Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/3a9a0b-d424-4eca-a938-92a877bb19f7/1/qSI5ZkTDKNMXegHgTA99Ip_KZao.roa
File:                     qSI5ZkTDKNMXegHgTA99Ip_KZao.roa (raw, json)
Hash identifier:          ALqSU7bwQzzkMkcAoSESfIfz9iTYugXreuun2WWWlmQ=
Subject key identifier:   A9:22:39:66:44:C3:28:D3:17:7A:01:E0:4C:0F:7D:22:9F:CA:65:AA
Certificate issuer:       /CN=d2b36ad28e521edab4b4dea349a27772d4b2a7be
Certificate serial:       018CC727046A81B10265310E0D255126DF5E
Authority key identifier: D2:B3:6A:D2:8E:52:1E:DA:B4:B4:DE:A3:49:A2:77:72:D4:B2:A7:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0rNq0o5SHtq0tN6jSaJ3ctSyp74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/3a9a0b-d424-4eca-a938-92a877bb19f7/1/qSI5ZkTDKNMXegHgTA99Ip_KZao.roa
Signing time:             Mon 01 Jan 2024 22:31:12 +0000
ROA not before:           Mon 01 Jan 2024 22:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43487
IP address blocks:        91.240.182.0/24 maxlen: 24
                          91.240.181.0/24 maxlen: 24
                          91.240.180.0/22 maxlen: 22
                          91.240.180.0/24 maxlen: 24
                          91.240.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/3a9a0b-d424-4eca-a938-92a877bb19f7/1/0rNq0o5SHtq0tN6jSaJ3ctSyp74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/3a9a0b-d424-4eca-a938-92a877bb19f7/1/0rNq0o5SHtq0tN6jSaJ3ctSyp74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0rNq0o5SHtq0tN6jSaJ3ctSyp74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:04:6a:81:b1:02:65:31:0e:0d:25:51:26:df:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2b36ad28e521edab4b4dea349a27772d4b2a7be
        Validity
            Not Before: Jan  1 22:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a922396644c328d3177a01e04c0f7d229fca65aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:d3:d6:12:12:6a:7a:1d:04:79:24:7c:91:62:
                    a1:c3:b5:e3:23:c9:54:40:4c:a4:60:78:24:1b:67:
                    14:4c:9f:c3:24:23:34:be:52:58:8e:c9:ef:bb:dc:
                    83:87:90:d6:23:40:e1:9a:d3:2e:a9:56:48:18:8a:
                    e1:61:3c:73:9e:84:74:2f:87:8f:3d:32:bc:3d:58:
                    1a:36:32:42:85:8f:43:36:36:55:3c:49:4a:7f:27:
                    e4:40:9f:b3:b2:c6:63:34:95:12:01:dc:ff:2e:17:
                    af:45:a8:35:3e:9a:c7:60:81:c3:ec:f8:67:df:d4:
                    40:f9:03:98:f5:fb:cc:ff:3d:13:1a:18:3a:3c:0d:
                    17:60:f2:40:15:e4:9c:73:ae:bd:0c:34:4c:9b:05:
                    33:ab:96:5c:4b:fe:5c:2a:a3:ef:bf:10:b9:5b:56:
                    1f:39:b6:bd:4b:0c:33:d6:09:9d:9e:a1:94:2d:e0:
                    d7:18:72:9d:29:ba:37:98:b1:4c:41:c3:d8:fa:d4:
                    f3:1d:14:da:07:1d:10:08:11:4f:ba:14:88:b7:f8:
                    83:bd:d0:b4:fe:1d:f2:4f:c8:5e:20:4c:04:02:9b:
                    80:b8:f8:71:a4:28:e9:13:43:19:7f:d1:46:41:95:
                    fd:89:05:21:40:d9:f4:c2:67:fc:b7:b2:ad:af:2e:
                    03:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:22:39:66:44:C3:28:D3:17:7A:01:E0:4C:0F:7D:22:9F:CA:65:AA
