Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/a5056f-6948-4130-9077-5f3d06f6a5d2/1/VWqHuTlsdnBz7NTQWr0kMDOv7yI.roa
File:                     VWqHuTlsdnBz7NTQWr0kMDOv7yI.roa (raw, json)
Hash identifier:          BwTkYTFjyFFIxEkAFgL4A+xFawePlPXStq3OIcaqfbY=
Subject key identifier:   55:6A:87:B9:39:6C:76:70:73:EC:D4:D0:5A:BD:24:30:33:AF:EF:22
Certificate issuer:       /CN=4c4be43394a7c2bf1e8fdfbb1d506fa37ac73231
Certificate serial:       018CC9BCF45B748F24109D3A7D88ABFADEAF
Authority key identifier: 4C:4B:E4:33:94:A7:C2:BF:1E:8F:DF:BB:1D:50:6F:A3:7A:C7:32:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TEvkM5Snwr8ej9-7HVBvo3rHMjE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/a5056f-6948-4130-9077-5f3d06f6a5d2/1/VWqHuTlsdnBz7NTQWr0kMDOv7yI.roa
Signing time:             Tue 02 Jan 2024 10:34:12 +0000
ROA not before:           Tue 02 Jan 2024 10:34:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199860
IP address blocks:        91.132.230.0/23 maxlen: 23
                          91.132.228.0/23 maxlen: 23
                          91.132.228.0/22 maxlen: 22
                          91.226.104.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/a5056f-6948-4130-9077-5f3d06f6a5d2/1/TEvkM5Snwr8ej9-7HVBvo3rHMjE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/a5056f-6948-4130-9077-5f3d06f6a5d2/1/TEvkM5Snwr8ej9-7HVBvo3rHMjE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TEvkM5Snwr8ej9-7HVBvo3rHMjE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 16:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:f4:5b:74:8f:24:10:9d:3a:7d:88:ab:fa:de:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c4be43394a7c2bf1e8fdfbb1d506fa37ac73231
        Validity
            Not Before: Jan  2 10:34:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=556a87b9396c767073ecd4d05abd243033afef22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:8f:bf:b0:4e:2c:8c:e7:bc:07:47:62:58:47:
                    df:da:bc:5a:18:da:d4:b6:8b:11:f2:84:b4:33:37:
                    d2:b8:1c:a5:d1:62:bc:26:57:57:50:04:15:d7:2a:
                    96:46:17:3b:59:cb:bd:e0:7f:83:75:4c:fb:71:93:
                    b6:d6:48:38:1a:19:bb:73:30:c8:1e:4f:8c:bb:5b:
                    13:fc:99:2e:f0:cd:b8:cd:c6:06:39:8c:7d:22:2b:
                    b7:42:df:1c:82:7f:58:c1:08:84:1a:fe:49:75:78:
                    26:c0:3a:2b:a8:8f:51:48:a0:b4:60:fc:ff:e6:99:
                    e0:f9:af:0f:8e:85:a2:fd:db:f4:76:94:a0:db:51:
                    33:d8:cf:76:29:a3:19:60:cc:1a:cd:04:5a:77:bf:
                    5f:39:d0:51:e0:10:a9:6e:9c:ce:aa:7f:9b:e6:d0:
                    c5:cd:f1:fe:c5:74:dd:28:9d:ae:70:ae:16:cc:32:
                    5b:5e:b4:d1:1f:b5:e1:49:5f:92:27:99:58:74:83:
                    cb:52:07:67:e9:36:9c:9e:eb:8b:49:c2:b4:54:66:
                    fc:7f:0b:9a:1d:13:c0:9b:ea:d0:c5:80:6b:0f:59:
                    e9:43:86:7a:b5:c5:fd:a1:8e:d3:91:9a:88:14:33:
                    63:8c:01:49:f0:31:5e:77:ff:26:fe:55:4d:31:76:
                    92:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:6A:87:B9:39:6C:76:70:73:EC:D4:D0:5A:BD:24:30:33:AF:EF:22
