Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/2820d1-fd20-4889-834f-d527ce0d9930/1/tbzK7h_MCv5AHfCtJ6r6vvgitKw.roa
File:                     tbzK7h_MCv5AHfCtJ6r6vvgitKw.roa (raw, json)
Hash identifier:          9sLeHO1pZp1cW/+C/41+ewi3E82Sf4ctE8TUry1qi10=
Subject key identifier:   B5:BC:CA:EE:1F:CC:0A:FE:40:1D:F0:AD:27:AA:FA:BE:F8:22:B4:AC
Certificate issuer:       /CN=305c44e8c961a1450d0aab212f0dec717d1defb6
Certificate serial:       018CC5DCD6C80F1BAC555576541BD43E3937
Authority key identifier: 30:5C:44:E8:C9:61:A1:45:0D:0A:AB:21:2F:0D:EC:71:7D:1D:EF:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MFxE6MlhoUUNCqshLw3scX0d77Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/2820d1-fd20-4889-834f-d527ce0d9930/1/tbzK7h_MCv5AHfCtJ6r6vvgitKw.roa
Signing time:             Mon 01 Jan 2024 16:30:33 +0000
ROA not before:           Mon 01 Jan 2024 16:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56641
IP address blocks:        91.226.74.0/23 maxlen: 24
                          2a00:9520::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/2820d1-fd20-4889-834f-d527ce0d9930/1/MFxE6MlhoUUNCqshLw3scX0d77Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/2820d1-fd20-4889-834f-d527ce0d9930/1/MFxE6MlhoUUNCqshLw3scX0d77Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MFxE6MlhoUUNCqshLw3scX0d77Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:d6:c8:0f:1b:ac:55:55:76:54:1b:d4:3e:39:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=305c44e8c961a1450d0aab212f0dec717d1defb6
        Validity
            Not Before: Jan  1 16:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5bccaee1fcc0afe401df0ad27aafabef822b4ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:ea:f2:f7:f4:e5:39:b6:16:0c:69:0d:06:c1:
                    4a:d5:9a:d6:dd:d8:b4:c0:ed:ce:36:48:8b:2f:d2:
                    77:c0:b1:d3:a0:19:a5:9a:b5:db:99:27:2d:a1:e6:
                    ff:51:bd:ae:71:62:60:e8:e1:09:2e:c3:81:0b:9e:
                    42:81:d6:6f:72:40:2d:f1:3c:c1:a0:03:62:50:2b:
                    6c:fc:77:2c:0e:51:cf:5e:da:33:01:fc:03:29:1c:
                    b8:9b:79:61:ee:2b:a4:12:52:c5:24:61:7e:cb:29:
                    ee:af:66:9d:9a:f3:86:62:02:96:19:5c:9e:05:2b:
                    f1:75:13:18:9d:21:0a:08:62:f7:0a:df:2a:c6:9f:
                    86:5b:81:ba:c5:91:ec:01:4a:b7:60:ca:b5:74:8f:
                    5a:4f:72:65:d1:14:34:55:96:db:67:e5:22:d9:85:
                    ab:bd:5f:59:f7:2f:fd:d9:ec:e9:2b:00:2c:6d:04:
                    01:75:e7:a3:3c:01:8b:65:f4:21:35:00:97:56:9f:
                    f5:12:a8:f2:45:96:af:73:9a:9f:c6:a7:fd:63:74:
                    00:a7:77:a1:f1:1b:9d:0a:6c:5a:71:cd:e9:aa:2a:
                    36:dc:7e:e8:b6:05:f7:2a:3c:aa:8e:8f:7f:fd:99:
                    d4:00:99:33:4a:68:dc:97:79:ae:2f:98:b4:91:4c:
                    08:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:BC:CA:EE:1F:CC:0A:FE:40:1D:F0:AD:27:AA:FA:BE:F8:22:B4:AC
            X509v3 Authority Key Identifier:
                keyid:30:5C:44:E8:C9:61:A1:45:0D:0A:AB:21:2F:0D:EC:71:7D:1D:EF:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MFxE6MlhoUUNCqshLw3scX0d77Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/2820d1-fd20-4889-834f-d527ce0d9930/1/tbzK7h_MCv5AHfCtJ6r6vvgitKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/2820d1-fd20-4889-834f-d527ce0d9930/1/MFxE6MlhoUUNCqshLw3scX0d77Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.74.0/23
                IPv6:
                  2a00:9520::/32

    Signature Algorithm: sha256WithRSAEncryption
         26:af:58:4c:41:54:d4:79:87:07:a2:bb:94:0f:2b:a5:4b:82:
         70:d4:05:25:ca:e7:b4:5f:e3:07:c9:c1:cc:54:63:28:9b:62:
         6d:aa:6a:5a:97:97:8a:0d:8f:44:19:95:96:18:ea:43:d4:c3:
         bb:05:12:ed:9c:60:66:6b:26:be:f0:1c:80:0b:6b:2e:4e:c9:
         ed:fc:49:a0:00:c2:ea:2b:eb:a1:80:22:7e:bd:9c:c4:ef:50:
         c0:59:51:c9:dd:3e:10:64:80:23:55:50:fa:02:ee:4a:a5:05:
         6f:ad:07:30:5d:77:5a:9d:cd:de:b7:e8:e2:74:4a:a2:96:36:
         f2:7c:b9:81:e2:09:69:8e:6a:61:7b:ef:57:7e:4b:63:f3:c9:
         b7:5f:59:29:13:be:6c:42:d4:2f:5c:f3:6d:87:21:d3:81:ac:
         44:db:0b:23:94:ac:c5:81:82:9c:d8:9f:37:2a:7d:fc:5a:9f:
         0f:f9:96:b7:81:da:78:85:a8:43:98:f4:61:af:0a:cd:0e:ce:
         27:8f:d4:c6:4f:5b:14:49:2d:48:f0:0a:39:60:09:c7:f2:80:
         a8:af:70:9d:dc:62:e7:2f:15:d4:dd:2e:f3:07:22:8f:08:7c:
         66:41:d8:66:96:b2:5e:fa:90:a6:f6:53:78:3d:76:02:9d:25:
         b8:96:18:ca
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3NbIDxusVVV2VBvUPjk3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwNWM0NGU4Yzk2MWExNDUwZDBhYWIyMTJmMGRlYzcxN2Qx
ZGVmYjYwHhcNMjQwMTAxMTYzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWJjY2FlZTFmY2MwYWZlNDAxZGYwYWQyN2FhZmFiZWY4MjJiNGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+ry9/TlObYWDGkNBsFK1ZrW3di0
wO3ONkiLL9J3wLHToBmlmrXbmSctoeb/Ub2ucWJg6OEJLsOBC55CgdZvckAt8TzB
oANiUCts/HcsDlHPXtozAfwDKRy4m3lh7iukElLFJGF+yynur2admvOGYgKWGVye
BSvxdRMYnSEKCGL3Ct8qxp+GW4G6xZHsAUq3YMq1dI9aT3Jl0RQ0VZbbZ+Ui2YWr
vV9Z9y/92ezpKwAsbQQBdeejPAGLZfQhNQCXVp/1EqjyRZavc5qfxqf9Y3QAp3eh
8RudCmxacc3pqio23H7otgX3Kjyqjo9//ZnUAJkzSmjcl3muL5i0kUwI2wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLW8yu4fzAr+QB3wrSeq+r74IrSsMB8GA1UdIwQY
MBaAFDBcROjJYaFFDQqrIS8N7HF9He+2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUZ4RTZNbGhvVVVOQ3FzaEx3M3NjWDBkNzdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8yODIwZDEtZmQyMC00ODg5LTgzNGYt
ZDUyN2NlMGQ5OTMwLzEvdGJ6SzdoX01DdjVBSGZDdEo2cjZ2dmdpdEt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8yODIwZDEtZmQyMC00ODg5LTgzNGYtZDUyN2NlMGQ5OTMw
LzEvTUZ4RTZNbGhvVVVOQ3FzaEx3M3NjWDBkNzdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBW+JKMA0E
AgACMAcDBQAqAJUgMA0GCSqGSIb3DQEBCwUAA4IBAQAmr1hMQVTUeYcHoruUDyul
S4Jw1AUlyue0X+MHycHMVGMom2Jtqmpal5eKDY9EGZWWGOpD1MO7BRLtnGBmaya+
8ByAC2suTsnt/EmgAMLqK+uhgCJ+vZzE71DAWVHJ3T4QZIAjVVD6Au5KpQVvrQcw
XXdanc3et+jidEqiljbyfLmB4glpjmphe+9Xfktj88m3X1kpE75sQtQvXPNthyHT
gaxE2wsjlKzFgYKc2J83Kn38Wp8P+Za3gdp4hahDmPRhrwrNDs4nj9TGT1sUSS1I
8Ao5YAnH8oCor3Cd3GLnLxXU3S7zByKPCHxmQdhmlrJe+pCm9lN4PXYCnSW4lhjK
-----END CERTIFICATE-----