Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/e55ca1-d11c-48b9-8306-d003063ae5bb/1/T9t9OE-bq6IuzHn9tsTExsp7Lss.roa
File:                     T9t9OE-bq6IuzHn9tsTExsp7Lss.roa (raw, json)
Hash identifier:          NuJSzGbfK84q0LNak9etGdjMRFA2QtdntT43eRuiufA=
Subject key identifier:   4F:DB:7D:38:4F:9B:AB:A2:2E:CC:79:FD:B6:C4:C4:C6:CA:7B:2E:CB
Certificate issuer:       /CN=4aebd4543df29da64e4232ef3791f534573c12f1
Certificate serial:       018CC2DB51C26BC29044394E69F647FDC91A
Authority key identifier: 4A:EB:D4:54:3D:F2:9D:A6:4E:42:32:EF:37:91:F5:34:57:3C:12:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SuvUVD3ynaZOQjLvN5H1NFc8EvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/e55ca1-d11c-48b9-8306-d003063ae5bb/1/T9t9OE-bq6IuzHn9tsTExsp7Lss.roa
Signing time:             Mon 01 Jan 2024 02:30:02 +0000
ROA not before:           Mon 01 Jan 2024 02:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16019
IP address blocks:        91.231.28.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/e55ca1-d11c-48b9-8306-d003063ae5bb/1/SuvUVD3ynaZOQjLvN5H1NFc8EvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/e55ca1-d11c-48b9-8306-d003063ae5bb/1/SuvUVD3ynaZOQjLvN5H1NFc8EvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SuvUVD3ynaZOQjLvN5H1NFc8EvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:51:c2:6b:c2:90:44:39:4e:69:f6:47:fd:c9:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4aebd4543df29da64e4232ef3791f534573c12f1
        Validity
            Not Before: Jan  1 02:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fdb7d384f9baba22ecc79fdb6c4c4c6ca7b2ecb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:fc:26:04:56:fa:c8:ea:44:a5:ae:2a:c6:2e:
                    39:54:e3:7c:91:bf:11:04:71:ab:0f:73:55:ad:0e:
                    c5:63:92:72:ea:cd:62:b3:25:53:11:ea:dd:0b:0c:
                    17:f8:07:23:f2:b0:c8:d4:c7:f9:c1:2a:e2:f8:0f:
                    1d:65:48:b8:bd:93:2f:92:b6:38:d4:02:36:0e:4f:
                    a7:74:23:41:ac:2c:c9:dc:0d:b1:2d:a3:bc:6f:b4:
                    be:90:22:88:b6:1b:b4:27:fb:67:1e:13:5a:85:0a:
                    8d:40:1b:1f:18:d1:a8:50:5b:e6:85:f8:b1:e2:70:
                    a7:ec:93:e3:a1:4a:e8:8b:a4:18:99:cb:a1:0a:ab:
                    88:ac:63:8d:d1:05:f3:10:39:3b:fe:e9:52:50:cf:
                    91:c6:55:3b:44:77:e1:99:12:42:78:44:fe:4f:45:
                    17:8f:90:8c:34:a1:34:11:24:34:08:92:0c:fb:c0:
                    88:b3:fa:b9:8f:d1:36:48:8d:4d:55:28:96:8c:a4:
                    32:26:93:49:d4:38:07:88:30:91:3b:36:4e:ad:8c:
                    f5:aa:8d:45:7a:4f:ae:b7:af:48:75:fd:15:10:64:
                    f2:4b:18:2d:49:05:8c:92:03:b2:b7:7b:16:44:fc:
                    58:0c:1e:8c:d5:40:90:74:e5:f1:63:ac:53:4b:d3:
                    ab:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:DB:7D:38:4F:9B:AB:A2:2E:CC:79:FD:B6:C4:C4:C6:CA:7B:2E:CB
            X509v3 Authority Key Identifier:
                keyid:4A:EB:D4:54:3D:F2:9D:A6:4E:42:32:EF:37:91:F5:34:57:3C:12:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SuvUVD3ynaZOQjLvN5H1NFc8EvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/e55ca1-d11c-48b9-8306-d003063ae5bb/1/T9t9OE-bq6IuzHn9tsTExsp7Lss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/e55ca1-d11c-48b9-8306-d003063ae5bb/1/SuvUVD3ynaZOQjLvN5H1NFc8EvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         35:63:59:61:b6:9b:9a:e0:4c:1f:af:3a:59:5c:6a:a4:21:45:
         19:37:68:62:71:62:6b:fa:bc:01:e7:e9:4c:71:23:47:c0:5b:
         8b:9a:bc:70:67:11:6b:8d:5a:aa:a3:16:2f:0d:a3:c1:b3:f7:
         bb:26:35:1b:32:d6:6f:84:06:4d:0a:f3:e7:9b:8a:f4:92:35:
         7b:26:ef:e6:23:da:ba:ae:48:0a:d6:d7:37:68:bd:5c:8f:48:
         58:86:29:4e:1c:1e:fa:e4:6c:c7:f5:48:9e:74:46:a5:34:5a:
         f2:a0:6a:d8:8c:3d:32:e6:9b:91:e0:ce:89:b8:03:4d:07:b5:
         b4:94:3b:27:9d:4c:62:d0:d8:2b:ed:a3:1e:b4:3e:4f:eb:af:
         b5:1b:1f:9a:38:9d:47:35:c3:b5:3c:49:6d:53:49:63:21:fa:
         2f:84:9e:f6:d8:c9:fa:f9:b6:63:f0:89:88:7c:79:09:7c:47:
         af:2c:61:58:b1:be:55:51:8a:20:c1:cd:0a:da:1a:c1:51:1c:
         fa:68:37:ae:08:7b:89:4c:c2:07:1c:27:af:b5:1f:eb:8b:33:
         7b:1b:49:33:f3:18:11:91:25:9c:f6:73:7b:96:ef:2f:79:ff:
         69:31:2e:47:5f:f1:88:6b:56:d9:a1:c7:b2:81:ce:32:3d:ea:
         aa:b3:80:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC21HCa8KQRDlOafZH/ckaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhZWJkNDU0M2RmMjlkYTY0ZTQyMzJlZjM3OTFmNTM0NTcz
YzEyZjEwHhcNMjQwMTAxMDIzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmRiN2QzODRmOWJhYmEyMmVjYzc5ZmRiNmM0YzRjNmNhN2IyZWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPwmBFb6yOpEpa4qxi45VON8kb8R
BHGrD3NVrQ7FY5Jy6s1isyVTEerdCwwX+Acj8rDI1Mf5wSri+A8dZUi4vZMvkrY4
1AI2Dk+ndCNBrCzJ3A2xLaO8b7S+kCKIthu0J/tnHhNahQqNQBsfGNGoUFvmhfix
4nCn7JPjoUroi6QYmcuhCquIrGON0QXzEDk7/ulSUM+RxlU7RHfhmRJCeET+T0UX
j5CMNKE0ESQ0CJIM+8CIs/q5j9E2SI1NVSiWjKQyJpNJ1DgHiDCROzZOrYz1qo1F
ek+ut69Idf0VEGTySxgtSQWMkgOyt3sWRPxYDB6M1UCQdOXxY6xTS9OrHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE/bfThPm6uiLsx5/bbExMbKey7LMB8GA1UdIwQY
MBaAFErr1FQ98p2mTkIy7zeR9TRXPBLxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3V2VVZEM3luYVpPUWpMdk41SDFORmM4RXZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9lNTVjYTEtZDExYy00OGI5LTgzMDYt
ZDAwMzA2M2FlNWJiLzEvVDl0OU9FLWJxNkl1ekhuOXRzVEV4c3A3THNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9lNTVjYTEtZDExYy00OGI5LTgzMDYtZDAwMzA2M2FlNWJi
LzEvU3V2VVZEM3luYVpPUWpMdk41SDFORmM4RXZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+ccMA0G
CSqGSIb3DQEBCwUAA4IBAQA1Y1lhtpua4EwfrzpZXGqkIUUZN2hicWJr+rwB5+lM
cSNHwFuLmrxwZxFrjVqqoxYvDaPBs/e7JjUbMtZvhAZNCvPnm4r0kjV7Ju/mI9q6
rkgK1tc3aL1cj0hYhilOHB765GzH9UiedEalNFryoGrYjD0y5puR4M6JuANNB7W0
lDsnnUxi0Ngr7aMetD5P66+1Gx+aOJ1HNcO1PEltU0ljIfovhJ722Mn6+bZj8ImI
fHkJfEevLGFYsb5VUYogwc0K2hrBURz6aDeuCHuJTMIHHCevtR/rizN7G0kz8xgR
kSWc9nN7lu8vef9pMS5HX/GIa1bZoceygc4yPeqqs4B1
-----END CERTIFICATE-----