F:85:ED:9B:32:9A:FF
Certificate issuer:       /CN=5ac45d9a1a22416833de59a5e619d12096d0969e
Certificate serial:       018CC94D683795F66360A28E73AB9D9A6049
Authority key identifier: 5A:C4:5D:9A:1A:22:41:68:33:DE:59:A5:E6:19:D1:20:96:D0:96:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WsRdmhoiQWgz3lml5hnRIJbQlp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/715e1c-5512-4eb4-9ba3-3a003135aad1/1/MIxzHIwriFCHPy_ErR-F7Zsymv8.roa
Signing time:             Tue 02 Jan 2024 08:32:22 +0000
ROA not before:           Tue 02 Jan 2024 08:32:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44697
IP address blocks:        91.199.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/715e1c-5512-4eb4-9ba3-3a003135aad1/1/WsRdmhoiQWgz3lml5hnRIJbQlp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/715e1c-5512-4eb4-9ba3-3a003135aad1/1/WsRdmhoiQWgz3lml5hnRIJbQlp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WsRdmhoiQWgz3lml5hnRIJbQlp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:68:37:95:f6:63:60:a2:8e:73:ab:9d:9a:60:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ac45d9a1a22416833de59a5e619d12096d0969e
        Validity
            Not Before: Jan  2 08:32:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=308c731c8c2b8850873f2fc4ad1f85ed9b329aff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:59:df:77:da:14:a9:8c:96:23:50:ca:08:42:
                    e8:36:01:e3:ae:a9:8d:1a:fa:e4:89:01:50:4b:d5:
                    a2:9d:9f:f4:0b:b9:54:3c:4e:47:79:98:86:fd:e5:
                    d5:7c:46:89:c2:a6:a0:c6:52:5c:6a:c8:59:13:61:
                    50:85:b8:c9:f4:c0:01:a8:6c:79:75:23:99:72:4b:
                    c2:db:22:17:3d:98:d8:89:f1:91:d2:60:aa:ba:c9:
                    30:e0:a0:79:0e:0d:55:e4:19:a9:3a:0e:17:94:ca:
                    37:a9:49:0e:05:9f:f3:e1:63:1f:93:1a:02:10:7e:
                    7f:c9:da:d8:50:97:ad:9b:da:75:0f:b3:a4:d8:b5:
                    14:bf:0e:7e:f3:e9:5a:2b:09:fe:48:0a:b8:d9:44:
                    34:1b:be:b0:e0:7e:d5:7e:46:05:a2:e9:cf:83:00:
                    68:5a:23:83:84:54:21:aa:bf:5f:33:ae:11:19:d8:
                    33:20:7e:c0:8a:f3:5a:4e:ad:3a:9f:a5:1b:e2:2f:
                    f7:32:34:54:25:3f:a5:8d:f3:b4:e2:0a:80:80:0d:
                    10:62:ac:c8:4a:94:75:38:a6:ed:c6:01:cf:1a:58:
                    46:73:a7:10:21:df:aa:82:42:85:d0:96:54:88:ce:
                    b5:3d:b8:78:b0:84:d7:5b:5c:b4:95:de:23:ee:c9:
                    c0:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:8C:73:1C:8C:2B:88:50:87:3F:2F:C4:AD:1F:85:ED:9B:32:9A:FF
            X509v3 Authority Key Identifier:
