Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/c64d50-fcdd-4a9f-9047-293f6122a19d/1/R1U0vuxU7P-nEl5tGguzqtinaOM.roa
File:                     R1U0vuxU7P-nEl5tGguzqtinaOM.roa (raw, json)
Hash identifier:          tzLZB/7qSPIlikb4D0nXM1ouvegkzeu3cxkEpLrn3Ic=
Subject key identifier:   47:55:34:BE:EC:54:EC:FF:A7:12:5E:6D:1A:0B:B3:AA:D8:A7:68:E3
Certificate issuer:       /CN=92fb8fa10dff3473e653dbf61c9a86432180a5c7
Certificate serial:       018CC4934C27B432E1DD490BBB4EF5BDAE4B
Authority key identifier: 92:FB:8F:A1:0D:FF:34:73:E6:53:DB:F6:1C:9A:86:43:21:80:A5:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kvuPoQ3_NHPmU9v2HJqGQyGApcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/c64d50-fcdd-4a9f-9047-293f6122a19d/1/R1U0vuxU7P-nEl5tGguzqtinaOM.roa
Signing time:             Mon 01 Jan 2024 10:30:36 +0000
ROA not before:           Mon 01 Jan 2024 10:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211671
IP address blocks:        91.220.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/c64d50-fcdd-4a9f-9047-293f6122a19d/1/kvuPoQ3_NHPmU9v2HJqGQyGApcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/c64d50-fcdd-4a9f-9047-293f6122a19d/1/kvuPoQ3_NHPmU9v2HJqGQyGApcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kvuPoQ3_NHPmU9v2HJqGQyGApcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:4c:27:b4:32:e1:dd:49:0b:bb:4e:f5:bd:ae:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92fb8fa10dff3473e653dbf61c9a86432180a5c7
        Validity
            Not Before: Jan  1 10:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=475534beec54ecffa7125e6d1a0bb3aad8a768e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:fa:25:61:81:73:bc:10:de:2d:e7:ef:cd:44:
                    33:09:46:2f:8a:31:fb:b7:6f:79:4a:fc:28:c7:23:
                    96:ea:84:86:d2:2c:47:40:c4:22:13:39:35:e7:7f:
                    8f:f5:d0:50:dc:69:b3:50:ab:82:ba:e3:9b:fc:4e:
                    27:de:40:1f:56:8b:28:8f:a5:bc:0a:aa:0e:bb:ff:
                    f8:a1:4b:ee:25:50:db:eb:69:68:06:77:b5:25:0c:
                    07:22:21:94:71:61:cc:99:5d:cc:23:d1:71:63:a0:
                    dd:fe:f6:32:8a:0d:93:66:5c:0e:b4:07:9d:c6:11:
                    d2:da:6d:2f:5f:71:66:50:5f:2f:9b:05:07:3f:51:
                    b0:27:25:5e:09:93:9b:af:d4:2e:2f:30:cd:70:33:
                    d9:cd:d5:18:ec:a4:9f:0d:fd:30:f7:64:06:09:a5:
                    7a:6f:47:ba:35:db:8f:ed:3a:a4:37:c1:3c:9e:8f:
                    e2:05:f2:0b:6d:23:82:80:c5:2f:5c:9c:97:2f:38:
                    73:e9:35:fa:82:51:a9:e1:9b:12:48:c0:ab:00:45:
                    da:c5:a0:5d:8e:d8:68:42:9a:39:1f:70:be:b1:b2:
                    c1:69:31:9d:5c:62:a7:8b:cc:b9:9c:29:81:40:63:
                    b2:af:9c:fd:e4:5a:4b:6f:9c:06:cd:fb:0d:fb:62:
                    7d:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:55:34:BE:EC:54:EC:FF:A7:12:5E:6D:1A:0B:B3:AA:D8:A7:68:E3
            X509v3 Authority Key Identifier:
                keyid:92:FB:8F:A1:0D:FF:34:73:E6:53:DB:F6:1C:9A:86:43:21:80:A5:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kvuPoQ3_NHPmU9v2HJqGQyGApcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/c64d50-fcdd-4a9f-9047-293f6122a19d/1/R1U0vuxU7P-nEl5tGguzqtinaOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/c64d50-fcdd-4a9f-9047-293f6122a19d/1/kvuPoQ3_NHPmU9v2HJqGQyGApcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:c5:69:36:8b:92:2f:ff:63:74:3a:ac:c8:1b:64:5f:76:07:
         bb:7c:71:24:87:f6:a5:fe:39:4c:73:33:bd:e6:29:81:62:17:
         82:4a:4d:0c:95:dc:02:05:65:e9:d2:6f:7a:42:83:02:d0:76:
         41:4b:e8:2d:f2:66:5b:b6:ae:04:27:79:c2:4d:1a:6d:53:38:
         16:92:c7:d8:7f:89:ef:9d:cb:2d:e9:52:ce:6a:14:5a:4b:ba:
         ae:d1:8b:69:04:0d:09:ae:c1:d8:0e:ab:22:9a:33:bf:5f:fa:
         0b:3b:ca:06:3d:34:38:07:aa:7b:49:cc:9c:2a:23:b7:75:e0:
         d1:56:9f:67:38:34:01:c9:ee:a5:cb:55:fc:02:7d:01:b1:23:
         a4:2c:11:34:f6:f5:4d:c2:d7:7b:be:28:93:6e:c2:3c:82:71:
         7c:f3:17:88:a2:9a:38:66:6a:e1:c1:9b:49:97:8a:3a:a1:9f:
         af:eb:06:e3:89:7a:23:61:bc:07:9a:e5:c8:4e:ea:2d:86:cf:
         c2:c7:45:53:6f:a7:67:d6:8e:57:c1:44:8e:c7:7f:41:bf:51:
         45:36:86:50:b0:af:a2:9c:9f:06:97:91:fe:39:ec:e0:fe:70:
         5a:22:83:d6:09:33:54:84:6b:0e:79:6b:97:2b:87:b4:85:c1:
         08:9d:cb:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk0wntDLh3UkLu071va5LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZmI4ZmExMGRmZjM0NzNlNjUzZGJmNjFjOWE4NjQzMjE4
MGE1YzcwHhcNMjQwMTAxMTAzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzU1MzRiZWVjNTRlY2ZmYTcxMjVlNmQxYTBiYjNhYWQ4YTc2OGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/olYYFzvBDeLefvzUQzCUYvijH7
t295SvwoxyOW6oSG0ixHQMQiEzk153+P9dBQ3GmzUKuCuuOb/E4n3kAfVosoj6W8
CqoOu//4oUvuJVDb62loBne1JQwHIiGUcWHMmV3MI9FxY6Dd/vYyig2TZlwOtAed
xhHS2m0vX3FmUF8vmwUHP1GwJyVeCZObr9QuLzDNcDPZzdUY7KSfDf0w92QGCaV6
b0e6NduP7TqkN8E8no/iBfILbSOCgMUvXJyXLzhz6TX6glGp4ZsSSMCrAEXaxaBd
jthoQpo5H3C+sbLBaTGdXGKni8y5nCmBQGOyr5z95FpLb5wGzfsN+2J9xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEdVNL7sVOz/pxJebRoLs6rYp2jjMB8GA1UdIwQY
MBaAFJL7j6EN/zRz5lPb9hyahkMhgKXHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3Z1UG9RM19OSFBtVTl2MkhKcUdReUdBcGNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9jNjRkNTAtZmNkZC00YTlmLTkwNDct
MjkzZjYxMjJhMTlkLzEvUjFVMHZ1eFU3UC1uRWw1dEdndXpxdGluYU9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9jNjRkNTAtZmNkZC00YTlmLTkwNDctMjkzZjYxMjJhMTlk
LzEva3Z1UG9RM19OSFBtVTl2MkhKcUdReUdBcGNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9wKMA0G
CSqGSIb3DQEBCwUAA4IBAQA8xWk2i5Iv/2N0OqzIG2Rfdge7fHEkh/al/jlMczO9
5imBYheCSk0MldwCBWXp0m96QoMC0HZBS+gt8mZbtq4EJ3nCTRptUzgWksfYf4nv
ncst6VLOahRaS7qu0YtpBA0JrsHYDqsimjO/X/oLO8oGPTQ4B6p7ScycKiO3deDR
Vp9nODQBye6ly1X8An0BsSOkLBE09vVNwtd7viiTbsI8gnF88xeIopo4ZmrhwZtJ
l4o6oZ+v6wbjiXojYbwHmuXITuoths/Cx0VTb6dn1o5XwUSOx39Bv1FFNoZQsK+i
nJ8Gl5H+Oezg/nBaIoPWCTNUhGsOeWuXK4e0hcEIncsV
-----END CERTIFICATE-----