Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/995e4f-cd42-4dc9-ae24-0ec12cfce421/1/b5w549IViWcbmcNJr4T0LECFv7E.roa
File:                     b5w549IViWcbmcNJr4T0LECFv7E.roa (raw, json)
Hash identifier:          ru9iQ7UEAAw5bf1It/5z/z8ZAU6wGHnlxbyQQUekpjc=
Subject key identifier:   6F:9C:39:E3:D2:15:89:67:1B:99:C3:49:AF:84:F4:2C:40:85:BF:B1
Certificate issuer:       /CN=f9d7469be0d9c4ba889d3e2026ad8adc42c3cf53
Certificate serial:       018CC5000FEED7428EA1A9F8CFF0A04623A6
Authority key identifier: F9:D7:46:9B:E0:D9:C4:BA:88:9D:3E:20:26:AD:8A:DC:42:C3:CF:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-ddGm-DZxLqInT4gJq2K3ELDz1M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/995e4f-cd42-4dc9-ae24-0ec12cfce421/1/b5w549IViWcbmcNJr4T0LECFv7E.roa
Signing time:             Mon 01 Jan 2024 12:29:24 +0000
ROA not before:           Mon 01 Jan 2024 12:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49049
IP address blocks:        91.212.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/995e4f-cd42-4dc9-ae24-0ec12cfce421/1/1-ddGm-DZxLqInT4gJq2K3ELDz1M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/995e4f-cd42-4dc9-ae24-0ec12cfce421/1/1-ddGm-DZxLqInT4gJq2K3ELDz1M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-ddGm-DZxLqInT4gJq2K3ELDz1M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:0f:ee:d7:42:8e:a1:a9:f8:cf:f0:a0:46:23:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f9d7469be0d9c4ba889d3e2026ad8adc42c3cf53
        Validity
            Not Before: Jan  1 12:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f9c39e3d21589671b99c349af84f42c4085bfb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:e3:3d:8c:dd:f3:d1:18:cf:76:cd:fe:66:02:
                    72:58:cb:08:f3:b0:91:27:df:58:c3:c3:c2:0f:85:
                    6b:2d:38:c6:00:3e:13:68:e8:82:3e:3a:37:2f:b6:
                    74:65:4d:40:15:2b:57:a8:10:73:96:0c:f1:22:59:
                    b6:b7:2e:6c:70:8b:18:89:e5:ad:04:66:20:a9:bc:
                    cd:f0:15:c1:23:e4:d3:ef:8d:c8:fa:4e:40:69:f6:
                    1b:67:4c:13:64:c3:74:1f:3a:b4:08:ef:3d:52:3a:
                    8c:68:05:2c:ad:82:6b:84:82:c6:84:c5:0e:9c:6a:
                    09:3c:c0:7f:e3:86:09:0c:9f:9a:50:0f:a7:33:c4:
                    03:d8:41:93:b3:03:39:4a:a5:98:7a:70:59:3b:58:
                    aa:60:75:ff:65:58:02:bc:6c:e9:be:8a:59:c2:3c:
                    d3:63:5e:46:eb:5c:3d:4c:cc:cf:b6:7f:d9:d3:b0:
                    e2:50:0d:e2:d7:b3:1f:22:d0:8d:9d:5d:af:08:0f:
                    d1:89:d7:44:18:39:ed:a9:51:09:7a:b5:99:03:ea:
                    49:be:83:72:58:78:29:5a:ab:3b:34:7f:5e:d4:26:
                    60:70:f7:70:66:52:f1:95:66:d9:20:dd:9f:54:e5:
                    1c:ea:bd:3b:7f:0a:ff:62:ae:97:9a:e4:7c:f7:d9:
                    b6:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:9C:39:E3:D2:15:89:67:1B:99:C3:49:AF:84:F4:2C:40:85:BF:B1
            X509v3 Authority Key Identifier:
                keyid:F9:D7:46:9B:E0:D9:C4:BA:88:9D:3E:20:26:AD:8A:DC:42:C3:CF:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-ddGm-DZxLqInT4gJq2K3ELDz1M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/995e4f-cd42-4dc9-ae24-0ec12cfce421/1/b5w549IViWcbmcNJr4T0LECFv7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/995e4f-cd42-4dc9-ae24-0ec12cfce421/1/1-ddGm-DZxLqInT4gJq2K3ELDz1M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:38:40:1b:1f:5e:54:5c:89:5f:26:48:f7:b9:09:f9:79:69:
         91:77:64:f4:16:c3:41:65:e5:79:fb:ae:96:d7:02:53:72:88:
         2f:f3:fc:a6:3b:37:84:5c:b9:fe:b8:71:47:dd:90:70:cd:43:
         d4:46:75:6e:50:f6:93:14:1f:92:d4:0b:04:58:40:2d:ab:69:
         c8:51:8d:53:60:34:4e:fc:64:13:90:59:f2:fd:6a:25:be:2c:
         af:b2:74:55:da:aa:a0:d4:94:d7:98:4e:31:1b:e8:57:6c:e5:
         76:59:10:e5:11:53:ca:bd:48:bd:70:17:12:d4:70:57:2f:95:
         3f:1f:a1:ab:d1:43:19:58:b6:bd:c1:b2:d6:1d:73:68:24:cb:
         61:25:15:56:b5:4c:eb:d8:85:5e:24:2d:63:54:31:ed:99:04:
         2d:d8:04:0d:9c:0f:f2:3a:18:ed:c9:15:67:e9:57:19:88:c3:
         cd:26:84:24:30:3e:92:e1:12:e4:29:c5:7f:2d:72:0e:85:71:
         f5:bb:25:75:25:bf:d3:0e:7b:dc:26:96:c2:5d:7e:93:3e:b4:
         8b:26:da:a4:63:41:ee:9f:96:f3:cb:6f:45:b9:5c:81:0f:f4:
         5c:38:88:e4:df:0c:c4:16:14:45:e7:90:a8:fa:24:29:e5:5d:
         d0:f3:af:2f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzFAA/u10KOoan4z/CgRiOmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5ZDc0NjliZTBkOWM0YmE4ODlkM2UyMDI2YWQ4YWRjNDJj
M2NmNTMwHhcNMjQwMTAxMTIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjljMzllM2QyMTU4OTY3MWI5OWMzNDlhZjg0ZjQyYzQwODViZmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+M9jN3z0RjPds3+ZgJyWMsI87CR
J99Yw8PCD4VrLTjGAD4TaOiCPjo3L7Z0ZU1AFStXqBBzlgzxIlm2ty5scIsYieWt
BGYgqbzN8BXBI+TT743I+k5AafYbZ0wTZMN0Hzq0CO89UjqMaAUsrYJrhILGhMUO
nGoJPMB/44YJDJ+aUA+nM8QD2EGTswM5SqWYenBZO1iqYHX/ZVgCvGzpvopZwjzT
Y15G61w9TMzPtn/Z07DiUA3i17MfItCNnV2vCA/RiddEGDntqVEJerWZA+pJvoNy
WHgpWqs7NH9e1CZgcPdwZlLxlWbZIN2fVOUc6r07fwr/Yq6XmuR899m2ZQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFG+cOePSFYlnG5nDSa+E9CxAhb+xMB8GA1UdIwQY
MBaAFPnXRpvg2cS6iJ0+ICatitxCw89TMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1kZEdtLURaeExxSW5UNGdKcTJLM0VMRHoxTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODUvOTk1ZTRmLWNkNDItNGRjOS1hZTI0
LTBlYzEyY2ZjZTQyMS8xL2I1dzU0OUlWaVdjYm1jTkpyNFQwTEVDRnY3RS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODUvOTk1ZTRmLWNkNDItNGRjOS1hZTI0LTBlYzEyY2ZjZTQy
MS8xLzEtZGRHbS1EWnhMcUluVDRnSnEySzNFTER6MU0uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABb1Gkw
DQYJKoZIhvcNAQELBQADggEBAKA4QBsfXlRciV8mSPe5Cfl5aZF3ZPQWw0Fl5Xn7
rpbXAlNyiC/z/KY7N4Rcuf64cUfdkHDNQ9RGdW5Q9pMUH5LUCwRYQC2rachRjVNg
NE78ZBOQWfL9aiW+LK+ydFXaqqDUlNeYTjEb6Fds5XZZEOURU8q9SL1wFxLUcFcv
lT8foavRQxlYtr3BstYdc2gky2ElFVa1TOvYhV4kLWNUMe2ZBC3YBA2cD/I6GO3J
FWfpVxmIw80mhCQwPpLhEuQpxX8tcg6FcfW7JXUlv9MOe9wmlsJdfpM+tIsm2qRj
Qe6flvPLb0W5XIEP9Fw4iOTfDMQWFEXnkKj6JCnlXdDzry8=
-----END CERTIFICATE-----