Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/75a920-2a3a-4129-800e-af2ec5d8dc3c/1/jeIio4_mlhvq3cSnOYkBimsWB20.roa
File:                     jeIio4_mlhvq3cSnOYkBimsWB20.roa (raw, json)
Hash identifier:          s5/9ZStolUGeMpV0Ab+28F2IyKK6/7OeJ9CmXWUv49U=
Subject key identifier:   8D:E2:22:A3:8F:E6:96:1B:EA:DD:C4:A7:39:89:01:8A:6B:16:07:6D
Certificate issuer:       /CN=97f4674e8236bddc3d2327a02b0abfba79a5483c
Certificate serial:       018CC5DC02DD26B8E3082CEB1D742C030FF3
Authority key identifier: 97:F4:67:4E:82:36:BD:DC:3D:23:27:A0:2B:0A:BF:BA:79:A5:48:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l_RnToI2vdw9IyegKwq_unmlSDw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/75a920-2a3a-4129-800e-af2ec5d8dc3c/1/jeIio4_mlhvq3cSnOYkBimsWB20.roa
Signing time:             Mon 01 Jan 2024 16:29:39 +0000
ROA not before:           Mon 01 Jan 2024 16:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48618
IP address blocks:        91.209.29.0/24 maxlen: 24
                          185.55.176.0/22 maxlen: 22
                          2a04:d500::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/75a920-2a3a-4129-800e-af2ec5d8dc3c/1/l_RnToI2vdw9IyegKwq_unmlSDw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/75a920-2a3a-4129-800e-af2ec5d8dc3c/1/l_RnToI2vdw9IyegKwq_unmlSDw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l_RnToI2vdw9IyegKwq_unmlSDw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:02:dd:26:b8:e3:08:2c:eb:1d:74:2c:03:0f:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97f4674e8236bddc3d2327a02b0abfba79a5483c
        Validity
            Not Before: Jan  1 16:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8de222a38fe6961beaddc4a73989018a6b16076d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:3f:99:69:86:8d:17:e6:b7:ad:ca:1a:6a:1e:
                    d1:f7:c1:24:bd:b0:62:03:79:ba:33:fd:0a:49:13:
                    17:a3:b7:af:38:a3:9b:89:1d:b9:a1:30:3f:e4:8a:
                    0b:07:0f:d7:a2:63:72:2c:cc:f8:c3:b0:91:a8:fb:
                    aa:29:29:91:53:b3:1c:a5:61:9c:fc:da:02:09:59:
                    d4:19:ad:91:37:8a:b8:08:43:3b:05:39:1c:a6:81:
                    dd:5a:1b:13:51:0e:fe:fb:99:54:76:7c:3c:4c:ab:
                    43:65:4d:1a:ab:95:62:21:b6:3b:48:79:65:fe:9a:
                    85:05:bd:f7:48:c7:97:fb:4c:1d:c7:69:30:1a:92:
                    ca:5e:58:ca:6a:6a:d4:79:65:f3:83:63:29:b9:b9:
                    d3:11:c6:99:dc:58:79:50:0a:ed:9c:dd:76:a4:e9:
                    c3:0f:57:46:ab:55:01:b1:9d:58:7c:f3:b2:c0:2f:
                    9e:48:ca:54:f5:90:cf:75:1e:98:a5:1e:60:68:f6:
                    ab:5c:60:a0:9f:37:8b:d2:4c:87:8b:a2:b0:b8:f8:
                    c9:c9:6c:e3:57:ff:8c:00:7c:8b:bc:64:8e:60:71:
                    40:53:88:67:07:de:a5:5e:30:12:d2:a7:0d:e0:04:
                    8a:d5:bd:5d:7b:69:a4:3f:cf:b1:d5:54:f7:e7:a3:
                    da:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:E2:22:A3:8F:E6:96:1B:EA:DD:C4:A7:39:89:01:8A:6B:16:07:6D
            X509v3 Authority Key Identifier:
                keyid:97:F4:67:4E:82:36:BD:DC:3D:23:27:A0:2B:0A:BF:BA:79:A5:48:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l_RnToI2vdw9IyegKwq_unmlSDw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/75a920-2a3a-4129-800e-af2ec5d8dc3c/1/jeIio4_mlhvq3cSnOYkBimsWB20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/75a920-2a3a-4129-800e-af2ec5d8dc3c/1/l_RnToI2vdw9IyegKwq_unmlSDw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.29.0/24
                  185.55.176.0/22
                IPv6:
                  2a04:d500::/29

    Signature Algorithm: sha256WithRSAEncryption
         85:ee:f0:7b:57:ad:ae:9e:6c:ec:78:eb:59:86:6f:82:96:c5:
         97:db:c0:e0:b2:70:cf:b9:fa:7e:83:a0:70:6a:d0:ab:4d:6d:
         0b:12:62:56:01:9e:28:2c:98:9a:ae:aa:37:fb:f0:de:b2:c3:
         6b:8e:96:eb:2c:38:75:23:71:7c:76:a7:37:db:d4:7e:10:fb:
         22:95:82:79:dd:28:12:5f:b3:94:9a:b8:c0:d1:cd:e6:33:d9:
         57:e3:15:4d:ca:35:c6:f4:23:44:1c:7d:67:ef:ce:54:33:86:
         14:52:50:2b:c3:61:bf:47:c8:78:ec:b7:96:cd:f5:38:a4:f5:
         4f:15:d7:24:64:0f:09:6f:b7:6e:f2:d1:21:d6:14:ed:b6:54:
         0e:06:21:05:68:f6:4f:0b:c4:11:3b:d4:8c:ce:92:39:f3:a0:
         39:8d:f9:9b:8f:f9:13:20:8e:4c:d5:98:ad:8f:6e:5c:e2:9c:
         b9:67:ad:b2:60:06:1c:2e:62:53:6e:0d:c8:b9:11:34:92:2f:
         61:30:24:54:b7:9d:fb:a3:43:a6:17:4d:6f:4c:e5:dd:76:3d:
         1d:a2:b0:6f:d2:1f:e4:72:a3:97:96:8c:19:3e:d5:cc:fc:bf:
         73:26:2c:73:1a:98:a9:53:5c:4d:4e:1e:64:ba:84:0f:37:06:
         5b:30:5f:25
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzF3ALdJrjjCCzrHXQsAw/zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZjQ2NzRlODIzNmJkZGMzZDIzMjdhMDJiMGFiZmJhNzlh
NTQ4M2MwHhcNMjQwMTAxMTYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGUyMjJhMzhmZTY5NjFiZWFkZGM0YTczOTg5MDE4YTZiMTYwNzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvj+ZaYaNF+a3rcoaah7R98EkvbBi
A3m6M/0KSRMXo7evOKObiR25oTA/5IoLBw/XomNyLMz4w7CRqPuqKSmRU7McpWGc
/NoCCVnUGa2RN4q4CEM7BTkcpoHdWhsTUQ7++5lUdnw8TKtDZU0aq5ViIbY7SHll
/pqFBb33SMeX+0wdx2kwGpLKXljKamrUeWXzg2MpubnTEcaZ3Fh5UArtnN12pOnD
D1dGq1UBsZ1YfPOywC+eSMpU9ZDPdR6YpR5gaParXGCgnzeL0kyHi6KwuPjJyWzj
V/+MAHyLvGSOYHFAU4hnB96lXjAS0qcN4ASK1b1de2mkP8+x1VT356PaFQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFI3iIqOP5pYb6t3EpzmJAYprFgdtMB8GA1UdIwQY
MBaAFJf0Z06CNr3cPSMnoCsKv7p5pUg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbF9SblRvSTJ2ZHc5SXllZ0t3cV91bm1sU0R3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS83NWE5MjAtMmEzYS00MTI5LTgwMGUt
YWYyZWM1ZDhkYzNjLzEvamVJaW80X21saHZxM2NTbk9Za0JpbXNXQjIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS83NWE5MjAtMmEzYS00MTI5LTgwMGUtYWYyZWM1ZDhkYzNj
LzEvbF9SblRvSTJ2ZHc5SXllZ0t3cV91bm1sU0R3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW9EdAwQC
uTewMA0EAgACMAcDBQMqBNUAMA0GCSqGSIb3DQEBCwUAA4IBAQCF7vB7V62unmzs
eOtZhm+ClsWX28DgsnDPufp+g6BwatCrTW0LEmJWAZ4oLJiarqo3+/DessNrjpbr
LDh1I3F8dqc329R+EPsilYJ53SgSX7OUmrjA0c3mM9lX4xVNyjXG9CNEHH1n785U
M4YUUlArw2G/R8h47LeWzfU4pPVPFdckZA8Jb7du8tEh1hTttlQOBiEFaPZPC8QR
O9SMzpI586A5jfmbj/kTII5M1Zitj25c4py5Z62yYAYcLmJTbg3IuRE0ki9hMCRU
t537o0OmF01vTOXddj0dorBv0h/kcqOXlowZPtXM/L9zJixzGpipU1xNTh5kuoQP
NwZbMF8l
-----END CERTIFICATE-----