Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/dbe773-befc-4a77-b513-5e23672673d2/1/jPkDfE_zhNtzvtI7c5xsDkc7uYE.roa
File:                     jPkDfE_zhNtzvtI7c5xsDkc7uYE.roa (raw, json)
Hash identifier:          Eo7WhmzCPgsL0SOx8kvlVVV1mssKqiwIPN0BaBsgg1c=
Subject key identifier:   8C:F9:03:7C:4F:F3:84:DB:73:BE:D2:3B:73:9C:6C:0E:47:3B:B9:81
Certificate issuer:       /CN=5d4728bd1f5d136d768bf1753461c53da45746cb
Certificate serial:       018CC3489E31E412124C6E4E09E0EA25AE47
Authority key identifier: 5D:47:28:BD:1F:5D:13:6D:76:8B:F1:75:34:61:C5:3D:A4:57:46:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XUcovR9dE212i_F1NGHFPaRXRss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/dbe773-befc-4a77-b513-5e23672673d2/1/jPkDfE_zhNtzvtI7c5xsDkc7uYE.roa
Signing time:             Mon 01 Jan 2024 04:29:25 +0000
ROA not before:           Mon 01 Jan 2024 04:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57623
IP address blocks:        91.233.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/dbe773-befc-4a77-b513-5e23672673d2/1/XUcovR9dE212i_F1NGHFPaRXRss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/dbe773-befc-4a77-b513-5e23672673d2/1/XUcovR9dE212i_F1NGHFPaRXRss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XUcovR9dE212i_F1NGHFPaRXRss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:9e:31:e4:12:12:4c:6e:4e:09:e0:ea:25:ae:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d4728bd1f5d136d768bf1753461c53da45746cb
        Validity
            Not Before: Jan  1 04:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cf9037c4ff384db73bed23b739c6c0e473bb981
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3c:ea:b5:ab:8c:f8:b8:44:e4:5e:c1:c2:94:
                    79:c3:28:cf:3f:1d:a9:5f:88:28:7d:69:8f:32:c1:
                    3c:cd:7d:7d:6e:76:3b:6c:b4:2d:de:e5:69:48:41:
                    4b:41:b9:5b:67:33:32:9d:b1:b5:8a:f0:94:e9:97:
                    29:05:30:b5:61:ae:db:25:b1:24:ed:40:02:33:2c:
                    02:63:6c:a8:59:4e:ac:35:99:e5:7e:2e:04:44:40:
                    b3:2d:1a:e0:06:9a:c3:85:b0:01:b7:8e:57:75:6f:
                    72:18:68:18:a9:10:f3:d0:81:3e:96:2a:46:39:e8:
                    bc:2d:e9:cf:7d:cd:8a:dd:0e:fe:3a:2a:88:f9:44:
                    8c:32:1a:ed:c7:46:c9:a4:a9:fa:be:9f:07:f8:7d:
                    82:f8:a7:3c:4e:12:52:f8:8d:fd:18:6f:d9:4b:0e:
                    5a:44:4c:04:54:4b:86:5f:8e:31:13:5d:bb:60:0e:
                    16:68:49:74:21:7e:02:62:91:9f:8c:11:34:63:e7:
                    a2:3c:5d:05:a6:ba:0e:13:ed:5e:df:b0:d4:df:11:
                    81:cd:a5:59:44:34:f0:05:e7:71:fd:6d:ad:b4:eb:
                    16:2d:70:19:dc:b6:f4:36:ac:c2:33:99:9c:68:a5:
                    2c:05:7b:cf:2d:f2:a4:74:05:d3:e8:97:cc:52:d2:
                    76:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:F9:03:7C:4F:F3:84:DB:73:BE:D2:3B:73:9C:6C:0E:47:3B:B9:81
            X509v3 Authority Key Identifier:
