Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/c064a5-d7a9-4e6f-8fd8-0dcd03dc0897/1/U0TL7MV6VRUIhl4spawmWDRICzE.roa
File:                     U0TL7MV6VRUIhl4spawmWDRICzE.roa (raw, json)
Hash identifier:          pLRnemfbbNbw3tSCZCHiLJGjaBEVTVuayUTdanX/T2M=
Subject key identifier:   53:44:CB:EC:C5:7A:55:15:08:86:5E:2C:A5:AC:26:58:34:48:0B:31
Certificate issuer:       /CN=c7ebabd786da13805655b1b5501fdcbf433bc78d
Certificate serial:       018CC5DD3502AFA8E039D823485C7C61BEF2
Authority key identifier: C7:EB:AB:D7:86:DA:13:80:56:55:B1:B5:50:1F:DC:BF:43:3B:C7:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x-ur14baE4BWVbG1UB_cv0M7x40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/c064a5-d7a9-4e6f-8fd8-0dcd03dc0897/1/U0TL7MV6VRUIhl4spawmWDRICzE.roa
Signing time:             Mon 01 Jan 2024 16:30:57 +0000
ROA not before:           Mon 01 Jan 2024 16:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        91.213.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/c064a5-d7a9-4e6f-8fd8-0dcd03dc0897/1/x-ur14baE4BWVbG1UB_cv0M7x40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/c064a5-d7a9-4e6f-8fd8-0dcd03dc0897/1/x-ur14baE4BWVbG1UB_cv0M7x40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x-ur14baE4BWVbG1UB_cv0M7x40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 04:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:35:02:af:a8:e0:39:d8:23:48:5c:7c:61:be:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7ebabd786da13805655b1b5501fdcbf433bc78d
        Validity
            Not Before: Jan  1 16:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5344cbecc57a551508865e2ca5ac265834480b31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:26:13:c6:cd:55:64:2d:ee:fc:a2:08:a9:81:
                    89:13:6c:33:1e:7f:f1:aa:99:24:7c:d5:27:4f:4c:
                    f1:ed:94:c4:e5:26:50:13:d2:f8:9a:1c:ad:b1:d8:
                    af:b2:ce:4c:2e:95:ca:b7:1f:3b:a9:fa:d6:5f:c3:
                    ea:a9:68:67:52:99:33:78:a8:2e:cf:9a:cb:70:15:
                    b4:bd:ef:ba:0f:0b:e7:d3:c3:59:62:7a:c3:de:6b:
                    7f:c2:83:3c:ea:1f:b1:2b:28:dd:3c:17:d7:c4:3a:
                    4c:25:4b:a2:cd:26:3f:38:d9:37:9e:01:c7:ce:a9:
                    a8:37:bb:3e:30:d8:50:a8:b0:33:c1:ac:42:ff:af:
                    cb:f3:2a:52:4f:84:f3:0b:0a:c4:97:1e:f8:70:19:
                    42:ca:e8:e2:5d:44:28:aa:83:12:2d:f1:5d:57:a2:
                    1d:d7:b7:57:e2:f1:cd:1a:b0:1d:38:a4:83:a3:bf:
                    ae:24:de:1a:1f:fb:b0:a9:05:8f:ae:61:ff:e1:34:
                    2b:97:8d:71:e3:bc:cf:11:e9:65:ae:3e:1e:9e:f5:
                    9b:39:39:f7:78:60:a0:64:5e:8a:29:3e:93:ea:ac:
                    b1:2a:26:0a:ac:94:04:d6:4f:3f:98:7a:eb:ec:0a:
                    82:ae:b4:5b:9a:4c:07:d9:2a:2e:37:e1:69:93:15:
                    8c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:44:CB:EC:C5:7A:55:15:08:86:5E:2C:A5:AC:26:58:34:48:0B:31
            X509v3 Authority Key Identifier:
                keyid:C7:EB:AB:D7:86:DA:13:80:56:55:B1:B5:50:1F:DC:BF:43:3B:C7:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x-ur14baE4BWVbG1UB_cv0M7x40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/c064a5-d7a9-4e6f-8fd8-0dcd03dc0897/1/U0TL7MV6VRUIhl4spawmWDRICzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/c064a5-d7a9-4e6f-8fd8-0dcd03dc0897/1/x-ur14baE4BWVbG1UB_cv0M7x40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:4d:41:df:13:7f:c2:5b:e9:43:23:74:e7:66:18:24:9c:2a:
         7c:92:38:a7:af:e0:12:cd:98:b1:cb:a4:34:43:08:22:a3:37:
         f4:b7:f8:34:64:36:4e:a1:fa:84:61:be:4b:aa:46:ad:18:c7:
         ac:05:70:6b:8f:0e:a0:91:53:e9:ea:fa:37:a8:00:13:08:d5:
         80:f6:c2:47:aa:b8:27:56:d7:73:3b:1f:52:f5:aa:89:1a:f9:
         e0:30:68:16:62:39:5b:1e:5a:d8:a1:9e:83:d7:67:8b:2c:d5:
         68:b1:8b:5f:99:3d:1e:70:bd:28:a4:b4:b6:1b:c5:00:fb:ac:
         98:5c:c3:e7:53:e6:af:26:86:8b:f4:be:64:c6:ed:23:27:3c:
         ed:1a:d6:70:e5:84:62:9b:ac:0b:96:e9:88:d4:15:b7:96:fa:
         4f:de:2d:a9:ce:e4:b5:1d:ad:19:96:3d:75:f2:ce:13:82:86:
         0f:dc:29:9a:13:ca:3f:7f:76:14:ba:d6:fe:40:aa:3b:22:3e:
         9a:42:87:1f:88:f5:90:83:c5:2b:a6:1f:13:f1:61:41:a9:6e:
         d0:60:04:d7:f8:3f:0f:27:50:17:13:ce:13:b7:88:f1:46:ce:
         ee:c9:ef:1e:fa:c0:bd:c9:f4:f1:a1:1d:0e:61:dc:ee:50:40:
         7e:20:cd:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3TUCr6jgOdgjSFx8Yb7yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3ZWJhYmQ3ODZkYTEzODA1NjU1YjFiNTUwMWZkY2JmNDMz
YmM3OGQwHhcNMjQwMTAxMTYzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzQ0Y2JlY2M1N2E1NTE1MDg4NjVlMmNhNWFjMjY1ODM0NDgwYjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCYTxs1VZC3u/KIIqYGJE2wzHn/x
qpkkfNUnT0zx7ZTE5SZQE9L4mhytsdivss5MLpXKtx87qfrWX8PqqWhnUpkzeKgu
z5rLcBW0ve+6Dwvn08NZYnrD3mt/woM86h+xKyjdPBfXxDpMJUuizSY/ONk3ngHH
zqmoN7s+MNhQqLAzwaxC/6/L8ypST4TzCwrElx74cBlCyujiXUQoqoMSLfFdV6Id
17dX4vHNGrAdOKSDo7+uJN4aH/uwqQWPrmH/4TQrl41x47zPEellrj4envWbOTn3
eGCgZF6KKT6T6qyxKiYKrJQE1k8/mHrr7AqCrrRbmkwH2SouN+FpkxWMyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFNEy+zFelUVCIZeLKWsJlg0SAsxMB8GA1UdIwQY
MBaAFMfrq9eG2hOAVlWxtVAf3L9DO8eNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveC11cjE0YmFFNEJXVmJHMVVCX2N2ME03eDQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9jMDY0YTUtZDdhOS00ZTZmLThmZDgt
MGRjZDAzZGMwODk3LzEvVTBUTDdNVjZWUlVJaGw0c3Bhd21XRFJJQ3pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9jMDY0YTUtZDdhOS00ZTZmLThmZDgtMGRjZDAzZGMwODk3
LzEveC11cjE0YmFFNEJXVmJHMVVCX2N2ME03eDQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9XJMA0G
CSqGSIb3DQEBCwUAA4IBAQB3TUHfE3/CW+lDI3TnZhgknCp8kjinr+ASzZixy6Q0
Qwgiozf0t/g0ZDZOofqEYb5LqkatGMesBXBrjw6gkVPp6vo3qAATCNWA9sJHqrgn
VtdzOx9S9aqJGvngMGgWYjlbHlrYoZ6D12eLLNVosYtfmT0ecL0opLS2G8UA+6yY
XMPnU+avJoaL9L5kxu0jJzztGtZw5YRim6wLlumI1BW3lvpP3i2pzuS1Ha0Zlj11
8s4TgoYP3CmaE8o/f3YUutb+QKo7Ij6aQocfiPWQg8Urph8T8WFBqW7QYATX+D8P
J1AXE84Tt4jxRs7uye8e+sC9yfTxoR0OYdzuUEB+IM1v
-----END CERTIFICATE-----