Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/8809dd-667a-4047-8104-de58698b6470/1/_eqE5BlPvi8HTTaeZ-agQR2eMcg.roa
File:                     _eqE5BlPvi8HTTaeZ-agQR2eMcg.roa (raw, json)
Hash identifier:          /f/qJyuL2LSmfqvqgQsvMfS7Te2Kf8wK+hUanDAuGfs=
Subject key identifier:   FD:EA:84:E4:19:4F:BE:2F:07:4D:36:9E:67:E6:A0:41:1D:9E:31:C8
Certificate issuer:       /CN=56a4987bf8c6b4cdd657bbc2d0a5e13e9b626cb9
Certificate serial:       018CC493376A0C4540AE4C7D29E92D6D17A3
Authority key identifier: 56:A4:98:7B:F8:C6:B4:CD:D6:57:BB:C2:D0:A5:E1:3E:9B:62:6C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VqSYe_jGtM3WV7vC0KXhPptibLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/8809dd-667a-4047-8104-de58698b6470/1/_eqE5BlPvi8HTTaeZ-agQR2eMcg.roa
Signing time:             Mon 01 Jan 2024 10:30:31 +0000
ROA not before:           Mon 01 Jan 2024 10:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199103
IP address blocks:        91.105.200.0/22 maxlen: 22
                          185.220.92.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/8809dd-667a-4047-8104-de58698b6470/1/VqSYe_jGtM3WV7vC0KXhPptibLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/8809dd-667a-4047-8104-de58698b6470/1/VqSYe_jGtM3WV7vC0KXhPptibLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VqSYe_jGtM3WV7vC0KXhPptibLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:37:6a:0c:45:40:ae:4c:7d:29:e9:2d:6d:17:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56a4987bf8c6b4cdd657bbc2d0a5e13e9b626cb9
        Validity
            Not Before: Jan  1 10:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdea84e4194fbe2f074d369e67e6a0411d9e31c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:18:9b:bd:f1:40:2a:0a:b8:db:88:e5:71:15:
                    07:b2:84:aa:6a:09:11:91:8e:f1:92:87:9f:77:8e:
                    90:ec:c9:9c:6c:ca:69:05:96:d7:c1:64:22:69:22:
                    62:7e:33:e1:84:6b:8e:58:77:50:6a:f3:dd:3a:c7:
                    65:14:f8:fe:5c:5d:88:24:9a:d6:27:7f:31:41:4b:
                    0e:08:43:7e:9e:25:ad:d8:62:b6:70:48:92:e3:b3:
                    d2:de:5d:31:56:1c:6e:3e:2a:7a:26:c2:e2:73:cd:
                    8b:bc:1d:41:58:21:e3:ae:ee:0b:3a:37:b7:c6:65:
                    77:57:67:fc:cd:5c:0c:a6:76:3b:f7:4b:26:0a:2a:
                    00:23:77:3c:2e:0b:97:bb:62:42:29:a1:14:b2:a9:
                    71:02:9d:5a:2e:81:c0:be:16:42:4c:f4:7d:0b:1b:
                    6b:79:30:c2:7f:a9:39:b9:d8:aa:a6:05:31:51:a3:
                    0f:2a:32:11:9f:f5:01:1c:28:49:0d:97:64:51:79:
                    c5:48:d2:0b:98:e5:ee:07:90:9e:2e:f7:e6:7d:c0:
                    68:67:56:36:41:1b:fd:26:37:af:a6:d2:f2:49:d6:
                    46:83:d1:c4:e4:ef:51:e4:17:eb:dd:de:ee:77:f4:
                    0e:f6:1e:d7:3f:6b:cf:51:a0:1c:ab:52:8d:37:d5:
                    aa:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:EA:84:E4:19:4F:BE:2F:07:4D:36:9E:67:E6:A0:41:1D:9E:31:C8
            X509v3 Authority Key Identifier:
