Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/727296-2ebc-4dfc-a547-f6a7b49f981a/1/Iay0-OGZzflPvqE_pvewZ_raarc.roa
File:                     Iay0-OGZzflPvqE_pvewZ_raarc.roa (raw, json)
Hash identifier:          J3S8NzUaHlONkZBbS0j0AdVl3mAoME7+Co4C6QcTapY=
Subject key identifier:   21:AC:B4:F8:E1:99:CD:F9:4F:BE:A1:3F:A6:F7:B0:67:FA:DA:6A:B7
Certificate issuer:       /CN=20f5ff076704523ff6be882b87eefa807b188aa9
Certificate serial:       018CC94E2C144527AE24BBB5D1A40AECAC6F
Authority key identifier: 20:F5:FF:07:67:04:52:3F:F6:BE:88:2B:87:EE:FA:80:7B:18:8A:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IPX_B2cEUj_2vogrh-76gHsYiqk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/727296-2ebc-4dfc-a547-f6a7b49f981a/1/Iay0-OGZzflPvqE_pvewZ_raarc.roa
Signing time:             Tue 02 Jan 2024 08:33:12 +0000
ROA not before:           Tue 02 Jan 2024 08:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42174
IP address blocks:        91.234.226.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/727296-2ebc-4dfc-a547-f6a7b49f981a/1/IPX_B2cEUj_2vogrh-76gHsYiqk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/727296-2ebc-4dfc-a547-f6a7b49f981a/1/IPX_B2cEUj_2vogrh-76gHsYiqk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IPX_B2cEUj_2vogrh-76gHsYiqk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:2c:14:45:27:ae:24:bb:b5:d1:a4:0a:ec:ac:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20f5ff076704523ff6be882b87eefa807b188aa9
        Validity
            Not Before: Jan  2 08:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21acb4f8e199cdf94fbea13fa6f7b067fada6ab7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:92:3f:60:e5:61:fd:2a:a7:3e:e9:de:01:d7:
                    07:4d:b3:c8:97:f8:04:e2:3c:a1:74:f0:20:e2:dc:
                    da:48:8f:94:b9:c2:89:70:6d:e2:64:23:9a:31:4b:
                    37:53:4f:ca:db:6e:1c:00:24:fb:03:54:f6:aa:25:
                    63:6d:9a:5f:24:40:de:1c:78:31:1f:a2:2b:ee:71:
                    e9:31:de:82:0b:1e:c4:44:93:55:7b:68:42:e3:0c:
                    51:10:c3:96:2f:9c:02:96:3d:d7:82:8e:15:72:66:
                    a5:74:80:55:f2:a9:64:cb:ad:02:09:3b:9c:ab:4b:
                    c7:c2:1d:81:98:96:57:fd:75:52:2b:5d:85:7a:bc:
                    8a:d8:ed:c3:29:0f:a6:b5:25:0e:b9:a0:19:df:3d:
                    48:23:84:b7:7c:20:eb:aa:88:5b:10:1d:3b:22:7d:
                    71:00:64:2d:dc:24:5a:be:6f:90:da:54:46:59:de:
                    94:dc:ec:51:e6:d6:9e:4d:ae:b3:5b:47:46:9f:57:
                    68:f7:02:9c:fc:24:e2:93:c3:5a:38:ae:ed:be:72:
                    d9:f4:98:ab:e7:e0:36:b9:17:7a:77:61:03:bf:ca:
                    19:7d:79:0d:7a:b9:2b:5e:2d:74:2a:33:7f:69:09:
                    dc:ea:52:23:de:cb:48:9d:38:fd:c2:9b:90:48:a4:
                    a5:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:AC:B4:F8:E1:99:CD:F9:4F:BE:A1:3F:A6:F7:B0:67:FA:DA:6A:B7
            X509v3 Authority Key Identifier:
