Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/ed0654-724c-4e90-81ff-99f5cb7a3ca5/1/1-xwgRtB6YU3jARZeVMHmZxsKSPY.roa
File:                     1-xwgRtB6YU3jARZeVMHmZxsKSPY.roa (raw, json)
Hash identifier:          BHJD8mM4AI3EnA0DdZyHrdWu0jaI7RO+5w7px8P51xw=
Subject key identifier:   FB:1C:20:46:D0:7A:61:4D:E3:01:16:5E:54:C1:E6:67:1B:0A:48:F6
Certificate issuer:       /CN=2a21b1abe787e25464391fad61d00e3f376b98cf
Certificate serial:       018CC34956F877B73FB1B921A403CBDB020C
Authority key identifier: 2A:21:B1:AB:E7:87:E2:54:64:39:1F:AD:61:D0:0E:3F:37:6B:98:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KiGxq-eH4lRkOR-tYdAOPzdrmM8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/ed0654-724c-4e90-81ff-99f5cb7a3ca5/1/1-xwgRtB6YU3jARZeVMHmZxsKSPY.roa
Signing time:             Mon 01 Jan 2024 04:30:12 +0000
ROA not before:           Mon 01 Jan 2024 04:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51823
IP address blocks:        91.220.132.0/24 maxlen: 24
                          193.3.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/ed0654-724c-4e90-81ff-99f5cb7a3ca5/1/KiGxq-eH4lRkOR-tYdAOPzdrmM8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/ed0654-724c-4e90-81ff-99f5cb7a3ca5/1/KiGxq-eH4lRkOR-tYdAOPzdrmM8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KiGxq-eH4lRkOR-tYdAOPzdrmM8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:56:f8:77:b7:3f:b1:b9:21:a4:03:cb:db:02:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a21b1abe787e25464391fad61d00e3f376b98cf
        Validity
            Not Before: Jan  1 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb1c2046d07a614de301165e54c1e6671b0a48f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e6:b1:08:b7:5c:77:1b:d8:4c:3f:e4:75:67:
                    ba:b8:75:24:af:30:e7:e3:36:19:a4:fa:d2:20:7e:
                    e0:92:c2:29:38:b6:8d:24:27:64:f6:3e:15:4d:f9:
                    5f:a5:0f:a8:67:8f:ca:fa:dd:28:7c:17:ef:f9:c3:
                    35:c2:6a:be:ce:b0:fd:88:c6:a1:e4:47:cc:81:82:
                    6f:58:c9:e8:3b:2e:2b:e6:77:65:9a:be:7e:19:f1:
                    f7:c0:fb:64:f0:ec:bf:8e:63:d4:ba:76:ce:a8:10:
                    88:cc:c9:8e:28:ca:a7:86:50:5e:9d:60:86:db:a4:
                    c1:d7:6b:0b:50:c5:80:3e:01:56:2d:0c:8b:a1:8a:
                    a8:1a:c2:e5:cc:98:e0:0c:73:ba:a8:6b:1f:47:4b:
                    d3:3e:e2:53:5c:d8:63:7d:ee:1b:ca:e1:61:2c:99:
                    eb:4d:bf:0e:ac:67:63:d4:78:4e:f0:1c:11:c3:3c:
                    b9:24:f7:9e:63:3a:2b:f2:24:be:3b:ea:99:b8:64:
                    31:3d:2d:14:0d:a7:b5:28:49:18:ed:69:74:5f:4c:
                    42:e8:4b:a8:92:30:1e:92:2f:e3:28:fc:c5:cf:3d:
                    fd:d7:02:1f:cf:74:2e:93:22:84:3a:bd:71:ba:2b:
                    f9:04:7b:cb:82:e5:dd:51:48:30:95:0d:8a:cc:76:
                    e8:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:1C:20:46:D0:7A:61:4D:E3:01:16:5E:54:C1:E6:67:1B:0A:48:F6
            X509v3 Authority Key Identifier:
                keyid:2A:21:B1:AB:E7:87:E2:54:64:39:1F:AD:61:D0:0E:3F:37:6B:98:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KiGxq-eH4lRkOR-tYdAOPzdrmM8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/ed0654-724c-4e90-81ff-99f5cb7a3ca5/1/1-xwgRtB6YU3jARZeVMHmZxsKSPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/ed0654-724c-4e90-81ff-99f5cb7a3ca5/1/KiGxq-eH4lRkOR-tYdAOPzdrmM8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.132.0/24
                  193.3.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:71:7b:59:b8:21:ec:44:0c:a1:9b:1f:bf:38:39:b3:a6:1c:
         b5:81:04:a1:15:ec:c5:18:65:20:d3:7b:de:12:1b:61:44:98:
         4e:ed:2f:fc:4f:05:4b:51:22:f9:46:2e:76:c8:60:84:3f:5e:
         4b:fd:41:5d:a6:88:e3:5e:f9:41:45:41:75:da:7b:d2:9a:dd:
         87:ac:1b:42:44:34:4f:ab:a0:86:48:2c:f0:13:75:3b:48:df:
         d9:b3:d6:c9:13:6e:61:31:e1:5e:77:af:fb:35:1f:bd:d3:7a:
         b7:b2:c7:d6:7b:5e:aa:c4:bb:18:b4:44:7b:d3:ff:7b:52:60:
         36:f0:b3:a3:5d:1b:9a:49:aa:13:68:8f:92:80:c8:91:41:be:
         04:42:b4:2a:85:87:2f:ee:f8:2d:93:e0:80:7c:76:11:93:43:
         f8:5d:20:e9:73:57:09:49:a4:a3:01:ff:18:fc:81:33:25:8a:
         17:62:58:15:5b:e2:49:e5:5f:ab:76:44:ba:a0:17:62:a3:e0:
         28:69:42:a6:c0:c1:66:0f:b4:5a:d5:3f:1e:6b:6d:70:14:e8:
         4b:6a:ed:f3:2c:1a:62:4e:d0:12:b4:f7:ca:a0:ae:2a:71:92:
         17:c0:43:84:4e:36:d6:74:a8:c5:87:0f:c4:05:03:da:9a:03:
         2e:0d:81:de
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYzDSVb4d7c/sbkhpAPL2wIMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhMjFiMWFiZTc4N2UyNTQ2NDM5MWZhZDYxZDAwZTNmMzc2
Yjk4Y2YwHhcNMjQwMTAxMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjFjMjA0NmQwN2E2MTRkZTMwMTE2NWU1NGMxZTY2NzFiMGE0OGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuaxCLdcdxvYTD/kdWe6uHUkrzDn
4zYZpPrSIH7gksIpOLaNJCdk9j4VTflfpQ+oZ4/K+t0ofBfv+cM1wmq+zrD9iMah
5EfMgYJvWMnoOy4r5ndlmr5+GfH3wPtk8Oy/jmPUunbOqBCIzMmOKMqnhlBenWCG
26TB12sLUMWAPgFWLQyLoYqoGsLlzJjgDHO6qGsfR0vTPuJTXNhjfe4byuFhLJnr
Tb8OrGdj1HhO8BwRwzy5JPeeYzor8iS+O+qZuGQxPS0UDae1KEkY7Wl0X0xC6Euo
kjAeki/jKPzFzz391wIfz3QukyKEOr1xuiv5BHvLguXdUUgwlQ2KzHboXQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPscIEbQemFN4wEWXlTB5mcbCkj2MB8GA1UdIwQY
MBaAFCohsavnh+JUZDkfrWHQDj83a5jPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2lHeHEtZUg0bFJrT1ItdFlkQU9QemRybU04LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9lZDA2NTQtNzI0Yy00ZTkwLTgxZmYt
OTlmNWNiN2EzY2E1LzEvMS14d2dSdEI2WVUzakFSWmVWTUhtWnhzS1NQWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTIvZWQwNjU0LTcyNGMtNGU5MC04MWZmLTk5ZjVjYjdhM2Nh
NS8xL0tpR3hxLWVINGxSa09SLXRZZEFPUHpkcm1NOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAFvchAME
AMEDrDANBgkqhkiG9w0BAQsFAAOCAQEAQnF7Wbgh7EQMoZsfvzg5s6YctYEEoRXs
xRhlINN73hIbYUSYTu0v/E8FS1Ei+UYudshghD9eS/1BXaaI4175QUVBddp70prd
h6wbQkQ0T6ughkgs8BN1O0jf2bPWyRNuYTHhXnev+zUfvdN6t7LH1nteqsS7GLRE
e9P/e1JgNvCzo10bmkmqE2iPkoDIkUG+BEK0KoWHL+74LZPggHx2EZND+F0g6XNX
CUmkowH/GPyBMyWKF2JYFVviSeVfq3ZEuqAXYqPgKGlCpsDBZg+0WtU/HmttcBTo
S2rt8ywaYk7QErT3yqCuKnGSF8BDhE421nSoxYcPxAUD2poDLg2B3g==
-----END CERTIFICATE-----