                keyid:56:A4:98:7B:F8:C6:B4:CD:D6:57:BB:C2:D0:A5:E1:3E:9B:62:6C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VqSYe_jGtM3WV7vC0KXhPptibLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/8809dd-667a-4047-8104-de58698b6470/1/_eqE5BlPvi8HTTaeZ-agQR2eMcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/8809dd-667a-4047-8104-de58698b6470/1/VqSYe_jGtM3WV7vC0KXhPptibLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.105.200.0/22
                  185.220.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:4c:d0:da:f1:ff:0a:4f:59:fd:28:5c:73:cb:4c:64:7a:96:
         7a:00:aa:28:c9:a5:fb:59:c3:79:14:c0:44:fd:85:a8:1b:0a:
         86:19:31:a4:5f:36:19:ad:9d:cb:77:13:5f:83:db:03:28:1a:
         4d:36:1f:11:9f:f2:b1:88:22:35:fb:ca:e1:f4:51:3e:08:ae:
         71:cd:61:a3:4b:81:bf:78:5f:bf:61:bf:fc:60:63:e8:7d:40:
         df:a7:11:e1:9f:6e:18:c6:cc:16:43:7f:1b:5b:8b:e3:c5:67:
         0a:be:2f:4d:27:a3:8d:ba:74:fd:93:4f:71:53:b8:39:85:7b:
         25:3f:b3:a2:e9:ca:6c:48:e7:62:12:d5:9a:8d:9c:b9:7f:e5:
         84:19:ca:e6:83:15:fb:20:9e:94:e1:4c:b6:d4:b7:08:c5:7d:
         cf:1f:d1:f1:95:7e:e4:a0:8a:fa:36:d8:c4:0b:fa:e7:0e:99:
         8e:28:84:16:4c:dc:e4:ba:c1:c3:10:8d:68:b9:48:8a:6e:d5:
         13:de:26:75:de:48:e6:be:55:3c:17:40:a9:0e:bf:13:f3:c5:
         62:43:85:86:3f:38:83:1f:c3:de:9d:d3:87:82:1d:b7:f8:c9:
         85:cb:fb:ce:33:40:7e:e2:0f:e1:ae:ea:ed:b3:1b:37:fa:d8:
         26:5b:87:96
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEkzdqDEVArkx9KektbRejMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2YTQ5ODdiZjhjNmI0Y2RkNjU3YmJjMmQwYTVlMTNlOWI2
MjZjYjkwHhcNMjQwMTAxMTAzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGVhODRlNDE5NGZiZTJmMDc0ZDM2OWU2N2U2YTA0MTFkOWUzMWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyxibvfFAKgq424jlcRUHsoSqagkR
kY7xkoefd46Q7MmcbMppBZbXwWQiaSJifjPhhGuOWHdQavPdOsdlFPj+XF2IJJrW
J38xQUsOCEN+niWt2GK2cEiS47PS3l0xVhxuPip6JsLic82LvB1BWCHjru4LOje3
xmV3V2f8zVwMpnY790smCioAI3c8LguXu2JCKaEUsqlxAp1aLoHAvhZCTPR9Cxtr
eTDCf6k5udiqpgUxUaMPKjIRn/UBHChJDZdkUXnFSNILmOXuB5CeLvfmfcBoZ1Y2
QRv9JjevptLySdZGg9HE5O9R5Bfr3d7ud/QO9h7XP2vPUaAcq1KNN9WqcwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP3qhOQZT74vB002nmfmoEEdnjHIMB8GA1UdIwQY
MBaAFFakmHv4xrTN1le7wtCl4T6bYmy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnFTWWVfakd0TTNXVjd2QzBLWGhQcHRpYkxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi84ODA5ZGQtNjY3YS00MDQ3LTgxMDQt
ZGU1ODY5OGI2NDcwLzEvX2VxRTVCbFB2aThIVFRhZVotYWdRUjJlTWNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi84ODA5ZGQtNjY3YS00MDQ3LTgxMDQtZGU1ODY5OGI2NDcw
LzEvVnFTWWVfakd0TTNXVjd2QzBLWGhQcHRpYkxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW2nIAwQB
udxcMA0GCSqGSIb3DQEBCwUAA4IBAQAjTNDa8f8KT1n9KFxzy0xkepZ6AKooyaX7
WcN5FMBE/YWoGwqGGTGkXzYZrZ3LdxNfg9sDKBpNNh8Rn/KxiCI1+8rh9FE+CK5x
zWGjS4G/eF+/Yb/8YGPofUDfpxHhn24YxswWQ38bW4vjxWcKvi9NJ6ONunT9k09x
U7g5hXslP7Oi6cpsSOdiEtWajZy5f+WEGcrmgxX7IJ6U4Uy21LcIxX3PH9HxlX7k
oIr6NtjEC/rnDpmOKIQWTNzkusHDEI1ouUiKbtUT3iZ13kjmvlU8F0CpDr8T88Vi
Q4WGPziDH8PendOHgh23+MmFy/vOM0B+4g/hrurtsxs3+tgmW4eW
-----END CERTIFICATE-----