Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/171cea-3d78-4513-ad49-5a905af507c3/1/PqYivTbBUGRa3r405njgslres4Q.roa
File:                     PqYivTbBUGRa3r405njgslres4Q.roa (raw, json)
Hash identifier:          Xcoa4fFHTXgFWGlMr3aL34jR90wFuBSXV+WVq4qWo3M=
Subject key identifier:   3E:A6:22:BD:36:C1:50:64:5A:DE:BE:34:E6:78:E0:B2:5A:DE:B3:84
Certificate issuer:       /CN=b6ed9b5cb4b64866c383dee4576bff3ff875242d
Certificate serial:       018CC3B698BAC9BA7D284AD83A9952AF494B
Authority key identifier: B6:ED:9B:5C:B4:B6:48:66:C3:83:DE:E4:57:6B:FF:3F:F8:75:24:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tu2bXLS2SGbDg97kV2v_P_h1JC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/171cea-3d78-4513-ad49-5a905af507c3/1/PqYivTbBUGRa3r405njgslres4Q.roa
Signing time:             Mon 01 Jan 2024 06:29:32 +0000
ROA not before:           Mon 01 Jan 2024 06:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        91.220.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/171cea-3d78-4513-ad49-5a905af507c3/1/tu2bXLS2SGbDg97kV2v_P_h1JC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/171cea-3d78-4513-ad49-5a905af507c3/1/tu2bXLS2SGbDg97kV2v_P_h1JC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tu2bXLS2SGbDg97kV2v_P_h1JC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:98:ba:c9:ba:7d:28:4a:d8:3a:99:52:af:49:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6ed9b5cb4b64866c383dee4576bff3ff875242d
        Validity
            Not Before: Jan  1 06:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ea622bd36c150645adebe34e678e0b25adeb384
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:63:85:57:07:a7:fb:89:5f:64:c3:cd:64:a3:
                    2c:e6:86:c8:75:6d:2a:3d:14:82:04:4b:68:bc:1d:
                    e0:ba:8c:f1:b5:c4:74:73:d3:1e:24:2e:97:df:a2:
                    3e:8c:c0:07:2c:e0:d4:c3:59:9d:76:bb:c1:82:49:
                    a8:b2:75:b6:68:a5:7c:06:d8:69:b7:4e:4f:67:50:
                    f3:be:27:6e:cd:69:27:db:18:d5:61:84:c8:bf:28:
                    56:7e:c3:ed:f4:70:01:31:33:27:45:3a:7c:42:86:
                    7c:28:a0:5b:c1:e9:0d:70:50:6c:ed:4a:a4:2b:56:
                    1f:1f:99:86:4a:47:21:6e:46:94:3c:68:aa:40:e2:
                    88:ed:28:a7:d8:93:27:89:3b:94:40:bf:c6:5a:ab:
                    94:80:d3:ad:7b:81:b5:67:56:67:a9:fc:25:16:97:
                    00:aa:7d:e3:70:68:84:18:66:36:b9:de:ba:6b:01:
                    41:05:ca:6d:10:4e:85:28:3f:60:83:2c:b0:df:7d:
                    35:e9:09:af:bc:63:cd:08:72:3c:a5:2a:90:d1:7c:
                    ba:63:e6:97:a3:fb:0a:aa:48:6b:3b:cf:fc:28:85:
                    46:b7:c2:65:16:90:5b:fc:59:f1:cf:cf:4b:80:12:
                    68:7a:8b:6b:13:27:79:7c:39:06:c0:ff:f2:60:90:
                    50:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:A6:22:BD:36:C1:50:64:5A:DE:BE:34:E6:78:E0:B2:5A:DE:B3:84
            X509v3 Authority Key Identifier:
