Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/1b4708-eef9-49de-b887-f32069ec4ee5/1/X7Q16k12hmelOo_D6pcHr1nLMqw.roa
File:                     X7Q16k12hmelOo_D6pcHr1nLMqw.roa (raw, json)
Hash identifier:          sKPa2DtmjBIA/IdC67J65lTvvSb51XdDcw5VIOTpf1k=
Subject key identifier:   5F:B4:35:EA:4D:76:86:67:A5:3A:8F:C3:EA:97:07:AF:59:CB:32:AC
Certificate issuer:       /CN=57c1fe8083646749816ad3fa64098345fb61e9f5
Certificate serial:       018CC6B7AA0D7A4BDA8356ED19C1711D2156
Authority key identifier: 57:C1:FE:80:83:64:67:49:81:6A:D3:FA:64:09:83:45:FB:61:E9:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8H-gINkZ0mBatP6ZAmDRfth6fU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/1b4708-eef9-49de-b887-f32069ec4ee5/1/X7Q16k12hmelOo_D6pcHr1nLMqw.roa
Signing time:             Mon 01 Jan 2024 20:29:34 +0000
ROA not before:           Mon 01 Jan 2024 20:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43207
IP address blocks:        91.229.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/1b4708-eef9-49de-b887-f32069ec4ee5/1/V8H-gINkZ0mBatP6ZAmDRfth6fU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/1b4708-eef9-49de-b887-f32069ec4ee5/1/V8H-gINkZ0mBatP6ZAmDRfth6fU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8H-gINkZ0mBatP6ZAmDRfth6fU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:aa:0d:7a:4b:da:83:56:ed:19:c1:71:1d:21:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c1fe8083646749816ad3fa64098345fb61e9f5
        Validity
            Not Before: Jan  1 20:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5fb435ea4d768667a53a8fc3ea9707af59cb32ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ea:79:7b:c7:f7:54:12:7b:2b:df:41:be:a2:
                    12:77:4c:c2:29:1d:0b:b8:04:10:af:b8:ce:6e:a9:
                    77:a1:10:62:bb:f3:41:3d:e7:27:bf:b0:f7:60:7c:
                    bd:30:1f:c0:d2:42:8e:07:f2:4e:8c:6e:0b:47:e0:
                    39:3f:69:78:8d:25:b4:fa:9a:57:4e:53:61:77:b9:
                    7a:54:d7:b0:ef:03:fb:76:6a:1e:58:28:5f:e3:a5:
                    be:08:ba:aa:50:2c:4e:99:a0:71:c9:c6:dc:6c:f2:
                    82:07:71:38:35:0b:0b:d6:8d:87:0a:53:88:ed:ca:
                    77:a2:98:d8:57:6b:5b:19:74:13:f1:65:16:3b:db:
                    9a:19:9d:2f:44:49:52:52:6f:b2:db:61:a3:12:d0:
                    2f:40:2c:d9:f4:49:79:31:d7:58:09:df:e0:4e:85:
                    ec:49:21:3a:d7:66:46:1f:71:53:bd:9c:0c:d4:64:
                    6f:60:6e:8d:8f:01:5d:d2:df:e5:d9:31:6f:35:e4:
                    c4:40:df:5b:e1:cb:ce:2b:68:92:cb:96:57:ef:f3:
                    8a:d8:0b:e3:bc:97:96:45:73:57:8f:47:3f:4f:d4:
                    9a:bb:c3:b6:17:5b:26:4e:08:dd:1d:1c:aa:90:ee:
                    42:98:00:0b:6a:88:b9:60:91:ad:98:69:ff:06:ff:
                    e5:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:B4:35:EA:4D:76:86:67:A5:3A:8F:C3:EA:97:07:AF:59:CB:32:AC
            X509v3 Authority Key Identifier:
                keyid:57:C1:FE:80:83:64:67:49:81:6A:D3:FA:64:09:83:45:FB:61:E9:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8H-gINkZ0mBatP6ZAmDRfth6fU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/1b4708-eef9-49de-b887-f32069ec4ee5/1/X7Q16k12hmelOo_D6pcHr1nLMqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/1b4708-eef9-49de-b887-f32069ec4ee5/1/V8H-gINkZ0mBatP6ZAmDRfth6fU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:ec:05:32:f5:22:6d:e2:af:46:ac:dd:0f:88:d9:84:97:74:
         16:82:5c:38:c2:cf:28:61:c8:a6:39:81:f8:55:81:87:aa:0b:
         ca:b7:38:e9:53:a2:2b:51:cb:f8:7e:04:ab:25:b7:24:fd:72:
         10:15:be:fe:ab:8f:39:dd:65:c3:f6:9e:d4:be:80:5a:3f:0c:
         c9:6a:7f:b1:de:ee:9b:7b:2e:b6:4b:30:ac:fc:f0:ba:0d:cf:
         a7:75:0a:f4:cc:10:fe:cf:f7:33:f8:d8:a4:82:a9:0b:a6:d0:
         39:11:d9:31:59:4d:a4:4e:5f:9f:07:33:38:46:18:b8:b2:a1:
         6a:a1:ab:3f:f9:c2:ef:1f:81:aa:b3:df:08:eb:f5:29:f4:de:
         24:8d:ed:f2:c3:6e:ac:4f:07:ed:85:fd:12:8c:5c:d7:0a:b1:
         50:08:79:54:a7:6d:be:5e:e6:49:69:5e:e0:75:0b:17:38:91:
         d9:ad:21:f6:c1:19:7a:f5:fc:f6:11:f2:3e:7e:92:a8:fa:f9:
         5f:4d:5a:4e:60:2f:23:59:e1:1a:3a:fc:cb:2a:2d:f7:e2:98:
         c3:09:d2:da:41:95:54:1e:ff:b2:e0:3f:cd:0e:ba:61:d1:58:
         8d:07:c2:58:b7:4b:7f:36:57:57:d6:a5:dc:c6:02:8f:07:57:
         b7:f1:5d:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt6oNekvag1btGcFxHSFWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzFmZTgwODM2NDY3NDk4MTZhZDNmYTY0MDk4MzQ1ZmI2
MWU5ZjUwHhcNMjQwMTAxMjAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmI0MzVlYTRkNzY4NjY3YTUzYThmYzNlYTk3MDdhZjU5Y2IzMmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgup5e8f3VBJ7K99BvqISd0zCKR0L
uAQQr7jObql3oRBiu/NBPecnv7D3YHy9MB/A0kKOB/JOjG4LR+A5P2l4jSW0+ppX
TlNhd7l6VNew7wP7dmoeWChf46W+CLqqUCxOmaBxycbcbPKCB3E4NQsL1o2HClOI
7cp3opjYV2tbGXQT8WUWO9uaGZ0vRElSUm+y22GjEtAvQCzZ9El5MddYCd/gToXs
SSE612ZGH3FTvZwM1GRvYG6NjwFd0t/l2TFvNeTEQN9b4cvOK2iSy5ZX7/OK2Avj
vJeWRXNXj0c/T9Sau8O2F1smTgjdHRyqkO5CmAALaoi5YJGtmGn/Bv/lYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+0NepNdoZnpTqPw+qXB69ZyzKsMB8GA1UdIwQY
MBaAFFfB/oCDZGdJgWrT+mQJg0X7Yen1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhILWdJTmtaMG1CYXRQNlpBbURSZnRoNmZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi8xYjQ3MDgtZWVmOS00OWRlLWI4ODct
ZjMyMDY5ZWM0ZWU1LzEvWDdRMTZrMTJobWVsT29fRDZwY0hyMW5MTXF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi8xYjQ3MDgtZWVmOS00OWRlLWI4ODctZjMyMDY5ZWM0ZWU1
LzEvVjhILWdJTmtaMG1CYXRQNlpBbURSZnRoNmZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+XfMA0G
CSqGSIb3DQEBCwUAA4IBAQCU7AUy9SJt4q9GrN0PiNmEl3QWglw4ws8oYcimOYH4
VYGHqgvKtzjpU6IrUcv4fgSrJbck/XIQFb7+q4853WXD9p7UvoBaPwzJan+x3u6b
ey62SzCs/PC6Dc+ndQr0zBD+z/cz+NikgqkLptA5EdkxWU2kTl+fBzM4Rhi4sqFq
oas/+cLvH4Gqs98I6/Up9N4kje3yw26sTwfthf0SjFzXCrFQCHlUp22+XuZJaV7g
dQsXOJHZrSH2wRl69fz2EfI+fpKo+vlfTVpOYC8jWeEaOvzLKi334pjDCdLaQZVU
Hv+y4D/NDrph0ViNB8JYt0t/NldX1qXcxgKPB1e38V11
-----END CERTIFICATE-----