            X509v3 Authority Key Identifier:
                keyid:D2:B3:6A:D2:8E:52:1E:DA:B4:B4:DE:A3:49:A2:77:72:D4:B2:A7:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0rNq0o5SHtq0tN6jSaJ3ctSyp74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/3a9a0b-d424-4eca-a938-92a877bb19f7/1/qSI5ZkTDKNMXegHgTA99Ip_KZao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/3a9a0b-d424-4eca-a938-92a877bb19f7/1/0rNq0o5SHtq0tN6jSaJ3ctSyp74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:ca:93:d5:e1:a8:0d:7d:1b:15:37:3a:93:f1:f9:3e:90:6c:
         78:68:07:41:5e:b4:8c:95:41:f5:44:4c:aa:25:e9:4a:33:cf:
         40:1b:7e:07:11:b7:6d:54:f9:17:6a:3e:8b:4f:9e:7d:a1:84:
         63:5b:a7:8c:53:6d:bc:d7:00:ad:86:e0:f6:45:f6:7e:3e:42:
         68:f1:aa:57:05:cb:23:fb:a3:6d:4e:5c:56:b8:8d:b6:f2:b3:
         b6:d6:42:78:ba:de:19:76:da:d9:60:b7:16:b3:88:46:12:6f:
         9f:9f:cd:9e:78:91:48:25:45:8c:56:43:8f:21:91:b2:5f:32:
         3f:8d:f8:9d:08:98:82:e5:4b:cc:fb:63:b5:9b:78:58:34:ff:
         cb:67:87:cb:bb:f5:22:8b:73:3f:f9:6e:0c:82:44:f7:8d:1a:
         64:38:c7:0a:08:30:8a:b6:cc:ed:0d:98:2a:5e:ee:57:ef:03:
         8d:6a:f9:c0:49:da:6d:0f:09:4e:fc:6f:22:77:cd:37:7c:9c:
         44:a4:32:f3:7b:44:1f:31:52:68:05:9e:63:12:16:bf:f4:c8:
         9f:bd:45:7d:c7:e3:87:de:2d:a8:07:26:d0:7d:d6:37:59:7e:
         ae:f9:b5:72:f7:bb:6b:ac:16:21:64:c5:fe:5f:26:b1:f8:46:
         d8:41:ab:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJwRqgbECZTEODSVRJt9eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyYjM2YWQyOGU1MjFlZGFiNGI0ZGVhMzQ5YTI3NzcyZDRi
MmE3YmUwHhcNMjQwMTAxMjIzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTIyMzk2NjQ0YzMyOGQzMTc3YTAxZTA0YzBmN2QyMjlmY2E2NWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndPWEhJqeh0EeSR8kWKhw7XjI8lU
QEykYHgkG2cUTJ/DJCM0vlJYjsnvu9yDh5DWI0DhmtMuqVZIGIrhYTxznoR0L4eP
PTK8PVgaNjJChY9DNjZVPElKfyfkQJ+zssZjNJUSAdz/LhevRag1PprHYIHD7Phn
39RA+QOY9fvM/z0TGhg6PA0XYPJAFeScc669DDRMmwUzq5ZcS/5cKqPvvxC5W1Yf
Oba9Swwz1gmdnqGULeDXGHKdKbo3mLFMQcPY+tTzHRTaBx0QCBFPuhSIt/iDvdC0
/h3yT8heIEwEApuAuPhxpCjpE0MZf9FGQZX9iQUhQNn0wmf8t7Ktry4D+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKkiOWZEwyjTF3oB4EwPfSKfymWqMB8GA1UdIwQY
MBaAFNKzatKOUh7atLTeo0mid3LUsqe+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHJOcTBvNVNIdHEwdE42alNhSjNjdFN5cDc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi8zYTlhMGItZDQyNC00ZWNhLWE5Mzgt
OTJhODc3YmIxOWY3LzEvcVNJNVprVERLTk1YZWdIZ1RBOTlJcF9LWmFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi8zYTlhMGItZDQyNC00ZWNhLWE5MzgtOTJhODc3YmIxOWY3
LzEvMHJOcTBvNVNIdHEwdE42alNhSjNjdFN5cDc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW/C0MA0G
CSqGSIb3DQEBCwUAA4IBAQAhypPV4agNfRsVNzqT8fk+kGx4aAdBXrSMlUH1REyq
JelKM89AG34HEbdtVPkXaj6LT559oYRjW6eMU2281wCthuD2RfZ+PkJo8apXBcsj
+6NtTlxWuI228rO21kJ4ut4ZdtrZYLcWs4hGEm+fn82eeJFIJUWMVkOPIZGyXzI/
jfidCJiC5UvM+2O1m3hYNP/LZ4fLu/Uii3M/+W4MgkT3jRpkOMcKCDCKtsztDZgq
Xu5X7wONavnASdptDwlO/G8id803fJxEpDLze0QfMVJoBZ5jEha/9MifvUV9x+OH
3i2oBybQfdY3WX6u+bVy97trrBYhZMX+Xyax+EbYQass
-----END CERTIFICATE-----