Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/440132-eb5a-46df-a229-c68a68e8a234/1/gE5hz7EaN1ysEw6r-OT47mXcqeg.roa
File:                     gE5hz7EaN1ysEw6r-OT47mXcqeg.roa (raw, json)
Hash identifier:          twdtMHey/ydXY7z++y0a2qKNiujdzo+Wmoz3BO6cDQs=
Subject key identifier:   80:4E:61:CF:B1:1A:37:5C:AC:13:0E:AB:F8:E4:F8:EE:65:DC:A9:E8
Certificate issuer:       /CN=b8c5155db7f9859e084c2ee9bf96e8689209d3d5
Certificate serial:       018CC34910662C3E778CE86012E7A5C62779
Authority key identifier: B8:C5:15:5D:B7:F9:85:9E:08:4C:2E:E9:BF:96:E8:68:92:09:D3:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uMUVXbf5hZ4ITC7pv5boaJIJ09U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/440132-eb5a-46df-a229-c68a68e8a234/1/gE5hz7EaN1ysEw6r-OT47mXcqeg.roa
Signing time:             Mon 01 Jan 2024 04:29:54 +0000
ROA not before:           Mon 01 Jan 2024 04:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51224
IP address blocks:        91.216.216.0/24 maxlen: 32
                          2001:67c:254::/48 maxlen: 56

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/440132-eb5a-46df-a229-c68a68e8a234/1/uMUVXbf5hZ4ITC7pv5boaJIJ09U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/440132-eb5a-46df-a229-c68a68e8a234/1/uMUVXbf5hZ4ITC7pv5boaJIJ09U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uMUVXbf5hZ4ITC7pv5boaJIJ09U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:10:66:2c:3e:77:8c:e8:60:12:e7:a5:c6:27:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8c5155db7f9859e084c2ee9bf96e8689209d3d5
        Validity
            Not Before: Jan  1 04:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=804e61cfb11a375cac130eabf8e4f8ee65dca9e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:d7:ad:84:ee:f7:80:20:3b:03:43:ff:93:a2:
                    05:e0:b1:38:0f:41:de:7b:37:4d:a6:c8:a4:80:d5:
                    72:0a:f3:04:7d:d6:41:52:68:30:92:c7:f9:a9:fb:
                    2a:26:e3:ee:e1:71:07:2c:bc:62:13:f5:51:c5:c1:
                    cd:cf:16:56:08:c0:1a:26:85:56:bf:56:ba:6f:25:
                    ce:d8:1f:79:fc:d8:3f:31:61:62:a5:3f:9f:9f:fd:
                    83:b2:40:a9:46:c7:74:2d:d9:41:71:8a:e0:a7:b2:
                    14:a9:ab:78:23:38:d1:f0:6d:38:a7:cd:3b:37:55:
                    d0:bc:ad:29:49:27:94:12:a2:b4:98:5f:9d:eb:f2:
                    bb:31:e5:24:1e:a8:9f:6e:41:ab:79:ad:bd:97:0f:
                    5e:79:0c:81:64:21:0c:fc:6d:2a:b8:5e:e2:b9:64:
                    68:be:11:8f:3e:c4:5b:c1:c3:77:2f:38:3f:93:bc:
                    ef:78:cf:d9:76:06:f6:ef:66:19:61:4a:d0:77:48:
                    42:ac:fe:39:ad:03:c2:48:97:7f:0d:cf:b6:46:80:
                    ea:54:5f:6f:33:ce:03:31:1f:a4:35:91:1d:52:27:
                    78:96:35:8c:93:c5:03:3f:78:a9:2d:56:27:aa:c8:
                    75:7f:1c:84:3a:f8:b5:ad:05:ca:a4:8e:c3:f1:b6:
                    8e:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:4E:61:CF:B1:1A:37:5C:AC:13:0E:AB:F8:E4:F8:EE:65:DC:A9:E8
            X509v3 Authority Key Identifier:
                keyid:B8:C5:15:5D:B7:F9:85:9E:08:4C:2E:E9:BF:96:E8:68:92:09:D3:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uMUVXbf5hZ4ITC7pv5boaJIJ09U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/440132-eb5a-46df-a229-c68a68e8a234/1/gE5hz7EaN1ysEw6r-OT47mXcqeg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/440132-eb5a-46df-a229-c68a68e8a234/1/uMUVXbf5hZ4ITC7pv5boaJIJ09U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.216.0/24
                IPv6:
                  2001:67c:254::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:df:74:1f:38:7d:d5:b9:b4:28:7f:54:f2:4f:bf:c4:e0:25:
         f6:25:64:9d:55:32:f2:3c:a8:da:e0:b6:68:7d:20:66:ca:0a:
         d0:7f:c6:9f:78:8f:2f:35:e2:4c:ff:b8:d4:20:62:4f:ad:b2:
         0d:56:a9:53:b9:e0:d5:66:c3:4c:58:82:02:ee:02:82:41:f4:
         fe:5b:d1:7c:86:c1:26:88:ed:dd:b6:d0:f4:cf:fb:75:bb:13:
         ba:60:6d:9d:33:e1:45:34:f4:83:3c:4d:35:5e:0d:ea:fa:5a:
         fe:e3:b6:2d:78:28:4b:e9:b9:51:89:f5:dd:d8:f3:cb:d1:9e:
         82:6b:df:bb:32:81:ce:1a:a3:4a:2b:74:8b:9b:d2:2a:ba:9f:
         c6:5c:bc:5b:6e:e0:7a:81:4c:28:62:a5:ed:44:9a:c8:b1:80:
         e5:75:3f:68:6a:e7:ad:67:a6:0f:cd:77:0d:94:92:35:f4:42:
         16:8c:c4:37:a1:28:fe:31:6a:be:34:6c:f2:f0:ae:7d:7f:94:
         9f:46:6e:cd:b5:1c:55:2d:d1:25:2c:3b:05:07:4e:e8:b6:00:
         c9:e8:d6:88:15:71:5a:5e:9f:0b:10:b5:f4:cb:5c:f9:75:1d:
         83:28:d3:f2:21:3a:06:ac:04:31:06:d8:58:6b:33:d1:64:a2:
         38:c7:a5:03
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDSRBmLD53jOhgEuelxid5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4YzUxNTVkYjdmOTg1OWUwODRjMmVlOWJmOTZlODY4OTIw
OWQzZDUwHhcNMjQwMTAxMDQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDRlNjFjZmIxMWEzNzVjYWMxMzBlYWJmOGU0ZjhlZTY1ZGNhOWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkNethO73gCA7A0P/k6IF4LE4D0He
ezdNpsikgNVyCvMEfdZBUmgwksf5qfsqJuPu4XEHLLxiE/VRxcHNzxZWCMAaJoVW
v1a6byXO2B95/Ng/MWFipT+fn/2DskCpRsd0LdlBcYrgp7IUqat4IzjR8G04p807
N1XQvK0pSSeUEqK0mF+d6/K7MeUkHqifbkGrea29lw9eeQyBZCEM/G0quF7iuWRo
vhGPPsRbwcN3Lzg/k7zveM/Zdgb272YZYUrQd0hCrP45rQPCSJd/Dc+2RoDqVF9v
M84DMR+kNZEdUid4ljWMk8UDP3ipLVYnqsh1fxyEOvi1rQXKpI7D8baORQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIBOYc+xGjdcrBMOq/jk+O5l3KnoMB8GA1UdIwQY
MBaAFLjFFV23+YWeCEwu6b+W6GiSCdPVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU1VVlhiZjVoWjRJVEM3cHY1Ym9hSklKMDlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC80NDAxMzItZWI1YS00NmRmLWEyMjkt
YzY4YTY4ZThhMjM0LzEvZ0U1aHo3RWFOMXlzRXc2ci1PVDQ3bVhjcWVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC80NDAxMzItZWI1YS00NmRmLWEyMjktYzY4YTY4ZThhMjM0
LzEvdU1VVlhiZjVoWjRJVEM3cHY1Ym9hSklKMDlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9jYMA8E
AgACMAkDBwAgAQZ8AlQwDQYJKoZIhvcNAQELBQADggEBAHffdB84fdW5tCh/VPJP
v8TgJfYlZJ1VMvI8qNrgtmh9IGbKCtB/xp94jy814kz/uNQgYk+tsg1WqVO54NVm
w0xYggLuAoJB9P5b0XyGwSaI7d220PTP+3W7E7pgbZ0z4UU09IM8TTVeDer6Wv7j
ti14KEvpuVGJ9d3Y88vRnoJr37sygc4ao0ordIub0iq6n8ZcvFtu4HqBTChipe1E
msixgOV1P2hq561npg/Ndw2UkjX0QhaMxDehKP4xar40bPLwrn1/lJ9Gbs21HFUt
0SUsOwUHTui2AMno1ogVcVpenwsQtfTLXPl1HYMo0/IhOgasBDEG2FhrM9FkojjH
pQM=
-----END CERTIFICATE-----