Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/X8i2WUIHeMMAMXhte2eivaCZS6A.roa
File:                     X8i2WUIHeMMAMXhte2eivaCZS6A.roa (raw, json)
Hash identifier:          CXcpnLAbgNQRrOYKxiexYs2FXHaaspTSzPfgRFKe2VY=
Subject key identifier:   5F:C8:B6:59:42:07:78:C3:00:31:78:6D:7B:67:A2:BD:A0:99:4B:A0
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       018CC5002DF1EF4607BED1BB7FD73CB2E350
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/X8i2WUIHeMMAMXhte2eivaCZS6A.roa
Signing time:             Mon 01 Jan 2024 12:29:32 +0000
ROA not before:           Mon 01 Jan 2024 12:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        91.213.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:2d:f1:ef:46:07:be:d1:bb:7f:d7:3c:b2:e3:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Jan  1 12:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5fc8b659420778c30031786d7b67a2bda0994ba0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:16:02:bb:2e:49:9e:39:18:a5:16:4c:de:f7:
                    dd:01:75:72:86:70:4c:54:e5:a8:c9:9a:4d:d9:5b:
                    28:af:76:9a:b1:c8:77:42:53:6d:21:bf:50:0c:95:
                    1a:08:2c:ed:a2:fb:47:8d:6c:c2:3e:b9:57:87:ef:
                    32:0a:64:81:e3:13:51:87:4f:9b:fa:02:ae:89:a9:
                    8f:84:65:38:c7:34:ad:e0:15:2a:0a:e5:5f:b8:f2:
                    77:08:0e:69:3a:eb:27:36:ab:e4:da:d1:ad:4e:4c:
                    c2:31:f7:16:a9:61:80:90:f5:09:23:3f:d6:86:7d:
                    d8:bf:35:fe:27:a0:15:51:88:9c:53:ba:87:3d:d0:
                    62:30:66:7b:ca:12:a4:72:2b:c8:1d:e1:70:a4:dc:
                    3a:ba:d9:37:f4:5e:2b:3e:f0:a9:26:89:ce:84:3a:
                    8c:50:d3:73:66:00:c0:c9:21:f3:6a:49:ee:ec:b4:
                    67:74:78:f2:77:b4:7c:9a:48:ce:97:fa:cf:fd:c8:
                    47:da:4b:68:a5:12:f1:aa:02:3a:42:b1:82:88:76:
                    71:9e:32:a0:08:8d:a6:97:80:a4:35:e4:d5:bf:3b:
                    b4:44:e9:5a:a5:71:98:11:d4:ae:0a:73:a1:f0:eb:
                    ad:b5:09:74:a1:ed:d8:6e:0f:6e:0f:ce:aa:ec:39:
                    1d:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:C8:B6:59:42:07:78:C3:00:31:78:6D:7B:67:A2:BD:A0:99:4B:A0
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/X8i2WUIHeMMAMXhte2eivaCZS6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:ce:1d:7e:a4:c8:b4:1f:8a:5f:9a:0e:d5:8a:ba:74:03:a4:
         b4:ab:c0:dc:5f:e4:f5:70:c8:36:d3:24:de:56:85:99:23:c9:
         99:df:22:aa:d8:3f:e2:d7:9b:49:6e:8c:be:cc:56:91:2b:c6:
         df:c7:19:29:2a:cc:50:84:6f:78:65:8b:28:75:8f:46:d7:76:
         1a:5f:c2:9e:ec:61:80:ac:99:9c:7a:17:2b:7e:39:93:81:74:
         25:7f:2e:15:a4:6b:68:a6:53:f0:90:00:89:29:f7:51:64:57:
         a1:a1:d6:57:c9:fb:e4:1c:06:75:c1:0b:be:eb:48:7a:f5:86:
         f1:e8:48:38:94:2d:ca:e2:ef:5b:f3:04:8c:17:55:a8:52:34:
         67:14:65:95:d0:90:b8:71:90:54:cb:51:23:e0:e4:35:40:cc:
         4b:f9:f5:21:17:7d:7d:29:6d:a7:4c:64:09:4a:b5:fc:e8:18:
         07:c7:a8:84:a6:cb:34:5b:32:86:37:77:ec:01:1c:f8:53:7b:
         b8:c7:d3:9c:fa:2b:d4:1a:f7:5c:2c:05:76:26:ae:f2:2f:79:
         13:54:12:23:05:c3:95:65:90:90:78:dd:ee:9b:82:d2:98:de:
         9a:51:ac:93:0d:45:48:4a:5c:8b:9b:44:3b:81:f2:1c:ca:ab:
         ba:34:09:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAC3x70YHvtG7f9c8suNQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjQwMTAxMTIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmM4YjY1OTQyMDc3OGMzMDAzMTc4NmQ3YjY3YTJiZGEwOTk0YmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRYCuy5JnjkYpRZM3vfdAXVyhnBM
VOWoyZpN2Vsor3aasch3QlNtIb9QDJUaCCztovtHjWzCPrlXh+8yCmSB4xNRh0+b
+gKuiamPhGU4xzSt4BUqCuVfuPJ3CA5pOusnNqvk2tGtTkzCMfcWqWGAkPUJIz/W
hn3YvzX+J6AVUYicU7qHPdBiMGZ7yhKkcivIHeFwpNw6utk39F4rPvCpJonOhDqM
UNNzZgDAySHzaknu7LRndHjyd7R8mkjOl/rP/chH2ktopRLxqgI6QrGCiHZxnjKg
CI2ml4CkNeTVvzu0ROlapXGYEdSuCnOh8OuttQl0oe3Ybg9uD86q7DkddwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF/ItllCB3jDADF4bXtnor2gmUugMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvWDhpMldVSUhlTU1BTVhodGUyZWl2YUNaUzZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9WuMA0G
CSqGSIb3DQEBCwUAA4IBAQBTzh1+pMi0H4pfmg7Virp0A6S0q8DcX+T1cMg20yTe
VoWZI8mZ3yKq2D/i15tJboy+zFaRK8bfxxkpKsxQhG94ZYsodY9G13YaX8Ke7GGA
rJmcehcrfjmTgXQlfy4VpGtoplPwkACJKfdRZFehodZXyfvkHAZ1wQu+60h69Ybx
6Eg4lC3K4u9b8wSMF1WoUjRnFGWV0JC4cZBUy1Ej4OQ1QMxL+fUhF319KW2nTGQJ
SrX86BgHx6iEpss0WzKGN3fsARz4U3u4x9Oc+ivUGvdcLAV2Jq7yL3kTVBIjBcOV
ZZCQeN3um4LSmN6aUayTDUVISlyLm0Q7gfIcyqu6NAlU
-----END CERTIFICATE-----