Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ed0918-b251-403c-8360-20ca2c0f6e54/1/y3G9QW_9GQasYvn_Nilngc1DZSI.roa
File:                     y3G9QW_9GQasYvn_Nilngc1DZSI.roa (raw, json)
Hash identifier:          dnrDQQmrJW+2oy97yVVm+FfEd94mEB2OlqwdVGWTVPk=
Subject key identifier:   CB:71:BD:41:6F:FD:19:06:AC:62:F9:FF:36:29:67:81:CD:43:65:22
Certificate issuer:       /CN=5e254ec3265851428fff33721a85c80b2f1e8fbc
Certificate serial:       018CC6B905AF65B638FE754457011E40617D
Authority key identifier: 5E:25:4E:C3:26:58:51:42:8F:FF:33:72:1A:85:C8:0B:2F:1E:8F:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XiVOwyZYUUKP_zNyGoXICy8ej7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ed0918-b251-403c-8360-20ca2c0f6e54/1/y3G9QW_9GQasYvn_Nilngc1DZSI.roa
Signing time:             Mon 01 Jan 2024 20:31:03 +0000
ROA not before:           Mon 01 Jan 2024 20:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59577
IP address blocks:        91.201.232.0/22 maxlen: 24
                          195.72.144.0/24 maxlen: 24
                          195.72.145.0/24 maxlen: 24
                          195.72.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ed0918-b251-403c-8360-20ca2c0f6e54/1/XiVOwyZYUUKP_zNyGoXICy8ej7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ed0918-b251-403c-8360-20ca2c0f6e54/1/XiVOwyZYUUKP_zNyGoXICy8ej7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XiVOwyZYUUKP_zNyGoXICy8ej7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:05:af:65:b6:38:fe:75:44:57:01:1e:40:61:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e254ec3265851428fff33721a85c80b2f1e8fbc
        Validity
            Not Before: Jan  1 20:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb71bd416ffd1906ac62f9ff36296781cd436522
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:da:0f:d7:f4:b2:b2:b2:b0:54:07:2f:fa:fd:
                    b6:2e:9c:de:49:72:b2:be:bb:b6:2a:59:a2:53:f5:
                    d0:f3:44:c3:0c:1b:da:82:49:21:91:57:05:1c:b4:
                    56:c1:6c:53:69:1a:d0:92:8d:58:2f:10:cf:0a:7a:
                    61:c2:59:0d:4f:2b:88:65:b0:d5:42:ed:9d:5a:7e:
                    2d:1d:24:12:16:44:51:ff:01:cc:e1:5d:eb:f9:24:
                    d2:0c:33:3f:a8:49:ab:ab:ad:16:8c:03:b1:73:e1:
                    1b:c9:fa:fa:99:ed:2b:e1:2c:f6:43:9a:6d:17:7c:
                    47:02:eb:ea:cc:02:d8:b2:ed:0d:1e:71:45:e5:d6:
                    a9:39:1b:5d:e7:e0:96:e6:e1:eb:16:80:44:26:35:
                    bb:7a:c5:ea:70:3b:38:81:e0:8e:62:c8:44:a4:83:
                    6a:69:ae:8c:de:31:8a:10:35:51:52:7f:ba:05:0b:
                    e3:3b:32:72:e8:ef:9e:7a:cd:52:5f:e2:20:75:57:
                    21:66:63:02:b9:8a:24:37:a3:4e:75:24:cc:9c:46:
                    f7:16:c3:5b:9c:55:18:cd:1c:cd:c1:95:f4:23:d1:
                    80:15:dc:c5:32:16:ab:f9:4c:fe:d4:ef:b4:5e:2d:
                    dc:9c:74:ce:82:2e:98:82:6a:02:cc:92:5a:69:e0:
                    da:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:71:BD:41:6F:FD:19:06:AC:62:F9:FF:36:29:67:81:CD:43:65:22
            X509v3 Authority Key Identifier:
                keyid:5E:25:4E:C3:26:58:51:42:8F:FF:33:72:1A:85:C8:0B:2F:1E:8F:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XiVOwyZYUUKP_zNyGoXICy8ej7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ed0918-b251-403c-8360-20ca2c0f6e54/1/y3G9QW_9GQasYvn_Nilngc1DZSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ed0918-b251-403c-8360-20ca2c0f6e54/1/XiVOwyZYUUKP_zNyGoXICy8ej7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.232.0/22
                  195.72.144.0-195.72.146.255

    Signature Algorithm: sha256WithRSAEncryption
         2e:5e:8e:1c:08:e3:aa:1a:86:d1:bc:20:09:63:6d:6e:3f:2c:
         e4:cc:f1:a6:a9:df:c3:86:6e:d5:04:4e:c4:e2:ad:c7:14:ed:
         c4:37:39:db:96:f5:ea:15:f6:8f:06:95:28:fc:ac:57:dd:19:
         44:6f:a0:30:63:09:fd:7b:41:ed:fb:89:05:3d:1b:f7:89:01:
         0d:b5:75:3b:43:c0:d6:98:6d:d7:e4:95:7e:80:13:1c:80:bb:
         6c:5c:ca:a8:c3:f4:2c:ce:9f:35:60:8d:bb:9a:04:c3:1e:c8:
         d7:83:02:30:ea:1e:cb:bf:69:4f:67:d1:26:47:c1:cf:61:05:
         3f:64:c8:6f:3e:b1:00:a2:e0:c0:3d:3a:86:90:ff:0c:91:e8:
         72:50:6e:d3:1a:94:66:04:5c:9c:31:99:40:ec:be:f6:fb:7c:
         97:5d:b1:f7:7c:b8:71:78:a5:f9:e6:f3:14:4e:05:9e:3e:c7:
         9c:7f:7d:40:e1:d5:ec:e5:de:70:48:b0:fe:05:7e:7d:aa:b1:
         0d:5b:e6:f5:f4:d8:04:4c:94:3b:3c:64:6a:10:e7:c9:d2:9d:
         aa:9b:a2:61:90:07:5e:be:e0:8b:bc:a0:51:a9:0b:1f:2e:6c:
         c6:5c:5d:80:c6:0e:cd:a4:dd:b0:43:ea:75:52:38:90:8e:b9:
         f4:cc:9d:2c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzGuQWvZbY4/nVEVwEeQGF9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMjU0ZWMzMjY1ODUxNDI4ZmZmMzM3MjFhODVjODBiMmYx
ZThmYmMwHhcNMjQwMTAxMjAzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjcxYmQ0MTZmZmQxOTA2YWM2MmY5ZmYzNjI5Njc4MWNkNDM2NTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNoP1/SysrKwVAcv+v22LpzeSXKy
vru2KlmiU/XQ80TDDBvagkkhkVcFHLRWwWxTaRrQko1YLxDPCnphwlkNTyuIZbDV
Qu2dWn4tHSQSFkRR/wHM4V3r+STSDDM/qEmrq60WjAOxc+Ebyfr6me0r4Sz2Q5pt
F3xHAuvqzALYsu0NHnFF5dapORtd5+CW5uHrFoBEJjW7esXqcDs4geCOYshEpINq
aa6M3jGKEDVRUn+6BQvjOzJy6O+ees1SX+IgdVchZmMCuYokN6NOdSTMnEb3FsNb
nFUYzRzNwZX0I9GAFdzFMhar+Uz+1O+0Xi3cnHTOgi6YgmoCzJJaaeDaIwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFMtxvUFv/RkGrGL5/zYpZ4HNQ2UiMB8GA1UdIwQY
MBaAFF4lTsMmWFFCj/8zchqFyAsvHo+8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGlWT3d5WllVVUtQX3pOeUdvWElDeThlajd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9lZDA5MTgtYjI1MS00MDNjLTgzNjAt
MjBjYTJjMGY2ZTU0LzEveTNHOVFXXzlHUWFzWXZuX05pbG5nYzFEWlNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9lZDA5MTgtYjI1MS00MDNjLTgzNjAtMjBjYTJjMGY2ZTU0
LzEvWGlWT3d5WllVVUtQX3pOeUdvWElDeThlajd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCW8noMAwD
BATDSJADBADDSJIwDQYJKoZIhvcNAQELBQADggEBAC5ejhwI46oahtG8IAljbW4/
LOTM8aap38OGbtUETsTirccU7cQ3OduW9eoV9o8GlSj8rFfdGURvoDBjCf17Qe37
iQU9G/eJAQ21dTtDwNaYbdfklX6AExyAu2xcyqjD9CzOnzVgjbuaBMMeyNeDAjDq
Hsu/aU9n0SZHwc9hBT9kyG8+sQCi4MA9OoaQ/wyR6HJQbtMalGYEXJwxmUDsvvb7
fJddsfd8uHF4pfnm8xROBZ4+x5x/fUDh1ezl3nBIsP4Ffn2qsQ1b5vX02ARMlDs8
ZGoQ58nSnaqbomGQB16+4Iu8oFGpCx8ubMZcXYDGDs2k3bBD6nVSOJCOufTMnSw=
-----END CERTIFICATE-----