Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/ac25b4-194e-49c4-aab1-0fe4d7f7db3d/1/C8uJbwt76G_tAX8KyOSIuNkA39o.roa
File:                     C8uJbwt76G_tAX8KyOSIuNkA39o.roa (raw, json)
Hash identifier:          AJ0FdrFIOZ8wxA3hHpZHS88fw0FJ3CN6g2E2TXLFblY=
Subject key identifier:   0B:CB:89:6F:0B:7B:E8:6F:ED:01:7F:0A:C8:E4:88:B8:D9:00:DF:DA
Certificate issuer:       /CN=22c152606125eb66d522263fa03109bbf0bba3da
Certificate serial:       018CC8DEC39C7E950AE11BC63AC050C548C9
Authority key identifier: 22:C1:52:60:61:25:EB:66:D5:22:26:3F:A0:31:09:BB:F0:BB:A3:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsFSYGEl62bVIiY_oDEJu_C7o9o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/ac25b4-194e-49c4-aab1-0fe4d7f7db3d/1/C8uJbwt76G_tAX8KyOSIuNkA39o.roa
Signing time:             Tue 02 Jan 2024 06:31:31 +0000
ROA not before:           Tue 02 Jan 2024 06:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198874
IP address blocks:        91.234.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/ac25b4-194e-49c4-aab1-0fe4d7f7db3d/1/IsFSYGEl62bVIiY_oDEJu_C7o9o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/ac25b4-194e-49c4-aab1-0fe4d7f7db3d/1/IsFSYGEl62bVIiY_oDEJu_C7o9o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsFSYGEl62bVIiY_oDEJu_C7o9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:c3:9c:7e:95:0a:e1:1b:c6:3a:c0:50:c5:48:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c152606125eb66d522263fa03109bbf0bba3da
        Validity
            Not Before: Jan  2 06:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0bcb896f0b7be86fed017f0ac8e488b8d900dfda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:9e:2d:fc:dc:08:67:0a:08:b6:00:b4:a6:b8:
                    80:f0:21:1f:40:a3:57:a6:d0:8b:a8:43:16:e7:0b:
                    f7:5f:49:3b:a5:2d:c4:77:1e:c3:e5:41:81:84:5a:
                    f9:c5:9d:70:c8:fd:48:de:b9:fe:9f:69:d5:bd:48:
                    4e:6b:62:f6:4c:e5:ad:d1:fd:14:a9:c7:00:b7:f6:
                    3c:56:f5:38:4d:02:db:bd:eb:b0:df:16:4e:a4:2a:
                    7d:96:31:29:16:01:71:30:1d:20:a1:3b:3c:8e:fa:
                    df:06:2d:ed:33:1a:26:bc:83:78:01:d0:e5:8e:28:
                    4c:c7:ec:60:41:4b:18:a3:2f:b6:18:74:59:bd:b6:
                    5c:ab:ba:34:e8:0a:40:67:cf:13:14:ed:07:eb:6f:
                    35:22:f0:b9:c4:6a:4d:1a:f9:ba:d1:2e:44:b6:35:
                    24:ba:0b:97:18:84:8f:50:fe:2f:4b:ee:7e:eb:da:
                    27:e8:08:36:72:56:40:a4:2c:82:54:47:29:39:99:
                    2d:8a:83:1e:42:06:d8:eb:33:f5:f8:ab:f9:7c:ae:
                    da:5b:78:a8:64:29:3e:41:81:35:2f:9d:26:f1:60:
                    1a:cb:2d:41:19:6c:4a:2a:9f:e7:87:20:5c:0f:3d:
                    61:f8:6d:7b:b1:9d:03:cd:5b:7a:53:30:30:2c:1b:
                    19:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:CB:89:6F:0B:7B:E8:6F:ED:01:7F:0A:C8:E4:88:B8:D9:00:DF:DA
            X509v3 Authority Key Identifier:
                keyid:22:C1:52:60:61:25:EB:66:D5:22:26:3F:A0:31:09:BB:F0:BB:A3:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsFSYGEl62bVIiY_oDEJu_C7o9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/ac25b4-194e-49c4-aab1-0fe4d7f7db3d/1/C8uJbwt76G_tAX8KyOSIuNkA39o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/ac25b4-194e-49c4-aab1-0fe4d7f7db3d/1/IsFSYGEl62bVIiY_oDEJu_C7o9o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:79:dc:9b:11:1a:c2:d7:da:7a:b5:ad:00:33:c8:c7:b3:db:
         d3:3b:bf:ef:7c:6c:dc:99:ab:15:b3:b9:72:c6:08:5c:ed:8c:
         d8:1c:d7:ab:c6:7f:f2:8f:ef:0e:8f:9a:db:f3:4e:4d:67:64:
         e7:36:30:15:0f:47:5e:42:26:0a:69:34:74:b8:53:81:aa:b2:
         51:d7:5d:d3:c5:d3:79:6c:0c:60:1f:cf:9d:a8:eb:f7:82:41:
         3a:8a:d2:a3:d5:ff:64:72:7c:ed:87:b0:cb:a5:ac:f7:60:9f:
         af:a4:65:37:c3:a9:c5:ab:9e:f9:d6:51:7a:fb:e4:08:76:00:
         d8:c9:f4:e5:1d:02:2c:e4:c4:a8:40:84:7a:f4:7d:93:b9:41:
         2c:42:a0:1d:c6:c2:09:87:27:d6:9f:bb:6e:b3:bf:29:05:3c:
         77:17:47:a2:5e:ad:56:da:7a:1b:51:d8:8c:59:b1:00:8f:e4:
         76:c0:48:57:59:01:a3:4f:78:3b:3d:73:dc:71:b3:e0:e8:51:
         ea:ce:ca:b4:5b:95:f8:7e:26:6d:af:89:f2:cd:e0:d4:91:e5:
         35:fe:9b:03:7a:5a:3e:4e:3f:32:5c:d2:7b:c9:2c:79:a9:b4:
         d2:32:67:b6:5c:a3:27:4f:db:e6:11:32:ce:60:8e:a0:ab:53:
         b6:d0:fd:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3sOcfpUK4RvGOsBQxUjJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzE1MjYwNjEyNWViNjZkNTIyMjYzZmEwMzEwOWJiZjBi
YmEzZGEwHhcNMjQwMTAyMDYzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmNiODk2ZjBiN2JlODZmZWQwMTdmMGFjOGU0ODhiOGQ5MDBkZmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJ4t/NwIZwoItgC0priA8CEfQKNX
ptCLqEMW5wv3X0k7pS3Edx7D5UGBhFr5xZ1wyP1I3rn+n2nVvUhOa2L2TOWt0f0U
qccAt/Y8VvU4TQLbveuw3xZOpCp9ljEpFgFxMB0goTs8jvrfBi3tMxomvIN4AdDl
jihMx+xgQUsYoy+2GHRZvbZcq7o06ApAZ88TFO0H6281IvC5xGpNGvm60S5EtjUk
uguXGISPUP4vS+5+69on6Ag2clZApCyCVEcpOZktioMeQgbY6zP1+Kv5fK7aW3io
ZCk+QYE1L50m8WAayy1BGWxKKp/nhyBcDz1h+G17sZ0DzVt6UzAwLBsZzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvLiW8Le+hv7QF/CsjkiLjZAN/aMB8GA1UdIwQY
MBaAFCLBUmBhJetm1SImP6AxCbvwu6PaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNGU1lHRWw2MmJWSWlZX29ERUp1X0M3bzlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hYzI1YjQtMTk0ZS00OWM0LWFhYjEt
MGZlNGQ3ZjdkYjNkLzEvQzh1SmJ3dDc2R190QVg4S3lPU0l1TmtBMzlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hYzI1YjQtMTk0ZS00OWM0LWFhYjEtMGZlNGQ3ZjdkYjNk
LzEvSXNGU1lHRWw2MmJWSWlZX29ERUp1X0M3bzlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+rkMA0G
CSqGSIb3DQEBCwUAA4IBAQB/edybERrC19p6ta0AM8jHs9vTO7/vfGzcmasVs7ly
xghc7YzYHNerxn/yj+8Oj5rb805NZ2TnNjAVD0deQiYKaTR0uFOBqrJR113TxdN5
bAxgH8+dqOv3gkE6itKj1f9kcnzth7DLpaz3YJ+vpGU3w6nFq5751lF6++QIdgDY
yfTlHQIs5MSoQIR69H2TuUEsQqAdxsIJhyfWn7tus78pBTx3F0eiXq1W2nobUdiM
WbEAj+R2wEhXWQGjT3g7PXPccbPg6FHqzsq0W5X4fiZtr4nyzeDUkeU1/psDelo+
Tj8yXNJ7ySx5qbTSMme2XKMnT9vmETLOYI6gq1O20P3L
-----END CERTIFICATE-----