Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/7577fd-3b45-404a-bfe0-5424dc63e2ac/1/aiCirdR3bJynl5B1u4taJ1ArJrE.roa
File:                     aiCirdR3bJynl5B1u4taJ1ArJrE.roa (raw, json)
Hash identifier:          /hYPt2NPtfaLrnXOY2RWVRmEr7OKwL3Ra6HIb4b8kms=
Subject key identifier:   6A:20:A2:AD:D4:77:6C:9C:A7:97:90:75:BB:8B:5A:27:50:2B:26:B1
Certificate issuer:       /CN=eebf5b51999637c80bf93c8a903d16c3aec25341
Certificate serial:       018CC348CA0C87EB0ED844C973F4A06C313F
Authority key identifier: EE:BF:5B:51:99:96:37:C8:0B:F9:3C:8A:90:3D:16:C3:AE:C2:53:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7r9bUZmWN8gL-TyKkD0Ww67CU0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/7577fd-3b45-404a-bfe0-5424dc63e2ac/1/aiCirdR3bJynl5B1u4taJ1ArJrE.roa
Signing time:             Mon 01 Jan 2024 04:29:36 +0000
ROA not before:           Mon 01 Jan 2024 04:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35490
IP address blocks:        91.236.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/7577fd-3b45-404a-bfe0-5424dc63e2ac/1/7r9bUZmWN8gL-TyKkD0Ww67CU0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/7577fd-3b45-404a-bfe0-5424dc63e2ac/1/7r9bUZmWN8gL-TyKkD0Ww67CU0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7r9bUZmWN8gL-TyKkD0Ww67CU0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ca:0c:87:eb:0e:d8:44:c9:73:f4:a0:6c:31:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebf5b51999637c80bf93c8a903d16c3aec25341
        Validity
            Not Before: Jan  1 04:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a20a2add4776c9ca7979075bb8b5a27502b26b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d0:29:40:d0:7f:2b:74:5c:f4:44:b8:46:41:
                    86:24:e9:11:0b:02:a8:58:7f:01:64:3e:d0:52:e4:
                    0f:88:f9:a2:7f:6e:20:9d:90:27:2d:64:24:a9:2b:
                    e8:df:3e:64:33:6d:6d:01:e7:a1:88:65:8e:42:f7:
                    6f:e0:43:02:0f:31:d3:1a:0a:fd:2e:c6:75:4e:f7:
                    8d:5c:54:b7:43:a3:fd:ec:06:c4:06:15:31:fb:f1:
                    c3:8e:68:db:8a:30:20:07:9b:12:54:57:e3:96:02:
                    96:f5:b8:0a:5a:30:0e:23:7b:a0:9e:ac:f3:d4:61:
                    c0:d5:bb:eb:94:4d:9c:cc:6f:97:3b:00:8a:d9:ec:
                    bf:a0:ae:1c:66:18:d9:f3:4f:88:81:53:d7:fa:e6:
                    6a:94:8a:51:ff:98:27:32:70:fb:ab:cd:5f:32:27:
                    ce:1b:db:e7:a4:6a:4e:48:e8:e9:fb:e7:29:29:e2:
                    81:71:0c:6c:15:33:13:69:79:36:f7:f3:5d:ca:0f:
                    61:d8:54:9d:af:9d:3c:69:4d:a4:07:f7:0c:e3:12:
                    43:c9:4f:78:99:fe:38:97:48:52:fa:c7:2d:5e:5a:
                    3d:71:cf:8a:74:e5:49:ff:17:66:a2:d7:a4:40:1f:
                    a9:e9:52:ca:90:31:02:70:b5:28:5f:00:70:83:00:
                    82:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:20:A2:AD:D4:77:6C:9C:A7:97:90:75:BB:8B:5A:27:50:2B:26:B1
            X509v3 Authority Key Identifier:
                keyid:EE:BF:5B:51:99:96:37:C8:0B:F9:3C:8A:90:3D:16:C3:AE:C2:53:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7r9bUZmWN8gL-TyKkD0Ww67CU0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/7577fd-3b45-404a-bfe0-5424dc63e2ac/1/aiCirdR3bJynl5B1u4taJ1ArJrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/7577fd-3b45-404a-bfe0-5424dc63e2ac/1/7r9bUZmWN8gL-TyKkD0Ww67CU0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:06:cc:f6:d4:70:8e:e2:22:2b:b3:b8:e4:b0:d4:60:bb:08:
         9b:79:85:1c:13:5b:db:47:c9:b1:4e:58:55:75:7b:39:c1:5d:
         92:38:58:19:f0:fb:e3:58:d5:ea:28:f2:39:a5:79:06:8b:39:
         ec:3c:d2:64:33:bc:40:05:93:d8:a4:4b:9f:ba:d8:8e:1b:52:
         3b:68:75:69:29:6b:29:e7:57:23:a1:2e:1d:e4:11:54:8f:9b:
         e7:8b:8a:76:ee:00:e5:35:56:b5:17:e6:3b:69:7b:5f:28:99:
         d0:99:9a:89:2c:17:b7:f9:a7:29:08:78:3d:25:fd:a0:fa:61:
         56:4d:ed:64:56:8d:94:74:52:62:81:97:dd:ce:16:8d:8a:86:
         1e:a4:62:98:0f:df:e3:a2:b4:c4:7b:1b:df:91:6f:c6:28:81:
         e2:34:b4:2b:01:04:08:77:03:e5:76:ba:a6:a6:cd:34:f0:60:
         0a:b6:44:8a:f3:b5:5c:07:9c:c2:e5:fc:89:b5:7d:52:42:fd:
         a5:4e:dc:5c:3b:d2:38:88:b2:f3:d9:42:44:03:3e:60:9c:c6:
         58:76:87:53:59:43:f2:e6:34:ac:1b:0d:3a:38:a0:b3:7c:4f:
         b8:18:13:cd:f1:c0:5e:a0:d7:1b:a7:46:ff:6b:e4:28:78:74:
         a1:96:fe:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMoMh+sO2ETJc/SgbDE/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmY1YjUxOTk5NjM3YzgwYmY5M2M4YTkwM2QxNmMzYWVj
MjUzNDEwHhcNMjQwMTAxMDQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTIwYTJhZGQ0Nzc2YzljYTc5NzkwNzViYjhiNWEyNzUwMmIyNmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotApQNB/K3Rc9ES4RkGGJOkRCwKo
WH8BZD7QUuQPiPmif24gnZAnLWQkqSvo3z5kM21tAeehiGWOQvdv4EMCDzHTGgr9
LsZ1TveNXFS3Q6P97AbEBhUx+/HDjmjbijAgB5sSVFfjlgKW9bgKWjAOI3ugnqzz
1GHA1bvrlE2czG+XOwCK2ey/oK4cZhjZ80+IgVPX+uZqlIpR/5gnMnD7q81fMifO
G9vnpGpOSOjp++cpKeKBcQxsFTMTaXk29/Ndyg9h2FSdr508aU2kB/cM4xJDyU94
mf44l0hS+sctXlo9cc+KdOVJ/xdmotekQB+p6VLKkDECcLUoXwBwgwCCjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGogoq3Ud2ycp5eQdbuLWidQKyaxMB8GA1UdIwQY
MBaAFO6/W1GZljfIC/k8ipA9FsOuwlNBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3I5YlVabVdOOGdMLVR5S2tEMFd3NjdDVTBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni83NTc3ZmQtM2I0NS00MDRhLWJmZTAt
NTQyNGRjNjNlMmFjLzEvYWlDaXJkUjNiSnlubDVCMXU0dGFKMUFySnJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni83NTc3ZmQtM2I0NS00MDRhLWJmZTAtNTQyNGRjNjNlMmFj
LzEvN3I5YlVabVdOOGdMLVR5S2tEMFd3NjdDVTBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+zfMA0G
CSqGSIb3DQEBCwUAA4IBAQAFBsz21HCO4iIrs7jksNRguwibeYUcE1vbR8mxTlhV
dXs5wV2SOFgZ8PvjWNXqKPI5pXkGiznsPNJkM7xABZPYpEufutiOG1I7aHVpKWsp
51cjoS4d5BFUj5vni4p27gDlNVa1F+Y7aXtfKJnQmZqJLBe3+acpCHg9Jf2g+mFW
Te1kVo2UdFJigZfdzhaNioYepGKYD9/jorTEexvfkW/GKIHiNLQrAQQIdwPldrqm
ps008GAKtkSK87VcB5zC5fyJtX1SQv2lTtxcO9I4iLLz2UJEAz5gnMZYdodTWUPy
5jSsGw06OKCzfE+4GBPN8cBeoNcbp0b/a+QoeHShlv5+
-----END CERTIFICATE-----