Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/69f8fc-5175-4fb3-aaaf-637cfd72baf0/1/Ia8BRBnZIo-G6GmQdCcTpOlqqYY.roa
File:                     Ia8BRBnZIo-G6GmQdCcTpOlqqYY.roa (raw, json)
Hash identifier:          f7KaSJ1BG2aGyigS2gIUfQ1/3lKqNDCF4s0avuMVX5A=
Subject key identifier:   21:AF:01:44:19:D9:22:8F:86:E8:69:90:74:27:13:A4:E9:6A:A9:86
Certificate issuer:       /CN=254cc4ab5d48c5270d40e9fe50e72396deec5869
Certificate serial:       018CC3493DBFE80BAFF43714EB2904D8760C
Authority key identifier: 25:4C:C4:AB:5D:48:C5:27:0D:40:E9:FE:50:E7:23:96:DE:EC:58:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JUzEq11IxScNQOn-UOcjlt7sWGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/69f8fc-5175-4fb3-aaaf-637cfd72baf0/1/Ia8BRBnZIo-G6GmQdCcTpOlqqYY.roa
Signing time:             Mon 01 Jan 2024 04:30:06 +0000
ROA not before:           Mon 01 Jan 2024 04:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56622
IP address blocks:        91.226.35.0/24 maxlen: 24
                          91.226.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/69f8fc-5175-4fb3-aaaf-637cfd72baf0/1/JUzEq11IxScNQOn-UOcjlt7sWGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/69f8fc-5175-4fb3-aaaf-637cfd72baf0/1/JUzEq11IxScNQOn-UOcjlt7sWGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JUzEq11IxScNQOn-UOcjlt7sWGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:3d:bf:e8:0b:af:f4:37:14:eb:29:04:d8:76:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=254cc4ab5d48c5270d40e9fe50e72396deec5869
        Validity
            Not Before: Jan  1 04:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21af014419d9228f86e86990742713a4e96aa986
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:db:5a:b9:86:82:79:cb:3b:df:49:5b:41:a3:
                    dc:37:be:72:b7:d4:1d:08:59:ba:8c:54:f9:10:b5:
                    67:19:7f:c2:f0:38:8c:31:50:30:57:7d:d7:ed:9d:
                    4e:1b:7e:64:9a:d0:5f:eb:3f:17:e5:91:e9:a3:50:
                    04:c8:e3:f8:80:b5:29:6a:34:c0:0f:27:09:45:0d:
                    99:b8:a1:a5:71:47:59:4d:12:db:84:c5:45:6e:34:
                    f4:6e:66:ef:94:e7:74:bb:86:9a:02:de:f3:f6:43:
                    f9:7b:61:2b:cd:84:ab:ff:00:64:9d:94:a3:c2:78:
                    aa:89:5f:13:48:91:ec:4b:d1:da:b4:92:be:2c:59:
                    9f:2c:e9:92:f8:2e:f7:48:1b:32:2b:6d:63:fe:30:
                    da:14:66:d4:fe:5c:45:d3:d4:f8:22:2a:25:ef:12:
                    16:7f:73:c7:53:38:66:92:e1:06:5a:32:ce:8c:c1:
                    32:64:3e:ec:79:a8:4c:0e:e9:41:cd:7e:29:44:13:
                    b5:41:98:98:3b:a7:04:d8:bf:ca:3a:38:e2:81:0e:
                    ec:22:87:97:e0:d1:44:94:f9:76:ce:7e:28:d2:ad:
                    74:1d:52:ec:9c:cd:ea:e8:22:53:ed:a2:f5:8f:87:
                    5e:9f:e0:76:48:64:53:2b:d2:39:3c:2c:30:16:c3:
                    44:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:AF:01:44:19:D9:22:8F:86:E8:69:90:74:27:13:A4:E9:6A:A9:86
            X509v3 Authority Key Identifier:
                keyid:25:4C:C4:AB:5D:48:C5:27:0D:40:E9:FE:50:E7:23:96:DE:EC:58:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JUzEq11IxScNQOn-UOcjlt7sWGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/69f8fc-5175-4fb3-aaaf-637cfd72baf0/1/Ia8BRBnZIo-G6GmQdCcTpOlqqYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/69f8fc-5175-4fb3-aaaf-637cfd72baf0/1/JUzEq11IxScNQOn-UOcjlt7sWGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.34.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0e:3d:42:e6:52:50:47:08:3d:b6:4a:4e:a1:e5:0b:d1:7d:0b:
         6e:a9:c1:7a:ba:c1:fc:d6:9f:cc:36:c1:a8:ac:33:06:45:1b:
         c5:19:d3:f4:71:4d:7b:3c:30:8b:d9:db:94:91:af:a5:6d:83:
         e9:58:e1:de:a5:bf:19:45:92:d4:ae:64:ff:c1:aa:71:53:f0:
         a1:db:d0:1e:f0:4c:77:46:0f:d3:41:c5:27:14:f1:32:3c:aa:
         28:a0:e9:01:92:9b:8b:9c:ac:fd:80:7e:cd:91:33:f9:c5:91:
         dd:3b:3b:40:1c:eb:ae:ba:95:f5:33:55:79:fa:e7:6e:9f:a4:
         93:a7:d8:61:0b:a5:93:db:ef:4f:54:bb:d8:78:3a:6b:b5:93:
         d7:42:55:0f:17:a1:14:89:5a:c4:ed:e9:59:03:23:ab:16:e6:
         05:47:b4:f2:70:b9:5b:50:1b:fa:14:ea:20:f4:7f:73:da:9d:
         81:34:2d:fd:bd:cf:fe:9f:03:b9:e6:05:5c:3f:92:3d:96:06:
         ad:2e:bf:68:7a:fd:e8:a3:64:e7:65:b5:35:91:4e:36:dd:17:
         40:1f:9a:bd:3a:b9:10:97:a7:5f:e6:76:79:25:ad:9a:c5:dc:
         b6:b6:71:d4:c5:3e:c0:23:cb:4d:6a:41:38:0b:cd:d3:03:bf:
         bd:ac:e1:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDST2/6Auv9DcU6ykE2HYMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NGNjNGFiNWQ0OGM1MjcwZDQwZTlmZTUwZTcyMzk2ZGVl
YzU4NjkwHhcNMjQwMTAxMDQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWFmMDE0NDE5ZDkyMjhmODZlODY5OTA3NDI3MTNhNGU5NmFhOTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9tauYaCecs730lbQaPcN75yt9Qd
CFm6jFT5ELVnGX/C8DiMMVAwV33X7Z1OG35kmtBf6z8X5ZHpo1AEyOP4gLUpajTA
DycJRQ2ZuKGlcUdZTRLbhMVFbjT0bmbvlOd0u4aaAt7z9kP5e2ErzYSr/wBknZSj
wniqiV8TSJHsS9HatJK+LFmfLOmS+C73SBsyK21j/jDaFGbU/lxF09T4Iiol7xIW
f3PHUzhmkuEGWjLOjMEyZD7seahMDulBzX4pRBO1QZiYO6cE2L/KOjjigQ7sIoeX
4NFElPl2zn4o0q10HVLsnM3q6CJT7aL1j4den+B2SGRTK9I5PCwwFsNE8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCGvAUQZ2SKPhuhpkHQnE6TpaqmGMB8GA1UdIwQY
MBaAFCVMxKtdSMUnDUDp/lDnI5be7FhpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlV6RXExMUl4U2NOUU9uLVVPY2psdDdzV0drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy82OWY4ZmMtNTE3NS00ZmIzLWFhYWYt
NjM3Y2ZkNzJiYWYwLzEvSWE4QlJCblpJby1HNkdtUWRDY1RwT2xxcVlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy82OWY4ZmMtNTE3NS00ZmIzLWFhYWYtNjM3Y2ZkNzJiYWYw
LzEvSlV6RXExMUl4U2NOUU9uLVVPY2psdDdzV0drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+IiMA0G
CSqGSIb3DQEBCwUAA4IBAQAOPULmUlBHCD22Sk6h5QvRfQtuqcF6usH81p/MNsGo
rDMGRRvFGdP0cU17PDCL2duUka+lbYPpWOHepb8ZRZLUrmT/wapxU/Ch29Ae8Ex3
Rg/TQcUnFPEyPKoooOkBkpuLnKz9gH7NkTP5xZHdOztAHOuuupX1M1V5+udun6ST
p9hhC6WT2+9PVLvYeDprtZPXQlUPF6EUiVrE7elZAyOrFuYFR7TycLlbUBv6FOog
9H9z2p2BNC39vc/+nwO55gVcP5I9lgatLr9oev3oo2TnZbU1kU423RdAH5q9OrkQ
l6df5nZ5Ja2axdy2tnHUxT7AI8tNakE4C83TA7+9rOHU
-----END CERTIFICATE-----