Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/My21w7hOKt8S_WD_k_QYtqP3xJs.roa
File:                     My21w7hOKt8S_WD_k_QYtqP3xJs.roa (raw, json)
Hash identifier:          SNGrCJdmGfgFecOlXyAeNc49ywc7GdzsG1QojBwlWhY=
Subject key identifier:   33:2D:B5:C3:B8:4E:2A:DF:12:FD:60:FF:93:F4:18:B6:A3:F7:C4:9B
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       018F63E3127559E24EEC23208D5ECD0E152B
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/My21w7hOKt8S_WD_k_QYtqP3xJs.roa
Signing time:             Fri 10 May 2024 19:02:56 +0000
ROA not before:           Fri 10 May 2024 19:02:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43278
IP address blocks:        91.220.80.0/24 maxlen: 24
                          194.147.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:63:e3:12:75:59:e2:4e:ec:23:20:8d:5e:cd:0e:15:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: May 10 19:02:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=332db5c3b84e2adf12fd60ff93f418b6a3f7c49b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:53:29:0e:c4:cd:fe:94:b4:a0:a6:37:d0:23:
                    45:17:81:25:a2:8a:83:ab:e3:c5:5b:36:08:5b:86:
                    5e:1a:82:6a:59:b5:60:4f:94:61:9c:52:ad:2b:16:
                    7d:90:d8:88:52:bd:d6:e2:b6:19:c5:2b:8b:eb:a8:
                    63:4d:76:9d:bb:7e:88:9c:08:7d:72:7e:93:a0:30:
                    1f:20:4c:fb:af:34:d9:56:5e:b0:db:16:92:ca:e8:
                    92:3a:90:50:d6:45:69:f9:c3:1a:b9:5b:46:8b:ca:
                    f7:be:4a:26:f6:63:79:63:91:a3:bc:3f:ce:6e:77:
                    a8:56:ba:00:70:58:06:a9:cf:80:10:a2:af:24:9c:
                    f6:00:fd:e0:76:cb:58:23:dd:f2:dd:01:0f:3e:f2:
                    4f:05:b5:02:1b:fa:26:fb:c1:c3:70:f5:07:85:7b:
                    88:f4:88:23:15:d1:42:b6:2d:f6:8f:d2:32:cb:56:
                    d4:42:61:5f:90:90:c1:e5:7d:6a:9c:0d:bc:ba:ca:
                    ef:e1:1d:77:7f:6e:1d:52:20:ba:b2:bf:06:94:ef:
                    b5:08:43:15:eb:61:39:c0:58:91:31:ad:19:78:72:
                    23:60:ab:97:cb:87:60:cb:e3:bc:d0:26:3c:5b:0e:
                    55:13:8d:a3:11:3d:a7:cc:e0:01:b3:14:d0:36:f4:
                    17:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:2D:B5:C3:B8:4E:2A:DF:12:FD:60:FF:93:F4:18:B6:A3:F7:C4:9B
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/My21w7hOKt8S_WD_k_QYtqP3xJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.80.0/24
                  194.147.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:1d:73:5c:d9:ca:5e:4a:4d:f9:1a:64:b0:1b:69:e6:76:fa:
         3e:d7:dc:32:b2:4c:27:2f:54:ac:dd:bb:49:dc:fd:57:fa:56:
         bc:16:34:7f:b2:f7:78:78:aa:de:dd:20:1a:02:65:47:98:1c:
         de:58:24:97:9f:15:d9:1e:34:9f:e8:79:3d:fb:83:81:1a:6b:
         a3:d9:7f:97:f2:7a:c7:ac:0a:a8:89:a7:90:89:cb:ab:bd:8e:
         55:c7:95:56:e9:65:d6:42:eb:e3:83:c3:cf:af:b1:77:9f:04:
         26:d9:5e:6c:23:44:8e:2d:1a:5c:c0:56:8a:96:95:ee:bb:18:
         02:11:d3:58:6f:f5:c9:06:38:89:fa:95:6d:23:b1:d1:13:6f:
         09:6d:6d:9f:18:d4:c5:a5:4f:af:97:f7:ff:9d:ac:da:da:34:
         56:49:44:54:48:d7:a5:75:c8:2a:96:5d:cb:0f:cd:61:80:e9:
         8c:56:97:2a:f2:d2:15:30:79:04:db:08:0b:36:fe:19:7c:af:
         7e:17:44:c2:41:82:34:0b:89:34:ca:fa:1e:34:ef:49:94:74:
         bc:f6:34:19:8c:80:a7:de:ed:87:6b:d9:61:fd:4c:3a:8e:13:
         16:de:ee:97:8b:1c:a9:94:c5:f0:6e:ba:3f:15:0b:3f:61:e7:
         2c:79:29:18
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9j4xJ1WeJO7CMgjV7NDhUrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQwNTEwMTkwMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzJkYjVjM2I4NGUyYWRmMTJmZDYwZmY5M2Y0MThiNmEzZjdjNDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFMpDsTN/pS0oKY30CNFF4ElooqD
q+PFWzYIW4ZeGoJqWbVgT5RhnFKtKxZ9kNiIUr3W4rYZxSuL66hjTXadu36InAh9
cn6ToDAfIEz7rzTZVl6w2xaSyuiSOpBQ1kVp+cMauVtGi8r3vkom9mN5Y5GjvD/O
bneoVroAcFgGqc+AEKKvJJz2AP3gdstYI93y3QEPPvJPBbUCG/om+8HDcPUHhXuI
9IgjFdFCti32j9Iyy1bUQmFfkJDB5X1qnA28usrv4R13f24dUiC6sr8GlO+1CEMV
62E5wFiRMa0ZeHIjYKuXy4dgy+O80CY8Ww5VE42jET2nzOABsxTQNvQXwQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDMttcO4TirfEv1g/5P0GLaj98SbMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvTXkyMXc3aE9LdDhTX1dEX2tfUVl0cVAzeEpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9xQAwQA
wpNaMA0GCSqGSIb3DQEBCwUAA4IBAQA4HXNc2cpeSk35GmSwG2nmdvo+19wyskwn
L1Ss3btJ3P1X+la8FjR/svd4eKre3SAaAmVHmBzeWCSXnxXZHjSf6Hk9+4OBGmuj
2X+X8nrHrAqoiaeQicurvY5Vx5VW6WXWQuvjg8PPr7F3nwQm2V5sI0SOLRpcwFaK
lpXuuxgCEdNYb/XJBjiJ+pVtI7HRE28JbW2fGNTFpU+vl/f/naza2jRWSURUSNel
dcgqll3LD81hgOmMVpcq8tIVMHkE2wgLNv4ZfK9+F0TCQYI0C4k0yvoeNO9JlHS8
9jQZjICn3u2Ha9lh/Uw6jhMW3u6XixyplMXwbro/FQs/YecseSkY
-----END CERTIFICATE-----