Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/bba8e7-b9d2-4d9b-88b9-9408f1bc0d12/1/_wrZSHr0jEcflioTuKAlzs438GA.roa
File:                     _wrZSHr0jEcflioTuKAlzs438GA.roa (raw, json)
Hash identifier:          v1g5Ewng9hm3ebAgrgbwq9sD/XsW3mYjjILzb3NT4tw=
Subject key identifier:   FF:0A:D9:48:7A:F4:8C:47:1F:96:2A:13:B8:A0:25:CE:CE:37:F0:60
Certificate issuer:       /CN=5da38f7c3ecad29ec50644b70068b92a1be47074
Certificate serial:       018F1B71B1E973B8442C1280FB9D528A5331
Authority key identifier: 5D:A3:8F:7C:3E:CA:D2:9E:C5:06:44:B7:00:68:B9:2A:1B:E4:70:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOPfD7K0p7FBkS3AGi5KhvkcHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/bba8e7-b9d2-4d9b-88b9-9408f1bc0d12/1/_wrZSHr0jEcflioTuKAlzs438GA.roa
Signing time:             Fri 26 Apr 2024 17:26:26 +0000
ROA not before:           Fri 26 Apr 2024 17:26:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215026
IP address blocks:        91.227.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/bba8e7-b9d2-4d9b-88b9-9408f1bc0d12/1/XaOPfD7K0p7FBkS3AGi5KhvkcHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/bba8e7-b9d2-4d9b-88b9-9408f1bc0d12/1/XaOPfD7K0p7FBkS3AGi5KhvkcHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaOPfD7K0p7FBkS3AGi5KhvkcHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:1b:71:b1:e9:73:b8:44:2c:12:80:fb:9d:52:8a:53:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da38f7c3ecad29ec50644b70068b92a1be47074
        Validity
            Not Before: Apr 26 17:26:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff0ad9487af48c471f962a13b8a025cece37f060
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:6c:3f:c5:2a:b4:64:fb:94:d0:e5:da:3d:e1:
                    3d:57:12:73:49:83:31:f3:d2:d4:fb:b6:94:b8:73:
                    df:2c:3d:f4:bb:d5:dd:37:c4:35:6e:00:5e:55:02:
                    72:e0:d6:3e:b3:78:94:de:6c:f9:e3:48:b0:bf:be:
                    13:43:e1:c0:ce:61:9d:72:fd:2c:a7:03:44:25:7e:
                    96:8c:fa:b7:7f:c6:a0:c8:06:f2:b4:79:45:40:52:
                    a5:e5:94:5b:fd:6a:fc:14:65:88:e7:59:45:3f:b4:
                    06:e7:5c:59:2f:8c:bf:83:7c:e5:29:af:2b:7b:f9:
                    89:57:69:0c:89:5e:8e:81:4a:02:3e:35:b6:b4:af:
                    fb:c1:d9:0a:89:11:34:c5:84:7c:15:7c:20:54:84:
                    f1:39:29:f6:b5:58:ba:28:48:86:63:77:2a:51:1f:
                    98:36:8f:d1:d1:ee:1f:76:e6:68:76:3e:6d:7d:3a:
                    27:85:6a:07:5a:9d:58:76:f3:83:dd:60:60:42:d1:
                    ba:70:29:26:fe:75:d0:86:98:9f:e6:f7:12:9e:e1:
                    ba:6f:f3:5f:78:05:89:2d:21:0b:f8:7b:a8:80:53:
                    5e:c2:ca:b0:67:f7:bf:f7:6b:0f:1b:9e:e4:c9:3c:
                    16:3e:50:c7:7c:c6:58:77:9a:fc:64:e3:32:ac:52:
                    f5:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:0A:D9:48:7A:F4:8C:47:1F:96:2A:13:B8:A0:25:CE:CE:37:F0:60
            X509v3 Authority Key Identifier:
                keyid:5D:A3:8F:7C:3E:CA:D2:9E:C5:06:44:B7:00:68:B9:2A:1B:E4:70:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOPfD7K0p7FBkS3AGi5KhvkcHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/bba8e7-b9d2-4d9b-88b9-9408f1bc0d12/1/_wrZSHr0jEcflioTuKAlzs438GA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/bba8e7-b9d2-4d9b-88b9-9408f1bc0d12/1/XaOPfD7K0p7FBkS3AGi5KhvkcHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:d3:d6:0b:33:e3:b1:e1:62:d6:63:51:57:7c:c6:61:42:00:
         4b:25:4a:72:e9:ed:97:e6:d8:fb:f7:af:b7:a6:8a:00:0a:b1:
         07:78:45:b7:f6:b6:fa:03:06:d7:61:a2:d7:00:b7:f1:6c:40:
         d5:c0:a4:4e:38:85:c5:0d:c2:c4:fd:2e:bc:98:98:ae:81:ef:
         71:f3:2b:6c:8c:ac:00:c8:d1:95:8b:9f:63:ce:b1:d0:64:4d:
         b3:35:67:b9:d8:63:eb:73:9d:99:68:17:83:d5:31:21:4e:51:
         06:8c:b0:d5:38:61:93:79:37:d6:48:29:3a:44:7a:6f:0f:37:
         b0:6b:16:f1:7d:a4:e4:60:58:3d:b1:b6:d7:0f:4f:11:17:96:
         c0:0c:52:c7:26:54:b8:db:0f:56:b1:fe:ad:9a:c5:02:21:d2:
         54:7d:79:12:52:97:e0:ea:54:4e:ae:c2:0b:7d:c1:5e:5d:9f:
         43:08:3e:d7:d2:e4:80:b8:fb:48:1f:a3:7c:55:d0:c0:e0:1d:
         d2:c6:ba:0d:d6:60:63:e6:4a:20:b9:95:d6:21:2f:27:21:38:
         ab:a9:4a:ee:4b:3a:dc:6b:3f:69:e1:86:58:26:b0:7e:10:36:
         f0:68:e4:6e:7d:1d:bc:e1:fc:24:d1:13:23:34:5f:53:5a:1d:
         51:3e:3c:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8bcbHpc7hELBKA+51SilMxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM4ZjdjM2VjYWQyOWVjNTA2NDRiNzAwNjhiOTJhMWJl
NDcwNzQwHhcNMjQwNDI2MTcyNjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjBhZDk0ODdhZjQ4YzQ3MWY5NjJhMTNiOGEwMjVjZWNlMzdmMDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4mw/xSq0ZPuU0OXaPeE9VxJzSYMx
89LU+7aUuHPfLD30u9XdN8Q1bgBeVQJy4NY+s3iU3mz540iwv74TQ+HAzmGdcv0s
pwNEJX6WjPq3f8agyAbytHlFQFKl5ZRb/Wr8FGWI51lFP7QG51xZL4y/g3zlKa8r
e/mJV2kMiV6OgUoCPjW2tK/7wdkKiRE0xYR8FXwgVITxOSn2tVi6KEiGY3cqUR+Y
No/R0e4fduZodj5tfTonhWoHWp1YdvOD3WBgQtG6cCkm/nXQhpif5vcSnuG6b/Nf
eAWJLSEL+HuogFNewsqwZ/e/92sPG57kyTwWPlDHfMZYd5r8ZOMyrFL1rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP8K2Uh69IxHH5YqE7igJc7ON/BgMB8GA1UdIwQY
MBaAFF2jj3w+ytKexQZEtwBouSob5HB0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPUGZEN0swcDdGQmtTM0FHaTVLaHZrY0hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9iYmE4ZTctYjlkMi00ZDliLTg4Yjkt
OTQwOGYxYmMwZDEyLzEvX3dyWlNIcjBqRWNmbGlvVHVLQWx6czQzOEdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9iYmE4ZTctYjlkMi00ZDliLTg4YjktOTQwOGYxYmMwZDEy
LzEvWGFPUGZEN0swcDdGQmtTM0FHaTVLaHZrY0hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+NyMA0G
CSqGSIb3DQEBCwUAA4IBAQAJ09YLM+Ox4WLWY1FXfMZhQgBLJUpy6e2X5tj796+3
pooACrEHeEW39rb6AwbXYaLXALfxbEDVwKROOIXFDcLE/S68mJiuge9x8ytsjKwA
yNGVi59jzrHQZE2zNWe52GPrc52ZaBeD1TEhTlEGjLDVOGGTeTfWSCk6RHpvDzew
axbxfaTkYFg9sbbXD08RF5bADFLHJlS42w9Wsf6tmsUCIdJUfXkSUpfg6lROrsIL
fcFeXZ9DCD7X0uSAuPtIH6N8VdDA4B3SxroN1mBj5koguZXWIS8nITirqUruSzrc
az9p4YZYJrB+EDbwaORufR284fwk0RMjNF9TWh1RPjwt
-----END CERTIFICATE-----