Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/a793cd-4952-4c4c-ab3f-1640e661c8d3/1/ha-S9w-adorj0OKakUteh61kenA.roa
File:                     ha-S9w-adorj0OKakUteh61kenA.roa (raw, json)
Hash identifier:          XYuhU/BwHUu+ULaYw1sKB/Q9TAYetm0dNHNrwQbT7hA=
Subject key identifier:   85:AF:92:F7:0F:9A:76:8A:E3:D0:E2:9A:91:4B:5E:87:AD:64:7A:70
Certificate issuer:       /CN=35df1cdb6d457f1adb33ebbde019ea5b21dfb42c
Certificate serial:       018CC424EE03EC9F1FE99928C1BD6C8C2076
Authority key identifier: 35:DF:1C:DB:6D:45:7F:1A:DB:33:EB:BD:E0:19:EA:5B:21:DF:B4:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nd8c221FfxrbM-u94BnqWyHftCw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/a793cd-4952-4c4c-ab3f-1640e661c8d3/1/ha-S9w-adorj0OKakUteh61kenA.roa
Signing time:             Mon 01 Jan 2024 08:30:03 +0000
ROA not before:           Mon 01 Jan 2024 08:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59729
IP address blocks:        91.213.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/a793cd-4952-4c4c-ab3f-1640e661c8d3/1/Nd8c221FfxrbM-u94BnqWyHftCw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/a793cd-4952-4c4c-ab3f-1640e661c8d3/1/Nd8c221FfxrbM-u94BnqWyHftCw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nd8c221FfxrbM-u94BnqWyHftCw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:ee:03:ec:9f:1f:e9:99:28:c1:bd:6c:8c:20:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35df1cdb6d457f1adb33ebbde019ea5b21dfb42c
        Validity
            Not Before: Jan  1 08:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85af92f70f9a768ae3d0e29a914b5e87ad647a70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:1a:5a:7a:63:dd:c9:6d:84:cb:26:0b:d4:98:
                    bf:58:f5:5a:10:0d:67:7f:5a:1a:31:6b:f8:e1:fe:
                    5a:4c:27:a1:2b:8b:e1:21:0d:40:ff:71:66:a3:e0:
                    e0:78:60:08:54:d3:0d:81:91:e4:5b:73:ff:33:85:
                    b6:cf:9e:d0:96:f1:87:ce:5d:4b:60:e4:69:23:d4:
                    66:dd:f4:2f:4b:88:95:d6:ee:0e:f0:5e:31:a8:5b:
                    ee:bf:ac:23:52:ed:64:07:78:0f:d3:75:c8:b1:b6:
                    fe:0c:84:01:1d:2f:e6:7f:40:d2:16:3e:23:5e:de:
                    df:34:6a:cf:0e:fb:b2:05:74:f6:83:ab:75:2d:7f:
                    82:c9:27:4d:9c:1e:85:72:8f:19:44:88:04:e5:7a:
                    e0:36:92:9b:cf:0a:20:66:6c:f5:2e:9e:73:ca:96:
                    52:06:a7:53:41:4c:d9:4b:bb:3d:b8:af:1d:55:e2:
                    bc:2b:3a:4a:2f:71:6d:d6:71:60:a7:1b:12:75:72:
                    25:79:67:37:ac:2b:05:a9:4b:59:3b:9d:9e:e3:c5:
                    ea:b2:85:40:1c:51:94:2d:fd:c1:d3:fb:9d:e3:86:
                    01:1f:96:81:d9:42:a3:0a:c9:a7:a1:0c:0b:c7:7e:
                    c1:31:5d:a0:9c:6a:c4:7a:85:5b:27:da:b2:48:96:
                    a2:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:AF:92:F7:0F:9A:76:8A:E3:D0:E2:9A:91:4B:5E:87:AD:64:7A:70
            X509v3 Authority Key Identifier:
                keyid:35:DF:1C:DB:6D:45:7F:1A:DB:33:EB:BD:E0:19:EA:5B:21:DF:B4:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nd8c221FfxrbM-u94BnqWyHftCw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/a793cd-4952-4c4c-ab3f-1640e661c8d3/1/ha-S9w-adorj0OKakUteh61kenA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/a793cd-4952-4c4c-ab3f-1640e661c8d3/1/Nd8c221FfxrbM-u94BnqWyHftCw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:8c:b9:ff:c2:ac:12:5c:ff:10:dc:f7:15:d3:ef:7b:f8:19:
         6c:7d:13:72:be:8b:5a:1d:37:5b:fe:bc:fc:4f:77:36:cd:c7:
         ee:db:d1:c8:b6:d9:3b:ca:cd:98:b8:5d:fb:0c:e0:32:2a:c3:
         2f:95:d8:63:ef:d2:99:f2:43:4a:84:35:3c:80:95:9a:4d:db:
         11:4e:92:af:2f:cf:2f:c1:f0:33:ab:b3:9b:dd:99:74:e7:96:
         91:b4:a4:15:d1:b7:20:d1:a0:cb:64:c6:39:c5:53:a5:79:70:
         79:96:02:a1:81:3a:54:bc:d0:eb:9f:1d:ad:6e:94:21:4b:de:
         85:75:c6:d7:d9:be:46:1c:8d:d4:24:5e:3a:e3:80:e9:8a:17:
         9a:e3:ab:9e:29:d0:d7:92:8d:e8:4b:ca:d6:d9:ed:21:66:bc:
         ba:1c:30:61:a8:f1:9e:6e:45:c0:23:cb:6c:af:ca:aa:e6:db:
         da:cc:73:c1:e8:06:c5:79:d2:64:33:0b:30:92:af:1d:2a:e0:
         cb:a3:18:ea:d2:72:d2:de:c9:5d:c5:f6:f3:0e:3c:44:bd:6c:
         06:3d:63:28:93:66:d4:f2:ed:20:17:6a:73:3f:0c:ef:4d:c9:
         37:1d:e1:0b:21:8c:82:49:b4:de:80:4a:34:6e:95:e6:d5:d4:
         95:06:c0:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJO4D7J8f6Zkowb1sjCB2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1ZGYxY2RiNmQ0NTdmMWFkYjMzZWJiZGUwMTllYTViMjFk
ZmI0MmMwHhcNMjQwMTAxMDgzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWFmOTJmNzBmOWE3NjhhZTNkMGUyOWE5MTRiNWU4N2FkNjQ3YTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxpaemPdyW2EyyYL1Ji/WPVaEA1n
f1oaMWv44f5aTCehK4vhIQ1A/3Fmo+DgeGAIVNMNgZHkW3P/M4W2z57QlvGHzl1L
YORpI9Rm3fQvS4iV1u4O8F4xqFvuv6wjUu1kB3gP03XIsbb+DIQBHS/mf0DSFj4j
Xt7fNGrPDvuyBXT2g6t1LX+CySdNnB6Fco8ZRIgE5XrgNpKbzwogZmz1Lp5zypZS
BqdTQUzZS7s9uK8dVeK8KzpKL3Ft1nFgpxsSdXIleWc3rCsFqUtZO52e48XqsoVA
HFGULf3B0/ud44YBH5aB2UKjCsmnoQwLx37BMV2gnGrEeoVbJ9qySJaiJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIWvkvcPmnaK49DimpFLXoetZHpwMB8GA1UdIwQY
MBaAFDXfHNttRX8a2zPrveAZ6lsh37QsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmQ4YzIyMUZmeHJiTS11OTRCbnFXeUhmdEN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9hNzkzY2QtNDk1Mi00YzRjLWFiM2Yt
MTY0MGU2NjFjOGQzLzEvaGEtUzl3LWFkb3JqME9LYWtVdGVoNjFrZW5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9hNzkzY2QtNDk1Mi00YzRjLWFiM2YtMTY0MGU2NjFjOGQz
LzEvTmQ4YzIyMUZmeHJiTS11OTRCbnFXeUhmdEN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9XmMA0G
CSqGSIb3DQEBCwUAA4IBAQCyjLn/wqwSXP8Q3PcV0+97+BlsfRNyvotaHTdb/rz8
T3c2zcfu29HIttk7ys2YuF37DOAyKsMvldhj79KZ8kNKhDU8gJWaTdsRTpKvL88v
wfAzq7Ob3Zl055aRtKQV0bcg0aDLZMY5xVOleXB5lgKhgTpUvNDrnx2tbpQhS96F
dcbX2b5GHI3UJF4644Dpihea46ueKdDXko3oS8rW2e0hZry6HDBhqPGebkXAI8ts
r8qq5tvazHPB6AbFedJkMwswkq8dKuDLoxjq0nLS3sldxfbzDjxEvWwGPWMok2bU
8u0gF2pzPwzvTck3HeELIYyCSbTegEo0bpXm1dSVBsCT
-----END CERTIFICATE-----