Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/86efb3-ef1e-469c-aeb4-28978c3c7ec5/1/8LWqfcEchsRWzuceFW6LPZf2H08.roa
File:                     8LWqfcEchsRWzuceFW6LPZf2H08.roa (raw, json)
Hash identifier:          5mRnB1UL+vWrpYCJ1lOyflonfogquk5ZmAoQNcda2zE=
Subject key identifier:   F0:B5:AA:7D:C1:1C:86:C4:56:CE:E7:1E:15:6E:8B:3D:97:F6:1F:4F
Certificate issuer:       /CN=f4e7174c6f74fa9a22b0adee251a8d64312313f2
Certificate serial:       018CC9BA5A7F0605B0D643845C351E52DDAA
Authority key identifier: F4:E7:17:4C:6F:74:FA:9A:22:B0:AD:EE:25:1A:8D:64:31:23:13:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9OcXTG90-poisK3uJRqNZDEjE_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/86efb3-ef1e-469c-aeb4-28978c3c7ec5/1/8LWqfcEchsRWzuceFW6LPZf2H08.roa
Signing time:             Tue 02 Jan 2024 10:31:22 +0000
ROA not before:           Tue 02 Jan 2024 10:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        91.233.52.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/86efb3-ef1e-469c-aeb4-28978c3c7ec5/1/9OcXTG90-poisK3uJRqNZDEjE_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/86efb3-ef1e-469c-aeb4-28978c3c7ec5/1/9OcXTG90-poisK3uJRqNZDEjE_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9OcXTG90-poisK3uJRqNZDEjE_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:5a:7f:06:05:b0:d6:43:84:5c:35:1e:52:dd:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4e7174c6f74fa9a22b0adee251a8d64312313f2
        Validity
            Not Before: Jan  2 10:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0b5aa7dc11c86c456cee71e156e8b3d97f61f4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d3:d6:a4:db:10:51:ba:8e:60:65:4a:9c:77:
                    89:7b:25:63:99:e5:02:3e:07:cd:26:6f:6a:04:03:
                    cf:6f:56:a9:d3:54:8c:a5:07:00:b4:b0:eb:2f:6b:
                    82:2e:6e:68:d7:55:0e:45:c5:8c:59:87:80:52:fd:
                    77:9a:86:59:ff:35:11:8b:1c:f4:60:50:36:be:41:
                    cd:5e:a2:0c:ea:d0:ba:12:11:ba:57:a3:af:8b:44:
                    75:5b:7a:e5:e6:5a:fe:0b:71:c3:0f:ad:e8:1f:8e:
                    67:8a:5e:a7:16:b3:18:a0:5c:3a:ba:f8:aa:58:e4:
                    35:fb:40:47:0c:1e:53:2e:16:97:71:04:c0:5a:0b:
                    fb:4f:20:60:ac:b7:1e:6f:3a:ea:0d:9d:47:96:8f:
                    72:9c:38:15:f7:50:aa:dd:97:ee:73:d6:37:06:98:
                    12:b4:5a:4d:43:14:1d:6f:b5:e2:db:34:91:df:11:
                    57:3f:7c:cb:a9:d4:f7:4f:c4:02:0b:3d:72:e5:71:
                    67:55:87:ab:9a:79:79:0a:ea:3d:50:75:55:84:23:
                    76:e8:10:a9:6c:73:94:73:8f:b1:00:54:66:e1:d8:
                    24:94:d5:3e:56:1f:41:79:00:bd:0c:ca:3a:39:aa:
                    ff:d6:88:05:55:d8:58:a1:c3:1a:a9:e5:0e:71:c7:
                    80:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:B5:AA:7D:C1:1C:86:C4:56:CE:E7:1E:15:6E:8B:3D:97:F6:1F:4F
            X509v3 Authority Key Identifier:
