Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/18d955-e992-4fa0-bba0-ac58b287fb64/1/F7U0RRg86BShkmN5DX44KM_m278.roa
File:                     F7U0RRg86BShkmN5DX44KM_m278.roa (raw, json)
Hash identifier:          f/2jCJ/We9eb6a5R7g0hxlr/4dUn8y+vyG1yYrh5m+k=
Subject key identifier:   17:B5:34:45:18:3C:E8:14:A1:92:63:79:0D:7E:38:28:CF:E6:DB:BF
Certificate issuer:       /CN=cd398f7f3d5b3b82dcfdec902b03f733d895dae7
Certificate serial:       018F9A142D501C4C3030521CF784D087F08E
Authority key identifier: CD:39:8F:7F:3D:5B:3B:82:DC:FD:EC:90:2B:03:F7:33:D8:95:DA:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zTmPfz1bO4Lc_eyQKwP3M9iV2uc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/18d955-e992-4fa0-bba0-ac58b287fb64/1/F7U0RRg86BShkmN5DX44KM_m278.roa
Signing time:             Tue 21 May 2024 07:36:04 +0000
ROA not before:           Tue 21 May 2024 07:36:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59393
IP address blocks:        91.235.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/18d955-e992-4fa0-bba0-ac58b287fb64/1/zTmPfz1bO4Lc_eyQKwP3M9iV2uc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/18d955-e992-4fa0-bba0-ac58b287fb64/1/zTmPfz1bO4Lc_eyQKwP3M9iV2uc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zTmPfz1bO4Lc_eyQKwP3M9iV2uc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9a:14:2d:50:1c:4c:30:30:52:1c:f7:84:d0:87:f0:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd398f7f3d5b3b82dcfdec902b03f733d895dae7
        Validity
            Not Before: May 21 07:36:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17b53445183ce814a19263790d7e3828cfe6dbbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b6:60:c0:93:45:12:7a:43:d0:5b:26:fb:94:
                    ea:f0:37:52:57:84:27:40:72:fa:19:f4:79:7b:01:
                    81:28:91:8f:51:65:3b:b8:82:b5:c3:09:69:c2:d9:
                    1b:5c:b6:8a:95:ad:83:4c:b7:72:61:c1:a5:9b:64:
                    35:c7:11:3e:aa:39:a0:2a:ae:9f:2d:b3:75:e5:bc:
                    81:a6:f9:5a:c7:ae:60:ca:3d:8a:f3:f3:2c:1a:79:
                    9e:f0:63:c4:a4:92:78:f6:1f:fc:0c:29:2e:d6:5f:
                    e6:1c:fe:b1:6b:7d:72:6e:4a:ee:e5:f2:6c:57:a6:
                    55:e8:56:e0:20:56:b7:b9:d5:42:08:10:f6:2a:41:
                    84:c4:78:4b:a4:74:24:15:b5:a3:67:1c:93:42:41:
                    75:93:ac:91:19:ac:c5:9c:b3:15:69:3e:48:02:28:
                    4b:33:91:ca:87:72:14:42:ad:87:75:0a:8b:d8:82:
                    39:9b:81:9b:a6:ad:5c:a6:08:fd:45:e5:a6:97:21:
                    56:e1:2d:fe:f1:94:e2:e8:c1:6c:f9:53:40:f7:f8:
                    32:89:db:c9:c7:aa:ca:ff:c5:dc:e3:b8:e6:f8:d6:
                    28:90:fc:0f:7a:be:23:32:1d:2a:88:21:64:7a:af:
                    72:95:13:40:ab:74:34:2c:7a:89:aa:41:72:94:c7:
                    87:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:B5:34:45:18:3C:E8:14:A1:92:63:79:0D:7E:38:28:CF:E6:DB:BF
            X509v3 Authority Key Identifier:
                keyid:CD:39:8F:7F:3D:5B:3B:82:DC:FD:EC:90:2B:03:F7:33:D8:95:DA:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zTmPfz1bO4Lc_eyQKwP3M9iV2uc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/18d955-e992-4fa0-bba0-ac58b287fb64/1/F7U0RRg86BShkmN5DX44KM_m278.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/18d955-e992-4fa0-bba0-ac58b287fb64/1/zTmPfz1bO4Lc_eyQKwP3M9iV2uc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:0c:33:3e:07:52:64:36:59:ba:8b:08:98:54:fa:ee:9c:26:
         79:94:91:d6:69:ec:a8:5a:6a:34:e0:78:de:69:6f:64:d4:56:
         a3:9b:0c:fa:91:d3:96:34:d8:35:5b:83:c8:0f:c6:de:cd:e5:
         98:28:d9:b2:b3:61:b5:bf:76:fc:9d:72:ad:e9:42:68:5c:43:
         86:21:75:a2:44:09:5d:cf:d6:e6:63:28:a5:12:cb:9e:68:5f:
         db:45:36:07:27:ae:e5:db:0b:37:e1:df:a7:ae:cc:43:33:6f:
         2b:06:46:1a:0a:40:5f:8d:eb:c1:44:84:d0:ab:4c:24:a7:06:
         e7:c8:92:01:f4:30:61:74:63:1f:41:45:e8:57:9d:12:58:98:
         06:f7:ce:78:59:e4:ac:bf:78:88:4b:59:24:e5:4d:9d:4f:72:
         46:37:a7:0a:fe:5f:f4:1c:87:29:43:f5:e2:e0:f6:62:c0:97:
         19:13:c4:81:af:0e:32:a8:27:92:c0:0f:1f:82:a6:e6:21:d6:
         d0:71:32:9c:69:35:f9:16:21:d2:90:5d:8c:3b:c0:46:6f:c1:
         20:3a:f4:55:9f:0d:69:fa:95:ee:6d:64:2f:25:b4:16:8a:65:
         53:8b:f6:b4:34:f4:ac:c1:eb:0e:4d:6d:e3:90:1d:91:c0:74:
         e3:31:58:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+aFC1QHEwwMFIc94TQh/COMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMzk4ZjdmM2Q1YjNiODJkY2ZkZWM5MDJiMDNmNzMzZDg5
NWRhZTcwHhcNMjQwNTIxMDczNjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2I1MzQ0NTE4M2NlODE0YTE5MjYzNzkwZDdlMzgyOGNmZTZkYmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLZgwJNFEnpD0Fsm+5Tq8DdSV4Qn
QHL6GfR5ewGBKJGPUWU7uIK1wwlpwtkbXLaKla2DTLdyYcGlm2Q1xxE+qjmgKq6f
LbN15byBpvlax65gyj2K8/MsGnme8GPEpJJ49h/8DCku1l/mHP6xa31ybkru5fJs
V6ZV6FbgIFa3udVCCBD2KkGExHhLpHQkFbWjZxyTQkF1k6yRGazFnLMVaT5IAihL
M5HKh3IUQq2HdQqL2II5m4Gbpq1cpgj9ReWmlyFW4S3+8ZTi6MFs+VNA9/gyidvJ
x6rK/8Xc47jm+NYokPwPer4jMh0qiCFkeq9ylRNAq3Q0LHqJqkFylMeHgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBe1NEUYPOgUoZJjeQ1+OCjP5tu/MB8GA1UdIwQY
MBaAFM05j389WzuC3P3skCsD9zPYldrnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelRtUGZ6MWJPNExjX2V5UUt3UDNNOWlWMnVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi8xOGQ5NTUtZTk5Mi00ZmEwLWJiYTAt
YWM1OGIyODdmYjY0LzEvRjdVMFJSZzg2QlNoa21ONURYNDRLTV9tMjc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi8xOGQ5NTUtZTk5Mi00ZmEwLWJiYTAtYWM1OGIyODdmYjY0
LzEvelRtUGZ6MWJPNExjX2V5UUt3UDNNOWlWMnVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+tTMA0G
CSqGSIb3DQEBCwUAA4IBAQB0DDM+B1JkNlm6iwiYVPrunCZ5lJHWaeyoWmo04Hje
aW9k1Fajmwz6kdOWNNg1W4PID8bezeWYKNmys2G1v3b8nXKt6UJoXEOGIXWiRAld
z9bmYyilEsueaF/bRTYHJ67l2ws34d+nrsxDM28rBkYaCkBfjevBRITQq0wkpwbn
yJIB9DBhdGMfQUXoV50SWJgG9854WeSsv3iIS1kk5U2dT3JGN6cK/l/0HIcpQ/Xi
4PZiwJcZE8SBrw4yqCeSwA8fgqbmIdbQcTKcaTX5FiHSkF2MO8BGb8EgOvRVnw1p
+pXubWQvJbQWimVTi/a0NPSswesOTW3jkB2RwHTjMVi7
-----END CERTIFICATE-----