Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/01608d-08f1-4ab5-a926-be561ccded2c/1/X09m5veglZVTaGBhiz8yhFMk29g.roa
File:                     X09m5veglZVTaGBhiz8yhFMk29g.roa (raw, json)
Hash identifier:          0IDbpR/yWp9Tn2zlquMIJEcqNoFGnW94gI3tb5h8hGM=
Subject key identifier:   5F:4F:66:E6:F7:A0:95:95:53:68:60:61:8B:3F:32:84:53:24:DB:D8
Certificate issuer:       /CN=ff8ced3b09a905eb96869c58f66b4f8b591503b0
Certificate serial:       018CC3B74158581465BCE8BF57CDFC8A7408
Authority key identifier: FF:8C:ED:3B:09:A9:05:EB:96:86:9C:58:F6:6B:4F:8B:59:15:03:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4ztOwmpBeuWhpxY9mtPi1kVA7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/01608d-08f1-4ab5-a926-be561ccded2c/1/X09m5veglZVTaGBhiz8yhFMk29g.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24881
IP address blocks:        91.192.156.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/01608d-08f1-4ab5-a926-be561ccded2c/1/_4ztOwmpBeuWhpxY9mtPi1kVA7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/01608d-08f1-4ab5-a926-be561ccded2c/1/_4ztOwmpBeuWhpxY9mtPi1kVA7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4ztOwmpBeuWhpxY9mtPi1kVA7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:41:58:58:14:65:bc:e8:bf:57:cd:fc:8a:74:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff8ced3b09a905eb96869c58f66b4f8b591503b0
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f4f66e6f7a09595536860618b3f32845324dbd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:29:72:dd:b1:57:67:20:38:76:fb:07:c2:f9:
                    a3:2f:74:71:fc:58:15:af:f8:32:bf:d2:1c:02:da:
                    3b:9d:78:1c:de:c4:12:ca:2e:c0:54:62:13:b7:bd:
                    88:22:f1:0e:d7:ea:b7:2f:52:e8:b8:9c:fd:36:6c:
                    56:69:60:74:37:8e:eb:35:d3:82:ec:7e:8e:9b:fb:
                    f5:6a:46:69:ae:a4:2d:c6:a1:34:84:a9:f2:c2:36:
                    0a:29:c9:6d:fc:97:58:f4:ff:4a:19:7d:c1:92:b6:
                    d0:4f:d9:95:8e:d7:f5:dc:28:3b:8d:ec:1f:89:b1:
                    6f:bb:6a:50:10:a0:a5:ed:41:4d:91:65:f4:9d:59:
                    58:c7:28:85:6d:dd:c1:f5:b1:48:06:5b:63:1f:f6:
                    1f:7b:98:66:85:17:c4:86:e8:ff:7c:f2:d0:99:7d:
                    28:12:31:1c:92:f3:fc:aa:45:ab:3b:51:1a:88:d5:
                    db:d6:e7:bb:e3:eb:f3:80:4c:a8:fb:80:53:93:a9:
                    38:0e:78:1e:45:df:11:25:c8:a7:9c:9e:d0:47:18:
                    76:dd:aa:b3:7d:8f:88:83:26:d1:ba:34:bf:12:11:
                    b6:21:5d:e4:09:38:a3:89:11:72:8e:4b:12:62:8c:
                    cd:7b:64:8f:35:7a:c4:86:83:c6:a4:70:a1:ae:eb:
                    a7:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:4F:66:E6:F7:A0:95:95:53:68:60:61:8B:3F:32:84:53:24:DB:D8
            X509v3 Authority Key Identifier:
                keyid:FF:8C:ED:3B:09:A9:05:EB:96:86:9C:58:F6:6B:4F:8B:59:15:03:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4ztOwmpBeuWhpxY9mtPi1kVA7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/01608d-08f1-4ab5-a926-be561ccded2c/1/X09m5veglZVTaGBhiz8yhFMk29g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/01608d-08f1-4ab5-a926-be561ccded2c/1/_4ztOwmpBeuWhpxY9mtPi1kVA7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.192.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:a3:30:3b:f1:27:ae:16:eb:ee:e1:fd:ec:ce:d2:c5:f8:96:
         f7:ae:e9:e8:f0:c2:c4:77:24:9c:bd:1e:73:e4:fc:cd:0b:c4:
         42:01:48:9e:b4:6f:53:ab:24:00:e8:bc:49:71:80:91:8f:15:
         27:ec:3f:8a:f1:c3:08:9f:5c:99:bc:37:8b:48:ea:88:1a:4a:
         08:91:94:7c:66:62:f3:cd:79:4b:bc:ca:f1:b3:57:cc:98:64:
         27:d0:85:80:29:aa:a5:53:7b:d4:8a:a3:5b:0c:45:e4:81:d6:
         4e:2d:89:f7:7d:9f:fb:15:03:68:24:a6:80:65:12:50:02:af:
         0b:e0:b3:af:3c:68:bb:c6:44:52:8e:fa:e1:9e:7e:ee:dc:76:
         9e:b3:08:b4:39:6d:db:d5:de:46:3c:74:e5:40:f7:4f:14:96:
         19:40:29:02:18:b7:80:63:11:7e:0b:1c:01:2a:57:18:2a:6f:
         9a:ff:51:e6:00:38:3e:72:9b:54:b9:6d:59:77:6a:7d:43:32:
         3f:6a:2f:6e:14:c5:74:a9:15:11:58:64:68:bc:87:cc:a3:da:
         70:8d:45:52:4b:16:c0:a6:e5:01:4e:82:36:3a:46:ac:2b:bc:
         19:e3:a1:f7:f9:de:1b:73:8e:2f:2d:89:eb:18:74:15:d2:eb:
         cb:e7:ba:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDt0FYWBRlvOi/V838inQIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmOGNlZDNiMDlhOTA1ZWI5Njg2OWM1OGY2NmI0ZjhiNTkx
NTAzYjAwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjRmNjZlNmY3YTA5NTk1NTM2ODYwNjE4YjNmMzI4NDUzMjRkYmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSly3bFXZyA4dvsHwvmjL3Rx/FgV
r/gyv9IcAto7nXgc3sQSyi7AVGITt72IIvEO1+q3L1LouJz9NmxWaWB0N47rNdOC
7H6Om/v1akZprqQtxqE0hKnywjYKKclt/JdY9P9KGX3BkrbQT9mVjtf13Cg7jewf
ibFvu2pQEKCl7UFNkWX0nVlYxyiFbd3B9bFIBltjH/Yfe5hmhRfEhuj/fPLQmX0o
EjEckvP8qkWrO1EaiNXb1ue74+vzgEyo+4BTk6k4DngeRd8RJcinnJ7QRxh23aqz
fY+IgybRujS/EhG2IV3kCTijiRFyjksSYozNe2SPNXrEhoPGpHChruunWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF9PZub3oJWVU2hgYYs/MoRTJNvYMB8GA1UdIwQY
MBaAFP+M7TsJqQXrloacWPZrT4tZFQOwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzR6dE93bXBCZXVXaHB4WTltdFBpMWtWQTdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8wMTYwOGQtMDhmMS00YWI1LWE5MjYt
YmU1NjFjY2RlZDJjLzEvWDA5bTV2ZWdsWlZUYUdCaGl6OHloRk1rMjlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8wMTYwOGQtMDhmMS00YWI1LWE5MjYtYmU1NjFjY2RlZDJj
LzEvXzR6dE93bXBCZXVXaHB4WTltdFBpMWtWQTdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8CcMA0G
CSqGSIb3DQEBCwUAA4IBAQAxozA78SeuFuvu4f3sztLF+Jb3runo8MLEdyScvR5z
5PzNC8RCAUietG9TqyQA6LxJcYCRjxUn7D+K8cMIn1yZvDeLSOqIGkoIkZR8ZmLz
zXlLvMrxs1fMmGQn0IWAKaqlU3vUiqNbDEXkgdZOLYn3fZ/7FQNoJKaAZRJQAq8L
4LOvPGi7xkRSjvrhnn7u3Haeswi0OW3b1d5GPHTlQPdPFJYZQCkCGLeAYxF+CxwB
KlcYKm+a/1HmADg+cptUuW1Zd2p9QzI/ai9uFMV0qRURWGRovIfMo9pwjUVSSxbA
puUBToI2OkasK7wZ46H3+d4bc44vLYnrGHQV0uvL57pj
-----END CERTIFICATE-----