Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/654f36-ac5a-4292-8140-534d78898d6b/1/935TTX7VzIy73YdKlhehkfn3zSw.roa
File:                     935TTX7VzIy73YdKlhehkfn3zSw.roa (raw, json)
Hash identifier:          M+KJspBMpqUdjJMcBQhCIzBh/MslQjbhNHHugqTe9bw=
Subject key identifier:   F7:7E:53:4D:7E:D5:CC:8C:BB:DD:87:4A:96:17:A1:91:F9:F7:CD:2C
Certificate issuer:       /CN=b55d4e6317c62a1a69dac31f4f143e3bc280ba62
Certificate serial:       018CC64B84B0F36A30C3FF5B304F9443A846
Authority key identifier: B5:5D:4E:63:17:C6:2A:1A:69:DA:C3:1F:4F:14:3E:3B:C2:80:BA:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV1OYxfGKhpp2sMfTxQ-O8KAumI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/654f36-ac5a-4292-8140-534d78898d6b/1/935TTX7VzIy73YdKlhehkfn3zSw.roa
Signing time:             Mon 01 Jan 2024 18:31:27 +0000
ROA not before:           Mon 01 Jan 2024 18:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44050
IP address blocks:        91.196.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/654f36-ac5a-4292-8140-534d78898d6b/1/tV1OYxfGKhpp2sMfTxQ-O8KAumI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/654f36-ac5a-4292-8140-534d78898d6b/1/tV1OYxfGKhpp2sMfTxQ-O8KAumI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV1OYxfGKhpp2sMfTxQ-O8KAumI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:84:b0:f3:6a:30:c3:ff:5b:30:4f:94:43:a8:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55d4e6317c62a1a69dac31f4f143e3bc280ba62
        Validity
            Not Before: Jan  1 18:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f77e534d7ed5cc8cbbdd874a9617a191f9f7cd2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:59:2f:8e:7a:2a:03:e7:b9:49:dd:78:2b:e0:
                    a5:d8:fd:3f:5c:a8:f6:fd:fe:82:00:2b:27:77:56:
                    cf:6e:68:92:11:e0:23:7e:98:57:fc:59:98:88:e7:
                    8a:6d:de:89:1c:60:f4:2d:da:88:40:b0:0b:78:a2:
                    60:f7:62:e2:81:f0:ba:69:1a:01:15:cf:56:8f:91:
                    31:eb:ea:f2:ab:29:c5:b2:57:f0:c1:bf:aa:34:80:
                    3f:04:d0:cc:4f:08:c3:62:ca:75:28:7d:dc:d9:88:
                    7f:9f:38:7a:6d:2d:a9:86:e9:d5:36:e9:b1:91:49:
                    85:f5:60:63:cc:ea:e1:ed:e4:bf:dd:0e:c7:7b:b7:
                    b7:14:48:18:22:71:5c:6c:ae:18:c9:c8:54:2e:d3:
                    2e:b3:88:36:f3:fc:1a:84:42:5b:98:36:60:13:ec:
                    97:0a:9d:8e:a1:2f:1d:d5:7a:f6:88:86:5c:e0:80:
                    61:47:92:79:82:a8:d9:dc:8f:97:df:48:e3:02:a4:
                    a4:d7:9b:73:d5:e5:ae:88:07:87:12:5c:cb:99:78:
                    ec:19:b6:3e:53:c3:29:e0:f6:c8:6e:7c:1a:c5:f9:
                    87:eb:d4:13:55:f2:55:eb:22:29:7e:65:fd:6c:f2:
                    24:59:7f:61:8a:7e:4b:ef:26:17:e7:89:0b:c1:1b:
                    e3:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:7E:53:4D:7E:D5:CC:8C:BB:DD:87:4A:96:17:A1:91:F9:F7:CD:2C
            X509v3 Authority Key Identifier:
