Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/c095fc-d573-4ad9-9e2e-bd86d4b32c58/1/TbjsUDhMP9oiyRFzkMf_XEJ0_gs.roa
File:                     TbjsUDhMP9oiyRFzkMf_XEJ0_gs.roa (raw, json)
Hash identifier:          N0QojbQjnjXATXQxNe2ZVC9V9rik44C7TlWbUv97jVE=
Subject key identifier:   4D:B8:EC:50:38:4C:3F:DA:22:C9:11:73:90:C7:FF:5C:42:74:FE:0B
Certificate issuer:       /CN=65b128a5adcbccdf15cb979ad6abf2b9640fdbdb
Certificate serial:       0194228E0D5C06DD1BC3932EBF0C19DCEF7B
Authority key identifier: 65:B1:28:A5:AD:CB:CC:DF:15:CB:97:9A:D6:AB:F2:B9:64:0F:DB:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbEopa3LzN8Vy5ea1qvyuWQP29s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/c095fc-d573-4ad9-9e2e-bd86d4b32c58/1/TbjsUDhMP9oiyRFzkMf_XEJ0_gs.roa
Signing time:             Wed 01 Jan 2025 15:48:42 +0000
ROA not before:           Wed 01 Jan 2025 15:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56543
IP address blocks:        91.223.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/c095fc-d573-4ad9-9e2e-bd86d4b32c58/1/ZbEopa3LzN8Vy5ea1qvyuWQP29s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/c095fc-d573-4ad9-9e2e-bd86d4b32c58/1/ZbEopa3LzN8Vy5ea1qvyuWQP29s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbEopa3LzN8Vy5ea1qvyuWQP29s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:0d:5c:06:dd:1b:c3:93:2e:bf:0c:19:dc:ef:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b128a5adcbccdf15cb979ad6abf2b9640fdbdb
        Validity
            Not Before: Jan  1 15:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4db8ec50384c3fda22c9117390c7ff5c4274fe0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a0:b3:b7:d1:2b:0d:63:58:ce:6f:66:3d:39:
                    12:b5:e2:ff:ff:09:6a:be:7a:71:7e:1a:b7:21:40:
                    70:03:49:43:13:4c:ad:36:25:1c:ba:21:87:57:11:
                    ea:33:a8:15:f2:b7:ae:9a:51:50:88:08:a8:93:0b:
                    b8:ee:4e:a7:a4:a5:d0:0c:14:c2:27:f8:9b:00:f8:
                    21:bf:38:9d:e7:af:e7:b9:e3:a1:a1:ce:26:e1:58:
                    aa:3c:8e:68:16:40:0f:7c:03:8d:95:7d:53:9c:1c:
                    35:c5:96:5e:70:d9:39:d8:6b:e8:6f:4b:b3:08:c2:
                    46:09:c4:3a:21:e0:90:4d:0a:65:f1:af:b7:8b:c4:
                    85:44:a9:13:fe:e6:d7:4c:db:fd:99:3d:ed:62:a6:
                    29:c0:f0:b6:0e:50:92:4b:3c:c3:43:c5:c7:8a:89:
                    2a:18:53:1e:7d:b4:3f:59:0b:43:ba:02:cb:b5:61:
                    47:74:8c:1f:07:e1:4c:d0:b4:e4:4e:30:e0:3d:3e:
                    39:6f:d1:1e:cf:45:4d:6f:cd:79:49:69:c1:bd:9a:
                    6b:63:5e:91:cd:b5:cc:5b:e6:ce:7d:f6:ad:a7:0f:
                    83:a3:9c:94:f4:26:ee:86:72:08:d3:d6:ee:57:40:
                    ee:4d:3b:2c:f0:91:4f:a3:20:b0:f2:03:57:7a:c3:
                    0c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:B8:EC:50:38:4C:3F:DA:22:C9:11:73:90:C7:FF:5C:42:74:FE:0B
            X509v3 Authority Key Identifier:
                keyid:65:B1:28:A5:AD:CB:CC:DF:15:CB:97:9A:D6:AB:F2:B9:64:0F:DB:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbEopa3LzN8Vy5ea1qvyuWQP29s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/c095fc-d573-4ad9-9e2e-bd86d4b32c58/1/TbjsUDhMP9oiyRFzkMf_XEJ0_gs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/c095fc-d573-4ad9-9e2e-bd86d4b32c58/1/ZbEopa3LzN8Vy5ea1qvyuWQP29s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:b2:9e:08:93:54:1d:29:25:ad:3b:ec:61:04:dd:e1:cd:89:
         19:09:c0:e3:93:dd:62:87:4a:86:c4:9f:74:42:2b:a5:59:7b:
         c0:e1:99:64:aa:49:b7:24:14:fb:e5:7d:cd:7b:22:a5:81:de:
         ab:57:0e:22:b4:4e:4b:e6:e6:29:88:e9:43:70:ed:55:3b:61:
         bb:29:b2:a8:c1:c8:fe:33:34:ad:ba:50:bf:d1:75:79:b0:69:
         76:fb:78:8e:b0:f7:38:82:69:88:28:3d:44:ec:42:f9:7b:6e:
         54:6f:c1:d5:2f:b7:c3:38:40:1c:db:4f:53:1f:3b:76:c4:c2:
         6e:15:fb:4a:c0:82:31:b7:ff:31:d7:d0:37:e7:18:3c:b0:5c:
         3b:05:03:28:cc:62:f6:ea:4d:86:62:39:c4:5b:74:ea:b9:5f:
         86:87:f4:cd:b2:13:34:1e:e1:42:57:f2:18:59:e2:23:84:c4:
         ca:e6:c8:b9:d5:82:a5:90:f7:b6:31:a0:b1:b8:39:a4:e8:8d:
         7b:d5:26:a4:b6:8a:44:93:0c:b2:ab:46:86:16:d1:0b:51:07:
         af:e6:1f:ef:8b:7c:44:2e:13:da:67:d0:27:e7:32:63:46:26:
         7e:9f:d2:d1:e1:08:1c:d7:d9:98:2e:45:9e:a9:f8:56:f3:38:
         53:ed:c0:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijg1cBt0bw5MuvwwZ3O97MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjEyOGE1YWRjYmNjZGYxNWNiOTc5YWQ2YWJmMmI5NjQw
ZmRiZGIwHhcNMjUwMTAxMTU0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGI4ZWM1MDM4NGMzZmRhMjJjOTExNzM5MGM3ZmY1YzQyNzRmZTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxaCzt9ErDWNYzm9mPTkSteL//wlq
vnpxfhq3IUBwA0lDE0ytNiUcuiGHVxHqM6gV8reumlFQiAiokwu47k6npKXQDBTC
J/ibAPghvzid56/nueOhoc4m4ViqPI5oFkAPfAONlX1TnBw1xZZecNk52Gvob0uz
CMJGCcQ6IeCQTQpl8a+3i8SFRKkT/ubXTNv9mT3tYqYpwPC2DlCSSzzDQ8XHiokq
GFMefbQ/WQtDugLLtWFHdIwfB+FM0LTkTjDgPT45b9Eez0VNb815SWnBvZprY16R
zbXMW+bOffatpw+Do5yU9CbuhnII09buV0DuTTss8JFPoyCw8gNXesMM2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE247FA4TD/aIskRc5DH/1xCdP4LMB8GA1UdIwQY
MBaAFGWxKKWty8zfFcuXmtar8rlkD9vbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJFb3BhM0x6TjhWeTVlYTFxdnl1V1FQMjlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9jMDk1ZmMtZDU3My00YWQ5LTllMmUt
YmQ4NmQ0YjMyYzU4LzEvVGJqc1VEaE1QOW9peVJGemtNZl9YRUowX2dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9jMDk1ZmMtZDU3My00YWQ5LTllMmUtYmQ4NmQ0YjMyYzU4
LzEvWmJFb3BhM0x6TjhWeTVlYTFxdnl1V1FQMjlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9/jMA0G
CSqGSIb3DQEBCwUAA4IBAQCgsp4Ik1QdKSWtO+xhBN3hzYkZCcDjk91ih0qGxJ90
QiulWXvA4Zlkqkm3JBT75X3NeyKlgd6rVw4itE5L5uYpiOlDcO1VO2G7KbKowcj+
MzStulC/0XV5sGl2+3iOsPc4gmmIKD1E7EL5e25Ub8HVL7fDOEAc209THzt2xMJu
FftKwIIxt/8x19A35xg8sFw7BQMozGL26k2GYjnEW3TquV+Gh/TNshM0HuFCV/IY
WeIjhMTK5si51YKlkPe2MaCxuDmk6I171SaktopEkwyyq0aGFtELUQev5h/vi3xE
LhPaZ9An5zJjRiZ+n9LR4Qgc19mYLkWeqfhW8zhT7cB4
-----END CERTIFICATE-----