Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/5aa303-59f7-4f99-907d-83a25a94c77f/1/X0bpj-Yl-tfEAE05WH7O9knIBuQ.roa
File:                     X0bpj-Yl-tfEAE05WH7O9knIBuQ.roa (raw, json)
Hash identifier:          8MGABC6P9C3VGEYERsk87KDUCpSYdQjsOx1mZEWvtqo=
Subject key identifier:   5F:46:E9:8F:E6:25:FA:D7:C4:00:4D:39:58:7E:CE:F6:49:C8:06:E4
Certificate issuer:       /CN=b948510ae41ab856779ac186f0470991f5a2a50f
Certificate serial:       018CC3495EF02F03291FC5CB51077C478C7D
Authority key identifier: B9:48:51:0A:E4:1A:B8:56:77:9A:C1:86:F0:47:09:91:F5:A2:A5:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uUhRCuQauFZ3msGG8EcJkfWipQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/5aa303-59f7-4f99-907d-83a25a94c77f/1/X0bpj-Yl-tfEAE05WH7O9knIBuQ.roa
Signing time:             Mon 01 Jan 2024 04:30:14 +0000
ROA not before:           Mon 01 Jan 2024 04:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47792
IP address blocks:        91.206.206.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/5aa303-59f7-4f99-907d-83a25a94c77f/1/uUhRCuQauFZ3msGG8EcJkfWipQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/5aa303-59f7-4f99-907d-83a25a94c77f/1/uUhRCuQauFZ3msGG8EcJkfWipQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uUhRCuQauFZ3msGG8EcJkfWipQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:5e:f0:2f:03:29:1f:c5:cb:51:07:7c:47:8c:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b948510ae41ab856779ac186f0470991f5a2a50f
        Validity
            Not Before: Jan  1 04:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f46e98fe625fad7c4004d39587ecef649c806e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:90:63:84:9b:3d:71:70:6b:de:51:54:0e:44:
                    38:af:db:49:e2:1f:ca:fd:49:4d:f9:63:85:17:5b:
                    8a:98:bf:b8:26:11:0c:63:31:88:80:13:c1:0d:b3:
                    b3:b4:08:a9:2b:4e:3d:26:b6:4a:e5:f0:9f:51:45:
                    48:7d:0b:32:45:0a:d4:f7:9b:b9:2e:01:4d:49:64:
                    b3:30:3f:a3:95:f8:67:13:7d:58:fb:91:ef:5a:c7:
                    8b:03:b5:9e:d6:fa:95:0e:7a:e9:b0:8a:5d:b1:98:
                    38:0b:b7:8f:fa:e5:71:cb:6c:84:b6:5f:35:fb:f1:
                    cb:79:b2:fa:cb:e9:0a:0f:e7:46:88:2d:f9:bf:17:
                    88:c4:d2:db:8b:bc:37:8f:a8:48:51:0c:dc:55:3d:
                    52:a8:10:e4:2b:a3:8b:ef:82:5b:57:d2:ac:1a:4e:
                    10:f7:9f:40:12:47:c5:2f:e3:ef:51:95:53:aa:fd:
                    a1:a4:35:92:68:98:ac:4c:ae:40:78:e2:3f:59:a0:
                    82:e1:f1:b3:a6:05:f5:6c:49:d7:7d:f0:69:a0:01:
                    ba:31:79:08:a8:ab:f1:9c:a7:08:1c:78:86:6d:bd:
                    88:66:17:27:7f:7d:41:5e:9e:c7:ae:da:88:ea:01:
                    f3:a2:a7:7e:6e:2e:f0:c8:18:72:43:06:43:de:a9:
                    ce:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:46:E9:8F:E6:25:FA:D7:C4:00:4D:39:58:7E:CE:F6:49:C8:06:E4
            X509v3 Authority Key Identifier:
                keyid:B9:48:51:0A:E4:1A:B8:56:77:9A:C1:86:F0:47:09:91:F5:A2:A5:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uUhRCuQauFZ3msGG8EcJkfWipQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/5aa303-59f7-4f99-907d-83a25a94c77f/1/X0bpj-Yl-tfEAE05WH7O9knIBuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/5aa303-59f7-4f99-907d-83a25a94c77f/1/uUhRCuQauFZ3msGG8EcJkfWipQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:8e:de:2b:a7:52:e3:b9:0d:f2:bf:70:b8:d6:3c:dc:31:1d:
         06:7b:b3:a9:fd:d0:ab:04:69:6b:5f:ec:3b:b1:1f:df:7f:1f:
         f2:1b:a4:d2:36:84:c7:de:c6:8a:dc:db:21:6a:57:95:93:66:
         23:14:eb:ba:a2:05:ac:bf:ae:f2:b3:79:66:1b:8c:e3:01:7b:
         4d:7a:4e:ec:d6:7f:5a:35:87:40:be:9f:d7:e5:65:e5:51:f6:
         44:dd:ff:16:3c:ec:ef:55:24:83:3c:9c:3a:4a:ab:2c:98:f8:
         09:fa:5c:ad:bc:2b:8a:50:5e:75:e0:12:a4:de:44:8d:e9:e6:
         b3:b7:9c:8d:43:bf:d7:ed:5c:d1:63:ed:3e:41:4b:a9:86:a1:
         f1:d9:b5:e2:b8:b3:e7:d2:dc:d1:be:a9:9f:54:5f:cb:2a:9a:
         65:51:d9:8a:db:00:3f:66:89:da:2f:a2:45:79:64:3a:b4:cb:
         29:ae:93:37:f3:6d:a4:8a:7c:ad:23:5f:65:28:61:d7:67:c6:
         3e:64:b4:20:7b:00:b0:c9:4d:6a:2c:cf:d1:ce:57:21:a8:86:
         c8:5f:b2:45:69:2e:0b:63:4f:83:2b:ad:17:5e:a5:f9:25:fb:
         82:44:1c:02:b9:2d:12:55:18:25:f7:10:61:3b:96:05:71:43:
         43:e9:68:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSV7wLwMpH8XLUQd8R4x9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NDg1MTBhZTQxYWI4NTY3NzlhYzE4NmYwNDcwOTkxZjVh
MmE1MGYwHhcNMjQwMTAxMDQzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjQ2ZTk4ZmU2MjVmYWQ3YzQwMDRkMzk1ODdlY2VmNjQ5YzgwNmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5BjhJs9cXBr3lFUDkQ4r9tJ4h/K
/UlN+WOFF1uKmL+4JhEMYzGIgBPBDbOztAipK049JrZK5fCfUUVIfQsyRQrU95u5
LgFNSWSzMD+jlfhnE31Y+5HvWseLA7We1vqVDnrpsIpdsZg4C7eP+uVxy2yEtl81
+/HLebL6y+kKD+dGiC35vxeIxNLbi7w3j6hIUQzcVT1SqBDkK6OL74JbV9KsGk4Q
959AEkfFL+PvUZVTqv2hpDWSaJisTK5AeOI/WaCC4fGzpgX1bEnXffBpoAG6MXkI
qKvxnKcIHHiGbb2IZhcnf31BXp7HrtqI6gHzoqd+bi7wyBhyQwZD3qnOYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF9G6Y/mJfrXxABNOVh+zvZJyAbkMB8GA1UdIwQY
MBaAFLlIUQrkGrhWd5rBhvBHCZH1oqUPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVVoUkN1UWF1RlozbXNHRzhFY0prZldpcFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy81YWEzMDMtNTlmNy00Zjk5LTkwN2Qt
ODNhMjVhOTRjNzdmLzEvWDBicGotWWwtdGZFQUUwNVdIN085a25JQnVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy81YWEzMDMtNTlmNy00Zjk5LTkwN2QtODNhMjVhOTRjNzdm
LzEvdVVoUkN1UWF1RlozbXNHRzhFY0prZldpcFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW87OMA0G
CSqGSIb3DQEBCwUAA4IBAQBwjt4rp1LjuQ3yv3C41jzcMR0Ge7Op/dCrBGlrX+w7
sR/ffx/yG6TSNoTH3saK3NshaleVk2YjFOu6ogWsv67ys3lmG4zjAXtNek7s1n9a
NYdAvp/X5WXlUfZE3f8WPOzvVSSDPJw6SqssmPgJ+lytvCuKUF514BKk3kSN6eaz
t5yNQ7/X7VzRY+0+QUuphqHx2bXiuLPn0tzRvqmfVF/LKpplUdmK2wA/ZonaL6JF
eWQ6tMsprpM3822kinytI19lKGHXZ8Y+ZLQgewCwyU1qLM/RzlchqIbIX7JFaS4L
Y0+DK60XXqX5JfuCRBwCuS0SVRgl9xBhO5YFcUND6WhB
-----END CERTIFICATE-----