Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/22581e-fe8c-4fb8-9585-9880f04db94a/1/uRjIcKAq_X7l3Cs8FDZQjrNAofc.roa
File:                     uRjIcKAq_X7l3Cs8FDZQjrNAofc.roa (raw, json)
Hash identifier:          dWKDf4LDjFxIApx9jwy2XbB2EU2eXCW1aMtGKrzW4pY=
Subject key identifier:   B9:18:C8:70:A0:2A:FD:7E:E5:DC:2B:3C:14:36:50:8E:B3:40:A1:F7
Certificate issuer:       /CN=62beaa57c67aeb5bafd99793ab4846850a796c28
Certificate serial:       0191293C0400E8432F5E29258AC7290E0E0E
Authority key identifier: 62:BE:AA:57:C6:7A:EB:5B:AF:D9:97:93:AB:48:46:85:0A:79:6C:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yr6qV8Z661uv2ZeTq0hGhQp5bCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/22581e-fe8c-4fb8-9585-9880f04db94a/1/uRjIcKAq_X7l3Cs8FDZQjrNAofc.roa
Signing time:             Tue 06 Aug 2024 19:48:04 +0000
ROA not before:           Tue 06 Aug 2024 19:48:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58192
IP address blocks:        91.239.189.0/24 maxlen: 24
                          2a13:d000::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/22581e-fe8c-4fb8-9585-9880f04db94a/1/Yr6qV8Z661uv2ZeTq0hGhQp5bCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/22581e-fe8c-4fb8-9585-9880f04db94a/1/Yr6qV8Z661uv2ZeTq0hGhQp5bCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yr6qV8Z661uv2ZeTq0hGhQp5bCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:29:3c:04:00:e8:43:2f:5e:29:25:8a:c7:29:0e:0e:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62beaa57c67aeb5bafd99793ab4846850a796c28
        Validity
            Not Before: Aug  6 19:48:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b918c870a02afd7ee5dc2b3c1436508eb340a1f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:30:26:6e:07:b6:3c:9b:76:f9:0c:3c:2e:5b:
                    d8:0f:a2:6c:b0:ad:37:28:fb:ab:54:45:68:d4:c4:
                    09:36:21:56:1a:dd:1f:d8:f7:a8:81:20:57:c5:58:
                    b2:51:30:b5:99:38:b1:a3:d6:fa:0d:09:5d:6f:da:
                    09:18:53:8c:c7:a4:1d:f0:38:24:a5:88:8a:36:08:
                    42:98:1b:18:1b:98:d7:79:a9:44:55:18:fd:42:81:
                    91:cd:78:ef:6f:4d:bf:af:db:a6:2f:85:ae:41:0b:
                    07:a3:28:3b:8c:e8:0d:27:58:c1:52:e7:76:7d:fe:
                    fc:68:9b:8a:9f:5f:a0:26:97:34:cc:66:78:b1:d1:
                    34:ac:9e:46:4d:2c:46:11:28:07:1f:e4:d5:f7:b5:
                    f7:91:bf:e4:49:af:0a:07:b0:6b:75:82:0e:0c:b1:
                    dc:8e:35:a3:6a:35:eb:17:57:07:2f:59:3f:14:e0:
                    72:d6:72:69:7b:28:b2:69:b5:bd:1f:63:b0:a6:97:
                    53:99:1c:f4:f3:28:d2:1a:19:99:06:35:65:73:5e:
                    ad:8e:ef:25:fa:0c:c6:c5:b7:5e:64:97:e9:fc:98:
                    5c:4f:67:e9:23:5c:bc:5c:34:fe:12:09:32:94:e4:
                    22:60:b8:9d:bf:b9:7a:75:56:86:46:0c:5a:d6:78:
                    93:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:18:C8:70:A0:2A:FD:7E:E5:DC:2B:3C:14:36:50:8E:B3:40:A1:F7
            X509v3 Authority Key Identifier:
                keyid:62:BE:AA:57:C6:7A:EB:5B:AF:D9:97:93:AB:48:46:85:0A:79:6C:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yr6qV8Z661uv2ZeTq0hGhQp5bCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/22581e-fe8c-4fb8-9585-9880f04db94a/1/uRjIcKAq_X7l3Cs8FDZQjrNAofc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/22581e-fe8c-4fb8-9585-9880f04db94a/1/Yr6qV8Z661uv2ZeTq0hGhQp5bCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.189.0/24
                IPv6:
                  2a13:d000::/29

    Signature Algorithm: sha256WithRSAEncryption
         7c:58:13:b0:45:94:93:8c:c3:ef:7a:ae:66:c1:14:81:1c:6b:
         53:1f:9d:13:7f:d6:eb:13:9e:0b:28:0f:fe:4b:8d:eb:63:b8:
         72:df:dd:6a:ed:54:cd:c2:35:10:37:be:7d:e4:16:1b:47:30:
         bc:cc:36:de:23:31:64:27:b8:40:a2:99:09:b9:ba:5d:1f:8d:
         1f:43:53:83:6d:75:14:0e:2f:54:8c:c6:9e:a9:80:d8:58:9e:
         12:45:60:c9:88:fd:90:3b:65:83:17:61:6b:ea:e6:be:90:de:
         fc:20:86:88:1e:40:16:36:c9:16:08:fb:cc:bc:1c:27:4a:ee:
         b3:fe:62:04:52:6e:fe:0c:65:5e:c3:4c:ff:39:09:41:a5:8f:
         07:16:ce:39:7e:44:86:f5:d1:af:fe:03:ad:dc:4b:73:2f:d4:
         19:d6:26:46:6b:4d:56:ae:90:76:92:f3:b0:61:b3:8b:f1:16:
         89:28:b9:6b:e0:54:b3:ca:11:8b:88:11:ce:9b:ed:fd:10:6b:
         05:fe:b5:88:d2:64:a8:4c:9a:6e:ae:fb:57:0d:62:0b:28:8e:
         15:f9:92:56:7f:43:54:18:b5:67:ad:ea:f7:0a:4e:5d:98:ae:
         2a:c4:1a:eb:b1:ba:39:4f:79:71:19:75:c9:34:07:72:26:6b:
         5c:e3:70:69
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZEpPAQA6EMvXikliscpDg4OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYmVhYTU3YzY3YWViNWJhZmQ5OTc5M2FiNDg0Njg1MGE3
OTZjMjgwHhcNMjQwODA2MTk0ODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTE4Yzg3MGEwMmFmZDdlZTVkYzJiM2MxNDM2NTA4ZWIzNDBhMWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDAmbge2PJt2+Qw8LlvYD6JssK03
KPurVEVo1MQJNiFWGt0f2PeogSBXxViyUTC1mTixo9b6DQldb9oJGFOMx6Qd8Dgk
pYiKNghCmBsYG5jXealEVRj9QoGRzXjvb02/r9umL4WuQQsHoyg7jOgNJ1jBUud2
ff78aJuKn1+gJpc0zGZ4sdE0rJ5GTSxGESgHH+TV97X3kb/kSa8KB7BrdYIODLHc
jjWjajXrF1cHL1k/FOBy1nJpeyiyabW9H2OwppdTmRz08yjSGhmZBjVlc16tju8l
+gzGxbdeZJfp/JhcT2fpI1y8XDT+EgkylOQiYLidv7l6dVaGRgxa1niTpwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLkYyHCgKv1+5dwrPBQ2UI6zQKH3MB8GA1UdIwQY
MBaAFGK+qlfGeutbr9mXk6tIRoUKeWwoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXI2cVY4WjY2MXV2MlplVHEwaEdoUXA1YkNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8yMjU4MWUtZmU4Yy00ZmI4LTk1ODUt
OTg4MGYwNGRiOTRhLzEvdVJqSWNLQXFfWDdsM0NzOEZEWlFqck5Bb2ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8yMjU4MWUtZmU4Yy00ZmI4LTk1ODUtOTg4MGYwNGRiOTRh
LzEvWXI2cVY4WjY2MXV2MlplVHEwaEdoUXA1YkNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW++9MA0E
AgACMAcDBQMqE9AAMA0GCSqGSIb3DQEBCwUAA4IBAQB8WBOwRZSTjMPveq5mwRSB
HGtTH50Tf9brE54LKA/+S43rY7hy391q7VTNwjUQN7595BYbRzC8zDbeIzFkJ7hA
opkJubpdH40fQ1ODbXUUDi9UjMaeqYDYWJ4SRWDJiP2QO2WDF2Fr6ua+kN78IIaI
HkAWNskWCPvMvBwnSu6z/mIEUm7+DGVew0z/OQlBpY8HFs45fkSG9dGv/gOt3Etz
L9QZ1iZGa01WrpB2kvOwYbOL8RaJKLlr4FSzyhGLiBHOm+39EGsF/rWI0mSoTJpu
rvtXDWILKI4V+ZJWf0NUGLVnrer3Ck5dmK4qxBrrsbo5T3lxGXXJNAdyJmtc43Bp
-----END CERTIFICATE-----