                keyid:F4:E7:17:4C:6F:74:FA:9A:22:B0:AD:EE:25:1A:8D:64:31:23:13:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9OcXTG90-poisK3uJRqNZDEjE_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/86efb3-ef1e-469c-aeb4-28978c3c7ec5/1/8LWqfcEchsRWzuceFW6LPZf2H08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/86efb3-ef1e-469c-aeb4-28978c3c7ec5/1/9OcXTG90-poisK3uJRqNZDEjE_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b2:31:2e:85:5e:76:b3:e3:fb:b5:e5:86:75:82:55:96:d9:d9:
         f1:e2:be:b5:59:c5:63:f7:ce:70:28:db:3c:e9:a1:6d:07:c6:
         f3:60:94:8a:ed:79:31:06:49:25:29:68:84:d3:49:43:21:6a:
         be:57:40:c5:3f:b6:26:f8:0d:3d:e7:af:f6:ba:1f:b2:84:62:
         c7:39:f7:c1:92:ac:bc:15:91:23:f4:aa:56:ee:83:2c:4f:a4:
         92:04:ce:13:9d:09:60:b8:be:6b:05:59:34:41:d7:fa:51:2f:
         57:ae:55:b3:91:98:0c:4f:51:86:cf:5d:1d:02:52:d4:1e:02:
         77:ea:5d:30:5d:09:d5:31:21:3b:c0:93:2f:2d:f0:d8:83:0e:
         3d:e5:1f:6f:10:30:15:af:33:8b:85:05:2e:1d:48:22:c3:d8:
         aa:70:7e:d6:28:2e:a3:ec:4e:eb:d8:2a:ec:29:a4:39:b5:79:
         2b:70:c9:0e:ac:38:89:7d:02:b9:9b:16:b3:f1:53:45:5b:a5:
         18:4c:b5:38:22:51:fc:df:72:0f:1f:1b:c8:19:bd:d9:85:38:
         fd:bd:ab:f6:c8:6d:d8:a6:e7:85:78:f4:0c:73:04:42:62:5a:
         69:70:78:92:07:d5:f7:f0:a0:a1:8b:de:c3:b0:24:24:8d:ad:
         92:e3:81:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJulp/BgWw1kOEXDUeUt2qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZTcxNzRjNmY3NGZhOWEyMmIwYWRlZTI1MWE4ZDY0MzEy
MzEzZjIwHhcNMjQwMTAyMTAzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGI1YWE3ZGMxMWM4NmM0NTZjZWU3MWUxNTZlOGIzZDk3ZjYxZjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNPWpNsQUbqOYGVKnHeJeyVjmeUC
PgfNJm9qBAPPb1ap01SMpQcAtLDrL2uCLm5o11UORcWMWYeAUv13moZZ/zURixz0
YFA2vkHNXqIM6tC6EhG6V6Ovi0R1W3rl5lr+C3HDD63oH45nil6nFrMYoFw6uviq
WOQ1+0BHDB5TLhaXcQTAWgv7TyBgrLcebzrqDZ1Hlo9ynDgV91Cq3Zfuc9Y3BpgS
tFpNQxQdb7Xi2zSR3xFXP3zLqdT3T8QCCz1y5XFnVYermnl5Cuo9UHVVhCN26BCp
bHOUc4+xAFRm4dgklNU+Vh9BeQC9DMo6Oar/1ogFVdhYocMaqeUOcceAXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPC1qn3BHIbEVs7nHhVuiz2X9h9PMB8GA1UdIwQY
MBaAFPTnF0xvdPqaIrCt7iUajWQxIxPyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU9jWFRHOTAtcG9pc0szdUpScU5aREVqRV9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi84NmVmYjMtZWYxZS00NjljLWFlYjQt
Mjg5NzhjM2M3ZWM1LzEvOExXcWZjRWNoc1JXenVjZUZXNkxQWmYySDA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi84NmVmYjMtZWYxZS00NjljLWFlYjQtMjg5NzhjM2M3ZWM1
LzEvOU9jWFRHOTAtcG9pc0szdUpScU5aREVqRV9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+k0MA0G
CSqGSIb3DQEBCwUAA4IBAQCyMS6FXnaz4/u15YZ1glWW2dnx4r61WcVj985wKNs8
6aFtB8bzYJSK7XkxBkklKWiE00lDIWq+V0DFP7Ym+A0956/2uh+yhGLHOffBkqy8
FZEj9KpW7oMsT6SSBM4TnQlguL5rBVk0Qdf6US9XrlWzkZgMT1GGz10dAlLUHgJ3
6l0wXQnVMSE7wJMvLfDYgw495R9vEDAVrzOLhQUuHUgiw9iqcH7WKC6j7E7r2Crs
KaQ5tXkrcMkOrDiJfQK5mxaz8VNFW6UYTLU4IlH833IPHxvIGb3ZhTj9vav2yG3Y
pueFePQMcwRCYlppcHiSB9X38KChi97DsCQkja2S44Hm
-----END CERTIFICATE-----