Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/72bd07-3cf1-45b1-9eef-b847eb77afc8/1/tnZ23ESXSMpZTpRo_eGIE2sBXeo.roa
File:                     tnZ23ESXSMpZTpRo_eGIE2sBXeo.roa (raw, json)
Hash identifier:          ho1iGFdpsd7UJzqy7dqJIXAfbJ4hgImkpBW0NTJ9qkM=
Subject key identifier:   B6:76:76:DC:44:97:48:CA:59:4E:94:68:FD:E1:88:13:6B:01:5D:EA
Certificate issuer:       /CN=98afe969cf0ea93a0e8e57ee9588caf5572b3b22
Certificate serial:       01904C318EC90052B7052D8088025DA70AC6
Authority key identifier: 98:AF:E9:69:CF:0E:A9:3A:0E:8E:57:EE:95:88:CA:F5:57:2B:3B:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mK_pac8OqToOjlfulYjK9VcrOyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/72bd07-3cf1-45b1-9eef-b847eb77afc8/1/tnZ23ESXSMpZTpRo_eGIE2sBXeo.roa
Signing time:             Mon 24 Jun 2024 21:40:34 +0000
ROA not before:           Mon 24 Jun 2024 21:40:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59611
IP address blocks:        91.245.80.0/21 maxlen: 21
                          195.20.200.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/72bd07-3cf1-45b1-9eef-b847eb77afc8/1/mK_pac8OqToOjlfulYjK9VcrOyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/72bd07-3cf1-45b1-9eef-b847eb77afc8/1/mK_pac8OqToOjlfulYjK9VcrOyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mK_pac8OqToOjlfulYjK9VcrOyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jul 2024 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4c:31:8e:c9:00:52:b7:05:2d:80:88:02:5d:a7:0a:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98afe969cf0ea93a0e8e57ee9588caf5572b3b22
        Validity
            Not Before: Jun 24 21:40:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b67676dc449748ca594e9468fde188136b015dea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:38:c8:22:1d:55:af:e1:19:4f:40:e2:28:57:
                    ac:a3:a9:8c:c2:39:f6:bb:f2:fc:ac:a5:f2:89:7b:
                    ce:4c:2a:7f:e0:5a:6e:42:37:53:87:68:69:93:6c:
                    8a:b6:f1:9a:f1:16:4d:db:c4:32:11:f6:e8:e5:96:
                    d4:d1:0b:bb:3d:e2:7c:32:96:a7:b4:38:9c:74:65:
                    17:ac:7c:60:9c:13:c5:28:80:e0:9d:59:99:72:d5:
                    80:d8:1b:3f:fc:7c:4a:cb:c8:90:fc:72:a4:15:c2:
                    aa:c0:87:9b:5d:fd:bb:c2:04:a0:34:c6:c2:df:9a:
                    dd:62:4c:f3:96:e0:b0:57:33:6f:bf:a6:4e:6a:58:
                    45:37:6e:90:b4:49:b3:66:4e:08:e1:32:1e:3e:87:
                    bb:a7:8b:6b:ee:14:b3:9f:cd:aa:b1:b5:5c:68:d8:
                    55:d9:24:60:ef:0c:11:9f:51:a1:d7:55:26:9d:03:
                    e9:50:61:f3:24:ef:4b:7f:9e:2a:80:b0:b9:97:00:
                    5d:8f:28:c9:a7:46:4a:f9:8c:4a:33:03:37:62:4c:
                    71:a6:f8:b9:5f:8d:4b:89:d0:5c:3a:47:05:2a:b9:
                    e1:62:13:af:4a:1f:36:94:4e:a3:58:53:8b:56:94:
                    32:74:aa:d4:72:56:fd:f2:83:8a:72:46:7d:61:35:
                    41:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:76:76:DC:44:97:48:CA:59:4E:94:68:FD:E1:88:13:6B:01:5D:EA
            X509v3 Authority Key Identifier:
                keyid:98:AF:E9:69:CF:0E:A9:3A:0E:8E:57:EE:95:88:CA:F5:57:2B:3B:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mK_pac8OqToOjlfulYjK9VcrOyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/72bd07-3cf1-45b1-9eef-b847eb77afc8/1/tnZ23ESXSMpZTpRo_eGIE2sBXeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/72bd07-3cf1-45b1-9eef-b847eb77afc8/1/mK_pac8OqToOjlfulYjK9VcrOyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.245.80.0/21
                  195.20.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:e5:15:ca:64:97:ce:e4:8f:ab:3c:26:db:16:0d:77:bc:d2:
         d5:1d:c8:39:2f:33:80:61:ea:52:15:d4:d1:ca:06:a7:54:8d:
         d5:29:0e:23:23:05:7c:4a:27:04:8d:85:e4:80:8c:e1:50:d5:
         b1:85:b2:b9:0d:fc:3b:7d:69:a8:8d:03:0b:31:aa:a5:84:42:
         9d:dc:2a:e4:f9:b4:f4:b2:cb:30:d9:ba:a2:85:3c:0b:28:54:
         11:94:ca:28:8c:a3:bb:fb:19:d7:4e:ed:ad:1a:63:9d:90:cb:
         80:d2:36:83:b1:dc:bc:16:b4:b0:da:20:39:c5:f9:13:c4:15:
         a4:f2:ce:9c:7b:f9:9b:46:21:1f:1c:8a:1d:2d:0c:fe:97:84:
         84:d5:40:06:46:60:f4:ef:ca:ac:e2:7f:4e:fa:1d:02:06:c6:
         c8:ba:a8:67:94:47:bc:88:52:76:d9:7a:b6:b2:cf:8b:87:f4:
         5f:bf:4f:7c:f7:5c:99:eb:3a:54:1d:c8:23:6f:53:8a:28:3c:
         0c:79:6d:e9:04:19:33:a7:32:bf:a1:18:31:86:ac:be:32:1b:
         b9:00:82:48:ee:89:ab:10:5e:91:4a:d1:06:ca:1a:43:10:62:
         e4:45:32:37:e9:91:90:cb:d6:00:72:63:0e:87:1b:c5:ad:ca:
         f9:7c:53:46
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZBMMY7JAFK3BS2AiAJdpwrGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4YWZlOTY5Y2YwZWE5M2EwZThlNTdlZTk1ODhjYWY1NTcy
YjNiMjIwHhcNMjQwNjI0MjE0MDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjc2NzZkYzQ0OTc0OGNhNTk0ZTk0NjhmZGUxODgxMzZiMDE1ZGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jjIIh1Vr+EZT0DiKFeso6mMwjn2
u/L8rKXyiXvOTCp/4FpuQjdTh2hpk2yKtvGa8RZN28QyEfbo5ZbU0Qu7PeJ8Mpan
tDicdGUXrHxgnBPFKIDgnVmZctWA2Bs//HxKy8iQ/HKkFcKqwIebXf27wgSgNMbC
35rdYkzzluCwVzNvv6ZOalhFN26QtEmzZk4I4TIePoe7p4tr7hSzn82qsbVcaNhV
2SRg7wwRn1Gh11UmnQPpUGHzJO9Lf54qgLC5lwBdjyjJp0ZK+YxKMwM3Ykxxpvi5
X41LidBcOkcFKrnhYhOvSh82lE6jWFOLVpQydKrUclb98oOKckZ9YTVBLwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLZ2dtxEl0jKWU6UaP3hiBNrAV3qMB8GA1UdIwQY
MBaAFJiv6WnPDqk6Do5X7pWIyvVXKzsiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUtfcGFjOE9xVG9PamxmdWxZaks5VmNyT3lJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC83MmJkMDctM2NmMS00NWIxLTllZWYt
Yjg0N2ViNzdhZmM4LzEvdG5aMjNFU1hTTXBaVHBSb19lR0lFMnNCWGVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC83MmJkMDctM2NmMS00NWIxLTllZWYtYjg0N2ViNzdhZmM4
LzEvbUtfcGFjOE9xVG9PamxmdWxZaks5VmNyT3lJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDW/VQAwQB
wxTIMA0GCSqGSIb3DQEBCwUAA4IBAQBG5RXKZJfO5I+rPCbbFg13vNLVHcg5LzOA
YepSFdTRyganVI3VKQ4jIwV8SicEjYXkgIzhUNWxhbK5Dfw7fWmojQMLMaqlhEKd
3Crk+bT0sssw2bqihTwLKFQRlMoojKO7+xnXTu2tGmOdkMuA0jaDsdy8FrSw2iA5
xfkTxBWk8s6ce/mbRiEfHIodLQz+l4SE1UAGRmD078qs4n9O+h0CBsbIuqhnlEe8
iFJ22Xq2ss+Lh/Rfv09891yZ6zpUHcgjb1OKKDwMeW3pBBkzpzK/oRgxhqy+Mhu5
AIJI7omrEF6RStEGyhpDEGLkRTI36ZGQy9YAcmMOhxvFrcr5fFNG
-----END CERTIFICATE-----