Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/3e8e42-dffb-435d-bd2b-eb8b1ecc4741/1/XC2vdiNTA0iE1as9dF6w5AuNmac.roa
File:                     XC2vdiNTA0iE1as9dF6w5AuNmac.roa (raw, json)
Hash identifier:          fKSkzAkV9NTPkwrAsWxO0pwE5qpziYIWtfiyC07Q+BM=
Subject key identifier:   5C:2D:AF:76:23:53:03:48:84:D5:AB:3D:74:5E:B0:E4:0B:8D:99:A7
Certificate issuer:       /CN=4dd2fc4d23fd9c2420c40491871808ec5424a670
Certificate serial:       018CC3B67E2025B14F4E86AA6424DB782BD2
Authority key identifier: 4D:D2:FC:4D:23:FD:9C:24:20:C4:04:91:87:18:08:EC:54:24:A6:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdL8TSP9nCQgxASRhxgI7FQkpnA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/3e8e42-dffb-435d-bd2b-eb8b1ecc4741/1/XC2vdiNTA0iE1as9dF6w5AuNmac.roa
Signing time:             Mon 01 Jan 2024 06:29:26 +0000
ROA not before:           Mon 01 Jan 2024 06:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8998
IP address blocks:        91.203.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/3e8e42-dffb-435d-bd2b-eb8b1ecc4741/1/TdL8TSP9nCQgxASRhxgI7FQkpnA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/3e8e42-dffb-435d-bd2b-eb8b1ecc4741/1/TdL8TSP9nCQgxASRhxgI7FQkpnA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdL8TSP9nCQgxASRhxgI7FQkpnA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:7e:20:25:b1:4f:4e:86:aa:64:24:db:78:2b:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd2fc4d23fd9c2420c40491871808ec5424a670
        Validity
            Not Before: Jan  1 06:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c2daf762353034884d5ab3d745eb0e40b8d99a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:5a:bb:7c:cf:1e:60:d5:79:97:25:b2:68:78:
                    c5:a7:4a:bf:4e:9c:01:c9:31:5c:63:03:ca:df:c5:
                    5a:d3:34:fb:77:e2:fe:e5:6b:ea:2f:5b:1f:82:ac:
                    c1:a2:c2:89:9a:7f:04:3a:67:ce:b1:01:33:13:e1:
                    23:f7:a4:19:d5:b5:8c:f4:1c:01:db:26:f3:5d:8a:
                    57:72:3e:97:57:3c:f4:7d:7c:db:26:d6:ca:ed:dc:
                    1f:96:cc:29:7c:96:8f:29:22:29:84:39:b4:32:82:
                    1f:11:01:c9:e0:82:f6:bb:6d:5a:f4:e3:da:20:c6:
                    79:b7:46:a9:bc:26:9f:dc:a0:aa:25:a8:c1:b7:68:
                    bc:45:09:4b:8c:86:b0:d6:b4:40:20:a1:3a:61:4b:
                    df:22:c7:d0:bc:5f:00:ca:f2:da:a2:36:9c:c6:a2:
                    fa:8d:94:ae:1e:20:b3:81:ab:58:dd:8e:52:48:e5:
                    16:90:e0:82:7d:ca:91:f4:c2:f5:e6:b6:18:9a:d6:
                    f6:4d:fe:de:1d:d4:96:ab:ce:25:6d:03:c0:0a:88:
                    73:2f:bf:5b:7f:e7:d6:55:5a:0f:3f:9a:fc:d3:ec:
                    24:01:a7:02:60:da:6f:76:fa:0c:e2:d3:6a:9d:e2:
                    d9:fb:23:79:d2:da:91:30:25:15:30:67:d5:04:66:
                    6e:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:2D:AF:76:23:53:03:48:84:D5:AB:3D:74:5E:B0:E4:0B:8D:99:A7
            X509v3 Authority Key Identifier:
                keyid:4D:D2:FC:4D:23:FD:9C:24:20:C4:04:91:87:18:08:EC:54:24:A6:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdL8TSP9nCQgxASRhxgI7FQkpnA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/3e8e42-dffb-435d-bd2b-eb8b1ecc4741/1/XC2vdiNTA0iE1as9dF6w5AuNmac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/3e8e42-dffb-435d-bd2b-eb8b1ecc4741/1/TdL8TSP9nCQgxASRhxgI7FQkpnA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:25:17:38:d5:e3:dc:3a:e7:01:9d:15:73:b0:d6:48:07:4f:
         6d:87:59:81:4d:18:4b:25:a4:da:14:d2:5b:b3:28:15:ca:47:
         c1:a2:3d:51:0c:f7:9c:85:f5:9f:ef:8b:ea:23:59:95:bf:75:
         f8:3d:48:59:95:46:7c:72:19:5d:5a:0a:ed:eb:c0:36:9a:b2:
         e9:e6:03:d8:27:c5:d9:47:2a:2a:25:cb:5c:9b:d6:cc:b0:9f:
         46:6d:0a:53:f7:ef:9d:96:1c:0b:f2:26:c6:0c:68:a9:4e:db:
         5c:bf:f0:1a:56:ff:ec:70:db:3e:f5:bc:f1:ba:37:b4:64:e6:
         11:93:10:7a:49:0f:57:a7:e6:d1:26:b3:56:64:c8:11:99:31:
         c9:42:6f:c0:dc:9c:4e:27:f4:13:14:60:14:b4:33:30:44:32:
         21:41:74:8b:48:0b:88:20:17:ba:f9:64:92:ee:62:78:ff:08:
         30:be:3b:a5:a6:72:c6:7a:81:70:2a:88:e1:f5:64:7f:dd:db:
         66:01:3a:1c:68:64:4c:5e:4e:c7:ce:30:8e:52:48:3f:69:83:
         47:30:a7:37:e6:1d:cf:b9:29:0d:61:74:8a:69:14:9a:85:7f:
         f7:2e:d4:17:19:fc:19:89:b3:24:eb:9c:ba:8d:4a:b0:ea:79:
         c4:ff:96:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtn4gJbFPToaqZCTbeCvSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDJmYzRkMjNmZDljMjQyMGM0MDQ5MTg3MTgwOGVjNTQy
NGE2NzAwHhcNMjQwMTAxMDYyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzJkYWY3NjIzNTMwMzQ4ODRkNWFiM2Q3NDVlYjBlNDBiOGQ5OWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlq7fM8eYNV5lyWyaHjFp0q/TpwB
yTFcYwPK38Va0zT7d+L+5WvqL1sfgqzBosKJmn8EOmfOsQEzE+Ej96QZ1bWM9BwB
2ybzXYpXcj6XVzz0fXzbJtbK7dwflswpfJaPKSIphDm0MoIfEQHJ4IL2u21a9OPa
IMZ5t0apvCaf3KCqJajBt2i8RQlLjIaw1rRAIKE6YUvfIsfQvF8AyvLaojacxqL6
jZSuHiCzgatY3Y5SSOUWkOCCfcqR9ML15rYYmtb2Tf7eHdSWq84lbQPACohzL79b
f+fWVVoPP5r80+wkAacCYNpvdvoM4tNqneLZ+yN50tqRMCUVMGfVBGZuLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFwtr3YjUwNIhNWrPXResOQLjZmnMB8GA1UdIwQY
MBaAFE3S/E0j/ZwkIMQEkYcYCOxUJKZwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRMOFRTUDluQ1FneEFTUmh4Z0k3RlFrcG5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy8zZThlNDItZGZmYi00MzVkLWJkMmIt
ZWI4YjFlY2M0NzQxLzEvWEMydmRpTlRBMGlFMWFzOWRGNnc1QXVObWFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy8zZThlNDItZGZmYi00MzVkLWJkMmItZWI4YjFlY2M0NzQx
LzEvVGRMOFRTUDluQ1FneEFTUmh4Z0k3RlFrcG5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8smMA0G
CSqGSIb3DQEBCwUAA4IBAQCgJRc41ePcOucBnRVzsNZIB09th1mBTRhLJaTaFNJb
sygVykfBoj1RDPechfWf74vqI1mVv3X4PUhZlUZ8chldWgrt68A2mrLp5gPYJ8XZ
RyoqJctcm9bMsJ9GbQpT9++dlhwL8ibGDGipTttcv/AaVv/scNs+9bzxuje0ZOYR
kxB6SQ9Xp+bRJrNWZMgRmTHJQm/A3JxOJ/QTFGAUtDMwRDIhQXSLSAuIIBe6+WSS
7mJ4/wgwvjulpnLGeoFwKojh9WR/3dtmATocaGRMXk7HzjCOUkg/aYNHMKc35h3P
uSkNYXSKaRSahX/3LtQXGfwZibMk65y6jUqw6nnE/5bA
-----END CERTIFICATE-----