Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/60e9a0-c9c1-41e9-89fc-24b676b56783/1/qv5Eypl_M9NfA-7sbSKNxh214Wc.roa
File:                     qv5Eypl_M9NfA-7sbSKNxh214Wc.roa (raw, json)
Hash identifier:          7iotyk17UfzVuS9BpxS1b59UAXsD4n9NBEzaMpvTzUg=
Subject key identifier:   AA:FE:44:CA:99:7F:33:D3:5F:03:EE:EC:6D:22:8D:C6:1D:B5:E1:67
Certificate issuer:       /CN=9611264bb9e4e6fa99449ee456c5d053f3ad01c5
Certificate serial:       018CC56E126B6E396A9509B89D1413B23740
Authority key identifier: 96:11:26:4B:B9:E4:E6:FA:99:44:9E:E4:56:C5:D0:53:F3:AD:01:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lhEmS7nk5vqZRJ7kVsXQU_OtAcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/60e9a0-c9c1-41e9-89fc-24b676b56783/1/qv5Eypl_M9NfA-7sbSKNxh214Wc.roa
Signing time:             Mon 01 Jan 2024 14:29:34 +0000
ROA not before:           Mon 01 Jan 2024 14:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29075
IP address blocks:        91.226.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/60e9a0-c9c1-41e9-89fc-24b676b56783/1/lhEmS7nk5vqZRJ7kVsXQU_OtAcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/60e9a0-c9c1-41e9-89fc-24b676b56783/1/lhEmS7nk5vqZRJ7kVsXQU_OtAcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lhEmS7nk5vqZRJ7kVsXQU_OtAcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:12:6b:6e:39:6a:95:09:b8:9d:14:13:b2:37:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9611264bb9e4e6fa99449ee456c5d053f3ad01c5
        Validity
            Not Before: Jan  1 14:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aafe44ca997f33d35f03eeec6d228dc61db5e167
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:98:03:aa:9f:c2:66:75:01:ed:3f:82:de:95:
                    b8:09:76:bd:fe:af:bc:52:50:a2:32:34:2f:4f:b4:
                    1d:3d:ba:42:98:8c:04:22:12:4f:62:f2:52:ea:d9:
                    41:c0:a1:3e:d9:79:e2:94:56:85:4a:ee:60:73:b1:
                    96:cd:5a:87:eb:8d:14:4e:c1:0c:14:0c:a3:1d:47:
                    e0:a3:6a:41:5b:2a:ab:c5:25:87:2c:c0:b8:87:87:
                    48:b8:c7:b2:3f:a5:64:03:3e:5a:1c:87:24:d1:91:
                    34:d5:bb:04:3d:7d:16:63:bd:b3:82:4f:d0:98:7c:
                    a1:0d:33:fc:0c:75:e2:38:d4:31:86:94:a8:31:a6:
                    1e:27:67:eb:d6:59:ee:ad:3b:5e:f5:40:a0:e9:db:
                    bb:b2:b9:f3:ec:59:f2:cb:e4:4e:ff:9a:7a:c6:dd:
                    9d:11:e3:16:68:9a:39:4a:b2:97:6f:49:d4:b6:58:
                    59:d8:23:2a:00:ca:14:42:a1:42:24:20:5f:29:43:
                    4c:e4:7f:e6:a2:d3:9a:ef:c2:e3:9b:e9:db:9d:54:
                    d9:0a:67:70:04:81:92:b8:4a:d8:ea:4f:a3:77:82:
                    c9:66:0a:f5:19:c6:91:57:3b:02:91:53:b2:c9:f4:
                    12:2f:b1:27:04:ca:b3:ac:f9:4c:c6:74:38:f3:64:
                    54:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:FE:44:CA:99:7F:33:D3:5F:03:EE:EC:6D:22:8D:C6:1D:B5:E1:67
            X509v3 Authority Key Identifier:
                keyid:96:11:26:4B:B9:E4:E6:FA:99:44:9E:E4:56:C5:D0:53:F3:AD:01:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lhEmS7nk5vqZRJ7kVsXQU_OtAcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/60e9a0-c9c1-41e9-89fc-24b676b56783/1/qv5Eypl_M9NfA-7sbSKNxh214Wc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/60e9a0-c9c1-41e9-89fc-24b676b56783/1/lhEmS7nk5vqZRJ7kVsXQU_OtAcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:18:ed:7b:ed:90:a0:fa:cf:a0:ba:e4:cc:1a:ec:1f:31:60:
         95:1f:77:5a:70:56:74:c9:68:27:fe:48:67:7b:b8:90:f8:14:
         44:2e:a6:90:81:80:38:45:14:c0:35:b9:ea:83:f7:0f:d6:26:
         65:40:b2:2b:8b:50:41:4b:be:e1:c0:46:fe:1a:f2:89:30:3d:
         0e:9e:6a:22:bd:16:70:02:ba:73:e3:5a:59:9d:f6:eb:6c:98:
         bd:39:1a:79:e5:5d:9e:c1:f5:30:c2:38:d6:3b:1c:19:09:9f:
         27:3b:27:a7:26:ed:a5:c2:6b:7f:74:1d:43:cf:7f:00:9b:a9:
         2e:c8:95:bf:10:50:77:d5:00:84:7e:86:9f:ce:65:68:e1:38:
         6f:c0:54:50:78:f1:08:f6:e1:f9:49:42:b0:b4:e0:ce:6b:ea:
         2f:53:e5:b5:14:c9:eb:88:18:5c:3b:89:93:61:68:c2:b6:51:
         62:d8:86:47:ab:23:26:ac:4c:09:a7:41:2d:6b:79:c8:c3:93:
         16:ee:ac:b5:0f:49:e2:bb:72:55:ca:9f:75:b9:4b:fe:60:35:
         11:df:ff:44:25:f7:20:87:15:81:7f:59:70:f2:c4:e3:e2:e4:
         bd:d9:be:b6:c6:82:24:86:12:3f:f5:f0:1f:d6:12:df:eb:11:
         be:9e:7a:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhJrbjlqlQm4nRQTsjdAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MTEyNjRiYjllNGU2ZmE5OTQ0OWVlNDU2YzVkMDUzZjNh
ZDAxYzUwHhcNMjQwMTAxMTQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWZlNDRjYTk5N2YzM2QzNWYwM2VlZWM2ZDIyOGRjNjFkYjVlMTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgZgDqp/CZnUB7T+C3pW4CXa9/q+8
UlCiMjQvT7QdPbpCmIwEIhJPYvJS6tlBwKE+2XnilFaFSu5gc7GWzVqH640UTsEM
FAyjHUfgo2pBWyqrxSWHLMC4h4dIuMeyP6VkAz5aHIck0ZE01bsEPX0WY72zgk/Q
mHyhDTP8DHXiONQxhpSoMaYeJ2fr1lnurTte9UCg6du7srnz7Fnyy+RO/5p6xt2d
EeMWaJo5SrKXb0nUtlhZ2CMqAMoUQqFCJCBfKUNM5H/motOa78Ljm+nbnVTZCmdw
BIGSuErY6k+jd4LJZgr1GcaRVzsCkVOyyfQSL7EnBMqzrPlMxnQ482RUMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKr+RMqZfzPTXwPu7G0ijcYdteFnMB8GA1UdIwQY
MBaAFJYRJku55Ob6mUSe5FbF0FPzrQHFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGhFbVM3bms1dnFaUko3a1ZzWFFVX090QWNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS82MGU5YTAtYzljMS00MWU5LTg5ZmMt
MjRiNjc2YjU2NzgzLzEvcXY1RXlwbF9NOU5mQS03c2JTS054aDIxNFdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS82MGU5YTAtYzljMS00MWU5LTg5ZmMtMjRiNjc2YjU2Nzgz
LzEvbGhFbVM3bms1dnFaUko3a1ZzWFFVX090QWNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+JiMA0G
CSqGSIb3DQEBCwUAA4IBAQARGO177ZCg+s+guuTMGuwfMWCVH3dacFZ0yWgn/khn
e7iQ+BRELqaQgYA4RRTANbnqg/cP1iZlQLIri1BBS77hwEb+GvKJMD0OnmoivRZw
Arpz41pZnfbrbJi9ORp55V2ewfUwwjjWOxwZCZ8nOyenJu2lwmt/dB1Dz38Am6ku
yJW/EFB31QCEfoafzmVo4ThvwFRQePEI9uH5SUKwtODOa+ovU+W1FMnriBhcO4mT
YWjCtlFi2IZHqyMmrEwJp0Eta3nIw5MW7qy1D0niu3JVyp91uUv+YDUR3/9EJfcg
hxWBf1lw8sTj4uS92b62xoIkhhI/9fAf1hLf6xG+nnoa
-----END CERTIFICATE-----