Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/043eee-3199-4f8e-b0a9-4ad852a12cd6/1/8s8S-IuqQY9k7C65EZsmuSRAQlc.roa
File:                     8s8S-IuqQY9k7C65EZsmuSRAQlc.roa (raw, json)
Hash identifier:          tBk30B6bdHnKw2lrvytyEpzA2hQjhpDnAoY4k/tviEw=
Subject key identifier:   F2:CF:12:F8:8B:AA:41:8F:64:EC:2E:B9:11:9B:26:B9:24:40:42:57
Certificate issuer:       /CN=22689d0f913d29cc63d6c926cb462cb27f184408
Certificate serial:       018CC9BCC6AB9D778985085603F7C04A19F6
Authority key identifier: 22:68:9D:0F:91:3D:29:CC:63:D6:C9:26:CB:46:2C:B2:7F:18:44:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ImidD5E9Kcxj1skmy0Yssn8YRAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/043eee-3199-4f8e-b0a9-4ad852a12cd6/1/8s8S-IuqQY9k7C65EZsmuSRAQlc.roa
Signing time:             Tue 02 Jan 2024 10:34:01 +0000
ROA not before:           Tue 02 Jan 2024 10:34:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210126
IP address blocks:        91.234.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/043eee-3199-4f8e-b0a9-4ad852a12cd6/1/ImidD5E9Kcxj1skmy0Yssn8YRAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/043eee-3199-4f8e-b0a9-4ad852a12cd6/1/ImidD5E9Kcxj1skmy0Yssn8YRAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ImidD5E9Kcxj1skmy0Yssn8YRAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 13:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c6:ab:9d:77:89:85:08:56:03:f7:c0:4a:19:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22689d0f913d29cc63d6c926cb462cb27f184408
        Validity
            Not Before: Jan  2 10:34:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2cf12f88baa418f64ec2eb9119b26b924404257
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:57:e0:cc:ea:60:3f:38:8a:cb:75:5f:b7:e7:
                    cb:a0:91:f4:aa:90:af:f5:95:68:c2:64:cc:ef:0f:
                    18:8e:9a:ce:b5:36:fa:78:90:59:d8:ed:a7:8c:33:
                    1f:ae:da:79:77:c1:82:e7:80:2e:eb:40:55:a7:5b:
                    24:ad:91:e2:29:c9:76:af:b6:c2:05:02:4d:ae:f3:
                    68:7d:96:e0:77:ec:c9:a2:2c:d7:f4:16:08:3d:51:
                    d7:be:ab:ed:5f:d6:eb:7d:76:99:9e:bb:e7:5a:83:
                    f6:0c:2d:8f:b6:82:c6:86:8e:2b:c6:3f:d7:7c:ed:
                    78:c5:5e:9b:3a:38:be:7f:df:22:7c:06:d5:ae:b6:
                    3c:25:bb:ea:b7:23:6d:32:ec:64:f1:77:aa:00:d8:
                    72:24:22:89:ee:43:b2:9e:82:73:4f:9b:ec:95:4d:
                    19:46:4f:c8:16:3f:b8:ba:7f:4f:93:9a:10:de:0b:
                    54:f6:1b:71:d6:8e:0b:97:c6:0c:cc:c2:07:2c:18:
                    e9:6c:bb:8f:b7:07:12:61:4b:87:31:a9:a3:77:ca:
                    ae:9d:2d:c8:52:60:ae:4c:d0:06:c8:b4:74:c0:84:
                    74:b1:31:7c:45:ae:03:3f:0f:5c:cb:19:5d:07:76:
                    58:49:d6:df:72:19:b1:04:78:4b:15:d7:ce:14:34:
                    ac:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:CF:12:F8:8B:AA:41:8F:64:EC:2E:B9:11:9B:26:B9:24:40:42:57
            X509v3 Authority Key Identifier:
