Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/83f818-19c0-4702-83e5-d95636a7a664/1/msxG7fVlnDAYePROmUZc_iRkDYE.roa
File:                     msxG7fVlnDAYePROmUZc_iRkDYE.roa (raw, json)
Hash identifier:          HIW6BTQ/XoS8mnCW6YgbllIH/uwqHf+PyB7dx5BzoNo=
Subject key identifier:   9A:CC:46:ED:F5:65:9C:30:18:78:F4:4E:99:46:5C:FE:24:64:0D:81
Certificate issuer:       /CN=5ad8a44dad315f21ea992fc6e10482c41ecdfcf5
Certificate serial:       01942747F85949CA8D7C4CA93BC59E5023F1
Authority key identifier: 5A:D8:A4:4D:AD:31:5F:21:EA:99:2F:C6:E1:04:82:C4:1E:CD:FC:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WtikTa0xXyHqmS_G4QSCxB7N_PU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/83f818-19c0-4702-83e5-d95636a7a664/1/msxG7fVlnDAYePROmUZc_iRkDYE.roa
Signing time:             Thu 02 Jan 2025 13:50:15 +0000
ROA not before:           Thu 02 Jan 2025 13:50:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62313
IP address blocks:        91.233.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/83f818-19c0-4702-83e5-d95636a7a664/1/WtikTa0xXyHqmS_G4QSCxB7N_PU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/83f818-19c0-4702-83e5-d95636a7a664/1/WtikTa0xXyHqmS_G4QSCxB7N_PU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WtikTa0xXyHqmS_G4QSCxB7N_PU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:f8:59:49:ca:8d:7c:4c:a9:3b:c5:9e:50:23:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ad8a44dad315f21ea992fc6e10482c41ecdfcf5
        Validity
            Not Before: Jan  2 13:50:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9acc46edf5659c301878f44e99465cfe24640d81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:7e:ff:88:b5:a1:9b:2c:54:73:36:17:15:82:
                    02:f4:37:45:69:fd:56:36:58:35:79:93:bb:8b:1d:
                    23:55:6f:fe:5c:24:d9:22:df:89:8c:70:3b:15:82:
                    0b:42:88:a4:b4:5c:8e:f2:29:8d:83:34:d7:0c:56:
                    1f:19:f4:49:18:d1:b3:d9:db:0d:12:92:a0:46:03:
                    ec:97:c1:17:5c:86:62:62:b1:c8:31:2d:32:42:4d:
                    0b:f0:b3:30:fc:d8:5b:40:a1:db:78:99:a8:c3:9d:
                    d4:8e:08:a4:a1:db:e4:ba:9e:b8:69:fa:99:9e:7c:
                    07:db:99:fb:f3:95:b5:6b:b8:d9:0a:75:41:e1:52:
                    52:e1:49:0f:89:bb:24:47:7a:be:c1:29:cd:59:94:
                    d7:b1:63:c6:bb:9f:cb:5b:63:e8:0a:d2:65:23:f6:
                    99:19:d4:ca:23:26:d5:4f:9c:49:3b:38:db:73:57:
                    1c:01:00:14:92:c4:0d:70:02:fd:f3:80:4e:1c:3e:
                    66:14:11:ea:3a:b1:81:8b:54:8d:0d:9b:a2:6c:56:
                    2b:27:88:0c:e5:3f:e0:bb:66:6e:c3:60:fb:f2:ef:
                    84:d4:d8:5e:3b:e8:ca:90:8f:8c:5a:91:e0:95:73:
                    3a:d0:a3:07:73:bd:a5:29:eb:a3:4a:b7:a9:68:a4:
                    3a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:CC:46:ED:F5:65:9C:30:18:78:F4:4E:99:46:5C:FE:24:64:0D:81
            X509v3 Authority Key Identifier:
