Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/4003bd-494d-4246-be94-c8659f76a2ea/1/5yxQICftIQK9nsKBQwxdDPC1c9o.roa
File:                     5yxQICftIQK9nsKBQwxdDPC1c9o.roa (raw, json)
Hash identifier:          GUscNIDVK3OVjxnlrOEL5sl+YYxw2vN7lEke1VICDIU=
Subject key identifier:   E7:2C:50:20:27:ED:21:02:BD:9E:C2:81:43:0C:5D:0C:F0:B5:73:DA
Certificate issuer:       /CN=419a82be1e16422f9a88549af6d542481d691ac9
Certificate serial:       018EBE9E94A72D9A612ECC77E1D22F13E031
Authority key identifier: 41:9A:82:BE:1E:16:42:2F:9A:88:54:9A:F6:D5:42:48:1D:69:1A:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QZqCvh4WQi-aiFSa9tVCSB1pGsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/4003bd-494d-4246-be94-c8659f76a2ea/1/5yxQICftIQK9nsKBQwxdDPC1c9o.roa
Signing time:             Mon 08 Apr 2024 16:50:47 +0000
ROA not before:           Mon 08 Apr 2024 16:50:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41236
IP address blocks:        91.211.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/4003bd-494d-4246-be94-c8659f76a2ea/1/QZqCvh4WQi-aiFSa9tVCSB1pGsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/4003bd-494d-4246-be94-c8659f76a2ea/1/QZqCvh4WQi-aiFSa9tVCSB1pGsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QZqCvh4WQi-aiFSa9tVCSB1pGsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:03:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:be:9e:94:a7:2d:9a:61:2e:cc:77:e1:d2:2f:13:e0:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=419a82be1e16422f9a88549af6d542481d691ac9
        Validity
            Not Before: Apr  8 16:50:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e72c502027ed2102bd9ec281430c5d0cf0b573da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f5:b9:03:51:b3:e4:fc:a5:f7:88:d4:26:24:
                    6d:19:86:cf:8a:7b:0a:51:42:f5:0c:2a:3c:91:93:
                    05:3c:81:bc:92:56:54:94:e1:8b:e5:da:e6:fd:e0:
                    64:23:1f:41:0a:8f:ac:a9:07:68:5f:8a:db:e9:0d:
                    67:08:cb:27:a5:53:03:d9:78:50:23:fd:93:46:9c:
                    dc:e0:44:e5:8e:42:1f:5c:7e:6c:93:c9:8a:0f:df:
                    6f:5a:6c:61:8d:9c:b5:1c:08:22:ce:5f:e3:89:10:
                    15:3f:28:b4:16:6f:60:13:e9:40:47:35:59:39:d8:
                    04:b0:6d:57:a5:31:32:c1:fa:7a:b7:92:c6:a6:64:
                    49:35:26:e0:80:97:8b:40:e1:04:14:6d:e4:74:bf:
                    71:30:de:58:fd:3c:3c:79:cc:18:c0:f6:e4:7a:e0:
                    92:13:eb:e8:64:c6:b9:66:35:be:b0:32:5a:6f:0b:
                    00:b7:fb:2d:27:b0:b9:97:7f:07:35:d5:0f:6e:0d:
                    ee:43:a5:63:2b:a2:1a:77:26:7b:45:a1:bc:af:6b:
                    2f:93:20:30:bc:04:f5:5f:02:d5:1b:cd:33:34:26:
                    9c:06:4e:d4:37:14:7c:bd:3a:3a:8e:8e:31:e1:55:
                    24:fe:83:e1:f5:0f:31:d9:c5:c8:5a:f2:39:e5:88:
                    15:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:2C:50:20:27:ED:21:02:BD:9E:C2:81:43:0C:5D:0C:F0:B5:73:DA
            X509v3 Authority Key Identifier:
                keyid:41:9A:82:BE:1E:16:42:2F:9A:88:54:9A:F6:D5:42:48:1D:69:1A:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QZqCvh4WQi-aiFSa9tVCSB1pGsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/4003bd-494d-4246-be94-c8659f76a2ea/1/5yxQICftIQK9nsKBQwxdDPC1c9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/4003bd-494d-4246-be94-c8659f76a2ea/1/QZqCvh4WQi-aiFSa9tVCSB1pGsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:04:8c:93:23:97:71:48:1e:10:b1:70:a8:5a:17:d8:0e:5b:
         36:6d:02:6d:eb:09:67:65:3c:56:a4:19:75:0a:5c:04:0b:ae:
         1a:d4:21:ee:2b:e6:a7:98:e4:14:46:3c:c8:40:2c:28:6f:22:
         ef:b6:52:c9:86:42:34:45:c5:6e:a9:f2:a8:45:cf:2d:d1:30:
         2a:2a:9f:a8:c9:57:42:51:90:00:cc:3a:cc:2c:2f:1b:fc:74:
         eb:60:82:5f:15:b7:a4:e8:01:e4:a0:92:79:b0:af:d5:90:95:
         16:42:3d:36:0d:81:81:2c:28:93:9e:95:7b:85:9a:80:3b:5a:
         d1:bf:3f:91:f1:be:46:7c:40:b8:2e:8f:82:1f:ff:3f:91:d0:
         3c:82:94:8b:91:f5:d8:73:7c:9c:36:73:83:f5:3f:ad:77:00:
         fb:15:0c:fc:d5:57:45:8a:a9:78:c0:14:7f:46:e2:36:7e:30:
         a3:7a:2c:ee:ff:ef:b1:16:21:68:4a:5e:99:86:76:04:b1:ad:
         db:75:88:df:b4:0e:e0:1e:67:51:f5:05:20:b4:71:e7:0c:5e:
         5f:ac:6c:6f:f7:39:dc:21:c9:f3:e6:2c:77:12:a4:8e:3e:4e:
         ff:86:9f:4e:45:0c:7f:8c:ea:29:29:ac:42:bc:3a:af:a9:0d:
         41:54:ec:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6+npSnLZphLsx34dIvE+AxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxOWE4MmJlMWUxNjQyMmY5YTg4NTQ5YWY2ZDU0MjQ4MWQ2
OTFhYzkwHhcNMjQwNDA4MTY1MDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzJjNTAyMDI3ZWQyMTAyYmQ5ZWMyODE0MzBjNWQwY2YwYjU3M2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfW5A1Gz5Pyl94jUJiRtGYbPinsK
UUL1DCo8kZMFPIG8klZUlOGL5drm/eBkIx9BCo+sqQdoX4rb6Q1nCMsnpVMD2XhQ
I/2TRpzc4ETljkIfXH5sk8mKD99vWmxhjZy1HAgizl/jiRAVPyi0Fm9gE+lARzVZ
OdgEsG1XpTEywfp6t5LGpmRJNSbggJeLQOEEFG3kdL9xMN5Y/Tw8ecwYwPbkeuCS
E+voZMa5ZjW+sDJabwsAt/stJ7C5l38HNdUPbg3uQ6VjK6IadyZ7RaG8r2svkyAw
vAT1XwLVG80zNCacBk7UNxR8vTo6jo4x4VUk/oPh9Q8x2cXIWvI55YgVkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOcsUCAn7SECvZ7CgUMMXQzwtXPaMB8GA1UdIwQY
MBaAFEGagr4eFkIvmohUmvbVQkgdaRrJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVpxQ3ZoNFdRaS1haUZTYTl0VkNTQjFwR3NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy80MDAzYmQtNDk0ZC00MjQ2LWJlOTQt
Yzg2NTlmNzZhMmVhLzEvNXl4UUlDZnRJUUs5bnNLQlF3eGREUEMxYzlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy80MDAzYmQtNDk0ZC00MjQ2LWJlOTQtYzg2NTlmNzZhMmVh
LzEvUVpxQ3ZoNFdRaS1haUZTYTl0VkNTQjFwR3NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9NXMA0G
CSqGSIb3DQEBCwUAA4IBAQBmBIyTI5dxSB4QsXCoWhfYDls2bQJt6wlnZTxWpBl1
ClwEC64a1CHuK+anmOQURjzIQCwobyLvtlLJhkI0RcVuqfKoRc8t0TAqKp+oyVdC
UZAAzDrMLC8b/HTrYIJfFbek6AHkoJJ5sK/VkJUWQj02DYGBLCiTnpV7hZqAO1rR
vz+R8b5GfEC4Lo+CH/8/kdA8gpSLkfXYc3ycNnOD9T+tdwD7FQz81VdFiql4wBR/
RuI2fjCjeizu/++xFiFoSl6ZhnYEsa3bdYjftA7gHmdR9QUgtHHnDF5frGxv9znc
Icnz5ix3EqSOPk7/hp9ORQx/jOopKaxCvDqvqQ1BVOwT
-----END CERTIFICATE-----