                keyid:5D:47:28:BD:1F:5D:13:6D:76:8B:F1:75:34:61:C5:3D:A4:57:46:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XUcovR9dE212i_F1NGHFPaRXRss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/dbe773-befc-4a77-b513-5e23672673d2/1/jPkDfE_zhNtzvtI7c5xsDkc7uYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/dbe773-befc-4a77-b513-5e23672673d2/1/XUcovR9dE212i_F1NGHFPaRXRss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:80:9e:a2:a7:59:8e:18:ae:77:50:aa:00:3f:5e:4c:12:3d:
         fe:fd:46:57:45:4b:62:72:d2:27:c4:b2:f1:80:bf:2e:3f:da:
         f7:e1:e4:28:92:16:72:3d:46:c0:5a:51:ce:69:e5:39:0d:a5:
         e9:f6:5a:25:47:26:1b:b9:97:fd:5c:14:46:55:49:e8:97:46:
         3c:a0:ab:ff:10:78:08:4f:60:1b:56:92:29:21:13:0e:00:c8:
         7b:70:4c:69:df:37:d1:fa:98:7b:da:5e:4d:44:d4:8b:d3:81:
         95:de:88:f8:6c:30:b8:e8:b9:39:38:22:5f:36:d2:3e:d0:de:
         a1:03:84:03:cc:a2:f9:a7:5e:92:a0:3c:ee:c4:58:f7:57:c2:
         df:0e:af:f8:11:54:7d:b1:68:c1:a8:7a:4e:d0:db:28:21:d1:
         2c:0c:53:6a:d9:c0:f5:ce:5b:58:66:15:01:a2:31:f0:12:d4:
         6f:61:af:66:0f:95:a4:90:58:d2:f5:c8:5e:f8:87:be:f2:42:
         e1:7d:38:a9:40:6e:f3:9d:5c:03:cb:45:7d:2a:d5:f8:50:e8:
         5a:7a:54:7b:81:4e:91:b5:24:c1:c5:cb:9f:9c:80:04:f5:40:
         87:cc:eb:f6:2f:83:d0:87:d4:f9:da:d0:4c:bc:2b:2b:a2:0c:
         bf:a6:8c:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSJ4x5BISTG5OCeDqJa5HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkNDcyOGJkMWY1ZDEzNmQ3NjhiZjE3NTM0NjFjNTNkYTQ1
NzQ2Y2IwHhcNMjQwMTAxMDQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2Y5MDM3YzRmZjM4NGRiNzNiZWQyM2I3MzljNmMwZTQ3M2JiOTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTzqtauM+LhE5F7BwpR5wyjPPx2p
X4gofWmPMsE8zX19bnY7bLQt3uVpSEFLQblbZzMynbG1ivCU6ZcpBTC1Ya7bJbEk
7UACMywCY2yoWU6sNZnlfi4ERECzLRrgBprDhbABt45XdW9yGGgYqRDz0IE+lipG
Oei8LenPfc2K3Q7+OiqI+USMMhrtx0bJpKn6vp8H+H2C+Kc8ThJS+I39GG/ZSw5a
REwEVEuGX44xE127YA4WaEl0IX4CYpGfjBE0Y+eiPF0FproOE+1e37DU3xGBzaVZ
RDTwBedx/W2ttOsWLXAZ3Lb0NqzCM5mcaKUsBXvPLfKkdAXT6JfMUtJ2FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIz5A3xP84Tbc77SO3OcbA5HO7mBMB8GA1UdIwQY
MBaAFF1HKL0fXRNtdovxdTRhxT2kV0bLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFVjb3ZSOWRFMjEyaV9GMU5HSEZQYVJYUnNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9kYmU3NzMtYmVmYy00YTc3LWI1MTMt
NWUyMzY3MjY3M2QyLzEvalBrRGZFX3poTnR6dnRJN2M1eHNEa2M3dVlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9kYmU3NzMtYmVmYy00YTc3LWI1MTMtNWUyMzY3MjY3M2Qy
LzEvWFVjb3ZSOWRFMjEyaV9GMU5HSEZQYVJYUnNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+mjMA0G
CSqGSIb3DQEBCwUAA4IBAQA6gJ6ip1mOGK53UKoAP15MEj3+/UZXRUtictInxLLx
gL8uP9r34eQokhZyPUbAWlHOaeU5DaXp9lolRyYbuZf9XBRGVUnol0Y8oKv/EHgI
T2AbVpIpIRMOAMh7cExp3zfR+ph72l5NRNSL04GV3oj4bDC46Lk5OCJfNtI+0N6h
A4QDzKL5p16SoDzuxFj3V8LfDq/4EVR9sWjBqHpO0NsoIdEsDFNq2cD1zltYZhUB
ojHwEtRvYa9mD5WkkFjS9che+Ie+8kLhfTipQG7znVwDy0V9KtX4UOhaelR7gU6R
tSTBxcufnIAE9UCHzOv2L4PQh9T52tBMvCsrogy/powE
-----END CERTIFICATE-----