Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/044402-c4d4-4259-93e2-7fbf5ee290ac/1/U3msX1HOlWoD0p2yCVjgxzGcadk.roa
File:                     U3msX1HOlWoD0p2yCVjgxzGcadk.roa (raw, json)
Hash identifier:          r5yrnf0IyqNz6UoJpUOpCUm1qoodXLSCVx9FqdHdNYs=
Subject key identifier:   53:79:AC:5F:51:CE:95:6A:03:D2:9D:B2:09:58:E0:C7:31:9C:69:D9
Certificate issuer:       /CN=b5b0a86659ec314f13a04e3a03dbdb1244a0e0a9
Certificate serial:       018CC7271BF1023D03BA5D696CB51416CCC9
Authority key identifier: B5:B0:A8:66:59:EC:31:4F:13:A0:4E:3A:03:DB:DB:12:44:A0:E0:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tbCoZlnsMU8ToE46A9vbEkSg4Kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/044402-c4d4-4259-93e2-7fbf5ee290ac/1/U3msX1HOlWoD0p2yCVjgxzGcadk.roa
Signing time:             Mon 01 Jan 2024 22:31:18 +0000
ROA not before:           Mon 01 Jan 2024 22:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        193.28.159.0/24 maxlen: 24
                          91.223.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/044402-c4d4-4259-93e2-7fbf5ee290ac/1/tbCoZlnsMU8ToE46A9vbEkSg4Kk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/044402-c4d4-4259-93e2-7fbf5ee290ac/1/tbCoZlnsMU8ToE46A9vbEkSg4Kk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tbCoZlnsMU8ToE46A9vbEkSg4Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:1b:f1:02:3d:03:ba:5d:69:6c:b5:14:16:cc:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5b0a86659ec314f13a04e3a03dbdb1244a0e0a9
        Validity
            Not Before: Jan  1 22:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5379ac5f51ce956a03d29db20958e0c7319c69d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:05:aa:9a:63:46:fc:8d:8f:91:b3:44:6d:85:
                    55:9f:57:7f:38:45:88:7a:a7:89:b9:82:38:b7:60:
                    7a:ff:b4:32:e1:0c:a1:13:88:90:f6:c1:8c:d6:39:
                    df:1a:5d:0e:8b:57:91:9f:44:d9:1c:23:d4:30:10:
                    7e:b1:fd:a8:c1:92:66:e1:f2:80:bd:5e:83:61:01:
                    e2:64:6a:96:72:de:27:fb:64:d8:94:c3:95:0e:4c:
                    bd:f2:f9:0e:bf:d5:64:34:01:75:34:ce:b4:b0:8d:
                    71:1a:b2:b4:f7:92:d1:6b:56:15:f0:73:08:71:03:
                    c1:41:0d:7c:c8:08:29:68:95:59:c0:65:1a:c4:72:
                    36:b6:ff:7f:da:a7:cc:64:a8:f6:3b:c5:21:92:ef:
                    26:ae:a6:4d:cc:69:a5:fb:5b:47:c4:c0:a2:30:ad:
                    e8:cc:2d:64:7a:87:a0:bb:d6:41:ec:03:b5:5e:05:
                    31:54:d9:de:66:a2:33:7b:36:1c:04:2c:57:b6:57:
                    19:8c:1a:03:50:35:f0:e3:0b:3a:82:31:d7:29:dd:
                    ae:ff:74:77:b8:1c:30:f6:d3:cd:4e:3d:55:c9:cc:
                    c2:3e:d7:ee:58:b2:64:ae:e9:39:3a:7d:a5:48:1f:
                    ed:93:a6:08:9a:cf:2b:bd:5b:55:d6:70:1d:44:90:
                    46:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:79:AC:5F:51:CE:95:6A:03:D2:9D:B2:09:58:E0:C7:31:9C:69:D9
            X509v3 Authority Key Identifier:
