Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/05159a-4529-48fa-95e9-dc76feca94bf/1/tVW5R3UgmpL9OqEs3hPQ10md_J8.roa
File:                     tVW5R3UgmpL9OqEs3hPQ10md_J8.roa (raw, json)
Hash identifier:          4fvahHyfxZ07NZc9BFzPg+G3Tz6CDNngYBvxdFvXoYc=
Subject key identifier:   B5:55:B9:47:75:20:9A:92:FD:3A:A1:2C:DE:13:D0:D7:49:9D:FC:9F
Certificate issuer:       /CN=926c98b51061f340cce4e0b4ce361ce34abc2fce
Certificate serial:       018CC79497876BEE06F1D309C258638A3433
Authority key identifier: 92:6C:98:B5:10:61:F3:40:CC:E4:E0:B4:CE:36:1C:E3:4A:BC:2F:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kmyYtRBh80DM5OC0zjYc40q8L84.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/05159a-4529-48fa-95e9-dc76feca94bf/1/tVW5R3UgmpL9OqEs3hPQ10md_J8.roa
Signing time:             Tue 02 Jan 2024 00:30:53 +0000
ROA not before:           Tue 02 Jan 2024 00:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59945
IP address blocks:        91.224.46.0/24 maxlen: 24
                          91.224.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/05159a-4529-48fa-95e9-dc76feca94bf/1/kmyYtRBh80DM5OC0zjYc40q8L84.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/05159a-4529-48fa-95e9-dc76feca94bf/1/kmyYtRBh80DM5OC0zjYc40q8L84.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kmyYtRBh80DM5OC0zjYc40q8L84.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:97:87:6b:ee:06:f1:d3:09:c2:58:63:8a:34:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=926c98b51061f340cce4e0b4ce361ce34abc2fce
        Validity
            Not Before: Jan  2 00:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b555b94775209a92fd3aa12cde13d0d7499dfc9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:f9:0f:8e:a9:7b:60:48:46:62:11:8e:fd:fe:
                    ae:af:07:6c:cf:d7:ce:f3:69:af:9a:99:03:43:b1:
                    7b:dd:1b:e0:3b:f5:5a:6b:66:84:69:41:8e:49:12:
                    75:ef:48:74:9b:eb:4a:fd:35:00:73:d7:ad:ca:74:
                    48:1f:2d:23:88:c6:2d:94:2a:61:23:aa:9f:1f:da:
                    b8:d0:cd:f1:17:bd:16:a4:8c:91:88:70:12:25:9e:
                    3e:0e:b7:f6:b4:65:bd:53:af:0c:0d:1b:50:d9:20:
                    5b:ea:7a:64:1a:b8:57:1b:b9:c9:cc:58:96:a5:69:
                    38:58:63:b1:52:03:f2:10:50:1e:46:ea:0e:89:16:
                    9c:f2:68:d4:cd:9f:fe:3a:84:94:fa:88:bf:a2:c0:
                    08:e8:c2:71:bb:64:26:c1:27:c9:54:8c:c9:22:7e:
                    8c:64:6f:10:de:36:f5:20:ef:76:66:7b:61:41:74:
                    e1:c8:04:02:b7:b4:fc:36:c9:59:5a:f3:e1:3d:f5:
                    61:95:8f:2b:50:6c:63:96:b2:3f:41:12:af:74:d1:
                    d3:6d:ff:5b:62:1f:ee:9c:15:0e:8d:27:9e:0f:b7:
                    c4:d0:74:33:64:28:38:9d:07:cc:fe:af:0e:f5:9d:
                    ea:ba:f1:08:a8:36:c4:12:ba:58:3c:63:76:31:0c:
                    2b:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:55:B9:47:75:20:9A:92:FD:3A:A1:2C:DE:13:D0:D7:49:9D:FC:9F
            X509v3 Authority Key Identifier:
                keyid:92:6C:98:B5:10:61:F3:40:CC:E4:E0:B4:CE:36:1C:E3:4A:BC:2F:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kmyYtRBh80DM5OC0zjYc40q8L84.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05159a-4529-48fa-95e9-dc76feca94bf/1/tVW5R3UgmpL9OqEs3hPQ10md_J8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05159a-4529-48fa-95e9-dc76feca94bf/1/kmyYtRBh80DM5OC0zjYc40q8L84.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:28:5e:cd:30:b2:1b:d2:01:32:b3:59:55:0a:f5:ba:9b:20:
         29:41:9e:c9:7e:5a:c1:97:84:81:8c:08:55:58:43:d4:f2:ce:
         b5:3c:ad:24:85:77:e1:d2:cc:06:8e:fb:1a:60:61:78:f4:12:
         6e:da:56:cc:6f:24:ba:49:53:8f:fb:ef:42:30:26:eb:5b:6f:
         68:81:95:e5:5a:26:43:9b:3b:8e:29:e0:ed:f3:b4:74:f7:fc:
         72:2f:87:19:71:f0:fb:0e:b1:94:00:5b:52:85:6c:af:3f:0c:
         05:83:a2:53:1b:48:53:7e:83:57:6a:fe:a8:71:ff:f7:ce:92:
         32:a2:0d:44:53:f9:30:63:77:05:9f:77:97:fb:c7:9c:8d:88:
         e8:b3:ec:fd:df:e8:6b:32:3a:04:4b:8c:ea:26:81:82:0d:0d:
         3a:ec:50:89:83:04:31:0a:e7:c9:4d:2e:4b:26:32:d0:e4:0a:
         d2:ce:7e:b8:a5:36:af:0b:16:c8:68:ed:e2:eb:aa:f7:af:d3:
         dd:ea:1d:96:a3:44:b5:87:af:9c:10:05:d9:f8:89:76:5d:5c:
         5a:25:bb:67:a3:f4:58:7e:8f:4a:00:a8:ab:4e:95:29:9d:f3:
         fb:0b:10:79:18:ac:15:a2:8e:ef:df:b4:e6:5a:0b:5d:c0:1f:
         a5:f2:c0:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlJeHa+4G8dMJwlhjijQzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNmM5OGI1MTA2MWYzNDBjY2U0ZTBiNGNlMzYxY2UzNGFi
YzJmY2UwHhcNMjQwMTAyMDAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTU1Yjk0Nzc1MjA5YTkyZmQzYWExMmNkZTEzZDBkNzQ5OWRmYzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfkPjql7YEhGYhGO/f6urwdsz9fO
82mvmpkDQ7F73RvgO/Vaa2aEaUGOSRJ170h0m+tK/TUAc9etynRIHy0jiMYtlCph
I6qfH9q40M3xF70WpIyRiHASJZ4+Drf2tGW9U68MDRtQ2SBb6npkGrhXG7nJzFiW
pWk4WGOxUgPyEFAeRuoOiRac8mjUzZ/+OoSU+oi/osAI6MJxu2QmwSfJVIzJIn6M
ZG8Q3jb1IO92ZnthQXThyAQCt7T8NslZWvPhPfVhlY8rUGxjlrI/QRKvdNHTbf9b
Yh/unBUOjSeeD7fE0HQzZCg4nQfM/q8O9Z3quvEIqDbEErpYPGN2MQwr0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLVVuUd1IJqS/TqhLN4T0NdJnfyfMB8GA1UdIwQY
MBaAFJJsmLUQYfNAzOTgtM42HONKvC/OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva215WXRSQmg4MERNNU9DMHpqWWM0MHE4TDg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8wNTE1OWEtNDUyOS00OGZhLTk1ZTkt
ZGM3NmZlY2E5NGJmLzEvdFZXNVIzVWdtcEw5T3FFczNoUFExMG1kX0o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8wNTE1OWEtNDUyOS00OGZhLTk1ZTktZGM3NmZlY2E5NGJm
LzEva215WXRSQmg4MERNNU9DMHpqWWM0MHE4TDg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+AuMA0G
CSqGSIb3DQEBCwUAA4IBAQA0KF7NMLIb0gEys1lVCvW6myApQZ7JflrBl4SBjAhV
WEPU8s61PK0khXfh0swGjvsaYGF49BJu2lbMbyS6SVOP++9CMCbrW29ogZXlWiZD
mzuOKeDt87R09/xyL4cZcfD7DrGUAFtShWyvPwwFg6JTG0hTfoNXav6ocf/3zpIy
og1EU/kwY3cFn3eX+8ecjYjos+z93+hrMjoES4zqJoGCDQ067FCJgwQxCufJTS5L
JjLQ5ArSzn64pTavCxbIaO3i66r3r9Pd6h2Wo0S1h6+cEAXZ+Il2XVxaJbtno/RY
fo9KAKirTpUpnfP7CxB5GKwVoo7v37TmWgtdwB+l8sCc
-----END CERTIFICATE-----