Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/184099-35fe-43d6-a9b6-f76a87222ed0/1/5jUrJXborAOtnGotSmS4nKbYDAk.roa
File:                     5jUrJXborAOtnGotSmS4nKbYDAk.roa (raw, json)
Hash identifier:          IvFYRHb7dmOOVLrdMB5nIjcbWB8lah4T5NZjYR8i8hk=
Subject key identifier:   E6:35:2B:25:76:E8:AC:03:AD:9C:6A:2D:4A:64:B8:9C:A6:D8:0C:09
Certificate issuer:       /CN=ba3c124548e2bdf66110264ce97ea4fa231f30d6
Certificate serial:       018FF7FF30FD28D1AB1CC48C354262023015
Authority key identifier: BA:3C:12:45:48:E2:BD:F6:61:10:26:4C:E9:7E:A4:FA:23:1F:30:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ujwSRUjivfZhECZM6X6k-iMfMNY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/184099-35fe-43d6-a9b6-f76a87222ed0/1/5jUrJXborAOtnGotSmS4nKbYDAk.roa
Signing time:             Sat 08 Jun 2024 13:17:27 +0000
ROA not before:           Sat 08 Jun 2024 13:17:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51202
IP address blocks:        91.218.0.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/184099-35fe-43d6-a9b6-f76a87222ed0/1/ujwSRUjivfZhECZM6X6k-iMfMNY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/184099-35fe-43d6-a9b6-f76a87222ed0/1/ujwSRUjivfZhECZM6X6k-iMfMNY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ujwSRUjivfZhECZM6X6k-iMfMNY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 19:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f7:ff:30:fd:28:d1:ab:1c:c4:8c:35:42:62:02:30:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba3c124548e2bdf66110264ce97ea4fa231f30d6
        Validity
            Not Before: Jun  8 13:17:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6352b2576e8ac03ad9c6a2d4a64b89ca6d80c09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:db:bd:ad:28:56:7a:6f:ba:f9:af:b4:05:50:
                    7a:75:36:e2:c2:12:2c:ee:e2:be:5f:ea:46:f1:c2:
                    c1:17:be:eb:16:61:d5:6c:3d:6e:86:8b:77:aa:77:
                    97:41:c7:42:d1:f1:2f:42:95:27:c6:57:20:ae:1f:
                    c3:8e:69:f9:bd:ff:a4:15:6c:b0:d4:9f:28:de:57:
                    0a:d8:e0:5c:62:43:e5:7e:2f:b0:9f:d7:35:24:67:
                    4f:47:8f:e4:32:04:0d:7c:31:d8:78:01:46:82:0f:
                    03:c3:57:12:85:20:93:63:a3:8d:5b:0c:44:b3:6c:
                    15:84:78:49:81:4b:5c:35:13:d5:b2:98:e8:39:15:
                    09:cc:47:52:32:2c:f4:86:63:b5:6c:ed:1e:fa:b9:
                    84:9f:ac:18:87:8e:d0:4d:81:35:c2:b6:bb:f5:b0:
                    c1:08:28:f0:47:89:67:d6:1f:34:b9:44:47:34:04:
                    92:f7:41:89:b5:b5:72:20:a6:eb:f0:15:9a:8b:b9:
                    44:0e:87:34:ee:44:e9:92:93:98:26:f1:2a:d5:7c:
                    90:e1:4f:87:dc:f5:72:f9:67:47:63:a1:79:79:66:
                    3a:5e:ad:79:06:dc:f1:7c:2a:7b:36:fd:4c:1b:d2:
                    4c:95:62:46:37:d3:70:47:4a:c8:ea:29:a8:fa:08:
                    7c:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:35:2B:25:76:E8:AC:03:AD:9C:6A:2D:4A:64:B8:9C:A6:D8:0C:09
            X509v3 Authority Key Identifier:
                keyid:BA:3C:12:45:48:E2:BD:F6:61:10:26:4C:E9:7E:A4:FA:23:1F:30:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ujwSRUjivfZhECZM6X6k-iMfMNY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/184099-35fe-43d6-a9b6-f76a87222ed0/1/5jUrJXborAOtnGotSmS4nKbYDAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/184099-35fe-43d6-a9b6-f76a87222ed0/1/ujwSRUjivfZhECZM6X6k-iMfMNY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.218.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:23:4d:21:40:56:bc:32:be:69:b7:9b:1e:ed:d1:65:90:5a:
         71:22:ad:c9:99:2c:04:f9:47:cd:88:54:02:ce:ac:44:59:c0:
         b8:6e:25:c1:39:b3:e4:e5:f7:af:c6:ec:a3:6e:c1:fe:2c:63:
         2c:9f:30:af:0d:f7:10:74:d1:67:e7:b7:14:b3:95:2a:01:d4:
         b5:97:36:7d:ff:58:42:7f:ba:7d:46:63:b9:23:14:c5:0f:f7:
         0a:2a:e9:0c:17:bb:eb:67:f4:6b:60:ff:ec:ea:37:34:8c:2e:
         19:33:81:91:cf:db:c3:1c:77:d6:5a:6c:b9:c4:ec:0d:71:fb:
         ba:0f:08:3e:e2:24:b1:a5:21:94:2a:47:b6:4c:90:2c:19:8f:
         62:e5:76:3e:d1:81:c3:3d:17:be:6e:6a:6c:aa:9a:61:0e:72:
         22:f9:65:91:88:b7:80:bc:97:2b:a7:cf:eb:23:72:a9:b4:4b:
         c3:ea:08:28:5e:ff:82:f1:3e:37:56:a1:c7:f3:24:30:90:fb:
         5d:4f:12:35:6f:60:d9:3e:3d:02:cd:60:2a:80:0f:a3:ba:ff:
         6c:e2:7f:0c:6c:dc:c4:c5:e3:5b:78:e1:ad:a9:e0:b8:7e:a3:
         72:aa:c5:1c:00:dd:7c:df:1b:f8:0e:6a:09:7e:92:23:52:b1:
         1b:9a:2f:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/3/zD9KNGrHMSMNUJiAjAVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhM2MxMjQ1NDhlMmJkZjY2MTEwMjY0Y2U5N2VhNGZhMjMx
ZjMwZDYwHhcNMjQwNjA4MTMxNzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjM1MmIyNTc2ZThhYzAzYWQ5YzZhMmQ0YTY0Yjg5Y2E2ZDgwYzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7du9rShWem+6+a+0BVB6dTbiwhIs
7uK+X+pG8cLBF77rFmHVbD1uhot3qneXQcdC0fEvQpUnxlcgrh/Djmn5vf+kFWyw
1J8o3lcK2OBcYkPlfi+wn9c1JGdPR4/kMgQNfDHYeAFGgg8Dw1cShSCTY6ONWwxE
s2wVhHhJgUtcNRPVspjoORUJzEdSMiz0hmO1bO0e+rmEn6wYh47QTYE1wra79bDB
CCjwR4ln1h80uURHNASS90GJtbVyIKbr8BWai7lEDoc07kTpkpOYJvEq1XyQ4U+H
3PVy+WdHY6F5eWY6Xq15BtzxfCp7Nv1MG9JMlWJGN9NwR0rI6imo+gh8rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOY1KyV26KwDrZxqLUpkuJym2AwJMB8GA1UdIwQY
MBaAFLo8EkVI4r32YRAmTOl+pPojHzDWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWp3U1JVaml2ZlpoRUNaTTZYNmstaU1mTU5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8xODQwOTktMzVmZS00M2Q2LWE5YjYt
Zjc2YTg3MjIyZWQwLzEvNWpVckpYYm9yQU90bkdvdFNtUzRuS2JZREFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8xODQwOTktMzVmZS00M2Q2LWE5YjYtZjc2YTg3MjIyZWQw
LzEvdWp3U1JVaml2ZlpoRUNaTTZYNmstaU1mTU5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9oAMA0G
CSqGSIb3DQEBCwUAA4IBAQAVI00hQFa8Mr5pt5se7dFlkFpxIq3JmSwE+UfNiFQC
zqxEWcC4biXBObPk5fevxuyjbsH+LGMsnzCvDfcQdNFn57cUs5UqAdS1lzZ9/1hC
f7p9RmO5IxTFD/cKKukMF7vrZ/RrYP/s6jc0jC4ZM4GRz9vDHHfWWmy5xOwNcfu6
Dwg+4iSxpSGUKke2TJAsGY9i5XY+0YHDPRe+bmpsqpphDnIi+WWRiLeAvJcrp8/r
I3KptEvD6ggoXv+C8T43VqHH8yQwkPtdTxI1b2DZPj0CzWAqgA+juv9s4n8MbNzE
xeNbeOGtqeC4fqNyqsUcAN183xv4DmoJfpIjUrEbmi97
-----END CERTIFICATE-----