Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/ec39be-e227-4a2d-b4b2-632caeef4584/1/mICUAOAXmEf75Qx5hES4K6VNPeY.roa
File:                     mICUAOAXmEf75Qx5hES4K6VNPeY.roa (raw, json)
Hash identifier:          eyH2M13le2keZbhw77aMtnLptUjR2bUo/Oi4AFjskOw=
Subject key identifier:   98:80:94:00:E0:17:98:47:FB:E5:0C:79:84:44:B8:2B:A5:4D:3D:E6
Certificate issuer:       /CN=d3142df2f670940ccf5a4b27a0d0c987ecc88656
Certificate serial:       019261AB23FA738109CBDA4B628E87F0E92F
Authority key identifier: D3:14:2D:F2:F6:70:94:0C:CF:5A:4B:27:A0:D0:C9:87:EC:C8:86:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0xQt8vZwlAzPWksnoNDJh-zIhlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/ec39be-e227-4a2d-b4b2-632caeef4584/1/mICUAOAXmEf75Qx5hES4K6VNPeY.roa
Signing time:             Sun 06 Oct 2024 11:50:58 +0000
ROA not before:           Sun 06 Oct 2024 11:50:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47283
IP address blocks:        91.203.164.0/22 maxlen: 22
                          91.203.164.0/23 maxlen: 23
                          91.203.166.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/ec39be-e227-4a2d-b4b2-632caeef4584/1/0xQt8vZwlAzPWksnoNDJh-zIhlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/ec39be-e227-4a2d-b4b2-632caeef4584/1/0xQt8vZwlAzPWksnoNDJh-zIhlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0xQt8vZwlAzPWksnoNDJh-zIhlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:61:ab:23:fa:73:81:09:cb:da:4b:62:8e:87:f0:e9:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3142df2f670940ccf5a4b27a0d0c987ecc88656
        Validity
            Not Before: Oct  6 11:50:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98809400e0179847fbe50c798444b82ba54d3de6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:12:35:0d:c5:59:68:30:4a:41:2f:78:b1:93:
                    9c:af:bc:37:eb:48:81:3d:a4:0f:27:42:a3:9e:74:
                    cb:ec:b6:e0:af:e6:1c:fd:0b:f9:eb:0f:9f:82:71:
                    7f:9b:be:1d:c4:f0:18:d6:d4:2c:de:4d:6b:fa:bc:
                    7b:d3:91:c3:66:18:f0:fb:29:cb:3d:88:c2:c9:9e:
                    5e:55:a8:a1:74:11:d2:4c:e3:7c:b5:19:38:08:0e:
                    16:05:10:fd:21:9f:d1:87:9b:07:5b:b4:82:51:02:
                    e9:40:8b:a0:6b:f6:fc:36:4c:61:d0:9c:cd:40:f7:
                    b7:e0:05:0a:c1:0e:9c:ee:c8:73:14:cd:c0:92:fd:
                    5d:dd:9f:22:88:fe:b6:6e:27:4f:53:34:03:cc:8d:
                    aa:7b:e7:4a:db:c0:b4:c5:e7:2d:de:4d:08:11:c2:
                    ba:ab:66:a5:f1:42:84:d1:eb:0d:b9:25:fe:f6:de:
                    4d:3d:e7:b5:a7:4a:cb:8e:53:75:bd:5b:8c:60:72:
                    4f:f7:58:5c:47:b8:96:c4:2b:ea:07:07:01:a6:a9:
                    0f:d7:f8:48:b7:d4:50:df:e5:3f:b9:46:90:18:03:
                    bd:40:39:b9:f7:a0:04:e4:cf:a1:53:d3:1b:b9:17:
                    6e:65:60:3e:48:12:5d:08:cb:d0:78:14:08:d2:b7:
                    b8:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:80:94:00:E0:17:98:47:FB:E5:0C:79:84:44:B8:2B:A5:4D:3D:E6
