Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/5v1lVxwo8gHOHWLYV5z-eXdmvzU.roa
File:                     5v1lVxwo8gHOHWLYV5z-eXdmvzU.roa (raw, json)
Hash identifier:          iRgZfYjP2AVMYBP5nUG3dOkIEuN8gqdH6Xs0xSmGH78=
Subject key identifier:   E6:FD:65:57:1C:28:F2:01:CE:1D:62:D8:57:9C:FE:79:77:66:BF:35
Certificate issuer:       /CN=d6dbaa1b52f3a73289ff768acb7baa7f387f955f
Certificate serial:       018CC94E3F4DA20D35B09628659CC46BD587
Authority key identifier: D6:DB:AA:1B:52:F3:A7:32:89:FF:76:8A:CB:7B:AA:7F:38:7F:95:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/5v1lVxwo8gHOHWLYV5z-eXdmvzU.roa
Signing time:             Tue 02 Jan 2024 08:33:17 +0000
ROA not before:           Tue 02 Jan 2024 08:33:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        91.208.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:3f:4d:a2:0d:35:b0:96:28:65:9c:c4:6b:d5:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6dbaa1b52f3a73289ff768acb7baa7f387f955f
        Validity
            Not Before: Jan  2 08:33:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6fd65571c28f201ce1d62d8579cfe797766bf35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:32:76:a6:47:0a:79:63:e4:58:ea:e8:9f:e3:
                    12:57:21:82:17:e3:d3:51:57:22:e6:be:32:a3:71:
                    7c:0f:c2:c0:9c:11:b2:0d:c9:12:61:2b:f5:ea:ad:
                    cc:2f:9c:5b:14:8a:ad:c5:ec:51:43:1f:52:b7:1e:
                    b3:51:e4:11:7f:ee:db:77:89:59:37:53:ac:87:f3:
                    24:b1:e5:5b:11:e0:f5:82:f6:de:98:46:08:6a:ef:
                    74:75:93:fc:72:5e:62:f2:f2:c6:bd:f1:df:18:d8:
                    ff:0c:28:46:a5:cb:2e:41:d4:1f:a8:f3:d4:3d:ab:
                    21:4b:48:fc:5a:23:b0:cd:88:6c:84:4e:31:fb:b2:
                    d8:3b:87:56:5b:bf:8e:49:f4:e6:03:e6:dc:cb:db:
                    d5:1c:cb:0e:8a:69:bf:13:d3:3a:c9:96:3e:4c:98:
                    0b:cc:fc:84:58:a7:72:60:20:82:4f:b2:73:dc:92:
                    82:8e:97:94:2e:ba:e1:e2:07:b3:d1:7c:53:48:46:
                    8a:32:eb:48:6b:00:af:45:d5:d1:76:27:d5:6f:66:
                    3d:e7:eb:bd:3d:a8:16:a1:1d:3e:30:b3:30:cc:b9:
                    74:e7:13:ca:dd:3b:b8:53:a3:97:20:23:c1:3b:ab:
                    f9:69:00:a4:50:8f:a7:44:65:74:4a:34:16:ad:1f:
                    95:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:FD:65:57:1C:28:F2:01:CE:1D:62:D8:57:9C:FE:79:77:66:BF:35
            X509v3 Authority Key Identifier:
                keyid:D6:DB:AA:1B:52:F3:A7:32:89:FF:76:8A:CB:7B:AA:7F:38:7F:95:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/5v1lVxwo8gHOHWLYV5z-eXdmvzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:c1:2d:c9:73:59:34:1b:d3:44:68:0f:f5:83:1a:57:bb:85:
         02:ff:2d:9f:57:fc:1a:64:4d:90:87:c5:dd:2b:e0:41:c8:37:
         b4:e3:e8:c5:c6:5c:60:29:76:58:c6:eb:d1:59:e8:65:c7:5a:
         52:cf:da:8e:8e:e9:9c:cf:cc:99:9f:09:7b:43:96:13:7a:69:
         c5:d1:66:48:24:a1:1f:e5:7b:08:87:7a:2f:2e:7a:ca:63:27:
         7a:9a:6e:a8:d9:39:d6:f5:15:84:c3:b6:28:89:65:43:45:6c:
         c5:08:1a:58:52:1d:b0:bb:42:cb:51:07:ba:db:ea:14:eb:5c:
         ee:93:10:af:b0:12:76:7e:c0:24:4a:a8:1f:22:92:0f:49:da:
         7e:81:53:a9:ec:b5:0b:46:c5:56:5c:22:fb:a5:cf:b4:2f:a4:
         75:3e:9a:1f:81:d5:c2:c8:7b:4b:a0:0d:27:4d:32:09:17:ae:
         e0:29:de:bc:24:c9:13:88:80:9f:85:fc:1e:cf:33:d0:8b:1a:
         4b:c2:10:d8:26:a8:35:02:a7:b0:2f:a9:89:82:f3:db:9e:e0:
         a3:4e:41:0f:49:d2:7b:0e:71:31:ee:30:90:20:2e:4d:2a:b8:
         72:46:2f:3b:1b:1b:6c:16:ce:89:2b:39:9b:b4:38:78:40:52:
         ae:28:cb:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTj9Nog01sJYoZZzEa9WHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ZGJhYTFiNTJmM2E3MzI4OWZmNzY4YWNiN2JhYTdmMzg3
Zjk1NWYwHhcNMjQwMTAyMDgzMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmZkNjU1NzFjMjhmMjAxY2UxZDYyZDg1NzljZmU3OTc3NjZiZjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTJ2pkcKeWPkWOron+MSVyGCF+PT
UVci5r4yo3F8D8LAnBGyDckSYSv16q3ML5xbFIqtxexRQx9Stx6zUeQRf+7bd4lZ
N1Osh/MkseVbEeD1gvbemEYIau90dZP8cl5i8vLGvfHfGNj/DChGpcsuQdQfqPPU
PashS0j8WiOwzYhshE4x+7LYO4dWW7+OSfTmA+bcy9vVHMsOimm/E9M6yZY+TJgL
zPyEWKdyYCCCT7Jz3JKCjpeULrrh4gez0XxTSEaKMutIawCvRdXRdifVb2Y95+u9
PagWoR0+MLMwzLl05xPK3Tu4U6OXICPBO6v5aQCkUI+nRGV0SjQWrR+VgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOb9ZVccKPIBzh1i2Fec/nl3Zr81MB8GA1UdIwQY
MBaAFNbbqhtS86cyif92ist7qn84f5VfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXR1cUcxTHpwektKXzNhS3kzdXFmemhfbFY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9iMGI2ZTctM2UyMy00NDI2LThjODQt
ZmFiODNkNDAzNTU4LzEvNXYxbFZ4d284Z0hPSFdMWVY1ei1lWGRtdnpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9iMGI2ZTctM2UyMy00NDI2LThjODQtZmFiODNkNDAzNTU4
LzEvMXR1cUcxTHpwektKXzNhS3kzdXFmemhfbFY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9AVMA0G
CSqGSIb3DQEBCwUAA4IBAQCRwS3Jc1k0G9NEaA/1gxpXu4UC/y2fV/waZE2Qh8Xd
K+BByDe04+jFxlxgKXZYxuvRWehlx1pSz9qOjumcz8yZnwl7Q5YTemnF0WZIJKEf
5XsIh3ovLnrKYyd6mm6o2TnW9RWEw7YoiWVDRWzFCBpYUh2wu0LLUQe62+oU61zu
kxCvsBJ2fsAkSqgfIpIPSdp+gVOp7LULRsVWXCL7pc+0L6R1PpofgdXCyHtLoA0n
TTIJF67gKd68JMkTiICfhfwezzPQixpLwhDYJqg1AqewL6mJgvPbnuCjTkEPSdJ7
DnEx7jCQIC5NKrhyRi87GxtsFs6JKzmbtDh4QFKuKMvo
-----END CERTIFICATE-----