Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/05ab60-dea6-43a3-87ef-7bfaeb195445/1/XD0IOdIAc9z7i0eRQm6w5T3EWE8.roa
File:                     XD0IOdIAc9z7i0eRQm6w5T3EWE8.roa (raw, json)
Hash identifier:          uJnt+XL2TQRMHj6WXyHuFtXB9bzM1kEpoa8aaBsCmnc=
Subject key identifier:   5C:3D:08:39:D2:00:73:DC:FB:8B:47:91:42:6E:B0:E5:3D:C4:58:4F
Certificate issuer:       /CN=e0689340283794489e41ac86aafa4414f8a4d6be
Certificate serial:       018CC56E002CB767509E9588FB270632A42A
Authority key identifier: E0:68:93:40:28:37:94:48:9E:41:AC:86:AA:FA:44:14:F8:A4:D6:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4GiTQCg3lEieQayGqvpEFPik1r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/05ab60-dea6-43a3-87ef-7bfaeb195445/1/XD0IOdIAc9z7i0eRQm6w5T3EWE8.roa
Signing time:             Mon 01 Jan 2024 14:29:29 +0000
ROA not before:           Mon 01 Jan 2024 14:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12978
IP address blocks:        91.233.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/05ab60-dea6-43a3-87ef-7bfaeb195445/1/4GiTQCg3lEieQayGqvpEFPik1r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/05ab60-dea6-43a3-87ef-7bfaeb195445/1/4GiTQCg3lEieQayGqvpEFPik1r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4GiTQCg3lEieQayGqvpEFPik1r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:00:2c:b7:67:50:9e:95:88:fb:27:06:32:a4:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0689340283794489e41ac86aafa4414f8a4d6be
        Validity
            Not Before: Jan  1 14:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c3d0839d20073dcfb8b4791426eb0e53dc4584f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:0e:1f:f6:8a:65:6d:d8:f4:00:d8:a9:81:78:
                    14:ea:86:62:e0:55:86:48:1f:5b:a6:3b:bb:c9:c5:
                    5c:77:42:2a:bb:12:70:97:a6:46:1b:13:66:ad:71:
                    9b:5c:64:1d:51:26:e8:85:89:33:ce:da:84:80:f1:
                    94:f6:17:62:30:69:92:77:d0:04:77:59:2f:c9:65:
                    ad:ce:df:f5:85:ee:8a:af:5b:06:e2:f8:2d:f8:f2:
                    49:8a:79:66:e0:ff:00:d8:42:54:55:01:21:59:e0:
                    6b:ae:04:a3:70:2f:0a:13:7d:2a:3f:04:c1:33:64:
                    4d:a5:a7:49:ba:01:d8:bf:45:38:8e:e2:25:91:2a:
                    13:0d:ec:d3:ed:be:3c:e1:65:2b:af:2d:08:7f:2a:
                    4d:69:8e:eb:93:06:c9:b1:01:fa:a6:19:22:cc:a7:
                    fa:d4:76:a5:dd:e7:f4:5c:a4:2c:01:94:67:e8:2f:
                    fd:fd:54:63:a3:56:4c:a2:16:9e:4b:6b:e2:e7:cd:
                    d0:5b:cb:c9:ff:d9:bb:b8:4f:68:f7:5e:2a:f2:3b:
                    40:c0:af:f2:8f:b8:ac:33:e6:ab:4e:f4:aa:23:ec:
                    39:38:3a:19:3b:ef:18:47:01:1a:59:cd:f9:fb:63:
                    14:8f:b6:02:b9:8e:e3:c1:6a:48:ba:5e:d6:4e:6f:
                    58:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:3D:08:39:D2:00:73:DC:FB:8B:47:91:42:6E:B0:E5:3D:C4:58:4F
            X509v3 Authority Key Identifier:
                keyid:E0:68:93:40:28:37:94:48:9E:41:AC:86:AA:FA:44:14:F8:A4:D6:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4GiTQCg3lEieQayGqvpEFPik1r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/05ab60-dea6-43a3-87ef-7bfaeb195445/1/XD0IOdIAc9z7i0eRQm6w5T3EWE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/05ab60-dea6-43a3-87ef-7bfaeb195445/1/4GiTQCg3lEieQayGqvpEFPik1r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:d8:a0:2c:dc:e3:09:08:39:d8:ac:aa:ab:1a:07:b1:b8:72:
         c6:03:a0:c4:8c:31:c1:4f:88:61:e3:72:7c:55:69:c9:a5:20:
         f1:47:a4:13:b9:f2:0e:87:7d:05:e8:70:1f:12:22:4e:80:95:
         1d:f3:17:5c:40:37:47:24:0d:7c:bd:9e:bd:37:68:ea:f4:27:
         14:fd:23:18:c4:be:fb:29:15:59:67:fe:af:fe:6f:d5:1e:7d:
         72:3b:d7:6f:cd:ec:79:92:a8:a5:0e:91:fc:0e:e9:c7:b7:b4:
         f1:65:20:00:c8:8a:c6:db:bf:b2:74:c8:fa:76:62:0b:84:62:
         f9:19:b1:bf:b0:87:db:9a:3b:8c:26:5b:ff:86:4c:2b:85:ef:
         57:7e:a8:79:9e:76:f1:41:eb:0f:f3:1e:00:27:d4:63:24:d7:
         4d:af:16:c9:93:92:42:82:cb:90:70:ec:0a:95:55:18:a3:93:
         1c:e8:e5:b2:88:d6:d9:6f:5f:b4:08:50:2c:3a:08:0a:09:69:
         93:01:0c:ad:40:58:fa:f2:b2:3f:17:a9:e2:61:09:9a:73:c5:
         65:3d:4e:59:5d:67:af:8b:7e:30:3d:c9:49:a6:4d:73:31:f4:
         7f:a6:29:51:bb:fe:0d:34:ed:16:68:ca:92:1a:70:83:ea:6b:
         69:c3:15:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbgAst2dQnpWI+ycGMqQqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNjg5MzQwMjgzNzk0NDg5ZTQxYWM4NmFhZmE0NDE0Zjhh
NGQ2YmUwHhcNMjQwMTAxMTQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzNkMDgzOWQyMDA3M2RjZmI4YjQ3OTE0MjZlYjBlNTNkYzQ1ODRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyQ4f9oplbdj0ANipgXgU6oZi4FWG
SB9bpju7ycVcd0IquxJwl6ZGGxNmrXGbXGQdUSbohYkzztqEgPGU9hdiMGmSd9AE
d1kvyWWtzt/1he6Kr1sG4vgt+PJJinlm4P8A2EJUVQEhWeBrrgSjcC8KE30qPwTB
M2RNpadJugHYv0U4juIlkSoTDezT7b484WUrry0IfypNaY7rkwbJsQH6phkizKf6
1Hal3ef0XKQsAZRn6C/9/VRjo1ZMohaeS2vi583QW8vJ/9m7uE9o914q8jtAwK/y
j7isM+arTvSqI+w5ODoZO+8YRwEaWc35+2MUj7YCuY7jwWpIul7WTm9Y9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFw9CDnSAHPc+4tHkUJusOU9xFhPMB8GA1UdIwQY
MBaAFOBok0AoN5RInkGshqr6RBT4pNa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEdpVFFDZzNsRWllUWF5R3F2cEVGUGlrMXI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS8wNWFiNjAtZGVhNi00M2EzLTg3ZWYt
N2JmYWViMTk1NDQ1LzEvWEQwSU9kSUFjOXo3aTBlUlFtNnc1VDNFV0U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS8wNWFiNjAtZGVhNi00M2EzLTg3ZWYtN2JmYWViMTk1NDQ1
LzEvNEdpVFFDZzNsRWllUWF5R3F2cEVGUGlrMXI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+lQMA0G
CSqGSIb3DQEBCwUAA4IBAQAx2KAs3OMJCDnYrKqrGgexuHLGA6DEjDHBT4hh43J8
VWnJpSDxR6QTufIOh30F6HAfEiJOgJUd8xdcQDdHJA18vZ69N2jq9CcU/SMYxL77
KRVZZ/6v/m/VHn1yO9dvzex5kqilDpH8DunHt7TxZSAAyIrG27+ydMj6dmILhGL5
GbG/sIfbmjuMJlv/hkwrhe9Xfqh5nnbxQesP8x4AJ9RjJNdNrxbJk5JCgsuQcOwK
lVUYo5Mc6OWyiNbZb1+0CFAsOggKCWmTAQytQFj68rI/F6niYQmac8VlPU5ZXWev
i34wPclJpk1zMfR/pilRu/4NNO0WaMqSGnCD6mtpwxVe
-----END CERTIFICATE-----