            X509v3 Authority Key Identifier:
                keyid:D3:14:2D:F2:F6:70:94:0C:CF:5A:4B:27:A0:D0:C9:87:EC:C8:86:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0xQt8vZwlAzPWksnoNDJh-zIhlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/ec39be-e227-4a2d-b4b2-632caeef4584/1/mICUAOAXmEf75Qx5hES4K6VNPeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/ec39be-e227-4a2d-b4b2-632caeef4584/1/0xQt8vZwlAzPWksnoNDJh-zIhlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:59:2c:5f:c0:bf:83:2d:f7:88:58:90:a0:83:b5:26:d5:00:
         20:e4:a3:06:d2:f3:cc:e5:fd:9b:2a:46:03:ff:0b:ad:20:73:
         7a:24:3d:6e:64:8d:cc:f4:8e:95:45:08:d8:a1:24:82:0c:27:
         60:ef:2c:2d:ca:46:35:95:ce:ce:da:86:63:ab:23:3a:b0:a0:
         25:c7:75:0b:90:c3:2e:5e:de:e6:d1:45:2c:32:5b:29:2a:e2:
         8a:0e:a7:8e:82:80:02:22:c8:81:56:ed:60:a0:15:9b:06:00:
         32:ec:45:7b:1c:4c:c3:aa:c3:3b:a6:a3:72:e7:ea:bd:f0:5d:
         e3:32:d4:b4:56:38:b2:c5:26:86:8c:a0:9a:14:0f:07:09:f8:
         46:75:04:75:ad:d3:00:11:37:ce:68:21:df:30:cc:34:d7:15:
         67:3c:ee:3b:60:e3:f0:26:a2:6f:23:d7:b9:d4:19:a5:33:e2:
         e1:b7:a2:35:ca:ca:3a:36:7c:8f:32:05:13:76:5a:97:f4:1e:
         5f:da:63:d2:be:71:03:52:d1:48:f2:02:64:cd:07:b8:e5:c4:
         9e:52:34:2b:91:26:f3:22:6a:9e:c2:74:80:60:05:11:b3:fc:
         c3:a0:2f:85:ab:06:3a:3d:a6:16:41:f2:a8:ad:35:dd:c2:45:
         d9:d6:40:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJhqyP6c4EJy9pLYo6H8OkvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMTQyZGYyZjY3MDk0MGNjZjVhNGIyN2EwZDBjOTg3ZWNj
ODg2NTYwHhcNMjQxMDA2MTE1MDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODgwOTQwMGUwMTc5ODQ3ZmJlNTBjNzk4NDQ0YjgyYmE1NGQzZGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlRI1DcVZaDBKQS94sZOcr7w360iB
PaQPJ0KjnnTL7Lbgr+Yc/Qv56w+fgnF/m74dxPAY1tQs3k1r+rx705HDZhjw+ynL
PYjCyZ5eVaihdBHSTON8tRk4CA4WBRD9IZ/Rh5sHW7SCUQLpQIuga/b8Nkxh0JzN
QPe34AUKwQ6c7shzFM3Akv1d3Z8iiP62bidPUzQDzI2qe+dK28C0xect3k0IEcK6
q2al8UKE0esNuSX+9t5NPee1p0rLjlN1vVuMYHJP91hcR7iWxCvqBwcBpqkP1/hI
t9RQ3+U/uUaQGAO9QDm596AE5M+hU9MbuRduZWA+SBJdCMvQeBQI0re4swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJiAlADgF5hH++UMeYREuCulTT3mMB8GA1UdIwQY
MBaAFNMULfL2cJQMz1pLJ6DQyYfsyIZWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHhRdDh2WndsQXpQV2tzbm9OREpoLXpJaGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9lYzM5YmUtZTIyNy00YTJkLWI0YjIt
NjMyY2FlZWY0NTg0LzEvbUlDVUFPQVhtRWY3NVF4NWhFUzRLNlZOUGVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9lYzM5YmUtZTIyNy00YTJkLWI0YjItNjMyY2FlZWY0NTg0
LzEvMHhRdDh2WndsQXpQV2tzbm9OREpoLXpJaGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8ukMA0G
CSqGSIb3DQEBCwUAA4IBAQBaWSxfwL+DLfeIWJCgg7Um1QAg5KMG0vPM5f2bKkYD
/wutIHN6JD1uZI3M9I6VRQjYoSSCDCdg7ywtykY1lc7O2oZjqyM6sKAlx3ULkMMu
Xt7m0UUsMlspKuKKDqeOgoACIsiBVu1goBWbBgAy7EV7HEzDqsM7pqNy5+q98F3j
MtS0VjiyxSaGjKCaFA8HCfhGdQR1rdMAETfOaCHfMMw01xVnPO47YOPwJqJvI9e5
1BmlM+Lht6I1yso6NnyPMgUTdlqX9B5f2mPSvnEDUtFI8gJkzQe45cSeUjQrkSbz
ImqewnSAYAURs/zDoC+FqwY6PaYWQfKorTXdwkXZ1kCR
-----END CERTIFICATE-----