Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/fyXj1twbsb_PK557GfPRzCDNFQ8.roa
File:                     fyXj1twbsb_PK557GfPRzCDNFQ8.roa (raw, json)
Hash identifier:          n6J/upL1V9CtP7EwZm0nrAsm0+2xh30khBMPKxoM+0U=
Subject key identifier:   7F:25:E3:D6:DC:1B:B1:BF:CF:2B:9E:7B:19:F3:D1:CC:20:CD:15:0F
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       018CC871480F611DF83DA31298E5F3FD61F3
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/fyXj1twbsb_PK557GfPRzCDNFQ8.roa
Signing time:             Tue 02 Jan 2024 04:31:56 +0000
ROA not before:           Tue 02 Jan 2024 04:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30823
IP address blocks:        91.190.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:48:0f:61:1d:f8:3d:a3:12:98:e5:f3:fd:61:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Jan  2 04:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f25e3d6dc1bb1bfcf2b9e7b19f3d1cc20cd150f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:36:9d:6d:6e:b7:7b:d3:3d:71:1e:40:fc:50:
                    db:5b:ed:ef:dd:b5:4d:9a:d9:b2:e0:84:98:d8:e9:
                    63:10:ca:72:0d:79:f9:ca:e1:bb:fc:4a:40:3f:4f:
                    d3:8f:da:b5:49:8d:23:b0:fe:8c:13:2d:68:33:cb:
                    72:1a:a0:00:c0:37:b6:8f:4d:74:f1:d5:15:42:21:
                    a2:2d:98:bf:1c:c3:7c:2d:4e:04:62:95:2a:12:a8:
                    35:69:69:03:53:bf:5f:c3:22:fe:ff:97:e9:e0:d7:
                    2a:86:32:af:51:10:fe:3b:aa:a3:7e:ab:62:f9:b3:
                    ec:b3:0b:5d:a7:50:20:25:26:6a:9e:3d:de:a9:1b:
                    f3:8f:26:c6:7e:2c:05:db:d5:06:da:2a:71:5d:69:
                    3e:4f:35:f6:d0:07:38:b1:37:49:20:cc:25:90:b3:
                    81:89:40:be:fd:91:f7:ed:2d:8b:20:1e:6e:a3:12:
                    8b:19:a1:72:a7:53:19:76:10:c0:7a:2f:c7:dd:de:
                    08:be:9d:69:34:f1:02:b2:ab:dd:54:0f:90:c4:9c:
                    5a:4c:26:89:1a:0b:0d:94:ec:a4:91:c6:27:da:49:
                    af:84:ee:2e:a7:51:4a:2e:71:4d:75:43:c6:75:94:
                    15:3f:da:14:33:05:b4:39:54:ba:b0:21:d1:81:ab:
                    6b:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:25:E3:D6:DC:1B:B1:BF:CF:2B:9E:7B:19:F3:D1:CC:20:CD:15:0F
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/fyXj1twbsb_PK557GfPRzCDNFQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.190.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:dd:5c:45:28:10:ef:50:b5:fc:6b:a9:02:d2:fc:3a:08:e6:
         3e:af:29:4a:2d:d4:4a:fd:b7:41:78:79:86:30:25:12:fe:86:
         aa:94:b4:84:6d:45:1f:17:e2:ec:bd:72:99:3f:6a:44:93:7d:
         67:99:b0:f6:31:13:4a:5e:6c:96:3b:7d:30:41:41:d1:6e:a7:
         bd:c8:ad:01:0c:a9:fa:9b:e3:41:f2:53:c2:c3:26:74:0d:83:
         e6:f0:2f:88:22:e5:c2:0b:80:c7:55:b5:89:63:58:f3:d1:33:
         a5:44:b7:4f:a5:2e:d4:c8:48:8a:c5:93:54:6b:b3:78:3f:fd:
         82:5e:7a:d3:6f:e6:54:e8:32:3b:67:c2:c6:1f:b8:69:cb:68:
         32:10:0c:39:de:73:3e:75:48:6c:53:4e:2f:f1:e7:a2:b4:24:
         56:d2:9e:1e:e7:ed:87:6c:41:68:63:fc:c3:98:cb:ea:b7:05:
         a4:20:cc:a5:00:d8:e9:c2:69:9b:91:71:e0:11:81:07:59:fc:
         87:1a:4e:df:dc:a0:06:8c:a8:3c:01:47:5b:89:91:5a:db:af:
         e4:91:ac:75:33:7a:85:b4:6d:fa:2e:cc:f2:58:24:ce:ea:85:
         f6:1d:68:3f:04:98:0c:92:b6:43:da:48:1c:7a:9f:73:b4:cf:
         9a:54:a0:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcUgPYR34PaMSmOXz/WHzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjQwMTAyMDQzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjI1ZTNkNmRjMWJiMWJmY2YyYjllN2IxOWYzZDFjYzIwY2QxNTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwzadbW63e9M9cR5A/FDbW+3v3bVN
mtmy4ISY2OljEMpyDXn5yuG7/EpAP0/Tj9q1SY0jsP6MEy1oM8tyGqAAwDe2j010
8dUVQiGiLZi/HMN8LU4EYpUqEqg1aWkDU79fwyL+/5fp4NcqhjKvURD+O6qjfqti
+bPsswtdp1AgJSZqnj3eqRvzjybGfiwF29UG2ipxXWk+TzX20Ac4sTdJIMwlkLOB
iUC+/ZH37S2LIB5uoxKLGaFyp1MZdhDAei/H3d4Ivp1pNPECsqvdVA+QxJxaTCaJ
GgsNlOykkcYn2kmvhO4up1FKLnFNdUPGdZQVP9oUMwW0OVS6sCHRgatr2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH8l49bcG7G/zyueexnz0cwgzRUPMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvZnlYajF0d2JzYl9QSzU1N0dmUFJ6Q0RORlE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW76aMA0G
CSqGSIb3DQEBCwUAA4IBAQCm3VxFKBDvULX8a6kC0vw6COY+rylKLdRK/bdBeHmG
MCUS/oaqlLSEbUUfF+LsvXKZP2pEk31nmbD2MRNKXmyWO30wQUHRbqe9yK0BDKn6
m+NB8lPCwyZ0DYPm8C+IIuXCC4DHVbWJY1jz0TOlRLdPpS7UyEiKxZNUa7N4P/2C
XnrTb+ZU6DI7Z8LGH7hpy2gyEAw53nM+dUhsU04v8eeitCRW0p4e5+2HbEFoY/zD
mMvqtwWkIMylANjpwmmbkXHgEYEHWfyHGk7f3KAGjKg8AUdbiZFa26/kkax1M3qF
tG36LszyWCTO6oX2HWg/BJgMkrZD2kgcep9ztM+aVKDC
-----END CERTIFICATE-----