Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/oidapMf2PbArNogCwmlUflcqPIQ.roa
File:                     oidapMf2PbArNogCwmlUflcqPIQ.roa (raw, json)
Hash identifier:          9Ad+UO8k59dwgTiEXSZrb9xqofqxWv0cmf6b4XTsDkE=
Subject key identifier:   A2:27:5A:A4:C7:F6:3D:B0:2B:36:88:02:C2:69:54:7E:57:2A:3C:84
Certificate issuer:       /CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
Certificate serial:       018CC4245529A0B8EEE3F05F1EE9E67030C9
Authority key identifier: 62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/oidapMf2PbArNogCwmlUflcqPIQ.roa
Signing time:             Mon 01 Jan 2024 08:29:24 +0000
ROA not before:           Mon 01 Jan 2024 08:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44907
IP address blocks:        91.108.20.0/22 maxlen: 22
                          91.108.20.0/23 maxlen: 23
                          2001:b28:f23c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:55:29:a0:b8:ee:e3:f0:5f:1e:e9:e6:70:30:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
        Validity
            Not Before: Jan  1 08:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2275aa4c7f63db02b368802c269547e572a3c84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:35:5c:d2:6a:70:d4:5b:73:ea:85:bc:5d:c5:
                    70:39:70:bd:28:2d:bf:07:44:07:bb:03:e6:48:8f:
                    7f:6f:91:de:b3:bc:f3:cb:9b:ca:60:df:51:e9:31:
                    67:6b:b2:d4:db:b6:29:be:24:5e:94:13:8f:b5:c9:
                    e7:78:fd:fa:26:b5:29:c8:58:73:72:b2:fb:7b:f5:
                    7f:e6:9d:a6:58:8f:17:18:67:ee:67:e4:b4:55:fe:
                    80:16:a1:fb:16:69:2d:d1:4f:24:27:75:ce:b7:0c:
                    54:9a:6d:3b:00:a5:1d:03:ed:5c:94:0e:2c:01:33:
                    8b:7d:d8:92:d1:e1:a1:13:b2:0e:f8:ef:10:07:1b:
                    43:a9:e2:54:e9:b8:6b:d1:37:03:39:05:8e:fb:9b:
                    18:55:71:2e:38:e7:76:7c:c3:21:6c:d2:07:b8:e2:
                    b5:f6:e0:34:6f:aa:07:38:10:a6:b1:73:a3:cd:55:
                    19:9e:c0:83:37:a7:81:ea:f8:96:fc:e9:0c:00:fb:
                    e1:f3:9b:28:96:84:fa:68:90:9e:bf:3f:f4:be:81:
                    8c:b4:2f:12:70:e4:b8:a8:77:5d:9b:94:2c:18:74:
                    d9:7c:5f:40:92:6c:cc:96:21:f1:cf:9c:7a:2f:48:
                    5d:98:46:16:58:be:48:a0:ec:fe:2e:4b:37:b9:e1:
                    76:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:27:5A:A4:C7:F6:3D:B0:2B:36:88:02:C2:69:54:7E:57:2A:3C:84
            X509v3 Authority Key Identifier:
                keyid:62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/oidapMf2PbArNogCwmlUflcqPIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.20.0/22
                IPv6:
                  2001:b28:f23c::/48

    Signature Algorithm: sha256WithRSAEncryption
         b5:17:d4:0d:c3:a8:42:a2:5b:72:87:9f:e7:06:9c:c3:dd:f5:
         e0:9c:84:72:97:67:1d:2e:7e:c7:83:60:45:7f:65:f6:db:70:
         d7:2c:34:f9:4b:06:12:10:c2:99:0e:f5:73:18:ca:69:5e:fd:
         64:a5:e3:2a:96:40:80:9c:05:17:f3:c4:72:91:55:f1:7c:85:
         2b:5b:6f:07:82:da:58:6b:c8:5b:96:fb:87:5d:fc:7d:d7:ce:
         7a:36:7c:e6:dc:d6:e2:65:9a:20:f0:96:08:cd:a2:36:38:e7:
         48:6d:f0:8b:58:39:c1:1e:3e:f4:1e:e8:46:80:c3:f6:5c:6f:
         ec:32:40:30:3e:13:16:78:ec:ae:33:9b:ff:bb:26:4e:1a:33:
         38:94:53:10:18:ed:2a:61:06:97:c5:97:1e:c3:8f:95:e5:4e:
         e7:ce:95:5b:3e:cf:28:f3:fd:5f:12:fb:44:48:62:b7:1c:29:
         6d:43:a3:2f:85:a5:68:20:4c:a3:26:14:cb:8e:9a:bb:c6:2f:
         92:4a:af:7f:c8:7a:b4:70:f6:89:84:50:3d:7c:25:8f:18:29:
         0d:dc:3d:85:2f:f5:2c:7c:cb:b3:5b:8e:66:da:48:54:b5:95:
         35:51:60:db:04:e1:ed:87:c0:c2:a0:6f:3c:5b:04:5b:80:23:
         08:9a:9f:a1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEJFUpoLju4/BfHunmcDDJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjhlN2UwMWZhZGE0OWMxYTUyZmExM2YzNjI2YzQxYjQx
YTUxYjgwHhcNMjQwMTAxMDgyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjI3NWFhNGM3ZjYzZGIwMmIzNjg4MDJjMjY5NTQ3ZTU3MmEzYzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzVc0mpw1Ftz6oW8XcVwOXC9KC2/
B0QHuwPmSI9/b5Hes7zzy5vKYN9R6TFna7LU27YpviRelBOPtcnneP36JrUpyFhz
crL7e/V/5p2mWI8XGGfuZ+S0Vf6AFqH7Fmkt0U8kJ3XOtwxUmm07AKUdA+1clA4s
ATOLfdiS0eGhE7IO+O8QBxtDqeJU6bhr0TcDOQWO+5sYVXEuOOd2fMMhbNIHuOK1
9uA0b6oHOBCmsXOjzVUZnsCDN6eB6viW/OkMAPvh85soloT6aJCevz/0voGMtC8S
cOS4qHddm5QsGHTZfF9AkmzMliHxz5x6L0hdmEYWWL5IoOz+Lks3ueF2VwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKInWqTH9j2wKzaIAsJpVH5XKjyEMB8GA1UdIwQY
MBaAFGIo5+AfraScGlL6E/NibEG0GlG4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUt
NzY3NDE2NTI1MTBkLzEvb2lkYXBNZjJQYkFyTm9nQ3dtbFVmbGNxUElRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUtNzY3NDE2NTI1MTBk
LzEvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCW2wUMA8E
AgACMAkDBwAgAQso8jwwDQYJKoZIhvcNAQELBQADggEBALUX1A3DqEKiW3KHn+cG
nMPd9eCchHKXZx0ufseDYEV/ZfbbcNcsNPlLBhIQwpkO9XMYymle/WSl4yqWQICc
BRfzxHKRVfF8hStbbweC2lhryFuW+4dd/H3Xzno2fObc1uJlmiDwlgjNojY450ht
8ItYOcEePvQe6EaAw/Zcb+wyQDA+ExZ47K4zm/+7Jk4aMziUUxAY7SphBpfFlx7D
j5XlTufOlVs+zyjz/V8S+0RIYrccKW1Doy+FpWggTKMmFMuOmrvGL5JKr3/IerRw
9omEUD18JY8YKQ3cPYUv9Sx8y7NbjmbaSFS1lTVRYNsE4e2HwMKgbzxbBFuAIwia
n6E=
-----END CERTIFICATE-----