Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/190cc0-2637-400b-ac93-42e7e15c82f2/1/IOZpnUgwJlC1cW93Mn29-1OO1eY.roa
File:                     IOZpnUgwJlC1cW93Mn29-1OO1eY.roa (raw, json)
Hash identifier:          5QSOlvdQ7mNeHuE6dO9dnF5egBztQggoVHK9TS/pvbU=
Subject key identifier:   20:E6:69:9D:48:30:26:50:B5:71:6F:77:32:7D:BD:FB:53:8E:D5:E6
Certificate issuer:       /CN=57b6c9ef13d4acd12abe6d9bb5b3592edf820f29
Certificate serial:       018CC94E682B38D55C4497D029393CA38CA6
Authority key identifier: 57:B6:C9:EF:13:D4:AC:D1:2A:BE:6D:9B:B5:B3:59:2E:DF:82:0F:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V7bJ7xPUrNEqvm2btbNZLt-CDyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/190cc0-2637-400b-ac93-42e7e15c82f2/1/IOZpnUgwJlC1cW93Mn29-1OO1eY.roa
Signing time:             Tue 02 Jan 2024 08:33:28 +0000
ROA not before:           Tue 02 Jan 2024 08:33:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31463
IP address blocks:        91.220.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/190cc0-2637-400b-ac93-42e7e15c82f2/1/V7bJ7xPUrNEqvm2btbNZLt-CDyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/190cc0-2637-400b-ac93-42e7e15c82f2/1/V7bJ7xPUrNEqvm2btbNZLt-CDyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V7bJ7xPUrNEqvm2btbNZLt-CDyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:68:2b:38:d5:5c:44:97:d0:29:39:3c:a3:8c:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57b6c9ef13d4acd12abe6d9bb5b3592edf820f29
        Validity
            Not Before: Jan  2 08:33:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20e6699d48302650b5716f77327dbdfb538ed5e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d2:b8:0b:7b:e6:7c:52:dc:0d:9a:02:2f:61:
                    2d:3e:d1:f8:21:33:7d:3a:38:a2:98:d8:cd:ba:a3:
                    8e:af:78:e9:03:c8:91:ae:6d:15:66:2a:23:78:79:
                    0f:83:99:ca:34:de:5e:52:b7:5d:b7:f2:99:57:e7:
                    17:24:b4:b8:75:1d:c1:6e:3c:40:9c:28:07:99:63:
                    f5:d2:98:de:df:12:e0:9b:0d:93:32:08:12:eb:2e:
                    6e:71:9d:d8:44:b7:f7:3e:50:61:e4:6f:d1:5b:91:
                    ae:6d:08:3a:46:6e:1d:83:24:4c:e1:3b:22:f4:48:
                    bd:e2:85:cf:c3:01:cd:66:77:8f:2b:39:f1:9c:37:
                    0b:7c:09:af:c6:62:bf:66:49:de:b4:4f:f2:76:92:
                    24:13:9f:04:1a:34:f3:12:d0:b0:da:d5:2f:e8:3e:
                    f3:8c:19:04:1b:b0:24:a3:8f:61:43:71:ba:35:94:
                    bb:79:24:16:e3:95:75:13:27:dd:8e:39:6a:3a:f7:
                    89:ed:d9:24:fa:50:11:60:fc:cb:ab:c5:2c:22:b9:
                    24:4c:a6:0d:e0:ee:43:ff:33:91:df:89:49:9b:6f:
                    66:f8:d1:b0:74:3f:db:d9:f4:90:28:31:ae:73:9c:
                    fd:c7:b8:b0:86:ab:33:8f:f1:6c:ac:96:1d:73:52:
                    17:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:E6:69:9D:48:30:26:50:B5:71:6F:77:32:7D:BD:FB:53:8E:D5:E6
            X509v3 Authority Key Identifier:
                keyid:57:B6:C9:EF:13:D4:AC:D1:2A:BE:6D:9B:B5:B3:59:2E:DF:82:0F:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V7bJ7xPUrNEqvm2btbNZLt-CDyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/190cc0-2637-400b-ac93-42e7e15c82f2/1/IOZpnUgwJlC1cW93Mn29-1OO1eY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/190cc0-2637-400b-ac93-42e7e15c82f2/1/V7bJ7xPUrNEqvm2btbNZLt-CDyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:6c:ec:c2:2b:e2:ee:d7:a1:ca:c9:7c:5b:76:fb:f2:47:75:
         d6:58:7f:d8:a1:13:4c:6b:ef:c7:e0:a1:83:e0:0b:1e:ac:4f:
         a6:b1:d4:cb:e3:ff:74:eb:b5:12:29:47:f4:c0:0b:d8:88:9b:
         25:2b:ee:36:6e:3b:19:84:85:2e:af:08:1e:b3:2e:0a:d9:8a:
         a6:50:b6:f1:2d:4c:98:6b:b8:b9:da:ac:5c:93:0e:28:d4:ce:
         09:f3:40:81:10:ec:2f:0a:93:28:2b:42:d0:25:c6:c9:82:67:
         44:7a:ac:a8:3f:d0:a5:ed:02:6c:b0:3f:16:e0:6b:9f:f2:9a:
         93:ed:2d:f8:5e:d9:73:a0:e0:f8:7d:07:70:23:36:d6:3b:13:
         19:5f:15:d0:a2:f3:e5:ce:d6:21:93:64:e7:2b:79:5a:56:53:
         72:71:cb:8a:7a:41:1c:82:54:6c:f9:88:6c:32:8a:95:d8:0c:
         fe:bf:a9:a4:28:1f:07:7f:00:f5:28:ab:60:25:58:ee:a2:71:
         91:b2:0e:4d:d8:06:99:23:32:50:10:7a:da:d3:53:2f:ea:95:
         3c:87:ab:6e:36:97:78:af:c7:fe:6a:fc:a4:bd:4f:46:78:16:
         e5:a5:f5:40:19:31:57:08:32:3a:5d:d3:0c:49:ac:f9:93:43:
         d2:80:4c:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTmgrONVcRJfQKTk8o4ymMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YjZjOWVmMTNkNGFjZDEyYWJlNmQ5YmI1YjM1OTJlZGY4
MjBmMjkwHhcNMjQwMTAyMDgzMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGU2Njk5ZDQ4MzAyNjUwYjU3MTZmNzczMjdkYmRmYjUzOGVkNWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptK4C3vmfFLcDZoCL2EtPtH4ITN9
OjiimNjNuqOOr3jpA8iRrm0VZiojeHkPg5nKNN5eUrddt/KZV+cXJLS4dR3BbjxA
nCgHmWP10pje3xLgmw2TMggS6y5ucZ3YRLf3PlBh5G/RW5GubQg6Rm4dgyRM4Tsi
9Ei94oXPwwHNZnePKznxnDcLfAmvxmK/ZknetE/ydpIkE58EGjTzEtCw2tUv6D7z
jBkEG7Ako49hQ3G6NZS7eSQW45V1EyfdjjlqOveJ7dkk+lARYPzLq8UsIrkkTKYN
4O5D/zOR34lJm29m+NGwdD/b2fSQKDGuc5z9x7iwhqszj/FsrJYdc1IX0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCDmaZ1IMCZQtXFvdzJ9vftTjtXmMB8GA1UdIwQY
MBaAFFe2ye8T1KzRKr5tm7WzWS7fgg8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjdiSjd4UFVyTkVxdm0yYnRiTlpMdC1DRHlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS8xOTBjYzAtMjYzNy00MDBiLWFjOTMt
NDJlN2UxNWM4MmYyLzEvSU9acG5VZ3dKbEMxY1c5M01uMjktMU9PMWVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS8xOTBjYzAtMjYzNy00MDBiLWFjOTMtNDJlN2UxNWM4MmYy
LzEvVjdiSjd4UFVyTkVxdm0yYnRiTlpMdC1DRHlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9wYMA0G
CSqGSIb3DQEBCwUAA4IBAQALbOzCK+Lu16HKyXxbdvvyR3XWWH/YoRNMa+/H4KGD
4AserE+msdTL4/9067USKUf0wAvYiJslK+42bjsZhIUurwgesy4K2YqmULbxLUyY
a7i52qxckw4o1M4J80CBEOwvCpMoK0LQJcbJgmdEeqyoP9Cl7QJssD8W4Guf8pqT
7S34XtlzoOD4fQdwIzbWOxMZXxXQovPlztYhk2TnK3laVlNyccuKekEcglRs+Yhs
MoqV2Az+v6mkKB8HfwD1KKtgJVjuonGRsg5N2AaZIzJQEHra01Mv6pU8h6tuNpd4
r8f+avykvU9GeBblpfVAGTFXCDI6XdMMSaz5k0PSgEw4
-----END CERTIFICATE-----