Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/b1e3e1-8b7d-4e22-870c-58f574495bb8/1/tNUV2wEZnF2TC0cOsT3Gb4EjUWg.roa
File:                     tNUV2wEZnF2TC0cOsT3Gb4EjUWg.roa (raw, json)
Hash identifier:          5H0CjL8afFgDou6LwPSCN6y5kH+1pA98EPl5MyPRhN4=
Subject key identifier:   B4:D5:15:DB:01:19:9C:5D:93:0B:47:0E:B1:3D:C6:6F:81:23:51:68
Certificate issuer:       /CN=a90200a0000df5d845b9db284d0a2dbee676c5a8
Certificate serial:       018CC6B89D77273B272D20FACB66A98D7F44
Authority key identifier: A9:02:00:A0:00:0D:F5:D8:45:B9:DB:28:4D:0A:2D:BE:E6:76:C5:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qQIAoAAN9dhFudsoTQotvuZ2xag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/b1e3e1-8b7d-4e22-870c-58f574495bb8/1/tNUV2wEZnF2TC0cOsT3Gb4EjUWg.roa
Signing time:             Mon 01 Jan 2024 20:30:36 +0000
ROA not before:           Mon 01 Jan 2024 20:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52125
IP address blocks:        91.222.64.0/24 maxlen: 24
                          91.222.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/b1e3e1-8b7d-4e22-870c-58f574495bb8/1/qQIAoAAN9dhFudsoTQotvuZ2xag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/b1e3e1-8b7d-4e22-870c-58f574495bb8/1/qQIAoAAN9dhFudsoTQotvuZ2xag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qQIAoAAN9dhFudsoTQotvuZ2xag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:01:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:9d:77:27:3b:27:2d:20:fa:cb:66:a9:8d:7f:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a90200a0000df5d845b9db284d0a2dbee676c5a8
        Validity
            Not Before: Jan  1 20:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4d515db01199c5d930b470eb13dc66f81235168
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:26:d1:d6:0c:e6:59:e3:17:d1:22:21:99:b0:
                    3b:3d:b9:e4:75:51:10:a7:5f:48:e2:61:3e:99:4f:
                    33:e5:08:71:aa:6e:3d:0c:95:18:9c:a6:3d:b8:0c:
                    2a:cd:2d:f5:6c:5a:e3:95:c3:3a:0c:94:e5:69:7c:
                    62:1b:f9:90:76:c7:13:0d:9a:80:ad:6c:77:d4:cf:
                    e0:e9:9e:d5:95:d0:da:81:ac:a4:98:d3:bc:f2:e2:
                    e8:6d:0a:5f:d3:c4:7f:07:36:35:c3:fd:2a:79:64:
                    ca:c7:d2:5c:10:87:40:cc:1c:c0:88:3c:41:17:81:
                    fa:be:cc:eb:d0:35:b3:1b:1c:cc:d1:4c:d8:2f:a5:
                    04:2c:d1:2f:fe:fc:71:82:65:f5:44:af:a9:cc:89:
                    e9:90:8d:5b:0d:2d:e5:a1:c3:f5:4b:12:19:dd:df:
                    5e:97:80:40:76:5e:b5:ca:53:c7:ab:2f:c7:02:32:
                    b3:f1:72:34:98:45:1e:78:de:dc:9b:c2:ec:f0:c8:
                    b7:39:09:88:33:9e:52:8f:86:59:cf:d6:f1:62:f3:
                    75:df:91:f1:17:bb:1b:f3:2c:5a:7d:f3:a1:b3:57:
                    4b:d5:fc:fd:36:87:37:c0:ef:2e:11:ea:84:e3:de:
                    5d:b1:7c:94:f7:7b:9f:78:b5:f2:12:cf:cb:d1:6f:
                    08:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:D5:15:DB:01:19:9C:5D:93:0B:47:0E:B1:3D:C6:6F:81:23:51:68
            X509v3 Authority Key Identifier:
                keyid:A9:02:00:A0:00:0D:F5:D8:45:B9:DB:28:4D:0A:2D:BE:E6:76:C5:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qQIAoAAN9dhFudsoTQotvuZ2xag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/b1e3e1-8b7d-4e22-870c-58f574495bb8/1/tNUV2wEZnF2TC0cOsT3Gb4EjUWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/b1e3e1-8b7d-4e22-870c-58f574495bb8/1/qQIAoAAN9dhFudsoTQotvuZ2xag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.222.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0c:99:fa:ee:3d:b2:d8:ec:f6:64:50:f5:51:a7:44:26:15:41:
         cd:00:c5:04:9a:e5:5a:88:59:2c:d7:16:9b:0c:82:33:90:98:
         38:5a:36:b0:fd:b4:c8:f5:2d:c2:55:06:8b:93:ce:f7:91:cb:
         0b:b8:32:7e:fc:01:d2:84:81:7f:94:6a:42:b2:88:07:03:f6:
         54:b0:b4:e6:07:5e:6c:20:67:9a:22:07:1a:f6:e8:c0:6a:1d:
         8a:c9:0e:04:28:7c:07:bb:77:b3:ae:3a:0b:8b:30:dc:63:93:
         bb:af:a3:2e:b0:04:a4:e7:db:6c:bf:80:09:b2:f2:25:42:69:
         80:bf:38:bf:ce:02:de:4e:f2:66:8e:f2:2f:ae:a4:4b:aa:5c:
         35:2d:17:88:34:d5:4d:fe:19:57:b8:1d:c6:64:62:52:96:91:
         5f:c1:1e:5d:b2:40:f8:05:8b:a4:c4:79:44:4a:ca:c9:01:6d:
         d5:44:7a:f4:02:a7:71:0c:6f:c1:03:f2:f0:24:8b:5c:66:ba:
         0c:cc:88:c0:0b:f3:a2:46:80:8e:5d:2c:9f:3b:64:c9:9e:a5:
         42:82:6d:41:06:68:be:9c:de:29:c5:ec:ff:9b:fd:49:c0:3e:
         38:fd:2f:ae:38:cd:86:f8:c6:60:95:14:29:6c:31:ce:1a:45:
         6a:e8:44:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuJ13JzsnLSD6y2apjX9EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5MDIwMGEwMDAwZGY1ZDg0NWI5ZGIyODRkMGEyZGJlZTY3
NmM1YTgwHhcNMjQwMTAxMjAzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGQ1MTVkYjAxMTk5YzVkOTMwYjQ3MGViMTNkYzY2ZjgxMjM1MTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwibR1gzmWeMX0SIhmbA7PbnkdVEQ
p19I4mE+mU8z5Qhxqm49DJUYnKY9uAwqzS31bFrjlcM6DJTlaXxiG/mQdscTDZqA
rWx31M/g6Z7VldDagaykmNO88uLobQpf08R/BzY1w/0qeWTKx9JcEIdAzBzAiDxB
F4H6vszr0DWzGxzM0UzYL6UELNEv/vxxgmX1RK+pzInpkI1bDS3locP1SxIZ3d9e
l4BAdl61ylPHqy/HAjKz8XI0mEUeeN7cm8Ls8Mi3OQmIM55Sj4ZZz9bxYvN135Hx
F7sb8yxaffOhs1dL1fz9Noc3wO8uEeqE495dsXyU93ufeLXyEs/L0W8IyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLTVFdsBGZxdkwtHDrE9xm+BI1FoMB8GA1UdIwQY
MBaAFKkCAKAADfXYRbnbKE0KLb7mdsWoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVFJQW9BQU45ZGhGdWRzb1RRb3R2dVoyeGFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9iMWUzZTEtOGI3ZC00ZTIyLTg3MGMt
NThmNTc0NDk1YmI4LzEvdE5VVjJ3RVpuRjJUQzBjT3NUM0diNEVqVVdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9iMWUzZTEtOGI3ZC00ZTIyLTg3MGMtNThmNTc0NDk1YmI4
LzEvcVFJQW9BQU45ZGhGdWRzb1RRb3R2dVoyeGFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW95AMA0G
CSqGSIb3DQEBCwUAA4IBAQAMmfruPbLY7PZkUPVRp0QmFUHNAMUEmuVaiFks1xab
DIIzkJg4Wjaw/bTI9S3CVQaLk873kcsLuDJ+/AHShIF/lGpCsogHA/ZUsLTmB15s
IGeaIgca9ujAah2KyQ4EKHwHu3ezrjoLizDcY5O7r6MusASk59tsv4AJsvIlQmmA
vzi/zgLeTvJmjvIvrqRLqlw1LReINNVN/hlXuB3GZGJSlpFfwR5dskD4BYukxHlE
SsrJAW3VRHr0AqdxDG/BA/LwJItcZroMzIjAC/OiRoCOXSyfO2TJnqVCgm1BBmi+
nN4pxez/m/1JwD44/S+uOM2G+MZglRQpbDHOGkVq6EQl
-----END CERTIFICATE-----