                keyid:5A:C4:5D:9A:1A:22:41:68:33:DE:59:A5:E6:19:D1:20:96:D0:96:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WsRdmhoiQWgz3lml5hnRIJbQlp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/715e1c-5512-4eb4-9ba3-3a003135aad1/1/MIxzHIwriFCHPy_ErR-F7Zsymv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/715e1c-5512-4eb4-9ba3-3a003135aad1/1/WsRdmhoiQWgz3lml5hnRIJbQlp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:ea:35:ea:9d:bd:9b:3d:1c:51:94:d5:15:2c:60:cc:63:f1:
         88:8f:b7:c0:8a:1f:3b:06:4f:08:14:84:a4:b3:62:1f:dd:aa:
         a0:60:1d:05:87:f3:2f:74:98:2b:c5:9c:16:53:70:96:ab:ac:
         26:f4:ca:ce:90:86:81:9c:f6:41:88:fa:f6:c8:4c:89:4d:f6:
         9d:2d:38:b6:92:a1:08:e0:9a:4f:3e:fa:80:8a:0e:83:bd:f2:
         da:30:60:3f:7c:29:9b:85:24:c4:fd:6c:db:8b:92:ba:17:7e:
         74:9e:14:9b:49:00:b1:80:02:e7:a1:58:1f:35:9b:a8:e8:b7:
         c2:6c:ae:4c:c0:f6:22:bb:ab:bd:cc:92:d1:28:50:ec:6e:67:
         a0:b5:19:81:a4:09:bd:2a:c8:39:22:12:f0:06:6e:f7:4d:53:
         35:9b:c2:10:f5:e5:83:89:07:c0:8f:e2:73:10:5a:fd:0f:d7:
         df:c4:9d:60:16:d3:51:ae:07:3b:4b:c5:c5:a0:6b:06:66:48:
         2a:ad:db:32:05:ff:f5:77:b2:8d:1f:6e:54:e0:8a:fa:6d:9e:
         a8:98:3b:06:fd:bc:1a:ab:83:84:6b:d7:e0:35:b7:96:81:b9:
         37:b2:c2:f7:1b:4c:a6:0a:59:11:fe:69:ae:8e:32:1a:05:2d:
         f2:51:cc:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTWg3lfZjYKKOc6udmmBJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhYzQ1ZDlhMWEyMjQxNjgzM2RlNTlhNWU2MTlkMTIwOTZk
MDk2OWUwHhcNMjQwMTAyMDgzMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDhjNzMxYzhjMmI4ODUwODczZjJmYzRhZDFmODVlZDliMzI5YWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA61nfd9oUqYyWI1DKCELoNgHjrqmN
GvrkiQFQS9WinZ/0C7lUPE5HeZiG/eXVfEaJwqagxlJcashZE2FQhbjJ9MABqGx5
dSOZckvC2yIXPZjYifGR0mCquskw4KB5Dg1V5BmpOg4XlMo3qUkOBZ/z4WMfkxoC
EH5/ydrYUJetm9p1D7Ok2LUUvw5+8+laKwn+SAq42UQ0G76w4H7VfkYFounPgwBo
WiODhFQhqr9fM64RGdgzIH7AivNaTq06n6Ub4i/3MjRUJT+ljfO04gqAgA0QYqzI
SpR1OKbtxgHPGlhGc6cQId+qgkKF0JZUiM61Pbh4sITXW1y0ld4j7snACQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDCMcxyMK4hQhz8vxK0fhe2bMpr/MB8GA1UdIwQY
MBaAFFrEXZoaIkFoM95ZpeYZ0SCW0JaeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3NSZG1ob2lRV2d6M2xtbDVoblJJSmJRbHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83MTVlMWMtNTUxMi00ZWI0LTliYTMt
M2EwMDMxMzVhYWQxLzEvTUl4ekhJd3JpRkNIUHlfRXJSLUY3WnN5bXY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83MTVlMWMtNTUxMi00ZWI0LTliYTMtM2EwMDMxMzVhYWQx
LzEvV3NSZG1ob2lRV2d6M2xtbDVoblJJSmJRbHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8e3MA0G
CSqGSIb3DQEBCwUAA4IBAQBZ6jXqnb2bPRxRlNUVLGDMY/GIj7fAih87Bk8IFISk
s2If3aqgYB0Fh/MvdJgrxZwWU3CWq6wm9MrOkIaBnPZBiPr2yEyJTfadLTi2kqEI
4JpPPvqAig6DvfLaMGA/fCmbhSTE/Wzbi5K6F350nhSbSQCxgALnoVgfNZuo6LfC
bK5MwPYiu6u9zJLRKFDsbmegtRmBpAm9Ksg5IhLwBm73TVM1m8IQ9eWDiQfAj+Jz
EFr9D9ffxJ1gFtNRrgc7S8XFoGsGZkgqrdsyBf/1d7KNH25U4Ir6bZ6omDsG/bwa
q4OEa9fgNbeWgbk3ssL3G0ymClkR/mmujjIaBS3yUcw0
-----END CERTIFICATE-----