Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/18d955-e992-4fa0-bba0-ac58b287fb64/1/PQlHxZe79E5Y2mpraXQEQok5W04.roa
File:                     PQlHxZe79E5Y2mpraXQEQok5W04.roa (raw, json)
Hash identifier:          RFdWK0CWr03s2JmcD1iFsBp0pa1cAOc4uEguNxvDWS0=
Subject key identifier:   3D:09:47:C5:97:BB:F4:4E:58:DA:6A:6B:69:74:04:42:89:39:5B:4E
Certificate issuer:       /CN=cd398f7f3d5b3b82dcfdec902b03f733d895dae7
Certificate serial:       018F9B68C0748B89B0B2806A80769BFF2AD2
Authority key identifier: CD:39:8F:7F:3D:5B:3B:82:DC:FD:EC:90:2B:03:F7:33:D8:95:DA:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zTmPfz1bO4Lc_eyQKwP3M9iV2uc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/18d955-e992-4fa0-bba0-ac58b287fb64/1/PQlHxZe79E5Y2mpraXQEQok5W04.roa
Signing time:             Tue 21 May 2024 13:48:04 +0000
ROA not before:           Tue 21 May 2024 13:48:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21221
IP address blocks:        91.235.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/18d955-e992-4fa0-bba0-ac58b287fb64/1/zTmPfz1bO4Lc_eyQKwP3M9iV2uc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/18d955-e992-4fa0-bba0-ac58b287fb64/1/zTmPfz1bO4Lc_eyQKwP3M9iV2uc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zTmPfz1bO4Lc_eyQKwP3M9iV2uc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9b:68:c0:74:8b:89:b0:b2:80:6a:80:76:9b:ff:2a:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd398f7f3d5b3b82dcfdec902b03f733d895dae7
        Validity
            Not Before: May 21 13:48:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d0947c597bbf44e58da6a6b6974044289395b4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:4e:76:ba:24:fd:9c:13:8f:93:cb:f1:fa:14:
                    7d:9b:52:0b:6e:8d:70:90:e9:75:f8:95:e1:64:a5:
                    18:81:6e:ce:45:70:64:30:20:de:2b:60:27:e6:b0:
                    b3:27:37:1d:d8:14:ce:d5:ae:a2:67:e3:9a:17:bb:
                    d1:f4:92:4a:1d:c2:77:2b:27:fb:6d:37:3b:25:32:
                    9a:bd:57:fd:de:f6:2b:87:ed:e3:da:5c:6b:70:a8:
                    13:7a:b5:aa:d9:9d:55:43:b9:88:c8:51:af:9a:d1:
                    c0:94:f7:f2:0a:ca:0f:48:11:5d:c1:82:7d:f1:35:
                    77:a2:88:90:cd:7b:3d:1e:fc:ce:8a:67:4a:08:b0:
                    e6:70:52:e0:b3:7e:33:08:08:5c:5a:0a:2b:08:93:
                    a9:6a:20:5a:46:51:d6:46:5b:4c:15:60:fc:ac:71:
                    a9:9b:7f:c7:ca:eb:60:81:2d:5b:c1:cf:75:61:12:
                    4e:03:df:c2:54:7a:e9:49:b9:31:ef:26:42:b9:c2:
                    ba:90:72:ea:e5:b1:67:79:6a:f6:e3:57:b7:d9:b7:
                    cf:b0:0f:0a:a8:df:6d:99:04:c9:02:87:7f:5b:38:
                    3d:69:28:97:57:30:4a:46:ad:36:46:c2:36:94:74:
                    e5:04:18:8a:9d:e1:f1:d3:58:fe:b8:0b:a1:d8:6a:
                    c1:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:09:47:C5:97:BB:F4:4E:58:DA:6A:6B:69:74:04:42:89:39:5B:4E
            X509v3 Authority Key Identifier:
                keyid:CD:39:8F:7F:3D:5B:3B:82:DC:FD:EC:90:2B:03:F7:33:D8:95:DA:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zTmPfz1bO4Lc_eyQKwP3M9iV2uc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/18d955-e992-4fa0-bba0-ac58b287fb64/1/PQlHxZe79E5Y2mpraXQEQok5W04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/18d955-e992-4fa0-bba0-ac58b287fb64/1/zTmPfz1bO4Lc_eyQKwP3M9iV2uc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:0e:89:1c:67:80:ca:b1:de:4b:2b:52:47:13:2b:34:3c:f7:
         44:de:8e:b0:46:f2:37:bc:33:74:0f:60:59:b2:a5:8c:4c:3b:
         56:cc:c9:78:23:a2:cd:00:fb:ff:94:5a:41:db:6f:89:44:9e:
         27:79:fc:9d:72:29:23:87:65:dc:65:0c:83:cb:76:4e:fd:66:
         15:21:ef:7f:6a:a2:2c:42:58:96:0e:1d:c1:1d:0a:93:3d:4e:
         37:fd:85:72:69:0a:0d:bf:e2:4b:4f:e7:cb:b3:18:a6:28:83:
         af:55:e7:5e:fe:37:4c:02:cc:6a:40:9b:fd:6d:05:60:72:ac:
         14:c6:76:ba:03:ab:98:89:82:39:e3:cf:99:be:6d:a0:57:d9:
         ec:04:f9:69:a3:25:f7:0b:6d:6d:3e:c3:36:0a:c7:25:5b:35:
         c5:f2:f7:54:fa:7b:8b:2b:4f:15:e1:d5:ca:55:53:58:c3:d8:
         b1:c6:44:00:13:ec:ce:06:35:89:32:31:73:3d:83:40:39:e7:
         ab:9b:0f:3e:bf:fd:89:cf:c9:51:40:a2:f3:13:2d:6f:bf:34:
         5f:d8:7d:f7:4e:5e:19:54:8d:25:69:2c:41:dd:21:60:26:0d:
         9e:37:fc:b3:7d:59:54:25:07:a3:56:08:bf:5c:00:5c:e3:19:
         4a:5c:bf:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+baMB0i4mwsoBqgHab/yrSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMzk4ZjdmM2Q1YjNiODJkY2ZkZWM5MDJiMDNmNzMzZDg5
NWRhZTcwHhcNMjQwNTIxMTM0ODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDA5NDdjNTk3YmJmNDRlNThkYTZhNmI2OTc0MDQ0Mjg5Mzk1YjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq052uiT9nBOPk8vx+hR9m1ILbo1w
kOl1+JXhZKUYgW7ORXBkMCDeK2An5rCzJzcd2BTO1a6iZ+OaF7vR9JJKHcJ3Kyf7
bTc7JTKavVf93vYrh+3j2lxrcKgTerWq2Z1VQ7mIyFGvmtHAlPfyCsoPSBFdwYJ9
8TV3ooiQzXs9HvzOimdKCLDmcFLgs34zCAhcWgorCJOpaiBaRlHWRltMFWD8rHGp
m3/HyutggS1bwc91YRJOA9/CVHrpSbkx7yZCucK6kHLq5bFneWr241e32bfPsA8K
qN9tmQTJAod/Wzg9aSiXVzBKRq02RsI2lHTlBBiKneHx01j+uAuh2GrBhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD0JR8WXu/ROWNpqa2l0BEKJOVtOMB8GA1UdIwQY
MBaAFM05j389WzuC3P3skCsD9zPYldrnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelRtUGZ6MWJPNExjX2V5UUt3UDNNOWlWMnVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi8xOGQ5NTUtZTk5Mi00ZmEwLWJiYTAt
YWM1OGIyODdmYjY0LzEvUFFsSHhaZTc5RTVZMm1wcmFYUUVRb2s1VzA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi8xOGQ5NTUtZTk5Mi00ZmEwLWJiYTAtYWM1OGIyODdmYjY0
LzEvelRtUGZ6MWJPNExjX2V5UUt3UDNNOWlWMnVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+tTMA0G
CSqGSIb3DQEBCwUAA4IBAQANDokcZ4DKsd5LK1JHEys0PPdE3o6wRvI3vDN0D2BZ
sqWMTDtWzMl4I6LNAPv/lFpB22+JRJ4nefydcikjh2XcZQyDy3ZO/WYVIe9/aqIs
QliWDh3BHQqTPU43/YVyaQoNv+JLT+fLsximKIOvVede/jdMAsxqQJv9bQVgcqwU
xna6A6uYiYI548+Zvm2gV9nsBPlpoyX3C21tPsM2CsclWzXF8vdU+nuLK08V4dXK
VVNYw9ixxkQAE+zOBjWJMjFzPYNAOeermw8+v/2Jz8lRQKLzEy1vvzRf2H33Tl4Z
VI0laSxB3SFgJg2eN/yzfVlUJQejVgi/XABc4xlKXL85
-----END CERTIFICATE-----