Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/90f9a8-7a9a-47d7-8493-c94d393b8a97/1/b2P7virXtj5Qrt13RdBkgKKtAyM.roa
File:                     b2P7virXtj5Qrt13RdBkgKKtAyM.roa (raw, json)
Hash identifier:          DpelvxCtFkNsUMm88psZWD+Vt08ctPD+lSzK+DjJPBg=
Subject key identifier:   6F:63:FB:BE:2A:D7:B6:3E:50:AE:DD:77:45:D0:64:80:A2:AD:03:23
Certificate issuer:       /CN=a4b6446b0c6dcdcdf7f3b9ac411787c6f2eb7b24
Certificate serial:       018CC870485767EB224663D4D4FF2E52A4B3
Authority key identifier: A4:B6:44:6B:0C:6D:CD:CD:F7:F3:B9:AC:41:17:87:C6:F2:EB:7B:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pLZEawxtzc3387msQReHxvLreyQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/90f9a8-7a9a-47d7-8493-c94d393b8a97/1/b2P7virXtj5Qrt13RdBkgKKtAyM.roa
Signing time:             Tue 02 Jan 2024 04:30:50 +0000
ROA not before:           Tue 02 Jan 2024 04:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35819
IP address blocks:        91.229.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/90f9a8-7a9a-47d7-8493-c94d393b8a97/1/pLZEawxtzc3387msQReHxvLreyQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/90f9a8-7a9a-47d7-8493-c94d393b8a97/1/pLZEawxtzc3387msQReHxvLreyQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pLZEawxtzc3387msQReHxvLreyQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:48:57:67:eb:22:46:63:d4:d4:ff:2e:52:a4:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4b6446b0c6dcdcdf7f3b9ac411787c6f2eb7b24
        Validity
            Not Before: Jan  2 04:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f63fbbe2ad7b63e50aedd7745d06480a2ad0323
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:64:12:61:44:75:86:c3:8a:b4:72:e6:92:d1:
                    a9:35:ee:65:65:23:f3:97:c6:cf:03:26:af:be:cf:
                    a4:9d:2c:e0:a0:c6:10:a1:2b:5f:f5:b4:19:ba:2e:
                    bf:8d:0c:22:dc:5a:3e:3a:03:f6:dd:11:89:26:67:
                    5e:af:e1:31:6c:6a:b7:17:fb:6f:61:90:94:26:30:
                    94:96:9e:4e:47:1b:01:db:82:33:0f:1b:d9:bc:f9:
                    36:53:e8:75:68:f7:5c:5e:86:2d:af:50:4a:7c:da:
                    53:8e:3d:53:0f:d2:9e:4f:62:8c:ff:61:e8:93:6b:
                    90:1d:3b:b5:64:9a:c2:b4:76:81:6d:a4:1a:7e:19:
                    95:94:b9:6c:95:45:11:80:0e:70:7a:56:9e:af:d8:
                    22:b2:27:e7:87:b7:d5:c0:47:a7:b0:13:c7:60:00:
                    36:09:3f:66:36:2e:4a:d4:6c:a8:64:e1:d6:40:20:
                    2b:b0:e5:fb:46:0b:20:b9:1f:7d:de:0d:d3:14:a3:
                    bf:31:74:fd:9b:2e:1d:a7:f3:8c:92:e2:e7:a0:fc:
                    78:3c:9d:5e:fb:05:9d:a4:86:7c:d1:63:5d:32:bb:
                    67:3d:0b:f6:5e:6b:a2:9a:7b:18:be:45:7f:4d:b7:
                    a8:c2:50:62:76:17:26:eb:23:a1:47:3b:c6:3b:72:
                    e3:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:63:FB:BE:2A:D7:B6:3E:50:AE:DD:77:45:D0:64:80:A2:AD:03:23
            X509v3 Authority Key Identifier:
                keyid:A4:B6:44:6B:0C:6D:CD:CD:F7:F3:B9:AC:41:17:87:C6:F2:EB:7B:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pLZEawxtzc3387msQReHxvLreyQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/90f9a8-7a9a-47d7-8493-c94d393b8a97/1/b2P7virXtj5Qrt13RdBkgKKtAyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/90f9a8-7a9a-47d7-8493-c94d393b8a97/1/pLZEawxtzc3387msQReHxvLreyQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:42:99:88:c0:78:b0:70:e9:bc:03:6d:2d:00:b6:96:67:67:
         11:aa:41:23:46:0d:bf:82:94:cd:98:29:6a:8a:0c:3a:23:2f:
         bb:92:9a:39:1b:84:e2:f0:e2:a9:d1:f2:e6:1d:00:ff:f1:94:
         dd:34:95:37:20:b7:c9:85:2c:97:5d:30:c2:34:fc:99:b7:a1:
         42:ed:f4:34:74:ca:96:7f:54:02:a5:ee:0c:8e:e0:e5:b3:32:
         56:59:aa:48:43:d4:57:81:b9:e0:7e:ba:8a:42:83:8b:e0:26:
         f8:cc:0e:51:c7:fc:9d:c1:bf:84:48:0b:4d:12:16:0c:10:93:
         a7:c6:03:86:00:62:1a:cb:43:89:c3:cb:39:19:28:c9:2e:5c:
         72:ff:27:d6:83:fc:4f:36:67:cb:4d:07:11:07:89:2d:a3:c1:
         cf:05:2d:41:fa:bf:5a:28:39:d4:4a:a7:d7:80:47:3f:4e:04:
         9f:27:b0:78:60:0b:57:b1:ca:9a:a6:63:02:a4:31:a5:17:c5:
         d1:e7:7c:be:3f:2d:dd:21:82:9d:f8:44:e2:a5:5c:93:15:ae:
         b7:01:42:48:96:57:be:32:16:83:5a:05:2d:18:70:7c:0a:71:
         74:72:e3:24:51:59:b6:c1:17:5a:b9:15:55:fd:10:32:e6:3b:
         3c:7d:3b:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcEhXZ+siRmPU1P8uUqSzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YjY0NDZiMGM2ZGNkY2RmN2YzYjlhYzQxMTc4N2M2ZjJl
YjdiMjQwHhcNMjQwMTAyMDQzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjYzZmJiZTJhZDdiNjNlNTBhZWRkNzc0NWQwNjQ4MGEyYWQwMzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGQSYUR1hsOKtHLmktGpNe5lZSPz
l8bPAyavvs+knSzgoMYQoStf9bQZui6/jQwi3Fo+OgP23RGJJmder+ExbGq3F/tv
YZCUJjCUlp5ORxsB24IzDxvZvPk2U+h1aPdcXoYtr1BKfNpTjj1TD9KeT2KM/2Ho
k2uQHTu1ZJrCtHaBbaQafhmVlLlslUURgA5welaer9gisifnh7fVwEensBPHYAA2
CT9mNi5K1GyoZOHWQCArsOX7RgsguR993g3TFKO/MXT9my4dp/OMkuLnoPx4PJ1e
+wWdpIZ80WNdMrtnPQv2XmuimnsYvkV/TbeowlBidhcm6yOhRzvGO3LjDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG9j+74q17Y+UK7dd0XQZICirQMjMB8GA1UdIwQY
MBaAFKS2RGsMbc3N9/O5rEEXh8by63skMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcExaRWF3eHR6YzMzODdtc1FSZUh4dkxyZXlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS85MGY5YTgtN2E5YS00N2Q3LTg0OTMt
Yzk0ZDM5M2I4YTk3LzEvYjJQN3Zpclh0ajVRcnQxM1JkQmtnS0t0QXlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS85MGY5YTgtN2E5YS00N2Q3LTg0OTMtYzk0ZDM5M2I4YTk3
LzEvcExaRWF3eHR6YzMzODdtc1FSZUh4dkxyZXlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+XcMA0G
CSqGSIb3DQEBCwUAA4IBAQAGQpmIwHiwcOm8A20tALaWZ2cRqkEjRg2/gpTNmClq
igw6Iy+7kpo5G4Ti8OKp0fLmHQD/8ZTdNJU3ILfJhSyXXTDCNPyZt6FC7fQ0dMqW
f1QCpe4MjuDlszJWWapIQ9RXgbngfrqKQoOL4Cb4zA5Rx/ydwb+ESAtNEhYMEJOn
xgOGAGIay0OJw8s5GSjJLlxy/yfWg/xPNmfLTQcRB4kto8HPBS1B+r9aKDnUSqfX
gEc/TgSfJ7B4YAtXscqapmMCpDGlF8XR53y+Py3dIYKd+ETipVyTFa63AUJIlle+
MhaDWgUtGHB8CnF0cuMkUVm2wRdauRVV/RAy5js8fTss
-----END CERTIFICATE-----