Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/510066-471e-472a-8978-497277afbaa5/1/Y7AEvkfxJwz9wJWveY_jAoZLal4.roa
File:                     Y7AEvkfxJwz9wJWveY_jAoZLal4.roa (raw, json)
Hash identifier:          V0WEDTBfZIRM5XeRU1uUNagosFzGIJGt6e5YdygOCD4=
Subject key identifier:   63:B0:04:BE:47:F1:27:0C:FD:C0:95:AF:79:8F:E3:02:86:4B:6A:5E
Certificate issuer:       /CN=3db342062577169a63597e9e3a6425fcde6c1661
Certificate serial:       018CCA2A9C7AB6216861EAFCE9C30F6C644D
Authority key identifier: 3D:B3:42:06:25:77:16:9A:63:59:7E:9E:3A:64:25:FC:DE:6C:16:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PbNCBiV3FppjWX6eOmQl_N5sFmE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/510066-471e-472a-8978-497277afbaa5/1/Y7AEvkfxJwz9wJWveY_jAoZLal4.roa
Signing time:             Tue 02 Jan 2024 12:33:59 +0000
ROA not before:           Tue 02 Jan 2024 12:33:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56400
IP address blocks:        91.225.162.0/23 maxlen: 23
                          91.225.160.0/22 maxlen: 22
                          91.225.160.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/510066-471e-472a-8978-497277afbaa5/1/PbNCBiV3FppjWX6eOmQl_N5sFmE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/510066-471e-472a-8978-497277afbaa5/1/PbNCBiV3FppjWX6eOmQl_N5sFmE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PbNCBiV3FppjWX6eOmQl_N5sFmE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:9c:7a:b6:21:68:61:ea:fc:e9:c3:0f:6c:64:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3db342062577169a63597e9e3a6425fcde6c1661
        Validity
            Not Before: Jan  2 12:33:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63b004be47f1270cfdc095af798fe302864b6a5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:52:bf:6a:c3:03:3e:cd:6c:b2:b4:86:05:29:
                    8a:47:1c:c1:51:71:3d:df:25:fb:29:c1:21:6a:e7:
                    0d:30:b2:10:fe:d6:86:33:f5:21:6e:1f:94:f3:40:
                    d5:16:1b:20:c7:23:37:c8:63:ce:7e:3f:53:73:d6:
                    92:93:7e:f2:f1:70:4d:5d:ea:84:0f:3b:44:56:84:
                    5c:76:26:61:a0:7b:1f:4e:6c:d3:f0:9d:f3:f9:d7:
                    ed:50:68:12:76:71:4c:c8:f2:71:ff:ab:89:a4:dc:
                    ed:44:61:6f:72:f2:41:84:e1:f0:9e:65:dd:58:2b:
                    41:cc:ec:09:86:2d:2f:34:e7:12:57:fa:59:bd:d4:
                    0b:1b:2f:b2:36:dc:02:f5:0b:47:24:3b:82:2c:99:
                    7b:22:ac:c8:e0:e7:d1:4c:22:d8:cb:f1:50:ed:2a:
                    c7:50:d6:20:df:4b:14:9c:09:a9:b8:e9:87:54:d0:
                    8c:d9:28:bf:48:c4:ea:5f:d9:10:0b:e1:3e:bb:87:
                    4e:7a:a3:e8:24:a4:2b:33:01:e9:8f:95:eb:b1:37:
                    21:44:cc:61:6b:6d:96:33:99:ef:a6:c4:d6:fe:f1:
                    a8:b9:bb:86:ff:0f:f9:66:9a:6b:27:22:b2:1e:8d:
                    2d:65:67:d6:45:4a:4a:f1:22:10:d1:f4:9d:14:fa:
                    9e:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:B0:04:BE:47:F1:27:0C:FD:C0:95:AF:79:8F:E3:02:86:4B:6A:5E
            X509v3 Authority Key Identifier:
                keyid:3D:B3:42:06:25:77:16:9A:63:59:7E:9E:3A:64:25:FC:DE:6C:16:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PbNCBiV3FppjWX6eOmQl_N5sFmE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/510066-471e-472a-8978-497277afbaa5/1/Y7AEvkfxJwz9wJWveY_jAoZLal4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/510066-471e-472a-8978-497277afbaa5/1/PbNCBiV3FppjWX6eOmQl_N5sFmE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.225.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:af:42:4d:0b:d0:c7:64:d3:1c:e7:ad:d7:8a:7e:74:0c:d0:
         40:72:b5:39:4d:68:55:d9:87:04:ee:21:49:f5:72:9e:86:6f:
         36:04:c2:72:d7:50:3c:6f:df:59:93:a5:1a:1d:c2:7d:7f:bc:
         4c:b3:83:a7:03:1c:bb:c3:08:38:81:e6:8f:6a:0c:bc:10:0b:
         0b:98:1a:b1:81:6f:f8:8a:2d:a6:fc:eb:22:40:de:c7:75:72:
         70:9d:06:36:5c:a2:26:7c:6f:94:70:bd:78:8f:0d:03:34:5e:
         e1:50:af:e3:e3:3f:28:ef:25:8c:93:df:c3:be:f8:62:e8:25:
         18:37:d1:5e:a9:8e:60:36:bb:06:ef:e2:b4:02:75:3e:e1:93:
         ee:d8:d1:1b:73:83:f6:0f:9c:20:98:6d:67:ca:7c:8a:b4:92:
         b9:8e:91:d1:9d:45:e8:ee:7d:b5:61:7a:9f:49:86:36:f3:09:
         8c:b1:d6:3a:59:ff:e6:a7:7c:e1:13:ab:20:42:5a:ba:ee:fe:
         4f:3f:17:83:fb:f1:08:3f:7c:98:c3:f2:6a:9f:41:ab:31:08:
         a9:f7:3d:be:5b:25:73:db:cf:18:e1:01:b2:1c:0f:8c:fa:d8:
         a5:ec:96:02:3f:e9:bb:a3:b4:24:8b:c5:d1:fa:4a:5f:a6:c1:
         85:72:ce:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKpx6tiFoYer86cMPbGRNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkYjM0MjA2MjU3NzE2OWE2MzU5N2U5ZTNhNjQyNWZjZGU2
YzE2NjEwHhcNMjQwMTAyMTIzMzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2IwMDRiZTQ3ZjEyNzBjZmRjMDk1YWY3OThmZTMwMjg2NGI2YTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylK/asMDPs1ssrSGBSmKRxzBUXE9
3yX7KcEhaucNMLIQ/taGM/Uhbh+U80DVFhsgxyM3yGPOfj9Tc9aSk37y8XBNXeqE
DztEVoRcdiZhoHsfTmzT8J3z+dftUGgSdnFMyPJx/6uJpNztRGFvcvJBhOHwnmXd
WCtBzOwJhi0vNOcSV/pZvdQLGy+yNtwC9QtHJDuCLJl7IqzI4OfRTCLYy/FQ7SrH
UNYg30sUnAmpuOmHVNCM2Si/SMTqX9kQC+E+u4dOeqPoJKQrMwHpj5XrsTchRMxh
a22WM5nvpsTW/vGoubuG/w/5ZpprJyKyHo0tZWfWRUpK8SIQ0fSdFPqeUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGOwBL5H8ScM/cCVr3mP4wKGS2peMB8GA1UdIwQY
MBaAFD2zQgYldxaaY1l+njpkJfzebBZhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGJOQ0JpVjNGcHBqV1g2ZU9tUWxfTjVzRm1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC81MTAwNjYtNDcxZS00NzJhLTg5Nzgt
NDk3Mjc3YWZiYWE1LzEvWTdBRXZrZnhKd3o5d0pXdmVZX2pBb1pMYWw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC81MTAwNjYtNDcxZS00NzJhLTg5NzgtNDk3Mjc3YWZiYWE1
LzEvUGJOQ0JpVjNGcHBqV1g2ZU9tUWxfTjVzRm1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+GgMA0G
CSqGSIb3DQEBCwUAA4IBAQCOr0JNC9DHZNMc563Xin50DNBAcrU5TWhV2YcE7iFJ
9XKehm82BMJy11A8b99Zk6UaHcJ9f7xMs4OnAxy7wwg4geaPagy8EAsLmBqxgW/4
ii2m/OsiQN7HdXJwnQY2XKImfG+UcL14jw0DNF7hUK/j4z8o7yWMk9/Dvvhi6CUY
N9FeqY5gNrsG7+K0AnU+4ZPu2NEbc4P2D5wgmG1nynyKtJK5jpHRnUXo7n21YXqf
SYY28wmMsdY6Wf/mp3zhE6sgQlq67v5PPxeD+/EIP3yYw/Jqn0GrMQip9z2+WyVz
288Y4QGyHA+M+til7JYCP+m7o7Qki8XR+kpfpsGFcs4i
-----END CERTIFICATE-----