Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/a8ecfb-7355-4cfe-84bf-b776a220456b/1/_1IKxS1WsITdX4-4y3i38zmlXB4.roa
File:                     _1IKxS1WsITdX4-4y3i38zmlXB4.roa (raw, json)
Hash identifier:          NbdJK8ET0bWRCi7fnbzbc3HmVuOqImdBBQth/CCDXFw=
Subject key identifier:   FF:52:0A:C5:2D:56:B0:84:DD:5F:8F:B8:CB:78:B7:F3:39:A5:5C:1E
Certificate issuer:       /CN=2ff6182beb7b82c8573df8b6d51044d6c6724e82
Certificate serial:       018F591543DFE42D1D2AB91107F9CA46DC28
Authority key identifier: 2F:F6:18:2B:EB:7B:82:C8:57:3D:F8:B6:D5:10:44:D6:C6:72:4E:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L_YYK-t7gshXPfi21RBE1sZyToI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/a8ecfb-7355-4cfe-84bf-b776a220456b/1/_1IKxS1WsITdX4-4y3i38zmlXB4.roa
Signing time:             Wed 08 May 2024 16:41:56 +0000
ROA not before:           Wed 08 May 2024 16:41:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400866
IP address blocks:        91.198.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/a8ecfb-7355-4cfe-84bf-b776a220456b/1/L_YYK-t7gshXPfi21RBE1sZyToI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/a8ecfb-7355-4cfe-84bf-b776a220456b/1/L_YYK-t7gshXPfi21RBE1sZyToI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L_YYK-t7gshXPfi21RBE1sZyToI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:59:15:43:df:e4:2d:1d:2a:b9:11:07:f9:ca:46:dc:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ff6182beb7b82c8573df8b6d51044d6c6724e82
        Validity
            Not Before: May  8 16:41:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff520ac52d56b084dd5f8fb8cb78b7f339a55c1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:bb:be:8c:5a:ba:18:7e:48:82:1b:63:ca:52:
                    5b:19:93:1b:32:08:10:3b:a4:d4:54:a9:ea:5b:65:
                    10:b3:06:bd:a6:69:40:0f:36:85:1c:5f:91:bb:21:
                    19:3c:88:ce:ee:ab:b3:6a:2c:63:0e:c5:4e:20:71:
                    97:a9:e2:f2:db:66:11:1b:d8:b5:ef:5e:ba:14:c1:
                    db:01:ac:12:7c:79:7e:a9:0c:ff:f7:ae:ec:b2:b0:
                    41:7c:08:73:c2:46:74:88:dc:5e:72:83:75:38:7e:
                    c5:15:5b:ce:20:74:31:44:61:20:a6:22:38:11:d9:
                    95:56:1a:62:6d:c6:f3:d9:65:ce:08:cd:5a:38:18:
                    1e:fc:65:e8:d2:ed:14:eb:be:3a:b4:9e:2c:5a:e9:
                    bf:63:ee:0d:9e:18:49:cc:c7:33:54:6b:3c:47:52:
                    e9:66:cb:61:db:38:fa:96:5e:66:b2:f6:31:f8:a9:
                    32:2d:60:8e:b2:fd:ae:a8:c3:d7:65:a7:f0:a9:22:
                    97:d9:b5:2a:16:c6:54:78:cf:dd:09:17:a8:b7:b9:
                    62:ba:37:96:7d:76:20:cf:9b:93:dd:da:76:b8:47:
                    66:17:4e:10:ff:07:5d:2f:93:11:c2:6a:28:d5:7e:
                    b0:cc:16:a7:1f:3b:85:12:5b:69:b3:52:6e:dc:02:
                    e0:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:52:0A:C5:2D:56:B0:84:DD:5F:8F:B8:CB:78:B7:F3:39:A5:5C:1E
            X509v3 Authority Key Identifier:
                keyid:2F:F6:18:2B:EB:7B:82:C8:57:3D:F8:B6:D5:10:44:D6:C6:72:4E:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L_YYK-t7gshXPfi21RBE1sZyToI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/a8ecfb-7355-4cfe-84bf-b776a220456b/1/_1IKxS1WsITdX4-4y3i38zmlXB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/a8ecfb-7355-4cfe-84bf-b776a220456b/1/L_YYK-t7gshXPfi21RBE1sZyToI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:c5:41:2f:f7:02:69:41:e0:5a:45:74:c5:7a:1d:c7:75:3a:
         3b:1a:97:7c:2a:13:85:c8:8b:c7:22:e7:7c:b7:e5:09:21:05:
         a3:cd:38:c4:e2:a8:b5:13:81:b6:59:54:dc:a8:f1:bf:0c:34:
         02:af:f6:af:50:98:37:c5:1c:e1:a0:31:24:6a:1e:92:15:04:
         69:33:11:ed:f2:24:ed:79:2b:a8:44:ae:83:17:44:09:51:06:
         35:38:c6:4c:9f:b1:4c:17:98:7e:31:ec:6a:a5:b9:f7:13:ed:
         f3:d8:50:5a:a5:fb:f3:7a:c6:0f:bb:6b:67:25:d9:fb:68:00:
         b0:8f:90:3b:58:10:ec:98:b2:99:cd:4f:02:9a:59:54:d9:d5:
         b1:89:d2:bb:69:a6:2d:d3:67:62:15:20:b6:82:79:5f:eb:ac:
         35:01:9d:4e:c0:24:f0:3d:ff:e3:4b:7f:06:6c:7a:36:4f:99:
         5a:60:58:02:86:f1:2d:13:41:e7:f6:d5:d0:8d:c5:ea:65:16:
         57:ab:d4:45:94:1b:ed:d1:d2:70:5e:e1:d4:85:8c:db:9f:1b:
         ab:48:cf:73:c3:03:4d:d8:76:02:62:37:8c:db:e9:7f:88:86:
         d4:64:19:0a:9d:ed:3c:3b:85:be:5a:2d:5a:43:49:7b:57:fd:
         54:03:a4:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9ZFUPf5C0dKrkRB/nKRtwoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmZjYxODJiZWI3YjgyYzg1NzNkZjhiNmQ1MTA0NGQ2YzY3
MjRlODIwHhcNMjQwNTA4MTY0MTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjUyMGFjNTJkNTZiMDg0ZGQ1ZjhmYjhjYjc4YjdmMzM5YTU1YzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArru+jFq6GH5IghtjylJbGZMbMggQ
O6TUVKnqW2UQswa9pmlADzaFHF+RuyEZPIjO7quzaixjDsVOIHGXqeLy22YRG9i1
7166FMHbAawSfHl+qQz/967ssrBBfAhzwkZ0iNxecoN1OH7FFVvOIHQxRGEgpiI4
EdmVVhpibcbz2WXOCM1aOBge/GXo0u0U6746tJ4sWum/Y+4NnhhJzMczVGs8R1Lp
Zsth2zj6ll5msvYx+KkyLWCOsv2uqMPXZafwqSKX2bUqFsZUeM/dCReot7liujeW
fXYgz5uT3dp2uEdmF04Q/wddL5MRwmoo1X6wzBanHzuFEltps1Ju3ALgXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP9SCsUtVrCE3V+PuMt4t/M5pVweMB8GA1UdIwQY
MBaAFC/2GCvre4LIVz34ttUQRNbGck6CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTF9ZWUstdDdnc2hYUGZpMjFSQkUxc1p5VG9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9hOGVjZmItNzM1NS00Y2ZlLTg0YmYt
Yjc3NmEyMjA0NTZiLzEvXzFJS3hTMVdzSVRkWDQtNHkzaTM4em1sWEI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9hOGVjZmItNzM1NS00Y2ZlLTg0YmYtYjc3NmEyMjA0NTZi
LzEvTF9ZWUstdDdnc2hYUGZpMjFSQkUxc1p5VG9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8ZfMA0G
CSqGSIb3DQEBCwUAA4IBAQCKxUEv9wJpQeBaRXTFeh3HdTo7Gpd8KhOFyIvHIud8
t+UJIQWjzTjE4qi1E4G2WVTcqPG/DDQCr/avUJg3xRzhoDEkah6SFQRpMxHt8iTt
eSuoRK6DF0QJUQY1OMZMn7FMF5h+Mexqpbn3E+3z2FBapfvzesYPu2tnJdn7aACw
j5A7WBDsmLKZzU8CmllU2dWxidK7aaYt02diFSC2gnlf66w1AZ1OwCTwPf/jS38G
bHo2T5laYFgChvEtE0Hn9tXQjcXqZRZXq9RFlBvt0dJwXuHUhYzbnxurSM9zwwNN
2HYCYjeM2+l/iIbUZBkKne08O4W+Wi1aQ0l7V/1UA6S3
-----END CERTIFICATE-----