                keyid:B5:5D:4E:63:17:C6:2A:1A:69:DA:C3:1F:4F:14:3E:3B:C2:80:BA:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV1OYxfGKhpp2sMfTxQ-O8KAumI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/654f36-ac5a-4292-8140-534d78898d6b/1/935TTX7VzIy73YdKlhehkfn3zSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/654f36-ac5a-4292-8140-534d78898d6b/1/tV1OYxfGKhpp2sMfTxQ-O8KAumI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:37:c6:36:c6:b3:40:10:74:ba:a9:bc:00:fa:7b:f9:d9:86:
         3d:d8:4c:40:e4:df:c1:af:ae:b3:ac:01:3e:01:43:92:eb:df:
         ab:84:dd:f3:f0:39:d5:35:d3:d8:0d:14:89:ca:54:2f:b1:48:
         71:df:e4:d9:20:f1:b4:5f:bb:67:b3:3f:83:7a:62:34:7c:19:
         38:0b:d9:90:87:e1:ea:b0:c4:fb:9e:d8:4f:08:21:3d:04:f0:
         89:b0:53:a7:05:cc:6b:66:de:7b:91:b8:ef:6b:e8:bb:04:dc:
         ad:c2:96:18:cd:72:6f:56:8d:cc:4b:ed:93:6e:3f:03:ec:ae:
         2c:e3:ce:39:35:46:a9:14:18:fe:2c:de:6e:50:9a:dc:38:f8:
         be:87:49:81:69:08:d0:05:68:e0:ac:30:fd:ca:22:34:29:9e:
         1f:d5:86:f1:e2:b5:9b:c1:cf:d0:2e:4d:9e:3a:ec:18:ee:3a:
         17:05:ab:7d:6d:6d:42:e4:67:8d:42:b7:c8:4b:32:0f:dd:d0:
         46:8e:51:34:f5:c4:1a:f1:75:d2:c4:8f:5b:3e:79:33:ed:76:
         cb:b1:93:ad:57:b5:86:76:21:bf:e3:58:72:14:ed:b6:57:91:
         ff:40:23:18:7f:98:26:74:0d:d0:45:7b:23:89:18:1f:bb:70:
         22:bd:e7:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS4Sw82oww/9bME+UQ6hGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NWQ0ZTYzMTdjNjJhMWE2OWRhYzMxZjRmMTQzZTNiYzI4
MGJhNjIwHhcNMjQwMTAxMTgzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzdlNTM0ZDdlZDVjYzhjYmJkZDg3NGE5NjE3YTE5MWY5ZjdjZDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjFkvjnoqA+e5Sd14K+Cl2P0/XKj2
/f6CACsnd1bPbmiSEeAjfphX/FmYiOeKbd6JHGD0LdqIQLALeKJg92LigfC6aRoB
Fc9Wj5Ex6+ryqynFslfwwb+qNIA/BNDMTwjDYsp1KH3c2Yh/nzh6bS2phunVNumx
kUmF9WBjzOrh7eS/3Q7He7e3FEgYInFcbK4YychULtMus4g28/wahEJbmDZgE+yX
Cp2OoS8d1Xr2iIZc4IBhR5J5gqjZ3I+X30jjAqSk15tz1eWuiAeHElzLmXjsGbY+
U8Mp4PbIbnwaxfmH69QTVfJV6yIpfmX9bPIkWX9hin5L7yYX54kLwRvjFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPd+U01+1cyMu92HSpYXoZH5980sMB8GA1UdIwQY
MBaAFLVdTmMXxioaadrDH08UPjvCgLpiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFYxT1l4ZkdLaHBwMnNNZlR4US1POEtBdW1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82NTRmMzYtYWM1YS00MjkyLTgxNDAt
NTM0ZDc4ODk4ZDZiLzEvOTM1VFRYN1Z6SXk3M1lkS2xoZWhrZm4zelN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82NTRmMzYtYWM1YS00MjkyLTgxNDAtNTM0ZDc4ODk4ZDZi
LzEvdFYxT1l4ZkdLaHBwMnNNZlR4US1POEtBdW1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8T/MA0G
CSqGSIb3DQEBCwUAA4IBAQBJN8Y2xrNAEHS6qbwA+nv52YY92ExA5N/Br66zrAE+
AUOS69+rhN3z8DnVNdPYDRSJylQvsUhx3+TZIPG0X7tnsz+DemI0fBk4C9mQh+Hq
sMT7nthPCCE9BPCJsFOnBcxrZt57kbjva+i7BNytwpYYzXJvVo3MS+2Tbj8D7K4s
4845NUapFBj+LN5uUJrcOPi+h0mBaQjQBWjgrDD9yiI0KZ4f1Ybx4rWbwc/QLk2e
OuwY7joXBat9bW1C5GeNQrfISzIP3dBGjlE09cQa8XXSxI9bPnkz7XbLsZOtV7WG
diG/41hyFO22V5H/QCMYf5gmdA3QRXsjiRgfu3Aivefh
-----END CERTIFICATE-----