Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/BqU2V7vc5RZ7cWjxyhsvBSqNK-w.roa
File:                     BqU2V7vc5RZ7cWjxyhsvBSqNK-w.roa (raw, json)
Hash identifier:          Ak1VMlACLIrg+G5hdlSRbJuPwqFvs4r1eW1ilSpkwZ8=
Subject key identifier:   06:A5:36:57:BB:DC:E5:16:7B:71:68:F1:CA:1B:2F:05:2A:8D:2B:EC
Certificate issuer:       /CN=4986c73994d02d91fc97d916e9809a6d981e6b17
Certificate serial:       018CCA99BAD14CA02DAC74652EABC6669383
Authority key identifier: 49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/BqU2V7vc5RZ7cWjxyhsvBSqNK-w.roa
Signing time:             Tue 02 Jan 2024 14:35:21 +0000
ROA not before:           Tue 02 Jan 2024 14:35:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8100
IP address blocks:        91.132.160.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:ba:d1:4c:a0:2d:ac:74:65:2e:ab:c6:66:93:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4986c73994d02d91fc97d916e9809a6d981e6b17
        Validity
            Not Before: Jan  2 14:35:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06a53657bbdce5167b7168f1ca1b2f052a8d2bec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:74:e6:48:40:b1:80:bb:b3:7c:03:e7:2b:5d:
                    55:9a:34:d5:6c:cf:e4:1e:bf:43:79:2d:8b:46:fb:
                    9f:0e:d7:7d:21:6a:51:72:01:a0:34:85:35:3b:5b:
                    40:d9:4e:7f:42:82:ee:d7:b8:14:2f:14:1e:67:66:
                    f9:c0:39:7a:5f:e5:44:c5:22:cb:26:25:c1:dd:2d:
                    57:99:ae:94:0e:3d:fc:a6:28:92:71:37:c1:0c:4c:
                    59:d4:20:24:ea:4b:23:85:8d:85:29:ec:e1:36:7f:
                    23:a6:1e:08:42:d8:6f:44:61:41:cb:0b:9f:23:1b:
                    33:53:bb:4b:62:07:77:f4:6a:56:49:f6:ca:c1:d4:
                    0a:6b:43:d5:44:60:90:f3:3c:a7:03:1a:9d:0f:7c:
                    cd:f0:c5:70:22:f9:61:c4:8c:d0:1a:10:34:7a:e5:
                    17:92:05:84:94:13:6b:8e:0e:bc:e8:5f:53:fd:28:
                    b5:a5:24:b6:9b:87:3f:75:d9:87:9a:b1:d5:ca:d5:
                    c6:d6:cd:2e:9a:07:bf:60:39:4a:ec:31:81:25:8f:
                    0c:c5:eb:cc:17:ff:c5:99:9c:c9:8e:d5:b6:96:c4:
                    71:8f:b1:bd:cf:a1:53:be:01:d5:09:3c:a8:7f:c4:
                    93:d4:5c:1c:72:10:72:9c:b1:5f:18:c4:c1:d7:8c:
                    46:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:A5:36:57:BB:DC:E5:16:7B:71:68:F1:CA:1B:2F:05:2A:8D:2B:EC
            X509v3 Authority Key Identifier:
                keyid:49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/BqU2V7vc5RZ7cWjxyhsvBSqNK-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:96:40:5f:aa:51:49:69:2a:50:3a:60:20:ef:b6:2a:4c:63:
         23:c6:68:a5:98:28:12:d4:4a:8b:b6:4f:cd:57:a1:a9:ee:31:
         37:32:37:88:ce:3e:dd:89:0a:92:6c:ec:fc:b6:84:ae:49:19:
         1b:1c:a2:34:d9:34:ec:c5:57:a4:83:79:11:56:de:60:17:36:
         94:d1:7d:fa:1b:62:dc:72:2b:d1:74:e0:51:9a:aa:36:c7:cf:
         2f:56:c7:87:97:45:5c:e6:5e:39:77:0c:6b:c9:3a:fb:68:a0:
         fb:29:8f:3d:4b:4c:dc:de:75:a2:ca:4c:71:3b:3f:53:e1:ac:
         65:92:71:8f:56:56:17:98:59:53:c2:11:1c:36:fe:a4:d0:33:
         ab:8b:7f:51:83:1b:28:42:14:d1:87:b9:48:8a:92:0b:d1:af:
         f8:e1:ee:c0:fa:59:89:b2:bd:aa:33:71:99:fb:5c:47:d4:98:
         a4:f3:12:49:8d:bc:6d:36:ef:2b:9f:2f:bb:dc:87:c0:82:59:
         c5:6f:a8:c5:eb:8c:14:13:e8:0d:04:08:bb:1b:8a:bc:2c:e0:
         3b:1b:c3:0a:72:13:36:e9:d8:07:4c:c9:a5:7d:41:cf:95:08:
         08:cf:18:d8:e9:e8:79:05:1a:b0:69:67:1c:e2:cc:6c:03:bf:
         00:62:c5:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmbrRTKAtrHRlLqvGZpODMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ODZjNzM5OTRkMDJkOTFmYzk3ZDkxNmU5ODA5YTZkOTgx
ZTZiMTcwHhcNMjQwMTAyMTQzNTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmE1MzY1N2JiZGNlNTE2N2I3MTY4ZjFjYTFiMmYwNTJhOGQyYmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXTmSECxgLuzfAPnK11VmjTVbM/k
Hr9DeS2LRvufDtd9IWpRcgGgNIU1O1tA2U5/QoLu17gULxQeZ2b5wDl6X+VExSLL
JiXB3S1Xma6UDj38piiScTfBDExZ1CAk6ksjhY2FKezhNn8jph4IQthvRGFBywuf
IxszU7tLYgd39GpWSfbKwdQKa0PVRGCQ8zynAxqdD3zN8MVwIvlhxIzQGhA0euUX
kgWElBNrjg686F9T/Si1pSS2m4c/ddmHmrHVytXG1s0umge/YDlK7DGBJY8MxevM
F//FmZzJjtW2lsRxj7G9z6FTvgHVCTyof8ST1FwcchBynLFfGMTB14xGAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAalNle73OUWe3Fo8cobLwUqjSvsMB8GA1UdIwQY
MBaAFEmGxzmU0C2R/JfZFumAmm2YHmsXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzIt
OWU4OTVkMGVmOGQyLzEvQnFVMlY3dmM1Ulo3Y1dqeHloc3ZCU3FOSy13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzItOWU4OTVkMGVmOGQy
LzEvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW4SgMA0G
CSqGSIb3DQEBCwUAA4IBAQADlkBfqlFJaSpQOmAg77YqTGMjxmilmCgS1EqLtk/N
V6Gp7jE3MjeIzj7diQqSbOz8toSuSRkbHKI02TTsxVekg3kRVt5gFzaU0X36G2Lc
civRdOBRmqo2x88vVseHl0Vc5l45dwxryTr7aKD7KY89S0zc3nWiykxxOz9T4axl
knGPVlYXmFlTwhEcNv6k0DOri39RgxsoQhTRh7lIipIL0a/44e7A+lmJsr2qM3GZ
+1xH1Jik8xJJjbxtNu8rny+73IfAglnFb6jF64wUE+gNBAi7G4q8LOA7G8MKchM2
6dgHTMmlfUHPlQgIzxjY6eh5BRqwaWcc4sxsA78AYsX9
-----END CERTIFICATE-----