Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/2485f5-df3e-4dba-810e-fe440111d807/1/S4vrF7I9DHNgUvtvqbNE6ECj228.roa
File:                     S4vrF7I9DHNgUvtvqbNE6ECj228.roa (raw, json)
Hash identifier:          EZ99gSIfgOm6ZjYODSZFL7JjM3CmsIg1jhHAiFF21k4=
Subject key identifier:   4B:8B:EB:17:B2:3D:0C:73:60:52:FB:6F:A9:B3:44:E8:40:A3:DB:6F
Certificate issuer:       /CN=1d87f30274951cadfb5b737e1333c73d64b04256
Certificate serial:       018CC80199362060BE5A45B86338D557A981
Authority key identifier: 1D:87:F3:02:74:95:1C:AD:FB:5B:73:7E:13:33:C7:3D:64:B0:42:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HYfzAnSVHK37W3N-EzPHPWSwQlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/2485f5-df3e-4dba-810e-fe440111d807/1/S4vrF7I9DHNgUvtvqbNE6ECj228.roa
Signing time:             Tue 02 Jan 2024 02:29:57 +0000
ROA not before:           Tue 02 Jan 2024 02:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49964
IP address blocks:        91.220.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/2485f5-df3e-4dba-810e-fe440111d807/1/HYfzAnSVHK37W3N-EzPHPWSwQlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/2485f5-df3e-4dba-810e-fe440111d807/1/HYfzAnSVHK37W3N-EzPHPWSwQlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HYfzAnSVHK37W3N-EzPHPWSwQlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 13:50:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:99:36:20:60:be:5a:45:b8:63:38:d5:57:a9:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d87f30274951cadfb5b737e1333c73d64b04256
        Validity
            Not Before: Jan  2 02:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b8beb17b23d0c736052fb6fa9b344e840a3db6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:46:70:7f:08:79:c3:ef:02:3b:9e:0a:22:dc:
                    7e:34:16:bf:08:2e:cb:d2:3f:37:ae:a3:a0:7a:44:
                    1f:b5:ce:05:1a:1d:e6:2b:a6:14:08:69:dc:ef:c8:
                    37:27:1e:71:64:83:96:72:43:88:2f:91:65:41:76:
                    ab:8d:c6:01:e8:b4:b1:c4:47:80:18:bd:32:ca:fa:
                    33:0c:db:bb:4a:8e:8a:55:c6:c4:6d:e6:4c:de:0b:
                    29:bb:91:fe:9b:89:0f:b3:13:39:fb:b7:25:36:64:
                    b8:a3:b4:fd:7c:05:af:76:79:f7:26:ae:de:83:9e:
                    cf:8a:86:c9:db:2e:91:90:36:af:19:04:b1:c4:1d:
                    f6:6f:64:87:e4:ae:88:76:40:66:14:6b:62:da:95:
                    88:69:d2:83:85:f3:84:10:8d:8c:14:e7:e1:8b:49:
                    48:0e:27:ce:5c:6d:03:35:d7:3f:4a:f6:7a:8b:6f:
                    1a:a7:fe:d5:5e:ea:35:cf:02:64:ff:cf:22:9a:e3:
                    0a:4d:2e:d0:9b:e5:d9:31:6f:36:dc:88:2b:88:d9:
                    58:bd:a2:fa:97:7d:fc:16:4d:50:6a:c5:07:74:4c:
                    7d:b6:d4:20:1c:47:79:05:03:3f:d2:13:fb:d1:42:
                    94:bd:9e:e7:c7:18:e0:2c:2f:5e:1c:0b:4d:5a:29:
                    ec:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:8B:EB:17:B2:3D:0C:73:60:52:FB:6F:A9:B3:44:E8:40:A3:DB:6F
            X509v3 Authority Key Identifier:
