Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/060222-5741-4e23-97d6-d63a23cf114c/1/xdABHfqjRO5DE-_iIe4kLygAtRc.roa
File:                     xdABHfqjRO5DE-_iIe4kLygAtRc.roa (raw, json)
Hash identifier:          LXSuaviocyfQevICQKDjKPj95wCpGLm7j893kLUbChI=
Subject key identifier:   C5:D0:01:1D:FA:A3:44:EE:43:13:EF:E2:21:EE:24:2F:28:00:B5:17
Certificate issuer:       /CN=fe459065f728117d1c70b8c54cda8f461db80475
Certificate serial:       018E5B7C1FC7A1F27EAE044F6786C95BD185
Authority key identifier: FE:45:90:65:F7:28:11:7D:1C:70:B8:C5:4C:DA:8F:46:1D:B8:04:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_kWQZfcoEX0ccLjFTNqPRh24BHU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/060222-5741-4e23-97d6-d63a23cf114c/1/xdABHfqjRO5DE-_iIe4kLygAtRc.roa
Signing time:             Wed 20 Mar 2024 10:50:44 +0000
ROA not before:           Wed 20 Mar 2024 10:50:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198244
IP address blocks:        91.232.232.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/060222-5741-4e23-97d6-d63a23cf114c/1/_kWQZfcoEX0ccLjFTNqPRh24BHU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/060222-5741-4e23-97d6-d63a23cf114c/1/_kWQZfcoEX0ccLjFTNqPRh24BHU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_kWQZfcoEX0ccLjFTNqPRh24BHU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5b:7c:1f:c7:a1:f2:7e:ae:04:4f:67:86:c9:5b:d1:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe459065f728117d1c70b8c54cda8f461db80475
        Validity
            Not Before: Mar 20 10:50:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5d0011dfaa344ee4313efe221ee242f2800b517
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:71:bb:35:bd:a3:f2:fd:54:34:ae:a3:33:56:
                    65:8e:20:4b:7c:f7:cb:14:d0:92:c3:80:4b:e6:30:
                    4d:72:c6:aa:4d:54:57:f2:0d:a1:8f:6b:e9:27:96:
                    90:34:60:1d:02:ec:51:31:7e:96:6b:e7:ba:4c:57:
                    34:ed:81:5e:bf:47:c4:2b:98:93:3a:e6:82:3b:6a:
                    ea:71:5a:8d:fd:71:82:be:cf:7b:9a:fd:5f:6e:ac:
                    9b:27:d4:3d:ae:df:c6:37:46:93:2f:6b:d6:40:77:
                    6b:36:b1:34:75:36:1d:9b:b8:f5:65:a1:06:7b:dd:
                    f2:9b:37:d0:1f:ff:a9:80:83:75:07:c7:86:4b:95:
                    a0:fc:2f:f7:ec:56:a8:3e:23:f0:06:b7:85:32:fc:
                    16:13:1b:0a:70:27:0f:77:34:71:40:b8:e9:1b:b9:
                    ce:c4:fd:9c:c4:e8:a6:a5:9f:26:b0:63:95:7b:b3:
                    7a:ed:8f:3e:1a:01:be:f9:ad:e0:0e:26:f5:a6:96:
                    e2:bc:6b:46:39:21:ef:9f:fe:21:fb:cf:4b:81:03:
                    7f:17:25:b0:63:bb:94:2e:a6:fa:53:45:56:6b:22:
                    ec:ba:95:be:9a:3a:b7:ba:48:87:ae:e5:e7:da:98:
                    4f:fc:30:de:c3:d1:73:2e:b0:83:e6:0d:d5:30:e0:
                    46:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:D0:01:1D:FA:A3:44:EE:43:13:EF:E2:21:EE:24:2F:28:00:B5:17
            X509v3 Authority Key Identifier:
                keyid:FE:45:90:65:F7:28:11:7D:1C:70:B8:C5:4C:DA:8F:46:1D:B8:04:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_kWQZfcoEX0ccLjFTNqPRh24BHU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/060222-5741-4e23-97d6-d63a23cf114c/1/xdABHfqjRO5DE-_iIe4kLygAtRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/060222-5741-4e23-97d6-d63a23cf114c/1/_kWQZfcoEX0ccLjFTNqPRh24BHU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:78:f8:29:f6:25:b5:6e:d2:2c:5a:71:39:81:32:76:70:aa:
         54:3b:ca:7e:fd:53:70:b9:49:62:47:60:1b:59:83:50:e9:a3:
         e5:bb:46:37:49:80:83:fd:46:86:76:dc:b8:9f:26:1c:f8:80:
         4b:0d:38:94:01:54:38:44:63:3a:01:46:cc:db:7e:0b:16:4b:
         99:98:f3:f5:be:a3:ea:e8:1a:51:cb:10:f1:92:36:68:42:ce:
         7e:5c:fa:47:23:95:1e:cb:38:ff:bf:2c:36:40:fb:62:6d:d3:
         7d:e4:51:da:b3:f6:cc:ab:0b:69:98:6c:98:ef:34:f7:6b:a5:
         b1:2a:9a:9f:51:e9:81:dc:8e:fb:12:f0:80:00:42:ad:92:b1:
         0e:4d:60:2e:ce:74:04:7c:19:3a:fa:43:20:32:82:11:ca:7b:
         20:07:61:c5:e4:3c:ab:fb:4a:84:4b:fe:c9:c9:dd:56:a1:47:
         f4:59:80:dc:1a:83:32:66:2c:02:ab:09:4a:b1:4a:39:21:60:
         f2:fb:b1:f5:f3:2a:dc:27:0f:ce:d5:e9:2d:fe:bc:da:82:0e:
         76:5d:bb:60:79:b7:11:49:6e:d8:a5:fb:48:fc:e3:04:dd:53:
         74:7a:df:a4:c4:50:9b:02:48:19:da:c7:60:cb:20:f4:95:21:
         15:1c:89:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5bfB/HofJ+rgRPZ4bJW9GFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNDU5MDY1ZjcyODExN2QxYzcwYjhjNTRjZGE4ZjQ2MWRi
ODA0NzUwHhcNMjQwMzIwMTA1MDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWQwMDExZGZhYTM0NGVlNDMxM2VmZTIyMWVlMjQyZjI4MDBiNTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzXG7Nb2j8v1UNK6jM1ZljiBLfPfL
FNCSw4BL5jBNcsaqTVRX8g2hj2vpJ5aQNGAdAuxRMX6Wa+e6TFc07YFev0fEK5iT
OuaCO2rqcVqN/XGCvs97mv1fbqybJ9Q9rt/GN0aTL2vWQHdrNrE0dTYdm7j1ZaEG
e93ymzfQH/+pgIN1B8eGS5Wg/C/37FaoPiPwBreFMvwWExsKcCcPdzRxQLjpG7nO
xP2cxOimpZ8msGOVe7N67Y8+GgG++a3gDib1ppbivGtGOSHvn/4h+89LgQN/FyWw
Y7uULqb6U0VWayLsupW+mjq3ukiHruXn2phP/DDew9FzLrCD5g3VMOBGiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXQAR36o0TuQxPv4iHuJC8oALUXMB8GA1UdIwQY
MBaAFP5FkGX3KBF9HHC4xUzaj0YduAR1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2tXUVpmY29FWDBjY0xqRlROcVBSaDI0QkhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8wNjAyMjItNTc0MS00ZTIzLTk3ZDYt
ZDYzYTIzY2YxMTRjLzEveGRBQkhmcWpSTzVERS1faUllNGtMeWdBdFJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8wNjAyMjItNTc0MS00ZTIzLTk3ZDYtZDYzYTIzY2YxMTRj
LzEvX2tXUVpmY29FWDBjY0xqRlROcVBSaDI0QkhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+joMA0G
CSqGSIb3DQEBCwUAA4IBAQBcePgp9iW1btIsWnE5gTJ2cKpUO8p+/VNwuUliR2Ab
WYNQ6aPlu0Y3SYCD/UaGdty4nyYc+IBLDTiUAVQ4RGM6AUbM234LFkuZmPP1vqPq
6BpRyxDxkjZoQs5+XPpHI5Ueyzj/vyw2QPtibdN95FHas/bMqwtpmGyY7zT3a6Wx
KpqfUemB3I77EvCAAEKtkrEOTWAuznQEfBk6+kMgMoIRynsgB2HF5Dyr+0qES/7J
yd1WoUf0WYDcGoMyZiwCqwlKsUo5IWDy+7H18yrcJw/O1ekt/rzagg52XbtgebcR
SW7YpftI/OME3VN0et+kxFCbAkgZ2sdgyyD0lSEVHIn+
-----END CERTIFICATE-----