Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/38006f-fbfc-48aa-85ef-065bc28c2a52/1/fewNTuSaupIUJYdzfVD7kPmvWBM.roa
File:                     fewNTuSaupIUJYdzfVD7kPmvWBM.roa (raw, json)
Hash identifier:          tNbb69C/cLgIj7y/34jeI6l9WdRwaeOwonadTKiXjnE=
Subject key identifier:   7D:EC:0D:4E:E4:9A:BA:92:14:25:87:73:7D:50:FB:90:F9:AF:58:13
Certificate issuer:       /CN=5847f1f4f6bcb2a4758ac8a997bc108000e418d1
Certificate serial:       018CC94E51801B7C5721D5F5CA8DFB4BE652
Authority key identifier: 58:47:F1:F4:F6:BC:B2:A4:75:8A:C8:A9:97:BC:10:80:00:E4:18:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WEfx9Pa8sqR1isipl7wQgADkGNE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/38006f-fbfc-48aa-85ef-065bc28c2a52/1/fewNTuSaupIUJYdzfVD7kPmvWBM.roa
Signing time:             Tue 02 Jan 2024 08:33:22 +0000
ROA not before:           Tue 02 Jan 2024 08:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198346
IP address blocks:        91.222.54.0/24 maxlen: 24
                          91.222.55.0/24 maxlen: 24
                          91.222.52.0/24 maxlen: 24
                          91.222.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/38006f-fbfc-48aa-85ef-065bc28c2a52/1/WEfx9Pa8sqR1isipl7wQgADkGNE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/38006f-fbfc-48aa-85ef-065bc28c2a52/1/WEfx9Pa8sqR1isipl7wQgADkGNE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WEfx9Pa8sqR1isipl7wQgADkGNE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:51:80:1b:7c:57:21:d5:f5:ca:8d:fb:4b:e6:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5847f1f4f6bcb2a4758ac8a997bc108000e418d1
        Validity
            Not Before: Jan  2 08:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7dec0d4ee49aba92142587737d50fb90f9af5813
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ea:ff:47:45:04:06:a6:2b:e6:fd:dd:61:0a:
                    c2:d3:bd:40:73:b8:4b:ff:a4:56:c8:be:9f:d0:f2:
                    82:eb:ab:22:d2:d0:b0:85:e1:36:ce:d0:72:ca:f7:
                    6b:75:27:2e:f9:9e:81:cf:10:cd:a6:5a:c0:ab:79:
                    fa:84:a7:fd:99:d5:32:88:e1:72:ed:30:3d:17:53:
                    fb:99:a1:92:6a:80:80:d9:cd:51:ff:6f:9f:96:7a:
                    05:d0:81:a9:e7:a4:96:75:db:23:64:1c:88:2b:d1:
                    c4:6b:ab:34:0e:1a:20:50:6f:f9:7f:c2:38:c8:42:
                    cf:c2:4c:73:ee:aa:5c:c6:a3:47:83:29:aa:1c:dc:
                    5b:f8:2f:eb:d9:88:06:c4:51:82:24:66:f5:dc:24:
                    5d:ca:ea:8d:4a:77:a6:0f:bd:da:bd:f7:00:63:13:
                    ab:ef:4b:e9:3a:09:e9:71:37:a4:78:4a:ed:ee:af:
                    4d:e4:c1:31:3a:70:81:ec:13:fe:b9:a3:45:46:c4:
                    9f:e6:f4:bd:90:3a:bc:e5:3d:d2:db:fb:56:0b:77:
                    c1:a5:64:39:bc:79:27:b7:4f:9f:7a:5e:8c:5a:ba:
                    29:81:f7:6e:e5:09:5e:f2:6f:fe:25:c9:32:60:85:
                    9e:5c:b5:de:95:f6:78:ef:0b:9f:af:d5:6c:04:40:
                    a3:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:EC:0D:4E:E4:9A:BA:92:14:25:87:73:7D:50:FB:90:F9:AF:58:13
            X509v3 Authority Key Identifier:
                keyid:58:47:F1:F4:F6:BC:B2:A4:75:8A:C8:A9:97:BC:10:80:00:E4:18:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WEfx9Pa8sqR1isipl7wQgADkGNE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/38006f-fbfc-48aa-85ef-065bc28c2a52/1/fewNTuSaupIUJYdzfVD7kPmvWBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/38006f-fbfc-48aa-85ef-065bc28c2a52/1/WEfx9Pa8sqR1isipl7wQgADkGNE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.222.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:3e:eb:9e:f2:69:cc:82:ed:46:db:36:48:63:75:f0:d6:18:
         e9:e8:08:3a:8e:d8:07:db:ff:5e:8a:90:36:d7:f1:14:99:4d:
         93:d6:e8:0b:e1:d1:77:05:ce:8a:14:7f:a8:8c:47:df:d1:ee:
         de:8a:ab:37:75:0b:57:fe:d6:dc:7b:c3:97:c0:27:6d:11:70:
         c7:c3:0c:5d:6b:fd:95:1f:9f:94:c6:51:9e:a3:6e:63:fe:b8:
         2d:01:34:96:a7:c1:7e:69:60:58:89:18:0e:09:2e:2f:01:96:
         36:8a:35:3f:22:20:cb:ab:76:11:75:eb:ae:1c:a4:d4:4d:a5:
         2b:53:43:5c:34:6e:3b:74:21:dd:cb:94:52:a5:2a:dd:26:11:
         f4:b8:69:f6:c1:3d:3b:b2:f5:f8:6e:6d:4b:14:97:ed:da:d0:
         e3:4f:21:57:04:47:47:c0:e1:f1:72:d9:5f:1e:59:19:b4:55:
         66:92:da:43:eb:be:fa:e1:f0:db:20:b4:d7:9c:23:f5:a9:35:
         ba:bc:17:25:d5:2e:a7:c6:26:4e:1d:fb:24:e5:6c:bc:4a:ba:
         62:02:04:f7:e2:83:d6:dd:fb:7b:e7:0b:b5:c4:08:dc:4a:9c:
         03:3b:04:a2:bc:ca:9e:10:0e:7b:16:e4:c3:ba:64:93:19:1e:
         1a:6b:8e:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTlGAG3xXIdX1yo37S+ZSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4NDdmMWY0ZjZiY2IyYTQ3NThhYzhhOTk3YmMxMDgwMDBl
NDE4ZDEwHhcNMjQwMTAyMDgzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGVjMGQ0ZWU0OWFiYTkyMTQyNTg3NzM3ZDUwZmI5MGY5YWY1ODEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOr/R0UEBqYr5v3dYQrC071Ac7hL
/6RWyL6f0PKC66si0tCwheE2ztByyvdrdScu+Z6BzxDNplrAq3n6hKf9mdUyiOFy
7TA9F1P7maGSaoCA2c1R/2+flnoF0IGp56SWddsjZByIK9HEa6s0DhogUG/5f8I4
yELPwkxz7qpcxqNHgymqHNxb+C/r2YgGxFGCJGb13CRdyuqNSnemD73avfcAYxOr
70vpOgnpcTekeErt7q9N5MExOnCB7BP+uaNFRsSf5vS9kDq85T3S2/tWC3fBpWQ5
vHknt0+fel6MWropgfdu5Qle8m/+JckyYIWeXLXelfZ47wufr9VsBECjRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH3sDU7kmrqSFCWHc31Q+5D5r1gTMB8GA1UdIwQY
MBaAFFhH8fT2vLKkdYrIqZe8EIAA5BjRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0VmeDlQYThzcVIxaXNpcGw3d1FnQURrR05FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8zODAwNmYtZmJmYy00OGFhLTg1ZWYt
MDY1YmMyOGMyYTUyLzEvZmV3TlR1U2F1cElVSllkemZWRDdrUG12V0JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8zODAwNmYtZmJmYy00OGFhLTg1ZWYtMDY1YmMyOGMyYTUy
LzEvV0VmeDlQYThzcVIxaXNpcGw3d1FnQURrR05FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW940MA0G
CSqGSIb3DQEBCwUAA4IBAQAbPuue8mnMgu1G2zZIY3Xw1hjp6Ag6jtgH2/9eipA2
1/EUmU2T1ugL4dF3Bc6KFH+ojEff0e7eiqs3dQtX/tbce8OXwCdtEXDHwwxda/2V
H5+UxlGeo25j/rgtATSWp8F+aWBYiRgOCS4vAZY2ijU/IiDLq3YRdeuuHKTUTaUr
U0NcNG47dCHdy5RSpSrdJhH0uGn2wT07svX4bm1LFJft2tDjTyFXBEdHwOHxctlf
HlkZtFVmktpD67764fDbILTXnCP1qTW6vBcl1S6nxiZOHfsk5Wy8SrpiAgT34oPW
3ft75wu1xAjcSpwDOwSivMqeEA57FuTDumSTGR4aa45u
-----END CERTIFICATE-----