Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/044402-c4d4-4259-93e2-7fbf5ee290ac/1/hT2VCKQNMA0sQQPQ6ZS1ZTj_VQw.roa
File:                     hT2VCKQNMA0sQQPQ6ZS1ZTj_VQw.roa (raw, json)
Hash identifier:          GTTBHazUkyv+vlqLySA8tpx3Vi7/BKJmIp883ls1AWU=
Subject key identifier:   85:3D:95:08:A4:0D:30:0D:2C:41:03:D0:E9:94:B5:65:38:FF:55:0C
Certificate issuer:       /CN=b5b0a86659ec314f13a04e3a03dbdb1244a0e0a9
Certificate serial:       018CC7271E2074D54E3DF25281FA8B3D0170
Authority key identifier: B5:B0:A8:66:59:EC:31:4F:13:A0:4E:3A:03:DB:DB:12:44:A0:E0:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tbCoZlnsMU8ToE46A9vbEkSg4Kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/044402-c4d4-4259-93e2-7fbf5ee290ac/1/hT2VCKQNMA0sQQPQ6ZS1ZTj_VQw.roa
Signing time:             Mon 01 Jan 2024 22:31:18 +0000
ROA not before:           Mon 01 Jan 2024 22:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59268
IP address blocks:        91.206.144.0/24 maxlen: 24
                          193.28.159.0/24 maxlen: 24
                          91.223.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/044402-c4d4-4259-93e2-7fbf5ee290ac/1/tbCoZlnsMU8ToE46A9vbEkSg4Kk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/044402-c4d4-4259-93e2-7fbf5ee290ac/1/tbCoZlnsMU8ToE46A9vbEkSg4Kk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tbCoZlnsMU8ToE46A9vbEkSg4Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:1e:20:74:d5:4e:3d:f2:52:81:fa:8b:3d:01:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5b0a86659ec314f13a04e3a03dbdb1244a0e0a9
        Validity
            Not Before: Jan  1 22:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=853d9508a40d300d2c4103d0e994b56538ff550c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:cc:7c:dd:6e:07:e4:02:33:d4:6b:a1:9d:27:
                    54:d8:05:81:2b:a1:c0:8a:18:01:bc:e8:38:b6:1b:
                    79:fd:72:1b:8e:96:9f:b6:58:f0:28:c7:e7:d4:b7:
                    0a:96:2d:23:c8:4e:12:ff:ca:52:18:1d:64:92:79:
                    b0:30:44:a7:5b:13:6a:df:3e:25:0b:32:b9:21:64:
                    7b:58:8d:d3:03:4c:50:bd:50:4b:e8:14:bd:3e:25:
                    d0:93:e3:c8:96:f6:30:30:14:aa:31:1e:bd:7c:a1:
                    0b:31:0b:06:27:ab:6d:eb:23:14:fc:60:0d:0b:26:
                    9a:94:5e:81:c1:0f:c9:d6:27:9c:21:0a:67:33:71:
                    82:32:72:a6:e5:2e:8c:db:e9:9f:b3:5f:bd:cf:94:
                    40:0e:ea:f1:09:7e:b1:60:be:7a:ff:d3:aa:d4:18:
                    83:73:a2:ff:70:e3:a1:43:54:f8:c5:dc:ef:e2:b1:
                    da:00:c9:d8:11:7f:f5:12:99:42:6f:28:68:ed:e9:
                    ee:73:e1:17:c6:be:1d:ab:c7:ac:20:c5:4b:e4:f0:
                    21:13:94:b8:f1:15:52:3e:b3:2d:31:f6:9c:95:5e:
                    cc:1c:ee:b3:ff:a5:c1:b3:dc:12:12:76:df:22:e5:
                    f9:4c:43:4e:83:e0:8d:b5:ca:5a:8b:09:db:ca:c6:
                    53:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:3D:95:08:A4:0D:30:0D:2C:41:03:D0:E9:94:B5:65:38:FF:55:0C
