Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/56be8a-c8be-48f9-a67c-f5cd0d7116eb/1/d0TO04VS_XJkp1lz8WdVulAOTmE.roa
File:                     d0TO04VS_XJkp1lz8WdVulAOTmE.roa (raw, json)
Hash identifier:          liSV7LJtPuewHxGPXFs58Ao4svTDcwovlVhyKZ4YD/c=
Subject key identifier:   77:44:CE:D3:85:52:FD:72:64:A7:59:73:F1:67:55:BA:50:0E:4E:61
Certificate issuer:       /CN=25c674ab1806dd6afe213be38e92a35fbc64ce34
Certificate serial:       018CC3B6E6CCE0D2F318F2CA53A1CE4D9BFC
Authority key identifier: 25:C6:74:AB:18:06:DD:6A:FE:21:3B:E3:8E:92:A3:5F:BC:64:CE:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JcZ0qxgG3Wr-ITvjjpKjX7xkzjQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/56be8a-c8be-48f9-a67c-f5cd0d7116eb/1/d0TO04VS_XJkp1lz8WdVulAOTmE.roa
Signing time:             Mon 01 Jan 2024 06:29:52 +0000
ROA not before:           Mon 01 Jan 2024 06:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58023
IP address blocks:        91.237.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/56be8a-c8be-48f9-a67c-f5cd0d7116eb/1/JcZ0qxgG3Wr-ITvjjpKjX7xkzjQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/56be8a-c8be-48f9-a67c-f5cd0d7116eb/1/JcZ0qxgG3Wr-ITvjjpKjX7xkzjQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JcZ0qxgG3Wr-ITvjjpKjX7xkzjQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:e6:cc:e0:d2:f3:18:f2:ca:53:a1:ce:4d:9b:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25c674ab1806dd6afe213be38e92a35fbc64ce34
        Validity
            Not Before: Jan  1 06:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7744ced38552fd7264a75973f16755ba500e4e61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:79:a4:7e:02:02:a5:fb:97:fd:bc:e2:3a:cd:
                    90:3b:4a:b4:fe:8a:e4:40:eb:49:42:ae:68:31:d6:
                    be:c2:06:ad:85:05:e1:ff:65:29:8c:07:ad:dd:f8:
                    65:34:cf:e6:b0:16:10:41:40:cb:71:0b:cd:00:43:
                    83:3c:3f:b3:10:22:eb:fc:33:85:b2:e2:a7:bd:c0:
                    8d:0e:6b:04:25:e7:72:52:64:1f:e7:8a:73:4f:43:
                    4a:82:e4:60:97:97:f7:cc:bc:5a:d2:d6:a6:48:7d:
                    b0:ec:16:18:4f:62:e6:57:3e:7b:d0:af:ba:e7:9b:
                    ee:57:e0:4e:3c:2b:de:d8:c1:7a:f2:f6:f3:ed:8f:
                    60:f5:6a:9a:10:92:dc:8b:1a:4e:bd:15:64:19:1a:
                    bb:24:5b:a8:b4:67:26:2f:67:2e:a1:a9:b2:e4:db:
                    a8:ba:08:89:7b:0b:cb:f9:75:d7:3c:55:b1:21:54:
                    e1:2c:e5:46:1c:61:07:b8:08:e7:57:e2:56:17:a4:
                    9e:69:b0:27:34:06:de:8d:fe:e0:7f:cd:e4:d9:76:
                    73:33:f3:d2:4c:1c:c0:d2:27:d8:07:17:ba:56:af:
                    90:a9:23:0d:57:0e:5b:7a:be:dc:8d:90:4c:61:e6:
                    29:84:ca:3a:1e:68:5c:d5:34:bd:c4:f5:17:6e:fa:
                    b5:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:44:CE:D3:85:52:FD:72:64:A7:59:73:F1:67:55:BA:50:0E:4E:61
            X509v3 Authority Key Identifier:
                keyid:25:C6:74:AB:18:06:DD:6A:FE:21:3B:E3:8E:92:A3:5F:BC:64:CE:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JcZ0qxgG3Wr-ITvjjpKjX7xkzjQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/56be8a-c8be-48f9-a67c-f5cd0d7116eb/1/d0TO04VS_XJkp1lz8WdVulAOTmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/56be8a-c8be-48f9-a67c-f5cd0d7116eb/1/JcZ0qxgG3Wr-ITvjjpKjX7xkzjQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:e8:38:e2:c1:53:a6:eb:b3:cd:07:e4:34:d7:eb:a4:83:92:
         72:5c:de:78:c6:09:90:88:f1:87:72:5f:23:b5:e3:6c:7f:55:
         29:06:7a:ee:06:84:d0:d8:2e:bd:2f:8b:ea:b9:00:86:60:f4:
         99:4b:9a:f5:cd:26:2f:16:67:dd:cc:74:e5:3b:d9:8b:07:0f:
         14:0e:e7:e0:a4:84:9b:0c:87:ec:d8:63:fc:d1:66:9a:49:3d:
         ae:e2:ef:9d:a7:74:82:77:b2:85:97:db:a6:2b:c0:f9:47:19:
         32:54:99:24:ee:86:96:a3:6b:83:01:7f:94:e3:83:44:65:bb:
         f7:8f:7a:e0:58:ae:c0:6a:c1:72:ac:ac:1b:ac:c8:b8:e0:4d:
         39:e8:c1:ea:dc:23:55:fa:a7:a2:14:1f:c7:e1:cb:f8:00:da:
         6e:39:22:59:1a:22:f1:4b:21:b4:f5:d5:99:b2:41:39:5d:54:
         26:45:c9:cb:f4:3f:17:30:44:40:91:48:17:c1:ad:f8:74:59:
         60:10:95:89:d0:fb:f6:6d:2e:14:3b:06:a8:7e:72:11:80:95:
         f7:42:62:23:d8:a6:b5:e7:d4:29:ed:d5:8c:7d:1f:48:6f:15:
         0a:54:11:d2:94:6d:d2:77:40:2d:b6:fd:d4:70:ec:96:30:49:
         b7:5f:06:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtubM4NLzGPLKU6HOTZv8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YzY3NGFiMTgwNmRkNmFmZTIxM2JlMzhlOTJhMzVmYmM2
NGNlMzQwHhcNMjQwMTAxMDYyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzQ0Y2VkMzg1NTJmZDcyNjRhNzU5NzNmMTY3NTViYTUwMGU0ZTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXmkfgICpfuX/bziOs2QO0q0/ork
QOtJQq5oMda+wgathQXh/2UpjAet3fhlNM/msBYQQUDLcQvNAEODPD+zECLr/DOF
suKnvcCNDmsEJedyUmQf54pzT0NKguRgl5f3zLxa0tamSH2w7BYYT2LmVz570K+6
55vuV+BOPCve2MF68vbz7Y9g9WqaEJLcixpOvRVkGRq7JFuotGcmL2cuoamy5Nuo
ugiJewvL+XXXPFWxIVThLOVGHGEHuAjnV+JWF6SeabAnNAbejf7gf83k2XZzM/PS
TBzA0ifYBxe6Vq+QqSMNVw5ber7cjZBMYeYphMo6Hmhc1TS9xPUXbvq1PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHdEztOFUv1yZKdZc/FnVbpQDk5hMB8GA1UdIwQY
MBaAFCXGdKsYBt1q/iE7446So1+8ZM40MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmNaMHF4Z0czV3ItSVR2ampwS2pYN3hrempRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS81NmJlOGEtYzhiZS00OGY5LWE2N2Mt
ZjVjZDBkNzExNmViLzEvZDBUTzA0VlNfWEprcDFsejhXZFZ1bEFPVG1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS81NmJlOGEtYzhiZS00OGY5LWE2N2MtZjVjZDBkNzExNmVi
LzEvSmNaMHF4Z0czV3ItSVR2ampwS2pYN3hrempRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+34MA0G
CSqGSIb3DQEBCwUAA4IBAQB96DjiwVOm67PNB+Q01+ukg5JyXN54xgmQiPGHcl8j
teNsf1UpBnruBoTQ2C69L4vquQCGYPSZS5r1zSYvFmfdzHTlO9mLBw8UDufgpISb
DIfs2GP80WaaST2u4u+dp3SCd7KFl9umK8D5RxkyVJkk7oaWo2uDAX+U44NEZbv3
j3rgWK7AasFyrKwbrMi44E056MHq3CNV+qeiFB/H4cv4ANpuOSJZGiLxSyG09dWZ
skE5XVQmRcnL9D8XMERAkUgXwa34dFlgEJWJ0Pv2bS4UOwaofnIRgJX3QmIj2Ka1
59Qp7dWMfR9IbxUKVBHSlG3Sd0Attv3UcOyWMEm3XwaO
-----END CERTIFICATE-----