Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/99a01f-bb52-4712-94d0-bf924a825f58/1/wqXgjYdGzwOEpA8wlATVpDYLHwg.roa
File:                     wqXgjYdGzwOEpA8wlATVpDYLHwg.roa (raw, json)
Hash identifier:          MnuwxkK8XPFm9tWuY5VoUp8ZBnBsEXxZ8mq9ze1IwSM=
Subject key identifier:   C2:A5:E0:8D:87:46:CF:03:84:A4:0F:30:94:04:D5:A4:36:0B:1F:08
Certificate issuer:       /CN=13b9b21c0081d23c4a21f60a084a75cb5f95bea2
Certificate serial:       018CC56E83F40FCE0E2C1ABD15D475FCE758
Authority key identifier: 13:B9:B2:1C:00:81:D2:3C:4A:21:F6:0A:08:4A:75:CB:5F:95:BE:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E7myHACB0jxKIfYKCEp1y1-VvqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/99a01f-bb52-4712-94d0-bf924a825f58/1/wqXgjYdGzwOEpA8wlATVpDYLHwg.roa
Signing time:             Mon 01 Jan 2024 14:30:03 +0000
ROA not before:           Mon 01 Jan 2024 14:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3257
IP address blocks:        91.222.220.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/99a01f-bb52-4712-94d0-bf924a825f58/1/E7myHACB0jxKIfYKCEp1y1-VvqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/99a01f-bb52-4712-94d0-bf924a825f58/1/E7myHACB0jxKIfYKCEp1y1-VvqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E7myHACB0jxKIfYKCEp1y1-VvqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:83:f4:0f:ce:0e:2c:1a:bd:15:d4:75:fc:e7:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13b9b21c0081d23c4a21f60a084a75cb5f95bea2
        Validity
            Not Before: Jan  1 14:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2a5e08d8746cf0384a40f309404d5a4360b1f08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:6e:fc:fb:94:72:7d:b9:76:42:e6:f1:d5:be:
                    08:81:3c:0a:43:f7:e1:5e:7f:8b:ba:47:8e:8b:24:
                    e3:68:75:83:3f:29:ff:ab:8e:bb:a7:cb:e9:92:88:
                    31:5a:43:bd:75:85:05:34:44:13:ed:f7:dc:e6:0b:
                    d9:02:ba:bf:62:a4:db:51:fc:9d:48:89:c8:e0:a8:
                    e0:46:e6:8b:ce:e9:7c:9d:24:91:d5:3a:61:6c:ab:
                    2c:ad:d3:60:0f:ea:3f:d8:93:61:0a:03:86:b7:22:
                    c5:29:71:fe:38:1e:cb:49:7f:6f:0e:29:3d:21:b6:
                    4b:d0:e1:a8:98:a3:26:70:c9:2d:bc:66:50:49:c5:
                    36:da:84:50:02:f5:f3:e0:58:8b:61:f8:27:72:f3:
                    92:96:b0:11:a4:48:b8:c0:32:7e:f9:d8:ef:20:78:
                    0a:bb:f8:ca:17:d6:f2:cf:48:7d:de:8c:02:66:b1:
                    4b:ca:63:a1:57:ed:c6:3c:86:53:1a:d7:ec:ef:9b:
                    c7:95:0f:1e:cc:7c:18:e1:21:ae:98:81:b3:da:e4:
                    e8:e5:5b:1b:60:33:5b:68:2e:b5:cf:8b:a7:23:d6:
                    c7:01:60:5f:3e:01:c8:35:31:1f:98:5c:22:89:f9:
                    8d:f5:04:ac:0b:a9:0c:82:23:44:62:37:72:bb:09:
                    fa:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:A5:E0:8D:87:46:CF:03:84:A4:0F:30:94:04:D5:A4:36:0B:1F:08
            X509v3 Authority Key Identifier:
