Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/00ec37-3841-4f64-a1bd-dd9dd763339d/1/t2KLQdHWFqpCqldZ2tpa9QRrDYU.roa
File:                     t2KLQdHWFqpCqldZ2tpa9QRrDYU.roa (raw, json)
Hash identifier:          FHaDuyA7Ceb82OIZ7EBkxy4VBnhjTpbPPAfBquRrPgI=
Subject key identifier:   B7:62:8B:41:D1:D6:16:AA:42:AA:57:59:DA:DA:5A:F5:04:6B:0D:85
Certificate issuer:       /CN=485355706836c6d07c7fd25d5b59db0b6d894fb5
Certificate serial:       018CC801F97B806A6744F52BE2E7997E8798
Authority key identifier: 48:53:55:70:68:36:C6:D0:7C:7F:D2:5D:5B:59:DB:0B:6D:89:4F:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SFNVcGg2xtB8f9JdW1nbC22JT7U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/00ec37-3841-4f64-a1bd-dd9dd763339d/1/t2KLQdHWFqpCqldZ2tpa9QRrDYU.roa
Signing time:             Tue 02 Jan 2024 02:30:21 +0000
ROA not before:           Tue 02 Jan 2024 02:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44477
IP address blocks:        91.228.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/00ec37-3841-4f64-a1bd-dd9dd763339d/1/SFNVcGg2xtB8f9JdW1nbC22JT7U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/00ec37-3841-4f64-a1bd-dd9dd763339d/1/SFNVcGg2xtB8f9JdW1nbC22JT7U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SFNVcGg2xtB8f9JdW1nbC22JT7U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 13:21:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:f9:7b:80:6a:67:44:f5:2b:e2:e7:99:7e:87:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=485355706836c6d07c7fd25d5b59db0b6d894fb5
        Validity
            Not Before: Jan  2 02:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7628b41d1d616aa42aa5759dada5af5046b0d85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:d8:8b:f2:f9:18:6c:1e:2a:eb:59:d4:b2:66:
                    9c:79:da:88:9f:5a:66:e8:80:68:99:f7:ed:6d:3f:
                    8a:4c:67:f0:6a:3c:97:25:89:56:b4:ae:e0:81:23:
                    f0:5c:72:26:18:71:f1:64:69:4d:b8:2d:34:1a:96:
                    e6:89:3d:ef:46:cc:f6:17:20:f1:a6:91:d0:73:cd:
                    98:dc:52:d3:05:9f:26:87:60:53:70:71:41:2e:04:
                    33:be:1b:c2:f5:56:04:6b:9d:50:ed:57:03:03:95:
                    80:6a:7b:d0:c7:bb:57:dd:65:f0:f9:b2:8d:2e:d9:
                    bc:1c:88:da:89:ae:aa:5f:72:1e:e2:f3:2c:e5:72:
                    45:3a:db:ed:b4:80:ee:9c:35:2d:7d:20:f8:9f:f9:
                    cb:c6:2e:39:97:ce:b3:09:1c:46:5b:0f:2b:34:13:
                    f5:95:ac:fd:e7:15:38:d3:a4:26:9f:1f:fe:b1:90:
                    83:e6:24:88:f5:76:66:87:7a:f4:a4:00:b3:83:1c:
                    b4:e8:e8:a4:1c:32:89:7c:fc:e4:0f:d3:52:0b:bf:
                    bb:fc:82:05:48:1a:6c:9c:36:65:0e:e5:7b:c0:d7:
                    00:41:b3:e6:23:2e:b5:fe:a0:fc:85:93:82:fd:d3:
                    c4:35:35:56:e1:0d:95:ab:56:d4:97:e9:a4:73:c7:
                    3a:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:62:8B:41:D1:D6:16:AA:42:AA:57:59:DA:DA:5A:F5:04:6B:0D:85
            X509v3 Authority Key Identifier:
                keyid:48:53:55:70:68:36:C6:D0:7C:7F:D2:5D:5B:59:DB:0B:6D:89:4F:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SFNVcGg2xtB8f9JdW1nbC22JT7U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/00ec37-3841-4f64-a1bd-dd9dd763339d/1/t2KLQdHWFqpCqldZ2tpa9QRrDYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/00ec37-3841-4f64-a1bd-dd9dd763339d/1/SFNVcGg2xtB8f9JdW1nbC22JT7U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:6b:9d:da:00:67:ec:7e:f5:6c:33:4f:6f:19:3a:3a:92:53:
         7d:72:b0:a3:d6:43:88:3d:c2:88:ff:f7:2c:53:06:6e:96:06:
         1d:d2:35:df:b3:30:a2:8a:b0:8f:3f:64:16:fa:13:85:34:5b:
         47:45:8a:44:68:a2:20:69:0c:68:2c:22:3c:c4:7d:aa:e3:a1:
         b2:98:c8:29:99:48:16:b4:3d:c4:1c:92:a6:01:a7:43:c2:76:
         03:17:81:f9:2c:36:a7:6a:59:b0:cb:58:be:f6:05:d1:52:3d:
         b1:ef:d4:0e:32:62:b4:5c:4c:37:cf:ff:8b:42:61:21:e2:fb:
         42:f4:8b:d4:8f:7f:99:99:90:7c:88:d2:d7:bb:5c:3b:80:cd:
         d7:46:12:f4:8e:69:0b:6a:22:30:15:cf:d5:98:e7:0e:39:78:
         60:cb:31:66:e8:88:66:d6:23:af:6b:de:7a:b0:56:76:05:33:
         1e:c8:cd:6e:4c:3b:e9:b7:b4:f0:16:36:79:91:54:0f:ae:dd:
         67:bc:0b:59:e6:73:9b:fb:f1:33:03:a6:a8:ed:7c:5d:d0:8f:
         8f:dd:3b:fe:aa:79:b9:44:5f:5c:3a:05:47:10:92:45:d2:c3:
         c1:2a:a7:ee:02:ad:e9:69:32:c1:f2:e8:80:b8:0d:1d:21:a2:
         c6:07:5d:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAfl7gGpnRPUr4ueZfoeYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4NTM1NTcwNjgzNmM2ZDA3YzdmZDI1ZDViNTlkYjBiNmQ4
OTRmYjUwHhcNMjQwMTAyMDIzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzYyOGI0MWQxZDYxNmFhNDJhYTU3NTlkYWRhNWFmNTA0NmIwZDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhdiL8vkYbB4q61nUsmacedqIn1pm
6IBomfftbT+KTGfwajyXJYlWtK7ggSPwXHImGHHxZGlNuC00GpbmiT3vRsz2FyDx
ppHQc82Y3FLTBZ8mh2BTcHFBLgQzvhvC9VYEa51Q7VcDA5WAanvQx7tX3WXw+bKN
Ltm8HIjaia6qX3Ie4vMs5XJFOtvttIDunDUtfSD4n/nLxi45l86zCRxGWw8rNBP1
laz95xU406Qmnx/+sZCD5iSI9XZmh3r0pACzgxy06OikHDKJfPzkD9NSC7+7/IIF
SBpsnDZlDuV7wNcAQbPmIy61/qD8hZOC/dPENTVW4Q2Vq1bUl+mkc8c6zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLdii0HR1haqQqpXWdraWvUEaw2FMB8GA1UdIwQY
MBaAFEhTVXBoNsbQfH/SXVtZ2wttiU+1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0ZOVmNHZzJ4dEI4ZjlKZFcxbmJDMjJKVDdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy8wMGVjMzctMzg0MS00ZjY0LWExYmQt
ZGQ5ZGQ3NjMzMzlkLzEvdDJLTFFkSFdGcXBDcWxkWjJ0cGE5UVJyRFlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy8wMGVjMzctMzg0MS00ZjY0LWExYmQtZGQ5ZGQ3NjMzMzlk
LzEvU0ZOVmNHZzJ4dEI4ZjlKZFcxbmJDMjJKVDdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+QKMA0G
CSqGSIb3DQEBCwUAA4IBAQCva53aAGfsfvVsM09vGTo6klN9crCj1kOIPcKI//cs
UwZulgYd0jXfszCiirCPP2QW+hOFNFtHRYpEaKIgaQxoLCI8xH2q46GymMgpmUgW
tD3EHJKmAadDwnYDF4H5LDanalmwy1i+9gXRUj2x79QOMmK0XEw3z/+LQmEh4vtC
9IvUj3+ZmZB8iNLXu1w7gM3XRhL0jmkLaiIwFc/VmOcOOXhgyzFm6Ihm1iOva956
sFZ2BTMeyM1uTDvpt7TwFjZ5kVQPrt1nvAtZ5nOb+/EzA6ao7Xxd0I+P3Tv+qnm5
RF9cOgVHEJJF0sPBKqfuAq3paTLB8uiAuA0dIaLGB13R
-----END CERTIFICATE-----