Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kQWKens0Mu9Wn5l_ZYsadsfxwTo.roa
File:                     kQWKens0Mu9Wn5l_ZYsadsfxwTo.roa (raw, json)
Hash identifier:          KuOlO26TQgWGgaPKYETdJMfGfvX5nsUNDohWNzHSLB4=
Subject key identifier:   91:05:8A:7A:7B:34:32:EF:56:9F:99:7F:65:8B:1A:76:C7:F1:C1:3A
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018E5C8C09F557D257B7A39E1A87DB552E58
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kQWKens0Mu9Wn5l_ZYsadsfxwTo.roa
Signing time:             Wed 20 Mar 2024 15:47:45 +0000
ROA not before:           Wed 20 Mar 2024 15:47:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215787
IP address blocks:        91.200.192.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 06:47:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5c:8c:09:f5:57:d2:57:b7:a3:9e:1a:87:db:55:2e:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 20 15:47:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91058a7a7b3432ef569f997f658b1a76c7f1c13a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:47:88:a3:90:f5:a5:a7:f7:d6:15:b9:79:aa:
                    d5:ce:1c:7a:fb:bb:95:f4:f0:f4:6d:ec:39:e2:80:
                    86:c2:12:e0:0c:0d:8b:3d:49:e9:18:b5:88:8e:47:
                    8b:71:6d:30:98:fd:9a:1a:bf:b8:4a:e1:3e:f3:fa:
                    65:ff:b6:a0:3e:fe:73:e2:a0:bf:7e:2d:61:13:cd:
                    d3:7b:4f:88:49:0d:e9:17:83:54:37:2c:11:5d:2b:
                    37:65:42:36:53:13:1e:b4:6c:75:ad:67:1b:c8:c6:
                    86:61:aa:22:cf:b1:8e:7a:3d:52:d6:51:4e:36:64:
                    3b:c7:92:bd:8e:7a:1a:b4:dc:c9:fb:4d:04:c6:0d:
                    b5:1d:5a:fc:7b:5a:37:67:93:54:06:c3:31:80:62:
                    f7:72:81:41:ab:95:9b:32:df:cd:64:29:d2:4f:a2:
                    2f:01:e7:a6:59:7c:b4:0f:fb:9c:32:23:ac:0e:0d:
                    e4:2d:f7:23:e4:e1:9c:8c:a8:23:88:80:2a:4d:15:
                    e0:c6:70:5e:c3:ae:a9:90:5b:50:49:ba:f8:cd:01:
                    ad:db:72:f4:1b:e9:63:7a:4a:9e:15:dc:06:6d:e3:
                    75:2d:bd:55:53:76:c3:37:35:4c:ee:6a:03:15:fa:
                    09:ea:41:d2:2a:05:c4:8d:eb:38:b9:f1:ae:0a:88:
                    a9:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:05:8A:7A:7B:34:32:EF:56:9F:99:7F:65:8B:1A:76:C7:F1:C1:3A
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kQWKens0Mu9Wn5l_ZYsadsfxwTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:f0:04:39:75:b2:8d:2e:18:35:71:9e:bd:8d:91:6f:fa:b3:
         1f:05:4c:7d:4c:44:df:c1:e7:0e:03:92:2e:97:61:ff:9f:b0:
         7b:37:d7:c0:e2:f8:8f:e7:6d:04:39:1e:6e:17:ed:b3:15:a1:
         e6:c1:9a:b3:f6:76:a6:b5:ae:19:87:a3:49:b7:70:1f:39:a1:
         90:19:d3:af:cc:a4:16:73:c6:17:d6:d6:bc:75:a7:ec:aa:8c:
         11:93:8a:7e:34:ab:d8:8c:49:7a:8e:be:fd:f2:d7:14:a3:94:
         0c:34:cb:39:dd:7a:30:ce:5c:54:e1:ad:eb:c2:70:bd:b8:cb:
         9f:85:d2:6a:fb:74:6d:37:53:a4:de:bd:13:59:e0:2d:a8:4f:
         4b:f4:33:48:d8:dd:e0:d5:5d:4e:48:1d:fd:ad:15:bb:7a:cd:
         2b:81:59:6c:81:bc:37:f5:91:bb:9e:9e:0f:f7:4f:a0:4c:21:
         03:f4:61:35:a6:4c:56:d5:c4:94:9c:9a:bf:f5:3a:85:94:a4:
         4b:82:80:82:db:4f:76:74:8f:1a:df:35:a8:67:9e:8d:f4:35:
         92:a9:65:20:a5:3c:9f:ae:19:18:87:69:e8:70:9f:c6:60:b8:
         98:e9:28:f0:b7:d0:6f:0d:3b:d9:3f:34:a1:29:50:a5:6a:a1:
         5a:91:37:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5cjAn1V9JXt6OeGofbVS5YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMzIwMTU0NzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTA1OGE3YTdiMzQzMmVmNTY5Zjk5N2Y2NThiMWE3NmM3ZjFjMTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0eIo5D1paf31hW5earVzhx6+7uV
9PD0bew54oCGwhLgDA2LPUnpGLWIjkeLcW0wmP2aGr+4SuE+8/pl/7agPv5z4qC/
fi1hE83Te0+ISQ3pF4NUNywRXSs3ZUI2UxMetGx1rWcbyMaGYaoiz7GOej1S1lFO
NmQ7x5K9jnoatNzJ+00Exg21HVr8e1o3Z5NUBsMxgGL3coFBq5WbMt/NZCnST6Iv
AeemWXy0D/ucMiOsDg3kLfcj5OGcjKgjiIAqTRXgxnBew66pkFtQSbr4zQGt23L0
G+ljekqeFdwGbeN1Lb1VU3bDNzVM7moDFfoJ6kHSKgXEjes4ufGuCoipzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJEFinp7NDLvVp+Zf2WLGnbH8cE6MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEva1FXS2VuczBNdTlXbjVsX1pZc2Fkc2Z4d1RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8jAMA0G
CSqGSIb3DQEBCwUAA4IBAQBF8AQ5dbKNLhg1cZ69jZFv+rMfBUx9TETfwecOA5Iu
l2H/n7B7N9fA4viP520EOR5uF+2zFaHmwZqz9namta4Zh6NJt3AfOaGQGdOvzKQW
c8YX1ta8dafsqowRk4p+NKvYjEl6jr798tcUo5QMNMs53XowzlxU4a3rwnC9uMuf
hdJq+3RtN1Ok3r0TWeAtqE9L9DNI2N3g1V1OSB39rRW7es0rgVlsgbw39ZG7np4P
90+gTCED9GE1pkxW1cSUnJq/9TqFlKRLgoCC2092dI8a3zWoZ56N9DWSqWUgpTyf
rhkYh2nocJ/GYLiY6Sjwt9BvDTvZPzShKVClaqFakTe/
-----END CERTIFICATE-----