Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/c7120e-d797-4b5c-a5a7-16b55ed49053/1/qOKPFULN86IT59ZJBGNCjgvryTs.roa
File:                     qOKPFULN86IT59ZJBGNCjgvryTs.roa (raw, json)
Hash identifier:          JR7qV5VpwV1/mMT7KJUTU4N5QjE5TGDNGGqsDDp/JVI=
Subject key identifier:   A8:E2:8F:15:42:CD:F3:A2:13:E7:D6:49:04:63:42:8E:0B:EB:C9:3B
Certificate issuer:       /CN=e4e1770df8c6e803fceb364c868e3246e4d33742
Certificate serial:       018CC94AD2E652BB30809F81193437A9E00B
Authority key identifier: E4:E1:77:0D:F8:C6:E8:03:FC:EB:36:4C:86:8E:32:46:E4:D3:37:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5OF3DfjG6AP86zZMho4yRuTTN0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/c7120e-d797-4b5c-a5a7-16b55ed49053/1/qOKPFULN86IT59ZJBGNCjgvryTs.roa
Signing time:             Tue 02 Jan 2024 08:29:33 +0000
ROA not before:           Tue 02 Jan 2024 08:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57122
IP address blocks:        91.230.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/c7120e-d797-4b5c-a5a7-16b55ed49053/1/5OF3DfjG6AP86zZMho4yRuTTN0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/c7120e-d797-4b5c-a5a7-16b55ed49053/1/5OF3DfjG6AP86zZMho4yRuTTN0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5OF3DfjG6AP86zZMho4yRuTTN0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:d2:e6:52:bb:30:80:9f:81:19:34:37:a9:e0:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4e1770df8c6e803fceb364c868e3246e4d33742
        Validity
            Not Before: Jan  2 08:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8e28f1542cdf3a213e7d6490463428e0bebc93b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:f4:d5:06:66:61:ef:ac:d5:2a:3c:d8:7c:9b:
                    46:8d:ce:25:d0:df:e9:12:7c:58:94:71:52:25:a8:
                    7e:99:d6:0f:ae:e4:5b:44:20:00:ee:da:16:48:80:
                    8b:82:1b:dd:f3:a6:84:24:c9:c8:4a:e4:a2:3a:38:
                    bf:26:9f:6c:b7:89:74:41:85:a8:87:4a:ee:9c:02:
                    c4:91:cd:6a:ba:d3:10:09:a1:0e:4a:d5:b0:45:c0:
                    12:7c:e5:70:d0:c6:ab:01:ff:fc:19:6e:fa:78:84:
                    58:2c:d2:79:11:26:0c:0d:16:a0:bc:c9:5f:28:c5:
                    5f:d6:03:84:1a:58:35:a7:ff:27:07:d3:cf:73:e9:
                    8d:27:f9:2c:ca:6d:36:1a:6f:7f:2d:3f:d5:f2:3d:
                    7a:32:5a:b6:fc:8e:b3:3c:5c:47:9e:bb:a5:f4:38:
                    af:e1:c5:c0:df:2c:dd:14:5f:01:21:a2:01:3f:72:
                    ea:18:c2:58:5c:1d:5c:a8:d1:3b:f5:3b:0e:db:db:
                    30:1c:11:a2:b0:51:a8:5c:15:a5:dd:49:ad:e1:4a:
                    84:d3:24:39:c0:88:a3:0a:6a:fd:7d:b8:a2:37:d2:
                    95:89:c5:d9:45:91:64:be:32:18:b6:8f:66:22:30:
                    b4:98:c1:8d:77:3d:3d:b2:23:60:2d:d9:40:c9:50:
                    d7:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:E2:8F:15:42:CD:F3:A2:13:E7:D6:49:04:63:42:8E:0B:EB:C9:3B
            X509v3 Authority Key Identifier:
                keyid:E4:E1:77:0D:F8:C6:E8:03:FC:EB:36:4C:86:8E:32:46:E4:D3:37:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5OF3DfjG6AP86zZMho4yRuTTN0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/c7120e-d797-4b5c-a5a7-16b55ed49053/1/qOKPFULN86IT59ZJBGNCjgvryTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/c7120e-d797-4b5c-a5a7-16b55ed49053/1/5OF3DfjG6AP86zZMho4yRuTTN0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:79:14:e0:d1:e4:75:58:ad:a5:ef:bd:79:f3:7c:fc:12:ef:
         e2:91:25:9e:bc:2b:9c:82:6b:46:95:d3:d3:c1:96:cf:22:b4:
         ee:05:7e:b2:4d:c8:3b:d9:bc:f8:f0:cc:69:41:c5:c2:05:88:
         6e:73:11:5b:60:c6:9f:87:d6:76:8c:e0:f6:2f:86:57:73:40:
         8a:6f:0d:c1:54:f2:39:5a:9d:72:0b:ef:fd:75:bf:00:a1:c6:
         96:c3:99:9e:70:61:00:7e:77:b3:51:f1:14:6f:73:40:4c:64:
         ee:99:0f:4e:ca:db:af:41:88:ee:ba:e1:ce:5c:84:d9:0f:b5:
         03:dc:de:cf:13:41:60:7c:e4:75:84:ff:9d:67:2f:a6:b3:c5:
         8c:93:c7:c9:8a:78:60:4b:07:37:e0:8d:45:5a:40:04:80:82:
         b1:a1:9d:c7:bc:cd:9e:a5:e8:af:db:95:90:ae:7b:ca:29:c6:
         ed:4f:c7:2d:e5:6e:52:b5:85:9c:50:0b:1a:fe:bc:ea:2c:25:
         20:f2:cc:eb:fb:a6:4c:7a:ef:82:ad:f1:8c:35:e3:cf:2d:00:
         80:ea:db:ec:82:49:b1:e2:46:2a:79:2d:98:a2:d1:60:92:7d:
         65:62:19:43:ca:a3:cf:4b:43:22:7b:4c:64:9c:2f:74:b6:fa:
         b0:4e:2f:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJStLmUrswgJ+BGTQ3qeALMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0ZTE3NzBkZjhjNmU4MDNmY2ViMzY0Yzg2OGUzMjQ2ZTRk
MzM3NDIwHhcNMjQwMTAyMDgyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGUyOGYxNTQyY2RmM2EyMTNlN2Q2NDkwNDYzNDI4ZTBiZWJjOTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPTVBmZh76zVKjzYfJtGjc4l0N/p
EnxYlHFSJah+mdYPruRbRCAA7toWSICLghvd86aEJMnISuSiOji/Jp9st4l0QYWo
h0runALEkc1qutMQCaEOStWwRcASfOVw0MarAf/8GW76eIRYLNJ5ESYMDRagvMlf
KMVf1gOEGlg1p/8nB9PPc+mNJ/ksym02Gm9/LT/V8j16Mlq2/I6zPFxHnrul9Div
4cXA3yzdFF8BIaIBP3LqGMJYXB1cqNE79TsO29swHBGisFGoXBWl3Umt4UqE0yQ5
wIijCmr9fbiiN9KVicXZRZFkvjIYto9mIjC0mMGNdz09siNgLdlAyVDXaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKjijxVCzfOiE+fWSQRjQo4L68k7MB8GA1UdIwQY
MBaAFOThdw34xugD/Os2TIaOMkbk0zdCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU9GM0Rmakc2QVA4NnpaTWhvNHlSdVRUTjBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9jNzEyMGUtZDc5Ny00YjVjLWE1YTct
MTZiNTVlZDQ5MDUzLzEvcU9LUEZVTE44NklUNTlaSkJHTkNqZ3ZyeVRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9jNzEyMGUtZDc5Ny00YjVjLWE1YTctMTZiNTVlZDQ5MDUz
LzEvNU9GM0Rmakc2QVA4NnpaTWhvNHlSdVRUTjBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+bnMA0G
CSqGSIb3DQEBCwUAA4IBAQCgeRTg0eR1WK2l771583z8Eu/ikSWevCucgmtGldPT
wZbPIrTuBX6yTcg72bz48MxpQcXCBYhucxFbYMafh9Z2jOD2L4ZXc0CKbw3BVPI5
Wp1yC+/9db8AocaWw5mecGEAfnezUfEUb3NATGTumQ9OytuvQYjuuuHOXITZD7UD
3N7PE0FgfOR1hP+dZy+ms8WMk8fJinhgSwc34I1FWkAEgIKxoZ3HvM2epeiv25WQ
rnvKKcbtT8ct5W5StYWcUAsa/rzqLCUg8szr+6ZMeu+CrfGMNePPLQCA6tvsgkmx
4kYqeS2YotFgkn1lYhlDyqPPS0Mie0xknC90tvqwTi/s
-----END CERTIFICATE-----