                keyid:1D:87:F3:02:74:95:1C:AD:FB:5B:73:7E:13:33:C7:3D:64:B0:42:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HYfzAnSVHK37W3N-EzPHPWSwQlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/2485f5-df3e-4dba-810e-fe440111d807/1/S4vrF7I9DHNgUvtvqbNE6ECj228.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/2485f5-df3e-4dba-810e-fe440111d807/1/HYfzAnSVHK37W3N-EzPHPWSwQlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:3c:f8:82:00:60:ea:54:2e:9f:eb:de:7b:f6:af:5c:ec:f5:
         13:fa:4b:fc:28:04:2e:0c:05:b3:c7:c1:2d:a2:e3:1d:87:0d:
         9c:61:05:1c:09:44:40:34:79:c4:bb:e6:4f:04:4e:cd:22:3a:
         40:63:24:d8:a9:ea:f3:ca:7a:de:fa:27:9d:70:7a:01:26:d0:
         5b:61:cb:13:50:d4:5a:c5:71:9a:a7:56:2b:86:1e:78:a5:4f:
         cc:0a:c5:33:17:67:af:0c:62:00:e4:f8:7b:a2:5c:6e:11:39:
         49:c1:7e:b7:2c:14:0a:b3:05:60:28:d5:f6:2e:14:9a:df:32:
         3e:34:6d:04:cb:19:28:67:26:76:61:5e:33:2d:e7:2e:9d:98:
         a9:0d:f0:b4:2a:12:cc:1d:a0:e4:03:6d:8a:97:fc:37:a2:67:
         5d:d7:5a:e4:ff:42:4d:49:69:26:2f:96:4b:af:3a:05:09:cf:
         3c:b2:f7:ff:62:77:30:18:43:79:72:71:ec:45:13:0a:df:87:
         5d:47:e8:6f:b9:1c:1f:32:11:9e:5a:b7:5a:42:4c:cc:74:64:
         6b:c6:77:68:4e:a2:e1:f5:54:67:22:1a:55:01:80:d2:69:2d:
         24:80:ae:15:9b:cc:19:15:20:6d:8a:2e:77:1a:d2:e2:bf:f5:
         11:a6:c1:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAZk2IGC+WkW4YzjVV6mBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkODdmMzAyNzQ5NTFjYWRmYjViNzM3ZTEzMzNjNzNkNjRi
MDQyNTYwHhcNMjQwMTAyMDIyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjhiZWIxN2IyM2QwYzczNjA1MmZiNmZhOWIzNDRlODQwYTNkYjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUZwfwh5w+8CO54KItx+NBa/CC7L
0j83rqOgekQftc4FGh3mK6YUCGnc78g3Jx5xZIOWckOIL5FlQXarjcYB6LSxxEeA
GL0yyvozDNu7So6KVcbEbeZM3gspu5H+m4kPsxM5+7clNmS4o7T9fAWvdnn3Jq7e
g57PiobJ2y6RkDavGQSxxB32b2SH5K6IdkBmFGti2pWIadKDhfOEEI2MFOfhi0lI
DifOXG0DNdc/SvZ6i28ap/7VXuo1zwJk/88imuMKTS7Qm+XZMW823IgriNlYvaL6
l338Fk1QasUHdEx9ttQgHEd5BQM/0hP70UKUvZ7nxxjgLC9eHAtNWins3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEuL6xeyPQxzYFL7b6mzROhAo9tvMB8GA1UdIwQY
MBaAFB2H8wJ0lRyt+1tzfhMzxz1ksEJWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFlmekFuU1ZISzM3VzNOLUV6UEhQV1N3UWxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8yNDg1ZjUtZGYzZS00ZGJhLTgxMGUt
ZmU0NDAxMTFkODA3LzEvUzR2ckY3STlESE5nVXZ0dnFiTkU2RUNqMjI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8yNDg1ZjUtZGYzZS00ZGJhLTgxMGUtZmU0NDAxMTFkODA3
LzEvSFlmekFuU1ZISzM3VzNOLUV6UEhQV1N3UWxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9xvMA0G
CSqGSIb3DQEBCwUAA4IBAQAKPPiCAGDqVC6f69579q9c7PUT+kv8KAQuDAWzx8Et
ouMdhw2cYQUcCURANHnEu+ZPBE7NIjpAYyTYqerzynre+iedcHoBJtBbYcsTUNRa
xXGap1Yrhh54pU/MCsUzF2evDGIA5Ph7olxuETlJwX63LBQKswVgKNX2LhSa3zI+
NG0EyxkoZyZ2YV4zLecunZipDfC0KhLMHaDkA22Kl/w3omdd11rk/0JNSWkmL5ZL
rzoFCc88svf/YncwGEN5cnHsRRMK34ddR+hvuRwfMhGeWrdaQkzMdGRrxndoTqLh
9VRnIhpVAYDSaS0kgK4Vm8wZFSBtii53GtLiv/URpsFX
-----END CERTIFICATE-----