Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/e5c877-a2ee-4c3f-ad5c-02a7f6df6810/1/hbWDqtvQLP-KfdNaJ_jU08mRQQA.roa
File:                     hbWDqtvQLP-KfdNaJ_jU08mRQQA.roa (raw, json)
Hash identifier:          BiwRvDdiLesNWQ9i3kZpv9ZSkFymtwRHySAvz9I2dg4=
Subject key identifier:   85:B5:83:AA:DB:D0:2C:FF:8A:7D:D3:5A:27:F8:D4:D3:C9:91:41:00
Certificate issuer:       /CN=3ac4446ba99b43891ecf1f7fa2cdb02e14a344f3
Certificate serial:       018CC6B7E441C17D8AAD4F4C27C23FE5E10A
Authority key identifier: 3A:C4:44:6B:A9:9B:43:89:1E:CF:1F:7F:A2:CD:B0:2E:14:A3:44:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OsREa6mbQ4kezx9_os2wLhSjRPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/e5c877-a2ee-4c3f-ad5c-02a7f6df6810/1/hbWDqtvQLP-KfdNaJ_jU08mRQQA.roa
Signing time:             Mon 01 Jan 2024 20:29:49 +0000
ROA not before:           Mon 01 Jan 2024 20:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198765
IP address blocks:        91.238.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/e5c877-a2ee-4c3f-ad5c-02a7f6df6810/1/OsREa6mbQ4kezx9_os2wLhSjRPM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/e5c877-a2ee-4c3f-ad5c-02a7f6df6810/1/OsREa6mbQ4kezx9_os2wLhSjRPM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OsREa6mbQ4kezx9_os2wLhSjRPM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 07:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:e4:41:c1:7d:8a:ad:4f:4c:27:c2:3f:e5:e1:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ac4446ba99b43891ecf1f7fa2cdb02e14a344f3
        Validity
            Not Before: Jan  1 20:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85b583aadbd02cff8a7dd35a27f8d4d3c9914100
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:96:7f:88:e1:17:e8:93:b0:56:db:5f:38:17:
                    b4:bf:fd:b5:8c:a7:21:ae:79:9c:16:e4:ec:cd:12:
                    23:fc:4c:40:0f:c1:8f:9d:75:bc:2e:f4:d4:0c:fb:
                    9c:aa:0e:45:a7:6a:64:66:c6:c2:ba:bf:b5:fe:61:
                    7f:78:a1:b8:ce:26:32:0f:ec:46:6d:d7:df:a3:44:
                    55:2e:43:ac:6c:66:4b:97:96:1f:b3:0f:a9:ee:a5:
                    c1:e4:39:18:78:36:f6:09:f1:48:16:f8:01:51:1c:
                    a8:d2:11:6f:4d:ce:49:3e:14:c9:f4:58:f3:07:d0:
                    60:8e:f4:be:a8:66:d5:38:b9:f2:15:14:c5:60:c2:
                    bb:3a:5f:48:f9:12:40:78:3f:f3:34:45:02:e2:89:
                    59:0a:d8:53:66:b2:64:49:4b:a6:e5:eb:53:1d:4e:
                    46:bb:5b:e9:d6:ad:df:a2:6e:01:7d:a1:e7:b3:9f:
                    b4:87:4f:73:fc:d5:a1:20:45:87:9c:6f:16:3d:42:
                    1b:02:ac:a9:9b:00:95:e5:40:88:51:d4:50:f4:51:
                    fa:f8:e8:97:da:8f:0d:42:f4:58:9e:e3:e5:82:82:
                    02:0b:dd:f0:4f:a1:00:c3:eb:89:22:7b:12:6e:df:
                    ea:61:7e:de:1b:74:59:1b:d9:9d:45:40:09:33:7b:
                    b3:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:B5:83:AA:DB:D0:2C:FF:8A:7D:D3:5A:27:F8:D4:D3:C9:91:41:00
            X509v3 Authority Key Identifier:
                keyid:3A:C4:44:6B:A9:9B:43:89:1E:CF:1F:7F:A2:CD:B0:2E:14:A3:44:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OsREa6mbQ4kezx9_os2wLhSjRPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/e5c877-a2ee-4c3f-ad5c-02a7f6df6810/1/hbWDqtvQLP-KfdNaJ_jU08mRQQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/e5c877-a2ee-4c3f-ad5c-02a7f6df6810/1/OsREa6mbQ4kezx9_os2wLhSjRPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:c4:a2:a2:26:22:bb:b7:b9:7b:4c:72:e9:d4:03:93:d0:46:
         20:00:ec:00:06:70:da:8a:b1:d8:cf:9e:59:02:62:eb:ed:9d:
         dc:12:fa:4f:7f:4b:03:57:12:24:30:eb:29:f8:cd:6d:16:af:
         be:7d:06:e1:c2:fe:70:1f:7b:34:ba:72:e5:7a:6b:f5:ce:58:
         22:f2:15:75:88:d9:e1:83:c0:d2:b3:cd:9e:f0:b6:80:33:f6:
         68:76:8b:35:8c:73:5e:95:ff:6c:6d:f9:47:00:5b:37:ac:c5:
         34:cd:09:0b:d2:9f:6b:14:ee:d6:0c:e5:c9:bb:e0:c8:c6:c9:
         1f:81:d0:c0:f7:0f:dc:1a:11:d6:7c:d4:eb:78:c3:6a:83:4f:
         3b:08:a7:bb:0d:ab:84:9d:c4:f7:51:7e:c6:07:e7:be:37:25:
         2e:49:bb:fc:4e:a5:7d:c1:df:a8:20:a1:07:a6:33:9d:45:93:
         59:74:bc:a8:55:e5:c1:a9:37:35:5a:34:de:15:12:7c:63:e0:
         7a:de:ae:0b:39:9e:54:d1:7d:16:30:40:5a:ab:b7:6c:0e:f4:
         a1:1c:7a:1e:fe:71:8c:ba:1b:4e:f1:d1:0d:7d:db:b3:26:f8:
         d3:74:b8:30:e1:3f:77:de:57:d3:5a:74:e2:b9:2c:92:84:ac:
         68:99:98:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt+RBwX2KrU9MJ8I/5eEKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYzQ0NDZiYTk5YjQzODkxZWNmMWY3ZmEyY2RiMDJlMTRh
MzQ0ZjMwHhcNMjQwMTAxMjAyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWI1ODNhYWRiZDAyY2ZmOGE3ZGQzNWEyN2Y4ZDRkM2M5OTE0MTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZZ/iOEX6JOwVttfOBe0v/21jKch
rnmcFuTszRIj/ExAD8GPnXW8LvTUDPucqg5Fp2pkZsbCur+1/mF/eKG4ziYyD+xG
bdffo0RVLkOsbGZLl5Yfsw+p7qXB5DkYeDb2CfFIFvgBURyo0hFvTc5JPhTJ9Fjz
B9BgjvS+qGbVOLnyFRTFYMK7Ol9I+RJAeD/zNEUC4olZCthTZrJkSUum5etTHU5G
u1vp1q3fom4BfaHns5+0h09z/NWhIEWHnG8WPUIbAqypmwCV5UCIUdRQ9FH6+OiX
2o8NQvRYnuPlgoICC93wT6EAw+uJInsSbt/qYX7eG3RZG9mdRUAJM3uzSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIW1g6rb0Cz/in3TWif41NPJkUEAMB8GA1UdIwQY
MBaAFDrERGupm0OJHs8ff6LNsC4Uo0TzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3NSRWE2bWJRNGtleng5X29zMndMaFNqUlBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9lNWM4NzctYTJlZS00YzNmLWFkNWMt
MDJhN2Y2ZGY2ODEwLzEvaGJXRHF0dlFMUC1LZmROYUpfalUwOG1SUVFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9lNWM4NzctYTJlZS00YzNmLWFkNWMtMDJhN2Y2ZGY2ODEw
LzEvT3NSRWE2bWJRNGtleng5X29zMndMaFNqUlBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+7HMA0G
CSqGSIb3DQEBCwUAA4IBAQAcxKKiJiK7t7l7THLp1AOT0EYgAOwABnDairHYz55Z
AmLr7Z3cEvpPf0sDVxIkMOsp+M1tFq++fQbhwv5wH3s0unLlemv1zlgi8hV1iNnh
g8DSs82e8LaAM/Zodos1jHNelf9sbflHAFs3rMU0zQkL0p9rFO7WDOXJu+DIxskf
gdDA9w/cGhHWfNTreMNqg087CKe7DauEncT3UX7GB+e+NyUuSbv8TqV9wd+oIKEH
pjOdRZNZdLyoVeXBqTc1WjTeFRJ8Y+B63q4LOZ5U0X0WMEBaq7dsDvShHHoe/nGM
uhtO8dENfduzJvjTdLgw4T933lfTWnTiuSyShKxomZhx
-----END CERTIFICATE-----