Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/d54bc0-f781-48b0-9f6d-b5f0d21053f8/1/rO-tfO0w2yv8_Bvl_dMgun99YmE.roa
File:                     rO-tfO0w2yv8_Bvl_dMgun99YmE.roa (raw, json)
Hash identifier:          jEmUnw4JQU4j1KtFeNaInmVVNQ6JkWT19yhbejmcNHU=
Subject key identifier:   AC:EF:AD:7C:ED:30:DB:2B:FC:FC:1B:E5:FD:D3:20:BA:7F:7D:62:61
Certificate issuer:       /CN=5d82ca6f8eb685a573e5d1d91f8f06121ab02a37
Certificate serial:       018CC26D46B4E57CE65AE991635DD6D8DD09
Authority key identifier: 5D:82:CA:6F:8E:B6:85:A5:73:E5:D1:D9:1F:8F:06:12:1A:B0:2A:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XYLKb462haVz5dHZH48GEhqwKjc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/d54bc0-f781-48b0-9f6d-b5f0d21053f8/1/rO-tfO0w2yv8_Bvl_dMgun99YmE.roa
Signing time:             Mon 01 Jan 2024 00:29:50 +0000
ROA not before:           Mon 01 Jan 2024 00:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19551
IP address blocks:        91.231.192.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/d54bc0-f781-48b0-9f6d-b5f0d21053f8/1/XYLKb462haVz5dHZH48GEhqwKjc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/d54bc0-f781-48b0-9f6d-b5f0d21053f8/1/XYLKb462haVz5dHZH48GEhqwKjc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XYLKb462haVz5dHZH48GEhqwKjc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:46:b4:e5:7c:e6:5a:e9:91:63:5d:d6:d8:dd:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d82ca6f8eb685a573e5d1d91f8f06121ab02a37
        Validity
            Not Before: Jan  1 00:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acefad7ced30db2bfcfc1be5fdd320ba7f7d6261
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:6d:97:c0:e1:0f:cc:5c:c8:ba:1a:66:20:47:
                    ad:ae:ae:e7:7b:6c:68:24:55:1c:3d:a4:ff:93:43:
                    d5:dc:d5:05:12:0f:dc:96:8d:65:d8:fd:b4:7e:5b:
                    75:0e:9e:49:4d:a3:8d:f0:a2:1d:8d:60:f2:82:30:
                    77:de:00:b1:f7:fd:32:b9:5e:69:da:13:57:2d:38:
                    62:0b:d3:4f:a6:be:d5:4a:67:84:92:19:17:84:48:
                    0d:e3:0a:62:8b:c1:c3:fb:1e:e9:c2:6d:15:85:88:
                    c8:32:43:2a:d9:31:6f:af:73:76:90:d6:80:88:d3:
                    5d:1c:94:86:03:05:99:47:95:e8:a2:0e:1f:37:15:
                    69:bd:b1:55:ee:5f:38:eb:7d:63:95:af:58:4d:65:
                    cd:f5:03:27:b9:30:7e:64:e8:f8:b8:c9:fd:83:de:
                    bc:6e:87:d4:f2:1d:40:ed:fc:6a:03:18:95:1d:38:
                    a5:2d:64:f2:8e:9c:81:b3:9e:22:b7:64:c8:2d:ed:
                    52:8f:06:19:07:a3:de:df:ae:c8:1d:2e:3c:42:f4:
                    da:b4:6c:ed:ae:cd:c2:24:e2:84:1e:70:1e:8b:e3:
                    eb:0e:d9:5f:4f:09:43:a4:35:64:6e:46:d7:8a:60:
                    38:70:1d:ac:c4:5a:51:09:ac:9a:34:10:8b:04:2c:
                    a9:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:EF:AD:7C:ED:30:DB:2B:FC:FC:1B:E5:FD:D3:20:BA:7F:7D:62:61
            X509v3 Authority Key Identifier:
                keyid:5D:82:CA:6F:8E:B6:85:A5:73:E5:D1:D9:1F:8F:06:12:1A:B0:2A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XYLKb462haVz5dHZH48GEhqwKjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/d54bc0-f781-48b0-9f6d-b5f0d21053f8/1/rO-tfO0w2yv8_Bvl_dMgun99YmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/d54bc0-f781-48b0-9f6d-b5f0d21053f8/1/XYLKb462haVz5dHZH48GEhqwKjc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:b5:6c:7f:52:45:86:85:a1:c1:9b:7a:48:e4:e5:70:27:bc:
         e2:bf:cf:37:53:13:98:7a:07:c7:46:ba:b2:fa:ed:32:f5:ab:
         f8:af:ca:63:e8:35:2e:c8:f2:da:82:9e:f2:4e:0b:c1:e5:d3:
         6d:b8:cb:46:8d:ca:b1:58:83:45:87:ce:c0:ee:d8:00:81:72:
         e9:b0:90:fe:d4:30:a4:ee:75:90:ae:92:27:e0:46:95:c6:76:
         fb:79:da:b8:aa:a4:2c:3f:29:55:ee:d2:57:52:bb:24:3f:e6:
         db:d3:7b:f7:7b:a5:4e:db:92:ef:4a:ce:f3:92:4a:66:ae:aa:
         f2:67:ff:4a:f6:30:92:81:8d:7c:c7:38:bb:6e:da:33:79:d5:
         2a:01:3d:07:2b:07:fb:37:3f:63:7b:af:07:03:fa:28:48:8e:
         06:e1:f3:0f:a7:c0:27:94:cd:01:eb:26:20:c6:15:83:72:0a:
         1d:b6:63:52:55:e6:0d:8b:df:61:6d:b5:47:6a:1e:fa:ae:1a:
         88:69:a1:39:9e:7d:de:9c:05:a8:2d:b1:9c:ed:9a:50:97:22:
         00:de:6d:c1:7c:a9:70:57:1c:4d:4c:1d:9e:6b:85:59:ba:b5:
         b2:3d:bd:8a:9a:dd:01:72:ef:8b:11:63:49:48:3d:95:12:72:
         12:a8:dd:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbUa05XzmWumRY13W2N0JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkODJjYTZmOGViNjg1YTU3M2U1ZDFkOTFmOGYwNjEyMWFi
MDJhMzcwHhcNMjQwMTAxMDAyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2VmYWQ3Y2VkMzBkYjJiZmNmYzFiZTVmZGQzMjBiYTdmN2Q2MjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn22XwOEPzFzIuhpmIEetrq7ne2xo
JFUcPaT/k0PV3NUFEg/clo1l2P20flt1Dp5JTaON8KIdjWDygjB33gCx9/0yuV5p
2hNXLThiC9NPpr7VSmeEkhkXhEgN4wpii8HD+x7pwm0VhYjIMkMq2TFvr3N2kNaA
iNNdHJSGAwWZR5Xoog4fNxVpvbFV7l84631jla9YTWXN9QMnuTB+ZOj4uMn9g968
bofU8h1A7fxqAxiVHTilLWTyjpyBs54it2TILe1SjwYZB6Pe367IHS48QvTatGzt
rs3CJOKEHnAei+PrDtlfTwlDpDVkbkbXimA4cB2sxFpRCayaNBCLBCypLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKzvrXztMNsr/Pwb5f3TILp/fWJhMB8GA1UdIwQY
MBaAFF2Cym+OtoWlc+XR2R+PBhIasCo3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFlMS2I0NjJoYVZ6NWRIWkg0OEdFaHF3S2pjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9kNTRiYzAtZjc4MS00OGIwLTlmNmQt
YjVmMGQyMTA1M2Y4LzEvck8tdGZPMHcyeXY4X0J2bF9kTWd1bjk5WW1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9kNTRiYzAtZjc4MS00OGIwLTlmNmQtYjVmMGQyMTA1M2Y4
LzEvWFlMS2I0NjJoYVZ6NWRIWkg0OEdFaHF3S2pjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+fAMA0G
CSqGSIb3DQEBCwUAA4IBAQB0tWx/UkWGhaHBm3pI5OVwJ7ziv883UxOYegfHRrqy
+u0y9av4r8pj6DUuyPLagp7yTgvB5dNtuMtGjcqxWINFh87A7tgAgXLpsJD+1DCk
7nWQrpIn4EaVxnb7edq4qqQsPylV7tJXUrskP+bb03v3e6VO25LvSs7zkkpmrqry
Z/9K9jCSgY18xzi7btozedUqAT0HKwf7Nz9je68HA/ooSI4G4fMPp8AnlM0B6yYg
xhWDcgodtmNSVeYNi99hbbVHah76rhqIaaE5nn3enAWoLbGc7ZpQlyIA3m3BfKlw
VxxNTB2ea4VZurWyPb2Kmt0Bcu+LEWNJSD2VEnISqN3g
-----END CERTIFICATE-----