Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/UsZS8spxYoyfTqlhL5f51pDRWw4.roa
File:                     UsZS8spxYoyfTqlhL5f51pDRWw4.roa (raw, json)
Hash identifier:          uESjvjL2EDqML37vLZn3AXXagrr6OnDUWBZOxf282wA=
Subject key identifier:   52:C6:52:F2:CA:71:62:8C:9F:4E:A9:61:2F:97:F9:D6:90:D1:5B:0E
Certificate issuer:       /CN=9e8cd7d6a4105750bf8975a7d0b96794c1efe622
Certificate serial:       018CC94D7C2EEEA67F12B7A89BEDBBBCFB62
Authority key identifier: 9E:8C:D7:D6:A4:10:57:50:BF:89:75:A7:D0:B9:67:94:C1:EF:E6:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nozX1qQQV1C_iXWn0LlnlMHv5iI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/UsZS8spxYoyfTqlhL5f51pDRWw4.roa
Signing time:             Tue 02 Jan 2024 08:32:27 +0000
ROA not before:           Tue 02 Jan 2024 08:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44710
IP address blocks:        91.217.244.0/24 maxlen: 24
                          31.131.141.0/24 maxlen: 24
                          31.131.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/nozX1qQQV1C_iXWn0LlnlMHv5iI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/nozX1qQQV1C_iXWn0LlnlMHv5iI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nozX1qQQV1C_iXWn0LlnlMHv5iI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:7c:2e:ee:a6:7f:12:b7:a8:9b:ed:bb:bc:fb:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e8cd7d6a4105750bf8975a7d0b96794c1efe622
        Validity
            Not Before: Jan  2 08:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52c652f2ca71628c9f4ea9612f97f9d690d15b0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:ee:a2:b8:64:6f:b5:fa:9b:6f:4d:38:8a:32:
                    99:c1:02:58:7a:11:7e:ff:58:d9:b9:7a:92:86:12:
                    f4:a9:c2:3e:13:8c:d0:4b:3f:4a:68:19:09:b0:41:
                    2d:e9:02:72:63:22:9c:c5:40:88:59:e2:60:00:b0:
                    75:32:0c:8b:73:0f:57:93:96:7f:5f:19:88:e9:18:
                    fa:e2:56:7d:81:1a:fd:82:fd:30:a6:33:57:16:6c:
                    d6:17:77:d1:32:c1:de:7a:f1:c7:2c:2d:07:3b:e6:
                    4d:1a:8b:7e:e3:1a:96:6e:28:d6:f1:bf:8e:77:81:
                    da:c5:5c:be:e0:09:2e:ff:22:d8:ba:1e:81:f1:d2:
                    db:f3:54:ca:48:f9:9d:b7:fe:1b:a5:33:86:d0:5c:
                    aa:6f:8b:40:53:32:0a:00:1f:af:3c:c4:70:2b:20:
                    0a:a0:1d:4a:60:24:06:6a:f1:c0:40:74:dc:9a:e4:
                    5d:a7:5e:df:8e:00:3d:10:2a:44:5a:21:0f:cc:29:
                    f7:89:19:0e:40:5e:05:6d:0c:fd:5c:d5:56:e4:e1:
                    84:04:62:62:11:30:99:f2:eb:27:40:96:7b:a9:5d:
                    6c:fa:b9:de:f8:d1:3f:c4:7d:1a:21:cb:c2:a9:b0:
                    f7:be:c5:23:99:71:69:35:e0:ad:57:1b:b8:4a:ea:
                    c2:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:C6:52:F2:CA:71:62:8C:9F:4E:A9:61:2F:97:F9:D6:90:D1:5B:0E
            X509v3 Authority Key Identifier:
                keyid:9E:8C:D7:D6:A4:10:57:50:BF:89:75:A7:D0:B9:67:94:C1:EF:E6:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nozX1qQQV1C_iXWn0LlnlMHv5iI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/UsZS8spxYoyfTqlhL5f51pDRWw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/nozX1qQQV1C_iXWn0LlnlMHv5iI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.131.140.0/23
                  91.217.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:1b:f4:7b:ab:8c:f5:9a:2d:4e:f8:59:9c:49:84:e3:ee:45:
         ff:0d:2a:a6:03:cb:a7:c1:1f:db:e4:f7:00:8b:c8:51:ed:bd:
         c5:98:a1:f3:9b:e8:48:fd:c9:48:e2:ec:6b:d2:62:52:30:60:
         66:c0:21:b2:ff:2f:c6:5e:8f:3f:2b:82:f6:20:71:b5:32:bb:
         4c:a1:23:39:c7:9d:d1:83:5b:a1:23:03:0c:d0:d5:77:45:46:
         75:d2:9b:fb:e5:7c:5c:51:df:07:4f:39:98:fe:6f:5f:f9:ac:
         8c:09:f2:0b:b4:6d:86:d5:69:50:29:ec:5c:d7:54:94:66:de:
         37:8e:14:6c:1d:c4:46:0d:9f:18:cd:13:c8:6a:0d:56:97:37:
         04:7a:84:53:78:2a:0f:30:e7:79:fe:e3:84:89:3f:03:f6:7d:
         70:0a:96:f2:43:f9:88:f4:9f:dd:98:41:c5:83:df:84:02:b4:
         bf:27:bc:09:4a:aa:44:c5:7d:95:42:4e:53:7c:82:9e:ab:dd:
         d4:cf:f8:9f:3d:e5:0e:5c:7e:4d:28:18:17:8d:d3:b7:f4:b1:
         b9:96:5f:05:f8:8f:40:c0:af:9a:f2:62:3b:68:f1:4f:1a:c0:
         88:9b:b6:f0:a5:a0:99:f1:d4:ef:7c:11:52:b6:f9:af:2d:d6:
         73:e9:d5:c7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTXwu7qZ/Ereom+27vPtiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOGNkN2Q2YTQxMDU3NTBiZjg5NzVhN2QwYjk2Nzk0YzFl
ZmU2MjIwHhcNMjQwMTAyMDgzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmM2NTJmMmNhNzE2MjhjOWY0ZWE5NjEyZjk3ZjlkNjkwZDE1YjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0e6iuGRvtfqbb004ijKZwQJYehF+
/1jZuXqShhL0qcI+E4zQSz9KaBkJsEEt6QJyYyKcxUCIWeJgALB1MgyLcw9Xk5Z/
XxmI6Rj64lZ9gRr9gv0wpjNXFmzWF3fRMsHeevHHLC0HO+ZNGot+4xqWbijW8b+O
d4HaxVy+4Aku/yLYuh6B8dLb81TKSPmdt/4bpTOG0Fyqb4tAUzIKAB+vPMRwKyAK
oB1KYCQGavHAQHTcmuRdp17fjgA9ECpEWiEPzCn3iRkOQF4FbQz9XNVW5OGEBGJi
ETCZ8usnQJZ7qV1s+rne+NE/xH0aIcvCqbD3vsUjmXFpNeCtVxu4SurCMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFLGUvLKcWKMn06pYS+X+daQ0VsOMB8GA1UdIwQY
MBaAFJ6M19akEFdQv4l1p9C5Z5TB7+YiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbm96WDFxUVFWMUNfaVhXbjBMbG5sTUh2NWlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi84NWM2YmQtNmE2OC00ZDExLWI5Y2Qt
OGMyZGY1YTVjNmQ3LzEvVXNaUzhzcHhZb3lmVHFsaEw1ZjUxcERSV3c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi84NWM2YmQtNmE2OC00ZDExLWI5Y2QtOGMyZGY1YTVjNmQ3
LzEvbm96WDFxUVFWMUNfaVhXbjBMbG5sTUh2NWlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBH4OMAwQA
W9n0MA0GCSqGSIb3DQEBCwUAA4IBAQAGG/R7q4z1mi1O+FmcSYTj7kX/DSqmA8un
wR/b5PcAi8hR7b3FmKHzm+hI/clI4uxr0mJSMGBmwCGy/y/GXo8/K4L2IHG1MrtM
oSM5x53Rg1uhIwMM0NV3RUZ10pv75XxcUd8HTzmY/m9f+ayMCfILtG2G1WlQKexc
11SUZt43jhRsHcRGDZ8YzRPIag1WlzcEeoRTeCoPMOd5/uOEiT8D9n1wCpbyQ/mI
9J/dmEHFg9+EArS/J7wJSqpExX2VQk5TfIKeq93Uz/ifPeUOXH5NKBgXjdO39LG5
ll8F+I9AwK+a8mI7aPFPGsCIm7bwpaCZ8dTvfBFStvmvLdZz6dXH
-----END CERTIFICATE-----