                keyid:B5:B0:A8:66:59:EC:31:4F:13:A0:4E:3A:03:DB:DB:12:44:A0:E0:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tbCoZlnsMU8ToE46A9vbEkSg4Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/044402-c4d4-4259-93e2-7fbf5ee290ac/1/U3msX1HOlWoD0p2yCVjgxzGcadk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/044402-c4d4-4259-93e2-7fbf5ee290ac/1/tbCoZlnsMU8ToE46A9vbEkSg4Kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.161.0/24
                  193.28.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:6f:94:55:6c:ee:16:9c:c0:e8:54:d3:21:35:59:9a:6a:0c:
         23:38:39:10:1b:51:9b:07:31:1c:1c:05:a6:de:80:69:c4:50:
         b6:62:58:f9:41:db:92:e5:d4:d4:89:f7:72:b8:26:be:6e:a7:
         6a:c7:ab:16:0e:01:10:ff:3e:a0:5e:90:82:75:b7:50:6f:ec:
         9f:53:43:ed:11:c1:65:e8:84:89:c0:d4:fa:e8:04:3e:09:8f:
         58:cf:b2:55:c7:80:f6:f9:02:95:3f:5e:4f:11:69:46:b4:99:
         b7:bc:07:d7:33:29:2d:a0:ac:cf:0e:47:0b:8a:6a:03:cb:a9:
         b3:bb:d3:58:69:17:a7:f5:ee:3a:e8:67:25:b8:8f:4e:a2:e8:
         29:da:f8:5f:9a:b8:3b:3d:20:99:bd:1e:b8:16:54:7f:06:c1:
         a2:60:7a:06:4e:da:01:ea:1a:7e:de:b1:84:20:72:73:39:54:
         b3:3b:6a:da:c1:a1:b9:7d:73:fe:9f:2f:be:3a:a0:a4:3b:f8:
         38:69:0c:db:95:c6:72:47:22:b6:c7:fc:5a:be:04:2c:be:b6:
         7c:0b:92:bc:99:13:29:39:98:e0:35:07:c9:25:4e:53:03:c1:
         8e:8b:5a:f6:2c:67:a8:51:0e:d0:4d:d5:7e:14:70:5d:7d:88:
         45:78:af:14
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJxvxAj0Dul1pbLUUFszJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1YjBhODY2NTllYzMxNGYxM2EwNGUzYTAzZGJkYjEyNDRh
MGUwYTkwHhcNMjQwMTAxMjIzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mzc5YWM1ZjUxY2U5NTZhMDNkMjlkYjIwOTU4ZTBjNzMxOWM2OWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAWqmmNG/I2PkbNEbYVVn1d/OEWI
eqeJuYI4t2B6/7Qy4QyhE4iQ9sGM1jnfGl0Oi1eRn0TZHCPUMBB+sf2owZJm4fKA
vV6DYQHiZGqWct4n+2TYlMOVDky98vkOv9VkNAF1NM60sI1xGrK095LRa1YV8HMI
cQPBQQ18yAgpaJVZwGUaxHI2tv9/2qfMZKj2O8Uhku8mrqZNzGml+1tHxMCiMK3o
zC1keoegu9ZB7AO1XgUxVNneZqIzezYcBCxXtlcZjBoDUDXw4ws6gjHXKd2u/3R3
uBww9tPNTj1VyczCPtfuWLJkruk5On2lSB/tk6YIms8rvVtV1nAdRJBG9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFN5rF9RzpVqA9KdsglY4McxnGnZMB8GA1UdIwQY
MBaAFLWwqGZZ7DFPE6BOOgPb2xJEoOCpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGJDb1psbnNNVThUb0U0NkE5dmJFa1NnNEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8wNDQ0MDItYzRkNC00MjU5LTkzZTIt
N2ZiZjVlZTI5MGFjLzEvVTNtc1gxSE9sV29EMHAyeUNWamd4ekdjYWRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8wNDQ0MDItYzRkNC00MjU5LTkzZTItN2ZiZjVlZTI5MGFj
LzEvdGJDb1psbnNNVThUb0U0NkE5dmJFa1NnNEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9+hAwQA
wRyfMA0GCSqGSIb3DQEBCwUAA4IBAQBTb5RVbO4WnMDoVNMhNVmaagwjODkQG1Gb
BzEcHAWm3oBpxFC2Ylj5QduS5dTUifdyuCa+bqdqx6sWDgEQ/z6gXpCCdbdQb+yf
U0PtEcFl6ISJwNT66AQ+CY9Yz7JVx4D2+QKVP15PEWlGtJm3vAfXMyktoKzPDkcL
imoDy6mzu9NYaRen9e466GcluI9Oougp2vhfmrg7PSCZvR64FlR/BsGiYHoGTtoB
6hp+3rGEIHJzOVSzO2rawaG5fXP+ny++OqCkO/g4aQzblcZyRyK2x/xavgQsvrZ8
C5K8mRMpOZjgNQfJJU5TA8GOi1r2LGeoUQ7QTdV+FHBdfYhFeK8U
-----END CERTIFICATE-----