                keyid:B6:ED:9B:5C:B4:B6:48:66:C3:83:DE:E4:57:6B:FF:3F:F8:75:24:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tu2bXLS2SGbDg97kV2v_P_h1JC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/171cea-3d78-4513-ad49-5a905af507c3/1/PqYivTbBUGRa3r405njgslres4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/171cea-3d78-4513-ad49-5a905af507c3/1/tu2bXLS2SGbDg97kV2v_P_h1JC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:fa:6d:b7:45:07:ff:b9:27:5f:61:ea:54:d8:ab:34:db:30:
         a0:fe:4e:d8:71:ef:6e:7d:83:97:5d:19:53:f9:9e:12:19:9a:
         04:3a:3b:13:30:36:84:52:40:31:d3:3b:c5:8d:e2:b3:94:a9:
         db:dc:ca:88:d2:cb:71:ad:e8:84:d9:88:79:bb:33:be:00:2f:
         52:1a:ae:db:9a:de:90:30:80:16:14:5f:d5:37:b5:64:82:a6:
         e4:66:58:f8:1c:2b:24:4c:76:ff:fe:70:2f:0e:39:cf:1e:66:
         46:af:ad:8d:9a:ae:c8:64:07:b0:46:3a:26:c0:82:1e:f8:13:
         6e:d0:25:93:dd:cb:e7:53:e4:46:f1:89:db:5a:00:cb:ab:49:
         77:d7:aa:89:ec:f7:78:b0:90:51:4e:95:57:f4:20:70:dd:cd:
         24:ef:52:06:a1:ad:38:4f:34:87:9b:c3:f2:fc:59:f5:72:b6:
         46:c6:c3:f3:87:27:95:95:1b:b9:99:db:a0:81:bf:ff:f8:b0:
         43:e8:eb:c1:d1:04:65:f1:91:dc:83:26:65:c8:24:d6:eb:ff:
         3c:dd:4d:c5:ab:fb:12:7f:29:eb:fe:c6:4a:5f:c7:8d:2b:04:
         ab:ff:47:9b:a4:e6:01:32:a8:05:c5:d3:94:6f:96:b4:e8:00:
         dd:f0:a9:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtpi6ybp9KErYOplSr0lLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZWQ5YjVjYjRiNjQ4NjZjMzgzZGVlNDU3NmJmZjNmZjg3
NTI0MmQwHhcNMjQwMTAxMDYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWE2MjJiZDM2YzE1MDY0NWFkZWJlMzRlNjc4ZTBiMjVhZGViMzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmOFVwen+4lfZMPNZKMs5obIdW0q
PRSCBEtovB3guozxtcR0c9MeJC6X36I+jMAHLODUw1mddrvBgkmosnW2aKV8Bthp
t05PZ1DzviduzWkn2xjVYYTIvyhWfsPt9HABMTMnRTp8QoZ8KKBbwekNcFBs7Uqk
K1YfH5mGSkchbkaUPGiqQOKI7Sin2JMniTuUQL/GWquUgNOte4G1Z1ZnqfwlFpcA
qn3jcGiEGGY2ud66awFBBcptEE6FKD9ggyyw33016QmvvGPNCHI8pSqQ0Xy6Y+aX
o/sKqkhrO8/8KIVGt8JlFpBb/Fnxz89LgBJoeotrEyd5fDkGwP/yYJBQdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD6mIr02wVBkWt6+NOZ44LJa3rOEMB8GA1UdIwQY
MBaAFLbtm1y0tkhmw4Pe5Fdr/z/4dSQtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHUyYlhMUzJTR2JEZzk3a1Yydl9QX2gxSkMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xNzFjZWEtM2Q3OC00NTEzLWFkNDkt
NWE5MDVhZjUwN2MzLzEvUHFZaXZUYkJVR1JhM3I0MDVuamdzbHJlczRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xNzFjZWEtM2Q3OC00NTEzLWFkNDktNWE5MDVhZjUwN2Mz
LzEvdHUyYlhMUzJTR2JEZzk3a1Yydl9QX2gxSkMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9ysMA0G
CSqGSIb3DQEBCwUAA4IBAQCX+m23RQf/uSdfYepU2Ks02zCg/k7Yce9ufYOXXRlT
+Z4SGZoEOjsTMDaEUkAx0zvFjeKzlKnb3MqI0stxreiE2Yh5uzO+AC9SGq7bmt6Q
MIAWFF/VN7VkgqbkZlj4HCskTHb//nAvDjnPHmZGr62Nmq7IZAewRjomwIIe+BNu
0CWT3cvnU+RG8YnbWgDLq0l316qJ7Pd4sJBRTpVX9CBw3c0k71IGoa04TzSHm8Py
/Fn1crZGxsPzhyeVlRu5mduggb//+LBD6OvB0QRl8ZHcgyZlyCTW6/883U3Fq/sS
fynr/sZKX8eNKwSr/0ebpOYBMqgFxdOUb5a06ADd8KkI
-----END CERTIFICATE-----