                keyid:13:B9:B2:1C:00:81:D2:3C:4A:21:F6:0A:08:4A:75:CB:5F:95:BE:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E7myHACB0jxKIfYKCEp1y1-VvqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/99a01f-bb52-4712-94d0-bf924a825f58/1/wqXgjYdGzwOEpA8wlATVpDYLHwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/99a01f-bb52-4712-94d0-bf924a825f58/1/E7myHACB0jxKIfYKCEp1y1-VvqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.222.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:53:9a:7f:15:79:55:42:93:42:78:da:f1:da:79:29:54:b4:
         14:6e:87:01:02:22:e5:6e:61:06:64:24:4a:24:6c:e8:1c:6b:
         45:93:b6:60:e7:d0:a7:20:cb:b6:87:ca:5f:18:08:b4:b4:00:
         a9:24:a7:0e:3d:4c:9d:37:3e:2b:94:56:59:48:17:19:0a:65:
         64:5c:0f:6b:bd:06:41:44:08:f8:60:16:05:1a:ae:e6:12:48:
         59:25:31:e6:99:04:47:0c:8e:db:4e:01:6f:12:e8:5b:41:59:
         88:de:0e:ca:cf:f5:e9:d7:e0:36:ca:42:47:e1:e2:40:db:61:
         f5:ba:15:7a:48:e4:84:ad:2e:60:7d:d3:ce:74:80:02:c8:27:
         f0:97:11:d8:ba:1c:21:1e:f3:17:4f:c4:98:96:20:c5:2d:20:
         e5:40:fd:08:73:90:37:ca:7b:da:d4:16:3d:71:80:95:a7:67:
         e2:39:a4:fc:c4:ce:0c:c1:30:e9:1a:d5:10:0f:51:09:f8:32:
         7f:74:4e:ba:84:51:de:3b:81:3f:c0:14:7d:43:d8:67:12:20:
         4f:da:eb:47:fa:6f:59:fe:69:18:5c:9b:85:e8:6e:0f:00:31:
         21:11:b7:87:af:6f:81:9a:1a:9d:6a:4f:e8:ab:8f:9d:43:5b:
         fe:2f:99:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFboP0D84OLBq9FdR1/OdYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzYjliMjFjMDA4MWQyM2M0YTIxZjYwYTA4NGE3NWNiNWY5
NWJlYTIwHhcNMjQwMTAxMTQzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmE1ZTA4ZDg3NDZjZjAzODRhNDBmMzA5NDA0ZDVhNDM2MGIxZjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApm78+5Ryfbl2Qubx1b4IgTwKQ/fh
Xn+LukeOiyTjaHWDPyn/q467p8vpkogxWkO9dYUFNEQT7ffc5gvZArq/YqTbUfyd
SInI4KjgRuaLzul8nSSR1TphbKssrdNgD+o/2JNhCgOGtyLFKXH+OB7LSX9vDik9
IbZL0OGomKMmcMktvGZQScU22oRQAvXz4FiLYfgncvOSlrARpEi4wDJ++djvIHgK
u/jKF9byz0h93owCZrFLymOhV+3GPIZTGtfs75vHlQ8ezHwY4SGumIGz2uTo5Vsb
YDNbaC61z4unI9bHAWBfPgHINTEfmFwiifmN9QSsC6kMgiNEYjdyuwn6rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMKl4I2HRs8DhKQPMJQE1aQ2Cx8IMB8GA1UdIwQY
MBaAFBO5shwAgdI8SiH2CghKdctflb6iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTdteUhBQ0IwanhLSWZZS0NFcDF5MS1WdnFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC85OWEwMWYtYmI1Mi00NzEyLTk0ZDAt
YmY5MjRhODI1ZjU4LzEvd3FYZ2pZZEd6d09FcEE4d2xBVFZwRFlMSHdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC85OWEwMWYtYmI1Mi00NzEyLTk0ZDAtYmY5MjRhODI1ZjU4
LzEvRTdteUhBQ0IwanhLSWZZS0NFcDF5MS1WdnFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW97cMA0G
CSqGSIb3DQEBCwUAA4IBAQAKU5p/FXlVQpNCeNrx2nkpVLQUbocBAiLlbmEGZCRK
JGzoHGtFk7Zg59CnIMu2h8pfGAi0tACpJKcOPUydNz4rlFZZSBcZCmVkXA9rvQZB
RAj4YBYFGq7mEkhZJTHmmQRHDI7bTgFvEuhbQVmI3g7Kz/Xp1+A2ykJH4eJA22H1
uhV6SOSErS5gfdPOdIACyCfwlxHYuhwhHvMXT8SYliDFLSDlQP0Ic5A3ynva1BY9
cYCVp2fiOaT8xM4MwTDpGtUQD1EJ+DJ/dE66hFHeO4E/wBR9Q9hnEiBP2utH+m9Z
/mkYXJuF6G4PADEhEbeHr2+Bmhqdak/oq4+dQ1v+L5mj
-----END CERTIFICATE-----