Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/67a9fb-a85b-431d-afb5-d0d33b1668a5/1/It5xo9nBwiM5ZBlEVH1g5RBU3_I.roa
File:                     It5xo9nBwiM5ZBlEVH1g5RBU3_I.roa (raw, json)
Hash identifier:          G3z6Pu7g22w6vBA9Z7HXMGTPPv4BW2taRDag2CMkpzg=
Subject key identifier:   22:DE:71:A3:D9:C1:C2:23:39:64:19:44:54:7D:60:E5:10:54:DF:F2
Certificate issuer:       /CN=135d44f9029e1b5d743cfce5811efe5e26f8c862
Certificate serial:       018E371A76E45772BCD9662EBF6BF41962DF
Authority key identifier: 13:5D:44:F9:02:9E:1B:5D:74:3C:FC:E5:81:1E:FE:5E:26:F8:C8:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E11E-QKeG110PPzlgR7-Xib4yGI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/67a9fb-a85b-431d-afb5-d0d33b1668a5/1/It5xo9nBwiM5ZBlEVH1g5RBU3_I.roa
Signing time:             Wed 13 Mar 2024 09:17:45 +0000
ROA not before:           Wed 13 Mar 2024 09:17:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56461
IP address blocks:        91.224.176.0/23 maxlen: 24
                          188.191.176.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/67a9fb-a85b-431d-afb5-d0d33b1668a5/1/E11E-QKeG110PPzlgR7-Xib4yGI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/67a9fb-a85b-431d-afb5-d0d33b1668a5/1/E11E-QKeG110PPzlgR7-Xib4yGI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E11E-QKeG110PPzlgR7-Xib4yGI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:37:1a:76:e4:57:72:bc:d9:66:2e:bf:6b:f4:19:62:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=135d44f9029e1b5d743cfce5811efe5e26f8c862
        Validity
            Not Before: Mar 13 09:17:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22de71a3d9c1c22339641944547d60e51054dff2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:59:11:87:a4:f3:d1:c1:c9:ae:64:09:ce:09:
                    8d:a7:31:d6:7a:f3:6e:ff:84:2a:3e:78:3b:cc:24:
                    32:68:c7:b4:f8:7a:ad:42:5c:5b:26:7d:85:83:d2:
                    e5:63:77:9c:7c:19:3a:4e:e1:b3:be:c9:82:0c:95:
                    d0:c1:53:9a:a7:0e:71:f2:a0:85:b1:84:b3:e2:7f:
                    e6:9c:09:8b:08:73:9c:27:a8:94:1f:f4:6b:13:d1:
                    d2:6c:c4:5a:8d:30:8a:17:16:45:53:e7:a5:78:d9:
                    fe:97:98:00:6c:56:98:bb:25:08:0f:a6:62:b8:39:
                    64:2c:4e:6e:26:25:f1:4f:1d:59:9e:2e:07:c7:88:
                    6d:e5:3b:16:c8:23:ba:8f:9c:c7:87:c6:f0:ad:43:
                    e5:d2:7a:2d:27:18:d0:79:d8:05:5e:4d:d2:9f:ce:
                    9b:f8:35:0f:a8:d0:b2:d7:b8:04:02:8d:93:63:2b:
                    b0:3a:01:bc:9b:56:85:38:3b:ca:e7:a0:86:6e:4f:
                    91:1b:05:02:c0:d9:a2:b2:b4:17:af:85:0a:80:35:
                    a7:6a:01:c4:7b:88:d3:2b:2f:d7:40:69:97:67:12:
                    b4:d8:96:a5:b8:cf:10:ea:c9:20:38:3e:f1:ef:d9:
                    a3:ff:3f:7f:ce:55:50:18:95:8e:a9:d4:8a:1d:32:
                    d5:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:DE:71:A3:D9:C1:C2:23:39:64:19:44:54:7D:60:E5:10:54:DF:F2
            X509v3 Authority Key Identifier:
                keyid:13:5D:44:F9:02:9E:1B:5D:74:3C:FC:E5:81:1E:FE:5E:26:F8:C8:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E11E-QKeG110PPzlgR7-Xib4yGI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/67a9fb-a85b-431d-afb5-d0d33b1668a5/1/It5xo9nBwiM5ZBlEVH1g5RBU3_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/67a9fb-a85b-431d-afb5-d0d33b1668a5/1/E11E-QKeG110PPzlgR7-Xib4yGI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.176.0/23
                  188.191.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7d:cb:07:ef:d1:98:2a:fe:eb:aa:80:3f:ca:97:30:80:86:88:
         1c:99:f6:54:f6:64:c7:a4:93:f2:53:be:9c:59:09:cd:11:25:
         e1:74:5f:49:54:2a:98:94:04:97:95:d4:74:c3:98:dc:b7:f1:
         d3:33:ae:85:ce:46:44:5b:0d:35:e9:c1:9e:7e:db:61:3b:90:
         52:c6:d7:98:56:53:dd:d9:5f:45:7c:fe:36:15:d9:34:02:57:
         aa:50:25:74:34:ae:ec:39:79:8e:b3:ef:d6:2f:a6:10:9a:10:
         69:d8:58:29:88:ac:23:52:77:17:2b:ea:dc:40:14:a1:de:ae:
         4f:4f:31:c0:38:23:6b:96:7c:6e:33:fe:b8:35:20:a1:59:5d:
         61:c1:45:74:db:1e:7f:18:35:dd:ba:ce:94:e2:0d:e0:d7:56:
         f9:d8:e4:c7:31:b3:d7:6b:7b:ea:2c:59:91:4c:ba:92:7e:7e:
         f0:c8:0e:97:0c:42:e9:72:f4:21:27:7a:a3:19:25:f0:f0:bf:
         a9:74:7f:20:51:2f:d7:b3:8f:41:0c:26:91:44:69:9a:44:d9:
         60:58:d1:13:27:00:0c:11:87:b8:8f:17:30:be:53:ed:11:0d:
         c4:4d:93:50:af:cf:4f:4e:4c:cd:a9:e7:94:3a:d3:d5:bc:3d:
         f7:37:48:00
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY43GnbkV3K82WYuv2v0GWLfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzNWQ0NGY5MDI5ZTFiNWQ3NDNjZmNlNTgxMWVmZTVlMjZm
OGM4NjIwHhcNMjQwMzEzMDkxNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmRlNzFhM2Q5YzFjMjIzMzk2NDE5NDQ1NDdkNjBlNTEwNTRkZmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzlkRh6Tz0cHJrmQJzgmNpzHWevNu
/4QqPng7zCQyaMe0+HqtQlxbJn2Fg9LlY3ecfBk6TuGzvsmCDJXQwVOapw5x8qCF
sYSz4n/mnAmLCHOcJ6iUH/RrE9HSbMRajTCKFxZFU+eleNn+l5gAbFaYuyUID6Zi
uDlkLE5uJiXxTx1Zni4Hx4ht5TsWyCO6j5zHh8bwrUPl0notJxjQedgFXk3Sn86b
+DUPqNCy17gEAo2TYyuwOgG8m1aFODvK56CGbk+RGwUCwNmisrQXr4UKgDWnagHE
e4jTKy/XQGmXZxK02JaluM8Q6skgOD7x79mj/z9/zlVQGJWOqdSKHTLVHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCLecaPZwcIjOWQZRFR9YOUQVN/yMB8GA1UdIwQY
MBaAFBNdRPkCnhtddDz85YEe/l4m+MhiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTExRS1RS2VHMTEwUFB6bGdSNy1YaWI0eUdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy82N2E5ZmItYTg1Yi00MzFkLWFmYjUt
ZDBkMzNiMTY2OGE1LzEvSXQ1eG85bkJ3aU01WkJsRVZIMWc1UkJVM19JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy82N2E5ZmItYTg1Yi00MzFkLWFmYjUtZDBkMzNiMTY2OGE1
LzEvRTExRS1RS2VHMTEwUFB6bGdSNy1YaWI0eUdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+CwAwQD
vL+wMA0GCSqGSIb3DQEBCwUAA4IBAQB9ywfv0Zgq/uuqgD/KlzCAhogcmfZU9mTH
pJPyU76cWQnNESXhdF9JVCqYlASXldR0w5jct/HTM66FzkZEWw016cGeftthO5BS
xteYVlPd2V9FfP42Fdk0AleqUCV0NK7sOXmOs+/WL6YQmhBp2FgpiKwjUncXK+rc
QBSh3q5PTzHAOCNrlnxuM/64NSChWV1hwUV02x5/GDXdus6U4g3g11b52OTHMbPX
a3vqLFmRTLqSfn7wyA6XDELpcvQhJ3qjGSXw8L+pdH8gUS/Xs49BDCaRRGmaRNlg
WNETJwAMEYe4jxcwvlPtEQ3ETZNQr89PTkzNqeeUOtPVvD33N0gA
-----END CERTIFICATE-----