                keyid:5A:D8:A4:4D:AD:31:5F:21:EA:99:2F:C6:E1:04:82:C4:1E:CD:FC:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WtikTa0xXyHqmS_G4QSCxB7N_PU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/83f818-19c0-4702-83e5-d95636a7a664/1/msxG7fVlnDAYePROmUZc_iRkDYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/83f818-19c0-4702-83e5-d95636a7a664/1/WtikTa0xXyHqmS_G4QSCxB7N_PU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:38:de:e6:c8:46:6c:22:bd:7e:58:25:8d:a4:85:a9:4e:4f:
         d6:5f:d6:e8:42:89:30:5e:a5:0c:b5:b2:eb:1f:1b:85:2b:02:
         07:57:69:66:2d:32:0a:f2:2b:13:f3:b5:49:b0:37:a2:66:ad:
         b2:d1:ce:45:da:05:df:e5:1f:74:22:60:5e:c1:a6:ad:1d:90:
         10:93:ad:42:10:68:17:20:0d:10:a8:71:ec:00:51:1c:43:97:
         2e:04:d9:8d:15:a0:fa:7e:c2:fe:cc:2d:f2:d4:12:34:2b:61:
         a5:96:c8:3d:7d:be:24:dd:e1:f7:bd:34:a4:72:76:07:7a:42:
         68:1e:26:c9:f1:01:27:69:78:b5:f8:3c:14:32:ae:2a:41:cb:
         dd:a5:8d:a0:0a:26:c4:99:49:4f:eb:47:42:f0:2a:d1:3a:aa:
         57:dd:33:12:18:99:74:ea:ab:a5:32:70:a9:f8:52:b3:2a:e2:
         f8:8b:f3:5d:2d:e2:7e:9a:8c:9f:63:a2:e1:b9:86:33:d1:79:
         6f:c8:2e:2f:f3:a8:56:5b:7b:bf:b5:9a:2d:62:bb:38:c2:9d:
         7a:92:5f:43:8b:93:f4:cd:cc:5b:d9:20:7d:1c:e7:49:3f:6b:
         fa:46:0b:34:98:56:fa:27:49:be:d9:3c:6f:a0:c8:6a:66:1b:
         74:2e:8a:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR/hZScqNfEypO8WeUCPxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZDhhNDRkYWQzMTVmMjFlYTk5MmZjNmUxMDQ4MmM0MWVj
ZGZjZjUwHhcNMjUwMTAyMTM1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWNjNDZlZGY1NjU5YzMwMTg3OGY0NGU5OTQ2NWNmZTI0NjQwZDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwH7/iLWhmyxUczYXFYIC9DdFaf1W
Nlg1eZO7ix0jVW/+XCTZIt+JjHA7FYILQoiktFyO8imNgzTXDFYfGfRJGNGz2dsN
EpKgRgPsl8EXXIZiYrHIMS0yQk0L8LMw/NhbQKHbeJmow53Ujgikodvkup64afqZ
nnwH25n785W1a7jZCnVB4VJS4UkPibskR3q+wSnNWZTXsWPGu5/LW2PoCtJlI/aZ
GdTKIybVT5xJOzjbc1ccAQAUksQNcAL984BOHD5mFBHqOrGBi1SNDZuibFYrJ4gM
5T/gu2Zuw2D78u+E1NheO+jKkI+MWpHglXM60KMHc72lKeujSrepaKQ6WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJrMRu31ZZwwGHj0TplGXP4kZA2BMB8GA1UdIwQY
MBaAFFrYpE2tMV8h6pkvxuEEgsQezfz1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3Rpa1RhMHhYeUhxbVNfRzRRU0N4QjdOX1BVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi84M2Y4MTgtMTljMC00NzAyLTgzZTUt
ZDk1NjM2YTdhNjY0LzEvbXN4RzdmVmxuREFZZVBST21VWmNfaVJrRFlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi84M2Y4MTgtMTljMC00NzAyLTgzZTUtZDk1NjM2YTdhNjY0
LzEvV3Rpa1RhMHhYeUhxbVNfRzRRU0N4QjdOX1BVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+kjMA0G
CSqGSIb3DQEBCwUAA4IBAQBCON7myEZsIr1+WCWNpIWpTk/WX9boQokwXqUMtbLr
HxuFKwIHV2lmLTIK8isT87VJsDeiZq2y0c5F2gXf5R90ImBewaatHZAQk61CEGgX
IA0QqHHsAFEcQ5cuBNmNFaD6fsL+zC3y1BI0K2Gllsg9fb4k3eH3vTSkcnYHekJo
HibJ8QEnaXi1+DwUMq4qQcvdpY2gCibEmUlP60dC8CrROqpX3TMSGJl06qulMnCp
+FKzKuL4i/NdLeJ+moyfY6LhuYYz0XlvyC4v86hWW3u/tZotYrs4wp16kl9Di5P0
zcxb2SB9HOdJP2v6Rgs0mFb6J0m+2TxvoMhqZht0Lori
-----END CERTIFICATE-----