                keyid:22:68:9D:0F:91:3D:29:CC:63:D6:C9:26:CB:46:2C:B2:7F:18:44:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ImidD5E9Kcxj1skmy0Yssn8YRAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/043eee-3199-4f8e-b0a9-4ad852a12cd6/1/8s8S-IuqQY9k7C65EZsmuSRAQlc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/043eee-3199-4f8e-b0a9-4ad852a12cd6/1/ImidD5E9Kcxj1skmy0Yssn8YRAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:f2:1e:04:dd:3f:af:5f:ff:f2:92:82:34:0b:74:1f:96:64:
         42:a6:61:3d:7d:61:74:ca:1c:03:bb:d3:b1:11:42:cc:c6:90:
         8c:f5:e6:e1:f8:2f:af:4b:88:e4:05:7f:7c:42:b8:08:87:de:
         f2:5d:f4:4a:58:fa:e3:3f:4c:00:a6:07:8f:86:98:23:7b:0c:
         b4:dd:ff:dd:84:82:e6:c4:9e:34:76:3a:ce:84:c0:c7:2b:66:
         1d:ab:0b:45:35:4b:74:23:33:c4:88:cb:a9:85:f5:30:fd:0f:
         e0:93:38:f5:2b:f6:63:fb:a7:37:40:3d:61:c9:35:25:31:49:
         9a:5b:53:63:9a:ed:fe:a2:1f:16:92:8e:84:86:92:a0:7e:d2:
         b1:1b:56:77:f8:09:6c:da:81:06:ad:a5:7e:e6:bc:90:a6:b3:
         fe:39:b6:7a:fa:9b:3b:4c:e7:fa:aa:3a:8b:bd:db:d5:d6:f3:
         cd:c8:e2:45:cb:45:21:2c:f2:76:fe:92:b4:10:22:6a:2a:b7:
         b6:ae:67:b8:24:ba:9c:60:9d:34:77:8d:75:56:f1:5e:6c:5b:
         18:87:0c:cd:89:65:0e:d4:d8:f2:1d:cb:ad:6f:71:4b:42:01:
         09:08:06:2f:76:d8:ea:58:27:52:55:37:0c:f2:fb:34:24:53:
         69:9a:42:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvMarnXeJhQhWA/fAShn2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyNjg5ZDBmOTEzZDI5Y2M2M2Q2YzkyNmNiNDYyY2IyN2Yx
ODQ0MDgwHhcNMjQwMTAyMTAzNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmNmMTJmODhiYWE0MThmNjRlYzJlYjkxMTliMjZiOTI0NDA0MjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgVfgzOpgPziKy3Vft+fLoJH0qpCv
9ZVowmTM7w8YjprOtTb6eJBZ2O2njDMfrtp5d8GC54Au60BVp1skrZHiKcl2r7bC
BQJNrvNofZbgd+zJoizX9BYIPVHXvqvtX9brfXaZnrvnWoP2DC2PtoLGho4rxj/X
fO14xV6bOji+f98ifAbVrrY8JbvqtyNtMuxk8XeqANhyJCKJ7kOynoJzT5vslU0Z
Rk/IFj+4un9Pk5oQ3gtU9htx1o4Ll8YMzMIHLBjpbLuPtwcSYUuHMamjd8qunS3I
UmCuTNAGyLR0wIR0sTF8Ra4DPw9cyxldB3ZYSdbfchmxBHhLFdfOFDSs1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPLPEviLqkGPZOwuuRGbJrkkQEJXMB8GA1UdIwQY
MBaAFCJonQ+RPSnMY9bJJstGLLJ/GEQIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSW1pZEQ1RTlLY3hqMXNrbXkwWXNzbjhZUkFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8wNDNlZWUtMzE5OS00ZjhlLWIwYTkt
NGFkODUyYTEyY2Q2LzEvOHM4Uy1JdXFRWTlrN0M2NUVac211U1JBUWxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8wNDNlZWUtMzE5OS00ZjhlLWIwYTktNGFkODUyYTEyY2Q2
LzEvSW1pZEQ1RTlLY3hqMXNrbXkwWXNzbjhZUkFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+rIMA0G
CSqGSIb3DQEBCwUAA4IBAQA98h4E3T+vX//ykoI0C3QflmRCpmE9fWF0yhwDu9Ox
EULMxpCM9ebh+C+vS4jkBX98QrgIh97yXfRKWPrjP0wApgePhpgjewy03f/dhILm
xJ40djrOhMDHK2YdqwtFNUt0IzPEiMuphfUw/Q/gkzj1K/Zj+6c3QD1hyTUlMUma
W1Njmu3+oh8Wko6EhpKgftKxG1Z3+Als2oEGraV+5ryQprP+ObZ6+ps7TOf6qjqL
vdvV1vPNyOJFy0UhLPJ2/pK0ECJqKre2rme4JLqcYJ00d411VvFebFsYhwzNiWUO
1NjyHcutb3FLQgEJCAYvdtjqWCdSVTcM8vs0JFNpmkLP
-----END CERTIFICATE-----