Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/4ce933-488f-46b9-ac2c-7c93cae227bd/1/bOL5sTOCwshlMiOzkxUFRWEdrtw.roa
File:                     bOL5sTOCwshlMiOzkxUFRWEdrtw.roa (raw, json)
Hash identifier:          OCxkBKO4XDXcjql7cBgy9DOFYuyMu29M/GNtSRagH+c=
Subject key identifier:   6C:E2:F9:B1:33:82:C2:C8:65:32:23:B3:93:15:05:45:61:1D:AE:DC
Certificate issuer:       /CN=9717bafb7018dc43bdae53b23a23e16567e1f21c
Certificate serial:       018CC4937950974F51FD6656408E58D6D7D3
Authority key identifier: 97:17:BA:FB:70:18:DC:43:BD:AE:53:B2:3A:23:E1:65:67:E1:F2:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lxe6-3AY3EO9rlOyOiPhZWfh8hw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/4ce933-488f-46b9-ac2c-7c93cae227bd/1/bOL5sTOCwshlMiOzkxUFRWEdrtw.roa
Signing time:             Mon 01 Jan 2024 10:30:48 +0000
ROA not before:           Mon 01 Jan 2024 10:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56835
IP address blocks:        91.227.180.0/22 maxlen: 22
                          176.113.164.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/4ce933-488f-46b9-ac2c-7c93cae227bd/1/lxe6-3AY3EO9rlOyOiPhZWfh8hw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/4ce933-488f-46b9-ac2c-7c93cae227bd/1/lxe6-3AY3EO9rlOyOiPhZWfh8hw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lxe6-3AY3EO9rlOyOiPhZWfh8hw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:79:50:97:4f:51:fd:66:56:40:8e:58:d6:d7:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9717bafb7018dc43bdae53b23a23e16567e1f21c
        Validity
            Not Before: Jan  1 10:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ce2f9b13382c2c8653223b393150545611daedc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:53:de:b6:78:07:ec:c7:2a:0f:19:98:a8:f3:
                    2f:88:25:ea:81:7b:17:2b:cd:b3:f2:6b:b9:5f:63:
                    ee:2a:a2:3a:8c:93:ee:b3:4c:5e:94:6b:c3:67:0b:
                    d8:68:32:c0:d9:74:53:76:ac:11:01:f4:6e:0f:ff:
                    6a:bb:58:fe:7a:d0:b7:f1:82:68:ed:f0:4e:c8:cd:
                    92:37:b2:0e:6d:3c:47:27:44:f3:72:8b:8b:04:7a:
                    c9:b7:61:12:ab:e2:37:61:db:33:8e:e2:db:51:69:
                    5a:8f:21:9f:af:df:4d:7b:7d:61:46:68:52:ca:fa:
                    30:7c:90:42:93:15:9a:de:7f:b8:72:ac:c5:de:91:
                    2d:d0:5b:f5:d3:35:9b:ad:f5:3c:f2:f6:ed:db:09:
                    9d:1a:0f:2e:13:95:a5:29:13:b0:25:57:78:9f:83:
                    e1:52:e7:b8:b2:33:f6:dc:ae:d8:4f:bc:20:5a:50:
                    40:80:43:e7:f5:e7:a1:d3:60:e1:37:43:19:3d:a6:
                    b6:b4:f5:fc:5f:64:2d:40:33:8c:9c:b3:67:14:8c:
                    03:1a:b0:81:87:ff:ce:ef:5c:16:1f:6b:cc:7c:ea:
                    c2:64:61:5f:32:b8:de:07:26:b0:07:65:e9:47:15:
                    c9:b2:b3:05:cb:3c:d8:71:98:e7:a0:0f:87:8b:69:
                    66:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:E2:F9:B1:33:82:C2:C8:65:32:23:B3:93:15:05:45:61:1D:AE:DC
            X509v3 Authority Key Identifier:
                keyid:97:17:BA:FB:70:18:DC:43:BD:AE:53:B2:3A:23:E1:65:67:E1:F2:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lxe6-3AY3EO9rlOyOiPhZWfh8hw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/4ce933-488f-46b9-ac2c-7c93cae227bd/1/bOL5sTOCwshlMiOzkxUFRWEdrtw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/4ce933-488f-46b9-ac2c-7c93cae227bd/1/lxe6-3AY3EO9rlOyOiPhZWfh8hw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.180.0/22
                  176.113.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         54:9a:d4:2c:25:a3:4a:da:20:10:ee:4e:f7:f2:0b:e2:ec:ee:
         da:3f:fe:57:a5:28:2f:3c:e7:93:a5:00:1b:01:44:df:10:08:
         56:57:52:12:02:1c:16:72:63:c9:f5:19:96:31:b7:26:8c:23:
         df:4c:c5:10:24:7e:80:d7:d3:b4:32:74:1e:f6:bd:fa:79:48:
         24:d6:44:1a:b9:9f:0f:dc:93:80:e1:6f:a0:af:17:ee:e8:70:
         d6:6a:0e:b9:86:9a:47:c2:59:94:eb:1f:fc:77:0a:f0:ef:4d:
         e6:18:a8:3a:e8:a9:5a:ff:fa:77:58:da:aa:b8:99:34:83:c6:
         31:a7:48:64:b3:7a:96:7c:66:55:0f:23:6a:23:ce:25:f1:db:
         0b:51:db:2d:04:00:db:6f:46:46:5b:09:9a:69:2f:3c:a0:cf:
         29:3b:f6:f1:f7:c7:2d:18:8c:21:70:04:f2:bf:3f:36:5b:0c:
         b6:0f:67:6f:da:24:bd:97:59:93:d1:69:53:1b:92:ec:7c:58:
         08:2b:78:f9:5a:04:7a:13:8c:c6:6e:7e:8f:6e:d4:46:de:1f:
         d8:f4:c5:6e:51:8f:72:cf:b6:3e:8e:d6:e6:fd:65:64:ed:d8:
         26:08:1d:d5:ac:80:eb:08:53:cf:5a:da:a8:25:bd:c7:c2:b7:
         6b:7f:e3:01
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEk3lQl09R/WZWQI5Y1tfTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MTdiYWZiNzAxOGRjNDNiZGFlNTNiMjNhMjNlMTY1Njdl
MWYyMWMwHhcNMjQwMTAxMTAzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2UyZjliMTMzODJjMmM4NjUzMjIzYjM5MzE1MDU0NTYxMWRhZWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulPetngH7McqDxmYqPMviCXqgXsX
K82z8mu5X2PuKqI6jJPus0xelGvDZwvYaDLA2XRTdqwRAfRuD/9qu1j+etC38YJo
7fBOyM2SN7IObTxHJ0TzcouLBHrJt2ESq+I3YdszjuLbUWlajyGfr99Ne31hRmhS
yvowfJBCkxWa3n+4cqzF3pEt0Fv10zWbrfU88vbt2wmdGg8uE5WlKROwJVd4n4Ph
Uue4sjP23K7YT7wgWlBAgEPn9eeh02DhN0MZPaa2tPX8X2QtQDOMnLNnFIwDGrCB
h//O71wWH2vMfOrCZGFfMrjeByawB2XpRxXJsrMFyzzYcZjnoA+Hi2lmswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGzi+bEzgsLIZTIjs5MVBUVhHa7cMB8GA1UdIwQY
MBaAFJcXuvtwGNxDva5Tsjoj4WVn4fIcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHhlNi0zQVkzRU85cmxPeU9pUGhaV2ZoOGh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi80Y2U5MzMtNDg4Zi00NmI5LWFjMmMt
N2M5M2NhZTIyN2JkLzEvYk9MNXNUT0N3c2hsTWlPemt4VUZSV0VkcnR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi80Y2U5MzMtNDg4Zi00NmI5LWFjMmMtN2M5M2NhZTIyN2Jk
LzEvbHhlNi0zQVkzRU85cmxPeU9pUGhaV2ZoOGh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW+O0AwQC
sHGkMA0GCSqGSIb3DQEBCwUAA4IBAQBUmtQsJaNK2iAQ7k738gvi7O7aP/5XpSgv
POeTpQAbAUTfEAhWV1ISAhwWcmPJ9RmWMbcmjCPfTMUQJH6A19O0MnQe9r36eUgk
1kQauZ8P3JOA4W+grxfu6HDWag65hppHwlmU6x/8dwrw703mGKg66Kla//p3WNqq
uJk0g8Yxp0hks3qWfGZVDyNqI84l8dsLUdstBADbb0ZGWwmaaS88oM8pO/bx98ct
GIwhcATyvz82Wwy2D2dv2iS9l1mT0WlTG5LsfFgIK3j5WgR6E4zGbn6PbtRG3h/Y
9MVuUY9yz7Y+jtbm/WVk7dgmCB3VrIDrCFPPWtqoJb3Hwrdrf+MB
-----END CERTIFICATE-----