Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/2dd256-814a-4fb3-8515-668149263539/1/tkXJShyxpxkBz7lDh7uPdjVhg2g.roa
File:                     tkXJShyxpxkBz7lDh7uPdjVhg2g.roa (raw, json)
Hash identifier:          3rQAkSa/TSVRQ9GgTFQTyv+HIu+V/HjK2IoyIizoh3g=
Subject key identifier:   B6:45:C9:4A:1C:B1:A7:19:01:CF:B9:43:87:BB:8F:76:35:61:83:68
Certificate issuer:       /CN=8b1b729b75c5f8b2e9d158aa296396d680be70ad
Certificate serial:       018CC64AC4F7BB899B3929A329EC0AE60524
Authority key identifier: 8B:1B:72:9B:75:C5:F8:B2:E9:D1:58:AA:29:63:96:D6:80:BE:70:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ixtym3XF-LLp0ViqKWOW1oC-cK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/2dd256-814a-4fb3-8515-668149263539/1/tkXJShyxpxkBz7lDh7uPdjVhg2g.roa
Signing time:             Mon 01 Jan 2024 18:30:38 +0000
ROA not before:           Mon 01 Jan 2024 18:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198472
IP address blocks:        91.235.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/2dd256-814a-4fb3-8515-668149263539/1/ixtym3XF-LLp0ViqKWOW1oC-cK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/2dd256-814a-4fb3-8515-668149263539/1/ixtym3XF-LLp0ViqKWOW1oC-cK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ixtym3XF-LLp0ViqKWOW1oC-cK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:c4:f7:bb:89:9b:39:29:a3:29:ec:0a:e6:05:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b1b729b75c5f8b2e9d158aa296396d680be70ad
        Validity
            Not Before: Jan  1 18:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b645c94a1cb1a71901cfb94387bb8f7635618368
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:45:8f:ad:f0:d7:f3:77:e7:a6:89:88:b0:85:
                    dd:a8:ac:d7:3d:79:d9:45:15:9d:f7:05:54:be:9f:
                    b5:5b:2c:32:5e:5a:de:6a:82:89:b1:37:cc:86:2d:
                    45:5c:f2:f8:07:5e:1c:0f:0b:5d:7c:ca:f4:5c:15:
                    05:28:ba:43:36:40:14:c9:0d:81:50:09:87:c7:22:
                    be:b7:0d:64:7d:ec:05:d3:b2:d1:0f:22:2e:65:a0:
                    bc:3d:c0:3f:38:5e:96:4a:09:53:eb:90:a1:39:b0:
                    70:14:77:ac:fb:8d:a2:24:c9:3f:ce:ce:47:5e:84:
                    46:c3:95:af:7e:94:3b:75:0c:14:38:78:5c:6e:7b:
                    27:be:74:dd:5b:d9:b3:0d:84:51:a3:f4:d7:75:b8:
                    c3:dd:fb:81:4b:69:20:c9:d4:de:d2:eb:38:83:57:
                    6b:34:a7:d7:36:cf:14:03:4a:de:97:62:b4:b4:38:
                    3c:b2:63:dd:ad:e3:19:3b:23:09:83:f5:11:51:2f:
                    90:25:76:cc:41:80:f8:ec:b5:c9:59:0a:9e:dc:75:
                    ed:12:d2:37:47:85:54:c9:c4:61:c1:e2:29:2d:76:
                    aa:30:71:42:e7:13:d0:ff:d2:b9:72:c8:9a:cf:7a:
                    9b:0e:48:ee:b2:fe:97:b7:17:af:d7:bd:62:b3:8b:
                    76:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:45:C9:4A:1C:B1:A7:19:01:CF:B9:43:87:BB:8F:76:35:61:83:68
            X509v3 Authority Key Identifier:
                keyid:8B:1B:72:9B:75:C5:F8:B2:E9:D1:58:AA:29:63:96:D6:80:BE:70:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ixtym3XF-LLp0ViqKWOW1oC-cK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/2dd256-814a-4fb3-8515-668149263539/1/tkXJShyxpxkBz7lDh7uPdjVhg2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/2dd256-814a-4fb3-8515-668149263539/1/ixtym3XF-LLp0ViqKWOW1oC-cK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:b5:84:d0:96:5f:f2:a4:72:27:0e:7c:ff:c1:e4:d3:6b:e8:
         49:c4:27:99:d1:9d:58:da:c3:98:0b:d1:aa:1d:b5:b1:84:48:
         82:60:1b:3e:69:91:bb:75:c6:f6:34:18:b7:d0:88:a5:c2:1e:
         2a:aa:68:9d:76:65:1b:c0:1e:99:c4:a2:0b:d1:17:19:b1:e6:
         88:63:37:0f:19:da:49:4f:6c:f8:ee:7e:0a:20:04:ab:22:4e:
         0a:fb:94:78:5c:ca:60:d1:bb:46:a3:0f:1b:d3:81:60:50:7a:
         8f:60:25:23:86:2f:0c:e5:d1:63:d6:39:06:0d:c0:db:37:fe:
         fd:1c:57:ac:6e:e2:0a:fe:7a:1d:5c:89:3d:aa:46:ef:24:65:
         20:3e:a0:cd:7e:55:a4:34:81:b3:35:6e:ce:d8:49:16:b2:6d:
         96:45:bf:d6:59:9a:f6:f7:f4:40:d9:ad:45:91:0c:f1:54:cf:
         06:8c:90:2b:58:16:0a:c1:d8:a8:e9:07:aa:51:6b:bb:7e:b2:
         b1:d9:b8:6e:d2:87:61:25:f7:80:87:21:a6:d0:c7:d8:6f:0b:
         39:3f:0e:88:d7:cd:a1:40:cc:6d:4c:81:be:50:8d:2d:ce:3f:
         2c:51:a0:a2:76:5c:cf:a9:ff:e2:b3:c2:d1:ad:a4:13:74:0a:
         50:93:64:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSsT3u4mbOSmjKewK5gUkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMWI3MjliNzVjNWY4YjJlOWQxNThhYTI5NjM5NmQ2ODBi
ZTcwYWQwHhcNMjQwMTAxMTgzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjQ1Yzk0YTFjYjFhNzE5MDFjZmI5NDM4N2JiOGY3NjM1NjE4MzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEWPrfDX83fnpomIsIXdqKzXPXnZ
RRWd9wVUvp+1WywyXlreaoKJsTfMhi1FXPL4B14cDwtdfMr0XBUFKLpDNkAUyQ2B
UAmHxyK+tw1kfewF07LRDyIuZaC8PcA/OF6WSglT65ChObBwFHes+42iJMk/zs5H
XoRGw5WvfpQ7dQwUOHhcbnsnvnTdW9mzDYRRo/TXdbjD3fuBS2kgydTe0us4g1dr
NKfXNs8UA0rel2K0tDg8smPdreMZOyMJg/URUS+QJXbMQYD47LXJWQqe3HXtEtI3
R4VUycRhweIpLXaqMHFC5xPQ/9K5csiaz3qbDkjusv6Xtxev171is4t2EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLZFyUocsacZAc+5Q4e7j3Y1YYNoMB8GA1UdIwQY
MBaAFIsbcpt1xfiy6dFYqiljltaAvnCtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXh0eW0zWEYtTExwMFZpcUtXT1cxb0MtY0swLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy8yZGQyNTYtODE0YS00ZmIzLTg1MTUt
NjY4MTQ5MjYzNTM5LzEvdGtYSlNoeXhweGtCejdsRGg3dVBkalZoZzJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy8yZGQyNTYtODE0YS00ZmIzLTg1MTUtNjY4MTQ5MjYzNTM5
LzEvaXh0eW0zWEYtTExwMFZpcUtXT1cxb0MtY0swLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+tBMA0G
CSqGSIb3DQEBCwUAA4IBAQCFtYTQll/ypHInDnz/weTTa+hJxCeZ0Z1Y2sOYC9Gq
HbWxhEiCYBs+aZG7dcb2NBi30Iilwh4qqmiddmUbwB6ZxKIL0RcZseaIYzcPGdpJ
T2z47n4KIASrIk4K+5R4XMpg0btGow8b04FgUHqPYCUjhi8M5dFj1jkGDcDbN/79
HFesbuIK/nodXIk9qkbvJGUgPqDNflWkNIGzNW7O2EkWsm2WRb/WWZr29/RA2a1F
kQzxVM8GjJArWBYKwdio6QeqUWu7frKx2bhu0odhJfeAhyGm0MfYbws5Pw6I182h
QMxtTIG+UI0tzj8sUaCidlzPqf/is8LRraQTdApQk2QV
-----END CERTIFICATE-----