            X509v3 Authority Key Identifier:
                keyid:4C:4B:E4:33:94:A7:C2:BF:1E:8F:DF:BB:1D:50:6F:A3:7A:C7:32:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TEvkM5Snwr8ej9-7HVBvo3rHMjE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/a5056f-6948-4130-9077-5f3d06f6a5d2/1/VWqHuTlsdnBz7NTQWr0kMDOv7yI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/a5056f-6948-4130-9077-5f3d06f6a5d2/1/TEvkM5Snwr8ej9-7HVBvo3rHMjE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.228.0/22
                  91.226.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         de:11:da:ee:46:36:4b:f0:d5:1c:02:7c:ca:fc:f5:0d:b7:bd:
         46:73:c9:40:b5:ad:7d:f2:e6:2b:42:5e:df:46:7b:5f:20:60:
         7b:76:3e:9c:f2:b9:3a:fa:1b:d9:65:ef:19:9c:f5:ee:e7:80:
         72:f9:56:cc:56:9f:89:de:43:62:f0:aa:93:0f:fc:66:2d:4e:
         6e:cf:9f:65:44:42:09:24:87:97:5f:64:fc:50:5b:f2:7a:cd:
         cb:85:28:e7:d6:db:cb:3b:6d:3c:e1:5b:90:28:c2:db:10:66:
         9c:ba:25:fd:4c:d5:38:e3:c4:9d:3e:0b:dc:d4:3d:3b:7e:c4:
         b6:30:71:39:7c:39:76:d6:53:98:c4:31:fe:6f:09:89:a7:69:
         69:67:9c:25:63:27:f8:e4:a5:77:c7:81:ee:25:e8:9d:94:82:
         a0:b8:34:9d:2f:59:7e:25:2d:c5:b1:3f:43:10:22:78:62:75:
         3c:60:eb:5e:54:f1:1f:99:66:2f:9c:22:3b:13:58:66:a4:2c:
         f3:c2:1c:21:71:b2:d0:f3:3a:a9:14:9d:f7:a5:9f:a6:71:ce:
         89:77:50:a4:b3:97:a0:2b:bb:9b:a2:2f:6e:32:7a:eb:3a:7c:
         3e:3e:75:1e:78:28:7a:fd:0a:79:24:52:f8:cc:48:4d:4f:7c:
         78:43:69:b8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvPRbdI8kEJ06fYir+t6vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNGJlNDMzOTRhN2MyYmYxZThmZGZiYjFkNTA2ZmEzN2Fj
NzMyMzEwHhcNMjQwMTAyMTAzNDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTZhODdiOTM5NmM3NjcwNzNlY2Q0ZDA1YWJkMjQzMDMzYWZlZjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjY+/sE4sjOe8B0diWEff2rxaGNrU
tosR8oS0MzfSuByl0WK8JldXUAQV1yqWRhc7Wcu94H+DdUz7cZO21kg4Ghm7czDI
Hk+Mu1sT/Jku8M24zcYGOYx9Iiu3Qt8cgn9YwQiEGv5JdXgmwDorqI9RSKC0YPz/
5png+a8PjoWi/dv0dpSg21Ez2M92KaMZYMwazQRad79fOdBR4BCpbpzOqn+b5tDF
zfH+xXTdKJ2ucK4WzDJbXrTRH7XhSV+SJ5lYdIPLUgdn6TacnuuLScK0VGb8fwua
HRPAm+rQxYBrD1npQ4Z6tcX9oY7TkZqIFDNjjAFJ8DFed/8m/lVNMXaS7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFVqh7k5bHZwc+zU0Fq9JDAzr+8iMB8GA1UdIwQY
MBaAFExL5DOUp8K/Ho/fux1Qb6N6xzIxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEV2a001U253cjhlajktN0hWQnZvM3JITWpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9hNTA1NmYtNjk0OC00MTMwLTkwNzct
NWYzZDA2ZjZhNWQyLzEvVldxSHVUbHNkbkJ6N05UUVdyMGtNRE92N3lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9hNTA1NmYtNjk0OC00MTMwLTkwNzctNWYzZDA2ZjZhNWQy
LzEvVEV2a001U253cjhlajktN0hWQnZvM3JITWpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW4TkAwQC
W+JoMA0GCSqGSIb3DQEBCwUAA4IBAQDeEdruRjZL8NUcAnzK/PUNt71Gc8lAta19
8uYrQl7fRntfIGB7dj6c8rk6+hvZZe8ZnPXu54By+VbMVp+J3kNi8KqTD/xmLU5u
z59lREIJJIeXX2T8UFvyes3LhSjn1tvLO2084VuQKMLbEGacuiX9TNU448SdPgvc
1D07fsS2MHE5fDl21lOYxDH+bwmJp2lpZ5wlYyf45KV3x4HuJeidlIKguDSdL1l+
JS3FsT9DECJ4YnU8YOteVPEfmWYvnCI7E1hmpCzzwhwhcbLQ8zqpFJ33pZ+mcc6J
d1Cks5egK7uboi9uMnrrOnw+PnUeeCh6/Qp5JFL4zEhNT3x4Q2m4
-----END CERTIFICATE-----