Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/3b59d5-602d-4351-96bc-a108649d51e2/1/Dm4V2AUXx_cChrIeXcWSewu0WiU.roa
File:                     Dm4V2AUXx_cChrIeXcWSewu0WiU.roa (raw, json)
Hash identifier:          XNGeDtwmg/EVerEEd2+0Dxpjg/2V/SgJ6je+zgVlVcE=
Subject key identifier:   0E:6E:15:D8:05:17:C7:F7:02:86:B2:1E:5D:C5:92:7B:0B:B4:5A:25
Certificate issuer:       /CN=5061754f7689169f6a15065095472672ba2b4589
Certificate serial:       018CC26D7B3AED7D6F6902EA485464D29071
Authority key identifier: 50:61:75:4F:76:89:16:9F:6A:15:06:50:95:47:26:72:BA:2B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UGF1T3aJFp9qFQZQlUcmcrorRYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/3b59d5-602d-4351-96bc-a108649d51e2/1/Dm4V2AUXx_cChrIeXcWSewu0WiU.roa
Signing time:             Mon 01 Jan 2024 00:30:04 +0000
ROA not before:           Mon 01 Jan 2024 00:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57058
IP address blocks:        91.230.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/3b59d5-602d-4351-96bc-a108649d51e2/1/UGF1T3aJFp9qFQZQlUcmcrorRYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/3b59d5-602d-4351-96bc-a108649d51e2/1/UGF1T3aJFp9qFQZQlUcmcrorRYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UGF1T3aJFp9qFQZQlUcmcrorRYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:7b:3a:ed:7d:6f:69:02:ea:48:54:64:d2:90:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5061754f7689169f6a15065095472672ba2b4589
        Validity
            Not Before: Jan  1 00:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e6e15d80517c7f70286b21e5dc5927b0bb45a25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:13:cb:e0:75:f7:81:1d:bb:f5:59:e9:e7:a1:
                    da:61:b8:72:1d:55:14:f2:8e:d4:5e:61:50:33:31:
                    54:f8:2b:13:f7:2c:a8:b0:a1:82:6c:ba:94:4a:0b:
                    4b:fa:2c:00:26:bf:6a:c6:c7:67:82:37:bb:f5:22:
                    4c:b9:ef:c3:a9:46:29:8e:9c:c0:db:ae:1d:b9:1e:
                    47:e2:85:c2:f2:87:07:5c:9b:b8:30:67:13:80:e7:
                    68:3d:17:35:46:1d:79:9c:cb:fd:56:69:d1:b6:b2:
                    52:d5:a3:49:51:9c:f8:78:31:cf:98:bf:7f:60:9b:
                    76:e8:49:2d:8a:7f:49:52:4b:03:fe:e2:f2:7e:24:
                    85:7f:f7:c5:ba:bc:19:c8:de:29:fd:4e:0f:ca:4c:
                    e9:32:cd:8b:88:5c:07:9f:64:11:37:3d:23:1a:1e:
                    89:fc:e0:44:35:f1:c6:fe:6f:51:6d:01:38:10:3f:
                    44:54:ae:01:de:4d:27:db:40:d6:44:0e:c1:b7:28:
                    4f:3c:8e:eb:04:dc:d5:58:9d:27:91:72:2a:3e:a2:
                    36:2c:1a:09:1e:55:7f:c5:89:17:12:6c:f2:f9:cc:
                    ce:8d:c1:64:bc:a2:fb:d7:6d:9d:9c:4b:60:93:7f:
                    c2:db:72:3f:07:d6:75:56:05:6c:a5:2a:a9:e5:dd:
                    ea:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:6E:15:D8:05:17:C7:F7:02:86:B2:1E:5D:C5:92:7B:0B:B4:5A:25
            X509v3 Authority Key Identifier:
                keyid:50:61:75:4F:76:89:16:9F:6A:15:06:50:95:47:26:72:BA:2B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UGF1T3aJFp9qFQZQlUcmcrorRYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/3b59d5-602d-4351-96bc-a108649d51e2/1/Dm4V2AUXx_cChrIeXcWSewu0WiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/3b59d5-602d-4351-96bc-a108649d51e2/1/UGF1T3aJFp9qFQZQlUcmcrorRYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:98:65:36:4c:d6:8a:f7:ec:2e:5f:bb:2b:74:e3:74:06:c3:
         bd:86:31:15:88:43:bf:74:3f:b6:bb:3c:e6:b4:57:3a:85:d5:
         1f:5c:95:85:1f:a4:35:62:09:5a:b6:18:36:df:62:c0:af:aa:
         12:52:39:0f:76:6b:2e:27:f0:03:a4:63:21:6c:2a:e9:81:e7:
         05:a2:7e:fc:c6:fe:31:da:49:21:65:63:1d:c9:ab:a2:25:88:
         c5:b5:7e:8d:8b:09:52:21:4e:b1:54:6b:e2:3d:95:ca:af:e7:
         7e:01:ca:32:93:cb:35:b5:79:cb:d3:9b:3c:9c:0a:b7:5b:04:
         18:b1:01:b2:2b:54:56:7f:c7:eb:ab:b7:da:c4:4f:48:b5:a1:
         fc:9b:54:73:0a:14:b8:50:57:0b:74:2a:c8:61:28:83:c7:51:
         d0:7f:96:1e:3b:c0:60:2b:82:d8:fb:35:98:a9:26:0f:b3:3b:
         d0:c8:d6:1a:81:42:00:eb:78:cf:37:94:8d:13:c0:2b:87:bf:
         f1:9c:48:20:eb:3b:f8:44:b8:9e:86:2a:66:a7:b0:4b:eb:93:
         00:11:60:85:3c:49:2a:a9:0a:e9:0d:49:bb:a0:1c:c8:b8:70:
         1c:de:17:b5:a0:95:48:c2:16:19:42:33:03:a9:32:6f:9b:dc:
         37:23:32:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXs67X1vaQLqSFRk0pBxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNjE3NTRmNzY4OTE2OWY2YTE1MDY1MDk1NDcyNjcyYmEy
YjQ1ODkwHhcNMjQwMTAxMDAzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTZlMTVkODA1MTdjN2Y3MDI4NmIyMWU1ZGM1OTI3YjBiYjQ1YTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhPL4HX3gR279Vnp56HaYbhyHVUU
8o7UXmFQMzFU+CsT9yyosKGCbLqUSgtL+iwAJr9qxsdngje79SJMue/DqUYpjpzA
264duR5H4oXC8ocHXJu4MGcTgOdoPRc1Rh15nMv9VmnRtrJS1aNJUZz4eDHPmL9/
YJt26Ektin9JUksD/uLyfiSFf/fFurwZyN4p/U4PykzpMs2LiFwHn2QRNz0jGh6J
/OBENfHG/m9RbQE4ED9EVK4B3k0n20DWRA7BtyhPPI7rBNzVWJ0nkXIqPqI2LBoJ
HlV/xYkXEmzy+czOjcFkvKL7122dnEtgk3/C23I/B9Z1VgVspSqp5d3qqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA5uFdgFF8f3AoayHl3FknsLtFolMB8GA1UdIwQY
MBaAFFBhdU92iRafahUGUJVHJnK6K0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUdGMVQzYUpGcDlxRlFaUWxVY21jcm9yUllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8zYjU5ZDUtNjAyZC00MzUxLTk2YmMt
YTEwODY0OWQ1MWUyLzEvRG00VjJBVVh4X2NDaHJJZVhjV1Nld3UwV2lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8zYjU5ZDUtNjAyZC00MzUxLTk2YmMtYTEwODY0OWQ1MWUy
LzEvVUdGMVQzYUpGcDlxRlFaUWxVY21jcm9yUllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+ZqMA0G
CSqGSIb3DQEBCwUAA4IBAQB2mGU2TNaK9+wuX7srdON0BsO9hjEViEO/dD+2uzzm
tFc6hdUfXJWFH6Q1Yglathg232LAr6oSUjkPdmsuJ/ADpGMhbCrpgecFon78xv4x
2kkhZWMdyauiJYjFtX6NiwlSIU6xVGviPZXKr+d+Acoyk8s1tXnL05s8nAq3WwQY
sQGyK1RWf8frq7faxE9ItaH8m1RzChS4UFcLdCrIYSiDx1HQf5YeO8BgK4LY+zWY
qSYPszvQyNYagUIA63jPN5SNE8Arh7/xnEgg6zv4RLiehipmp7BL65MAEWCFPEkq
qQrpDUm7oBzIuHAc3he1oJVIwhYZQjMDqTJvm9w3IzKi
-----END CERTIFICATE-----