                keyid:20:F5:FF:07:67:04:52:3F:F6:BE:88:2B:87:EE:FA:80:7B:18:8A:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IPX_B2cEUj_2vogrh-76gHsYiqk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/727296-2ebc-4dfc-a547-f6a7b49f981a/1/Iay0-OGZzflPvqE_pvewZ_raarc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/727296-2ebc-4dfc-a547-f6a7b49f981a/1/IPX_B2cEUj_2vogrh-76gHsYiqk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a7:54:bf:82:cc:1f:38:84:58:36:bc:c0:db:fe:66:4b:4e:59:
         36:55:48:30:56:4a:1b:a2:5e:b8:94:bb:3f:87:9e:18:c7:2e:
         6e:6c:b4:0d:68:c1:30:48:b1:61:c6:06:b6:dd:07:42:69:f7:
         0d:11:41:d9:fb:36:05:0c:f0:15:f9:a5:13:fd:e0:c2:99:57:
         15:ef:56:d6:a3:c6:7b:cb:1f:1e:06:e6:94:2a:78:a7:fd:a1:
         e4:aa:1c:17:be:ad:45:c7:e6:57:02:58:52:01:29:26:ab:1d:
         8b:65:41:c1:98:7f:cc:a0:de:a1:2b:09:1c:84:53:0f:44:3a:
         28:15:a7:db:93:ad:c3:85:c9:b9:02:d2:91:97:42:8a:da:c8:
         46:77:d4:8c:dd:e4:20:64:31:3a:bf:2b:43:eb:29:7b:f2:f4:
         f4:72:75:ce:de:96:c0:0e:d4:1a:7c:9b:02:ae:98:da:86:dd:
         ca:36:3d:85:4a:59:28:03:b7:e6:e1:af:0d:bc:13:43:97:6d:
         e5:22:7f:55:80:2b:25:3a:84:d4:f3:53:f0:ff:80:b1:e7:35:
         cc:20:5f:18:af:6a:84:e4:f7:9e:fc:33:00:b0:78:ad:bd:d7:
         5b:a8:e5:ec:ea:f2:49:61:12:3c:10:f5:60:d1:52:76:41:4b:
         23:6b:96:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTiwURSeuJLu10aQK7KxvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZjVmZjA3NjcwNDUyM2ZmNmJlODgyYjg3ZWVmYTgwN2Ix
ODhhYTkwHhcNMjQwMTAyMDgzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWFjYjRmOGUxOTljZGY5NGZiZWExM2ZhNmY3YjA2N2ZhZGE2YWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpI/YOVh/SqnPuneAdcHTbPIl/gE
4jyhdPAg4tzaSI+UucKJcG3iZCOaMUs3U0/K224cACT7A1T2qiVjbZpfJEDeHHgx
H6Ir7nHpMd6CCx7ERJNVe2hC4wxREMOWL5wClj3Xgo4VcmaldIBV8qlky60CCTuc
q0vHwh2BmJZX/XVSK12FeryK2O3DKQ+mtSUOuaAZ3z1II4S3fCDrqohbEB07In1x
AGQt3CRavm+Q2lRGWd6U3OxR5taeTa6zW0dGn1do9wKc/CTik8NaOK7tvnLZ9Jir
5+A2uRd6d2EDv8oZfXkNerkrXi10KjN/aQnc6lIj3stInTj9wpuQSKSlSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCGstPjhmc35T76hP6b3sGf62mq3MB8GA1UdIwQY
MBaAFCD1/wdnBFI/9r6IK4fu+oB7GIqpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVBYX0IyY0VVal8ydm9ncmgtNzZnSHNZaXFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC83MjcyOTYtMmViYy00ZGZjLWE1NDct
ZjZhN2I0OWY5ODFhLzEvSWF5MC1PR1p6ZmxQdnFFX3B2ZXdaX3JhYXJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC83MjcyOTYtMmViYy00ZGZjLWE1NDctZjZhN2I0OWY5ODFh
LzEvSVBYX0IyY0VVal8ydm9ncmgtNzZnSHNZaXFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+riMA0G
CSqGSIb3DQEBCwUAA4IBAQCnVL+CzB84hFg2vMDb/mZLTlk2VUgwVkobol64lLs/
h54Yxy5ubLQNaMEwSLFhxga23QdCafcNEUHZ+zYFDPAV+aUT/eDCmVcV71bWo8Z7
yx8eBuaUKnin/aHkqhwXvq1Fx+ZXAlhSASkmqx2LZUHBmH/MoN6hKwkchFMPRDoo
Fafbk63Dhcm5AtKRl0KK2shGd9SM3eQgZDE6vytD6yl78vT0cnXO3pbADtQafJsC
rpjaht3KNj2FSlkoA7fm4a8NvBNDl23lIn9VgCslOoTU81Pw/4Cx5zXMIF8Yr2qE
5Pee/DMAsHitvddbqOXs6vJJYRI8EPVg0VJ2QUsja5ad
-----END CERTIFICATE-----