Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/032276-25dc-4c30-8a7b-95a33e12a3ad/1/sEUulM3f7sKRIN-d2hPhMioW668.roa
File:                     sEUulM3f7sKRIN-d2hPhMioW668.roa (raw, json)
Hash identifier:          orBQACRkwFw/JEJaPRSBLQqr+oTH3AuqDO7+yzGVy+U=
Subject key identifier:   B0:45:2E:94:CD:DF:EE:C2:91:20:DF:9D:DA:13:E1:32:2A:16:EB:AF
Certificate issuer:       /CN=2841262acd62c90e68081a6f777375df2c3713c2
Certificate serial:       018CC5DCF0F584BF6E6E8DE09BCF2CC2DE6E
Authority key identifier: 28:41:26:2A:CD:62:C9:0E:68:08:1A:6F:77:73:75:DF:2C:37:13:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KEEmKs1iyQ5oCBpvd3N13yw3E8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/032276-25dc-4c30-8a7b-95a33e12a3ad/1/sEUulM3f7sKRIN-d2hPhMioW668.roa
Signing time:             Mon 01 Jan 2024 16:30:40 +0000
ROA not before:           Mon 01 Jan 2024 16:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196792
IP address blocks:        91.217.98.0/23 maxlen: 23
                          91.217.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/032276-25dc-4c30-8a7b-95a33e12a3ad/1/KEEmKs1iyQ5oCBpvd3N13yw3E8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/032276-25dc-4c30-8a7b-95a33e12a3ad/1/KEEmKs1iyQ5oCBpvd3N13yw3E8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KEEmKs1iyQ5oCBpvd3N13yw3E8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:f0:f5:84:bf:6e:6e:8d:e0:9b:cf:2c:c2:de:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2841262acd62c90e68081a6f777375df2c3713c2
        Validity
            Not Before: Jan  1 16:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0452e94cddfeec29120df9dda13e1322a16ebaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:be:5f:cd:47:b4:91:01:0f:c5:29:9e:5f:22:
                    df:0b:13:77:69:2d:d1:97:d3:63:bf:67:71:50:e5:
                    00:f3:8a:3e:70:ba:0c:10:16:ea:0f:1a:75:1f:6c:
                    2e:60:57:38:cd:68:12:15:c0:7c:3a:4f:51:ea:e2:
                    28:07:10:8f:fe:7b:70:6c:5e:14:d2:17:bc:d2:21:
                    18:c3:70:44:74:56:d1:e8:a3:32:49:d2:d4:0f:70:
                    b6:8e:0b:cc:ad:d2:ed:1e:8f:6f:c8:67:ab:e7:a6:
                    4e:47:fe:23:37:17:cd:e4:f6:df:22:58:fa:6e:ae:
                    70:c9:2e:a0:8e:6e:79:ee:b2:08:26:78:b9:ff:a0:
                    2b:06:4f:70:32:34:52:14:39:40:1c:63:a3:07:4c:
                    95:8f:c3:88:fa:07:b7:03:e2:37:d0:91:ae:6d:83:
                    4b:41:68:30:83:f3:41:1f:f5:ad:c0:97:f2:34:00:
                    6a:ad:63:8f:30:e3:e5:6d:41:4d:da:1b:6d:5d:86:
                    fd:d1:cc:27:c1:6d:ef:ec:7a:85:db:29:c1:2a:6b:
                    a8:7a:b7:f8:9b:be:73:e1:fb:75:c8:4e:d0:cf:82:
                    57:01:3c:0c:0e:07:9d:06:51:0d:2c:da:a0:a7:bc:
                    94:2f:94:53:22:34:90:8a:2c:b5:93:92:e5:35:35:
                    ea:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:45:2E:94:CD:DF:EE:C2:91:20:DF:9D:DA:13:E1:32:2A:16:EB:AF
            X509v3 Authority Key Identifier:
                keyid:28:41:26:2A:CD:62:C9:0E:68:08:1A:6F:77:73:75:DF:2C:37:13:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KEEmKs1iyQ5oCBpvd3N13yw3E8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/032276-25dc-4c30-8a7b-95a33e12a3ad/1/sEUulM3f7sKRIN-d2hPhMioW668.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/032276-25dc-4c30-8a7b-95a33e12a3ad/1/KEEmKs1iyQ5oCBpvd3N13yw3E8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         44:b3:ca:58:ba:84:19:d7:8f:19:d0:20:18:b1:15:39:eb:5e:
         80:72:c5:5c:a0:90:ec:21:c6:30:ca:73:6b:01:9a:3d:cc:27:
         61:91:01:a8:5f:24:cd:1d:a7:5d:7e:1c:07:2f:2d:60:bc:89:
         9e:d7:51:a8:57:b3:50:90:83:be:23:14:9b:4c:bc:95:68:91:
         8c:3f:15:4f:99:7a:2a:2a:54:c7:29:e7:9f:13:5d:01:04:e1:
         8d:03:18:d8:05:cb:cb:0b:d0:39:13:4a:f9:0e:3b:d3:a5:15:
         af:71:43:7f:fc:00:40:de:0a:62:5b:a6:29:5d:4c:d4:b7:19:
         51:f9:b2:d5:80:a7:6c:2b:8a:52:8a:85:df:e3:9c:24:9b:c5:
         56:f5:a7:9f:81:c8:cb:81:00:f5:28:4d:02:37:6b:91:27:a4:
         32:64:5a:6a:97:c3:ef:96:ea:f6:ef:49:11:06:24:60:36:f9:
         9d:ef:4d:41:9c:65:f1:1b:1a:d8:27:b3:65:36:83:c4:a9:2d:
         53:8b:e2:8c:11:cc:a5:65:a7:74:05:fa:a7:2b:87:5e:97:78:
         41:22:45:5e:36:71:dc:16:22:ef:7a:05:e3:d9:61:a6:aa:b1:
         1e:4c:6c:86:a3:b0:68:e1:3b:cb:b7:cb:e2:9c:96:fe:33:6d:
         95:05:d8:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3PD1hL9ubo3gm88swt5uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NDEyNjJhY2Q2MmM5MGU2ODA4MWE2Zjc3NzM3NWRmMmMz
NzEzYzIwHhcNMjQwMTAxMTYzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDQ1MmU5NGNkZGZlZWMyOTEyMGRmOWRkYTEzZTEzMjJhMTZlYmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk75fzUe0kQEPxSmeXyLfCxN3aS3R
l9Njv2dxUOUA84o+cLoMEBbqDxp1H2wuYFc4zWgSFcB8Ok9R6uIoBxCP/ntwbF4U
0he80iEYw3BEdFbR6KMySdLUD3C2jgvMrdLtHo9vyGer56ZOR/4jNxfN5PbfIlj6
bq5wyS6gjm557rIIJni5/6ArBk9wMjRSFDlAHGOjB0yVj8OI+ge3A+I30JGubYNL
QWgwg/NBH/WtwJfyNABqrWOPMOPlbUFN2httXYb90cwnwW3v7HqF2ynBKmuoerf4
m75z4ft1yE7Qz4JXATwMDgedBlENLNqgp7yUL5RTIjSQiiy1k5LlNTXqWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLBFLpTN3+7CkSDfndoT4TIqFuuvMB8GA1UdIwQY
MBaAFChBJirNYskOaAgab3dzdd8sNxPCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0VFbUtzMWl5UTVvQ0JwdmQzTjEzeXczRThJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi8wMzIyNzYtMjVkYy00YzMwLThhN2It
OTVhMzNlMTJhM2FkLzEvc0VVdWxNM2Y3c0tSSU4tZDJoUGhNaW9XNjY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi8wMzIyNzYtMjVkYy00YzMwLThhN2ItOTVhMzNlMTJhM2Fk
LzEvS0VFbUtzMWl5UTVvQ0JwdmQzTjEzeXczRThJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW9liMA0G
CSqGSIb3DQEBCwUAA4IBAQBEs8pYuoQZ148Z0CAYsRU5616AcsVcoJDsIcYwynNr
AZo9zCdhkQGoXyTNHaddfhwHLy1gvIme11GoV7NQkIO+IxSbTLyVaJGMPxVPmXoq
KlTHKeefE10BBOGNAxjYBcvLC9A5E0r5DjvTpRWvcUN//ABA3gpiW6YpXUzUtxlR
+bLVgKdsK4pSioXf45wkm8VW9aefgcjLgQD1KE0CN2uRJ6QyZFpql8Pvlur270kR
BiRgNvmd701BnGXxGxrYJ7NlNoPEqS1Ti+KMEcylZad0BfqnK4del3hBIkVeNnHc
FiLvegXj2WGmqrEeTGyGo7Bo4TvLt8vinJb+M22VBdhu
-----END CERTIFICATE-----