            X509v3 Authority Key Identifier:
                keyid:B5:B0:A8:66:59:EC:31:4F:13:A0:4E:3A:03:DB:DB:12:44:A0:E0:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tbCoZlnsMU8ToE46A9vbEkSg4Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/044402-c4d4-4259-93e2-7fbf5ee290ac/1/hT2VCKQNMA0sQQPQ6ZS1ZTj_VQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/044402-c4d4-4259-93e2-7fbf5ee290ac/1/tbCoZlnsMU8ToE46A9vbEkSg4Kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.144.0/24
                  91.223.161.0/24
                  193.28.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:27:da:b3:da:4e:3e:e0:1e:cf:7f:81:93:86:09:12:bf:c5:
         03:a6:94:20:2e:10:2f:a9:74:9b:11:36:f9:2a:97:ef:63:31:
         1e:c7:21:eb:7c:90:dc:5a:50:4d:94:ab:42:90:05:d9:7d:7f:
         21:f1:4a:37:e3:38:0a:5d:ca:48:9b:0b:2e:aa:e5:fa:de:43:
         d7:25:2e:7b:a9:05:2e:47:5d:c0:23:bf:6c:5c:19:6c:c1:c7:
         47:2c:4e:00:88:45:1e:25:17:b4:06:f9:4e:0f:60:79:42:05:
         91:d3:e6:3e:df:6c:9f:6a:3a:87:9e:24:5a:49:e2:69:ac:00:
         c4:24:5e:e8:64:80:d4:3b:2b:5a:7e:bb:ab:4e:00:59:ca:97:
         40:48:bc:f7:b8:ef:4c:0d:b1:73:2e:14:80:c2:1f:eb:d0:1e:
         d9:85:d6:78:6b:08:15:75:35:a9:f6:2c:00:50:7f:57:ea:9e:
         da:ef:3a:fe:14:72:f8:a1:85:17:52:a6:02:21:89:a7:8c:28:
         90:77:f6:50:be:3e:17:1c:42:5c:86:db:62:d2:8d:9e:79:f5:
         5f:37:4e:b0:d5:91:64:02:ed:c3:fe:b0:f9:4d:09:00:a3:d9:
         99:9d:53:b8:c0:fb:a1:63:42:ea:2f:a2:19:90:a1:e8:1a:13:
         52:21:81:bc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHJx4gdNVOPfJSgfqLPQFwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1YjBhODY2NTllYzMxNGYxM2EwNGUzYTAzZGJkYjEyNDRh
MGUwYTkwHhcNMjQwMTAxMjIzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTNkOTUwOGE0MGQzMDBkMmM0MTAzZDBlOTk0YjU2NTM4ZmY1NTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsx83W4H5AIz1GuhnSdU2AWBK6HA
ihgBvOg4tht5/XIbjpaftljwKMfn1LcKli0jyE4S/8pSGB1kknmwMESnWxNq3z4l
CzK5IWR7WI3TA0xQvVBL6BS9PiXQk+PIlvYwMBSqMR69fKELMQsGJ6tt6yMU/GAN
CyaalF6BwQ/J1iecIQpnM3GCMnKm5S6M2+mfs1+9z5RADurxCX6xYL56/9Oq1BiD
c6L/cOOhQ1T4xdzv4rHaAMnYEX/1EplCbyho7enuc+EXxr4dq8esIMVL5PAhE5S4
8RVSPrMtMfaclV7MHO6z/6XBs9wSEnbfIuX5TENOg+CNtcpaiwnbysZT/wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIU9lQikDTANLEED0OmUtWU4/1UMMB8GA1UdIwQY
MBaAFLWwqGZZ7DFPE6BOOgPb2xJEoOCpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGJDb1psbnNNVThUb0U0NkE5dmJFa1NnNEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8wNDQ0MDItYzRkNC00MjU5LTkzZTIt
N2ZiZjVlZTI5MGFjLzEvaFQyVkNLUU5NQTBzUVFQUTZaUzFaVGpfVlF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8wNDQ0MDItYzRkNC00MjU5LTkzZTItN2ZiZjVlZTI5MGFj
LzEvdGJDb1psbnNNVThUb0U0NkE5dmJFa1NnNEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW86QAwQA
W9+hAwQAwRyfMA0GCSqGSIb3DQEBCwUAA4IBAQBWJ9qz2k4+4B7Pf4GThgkSv8UD
ppQgLhAvqXSbETb5KpfvYzEexyHrfJDcWlBNlKtCkAXZfX8h8Uo34zgKXcpImwsu
quX63kPXJS57qQUuR13AI79sXBlswcdHLE4AiEUeJRe0BvlOD2B5QgWR0+Y+32yf
ajqHniRaSeJprADEJF7oZIDUOytafrurTgBZypdASLz3uO9MDbFzLhSAwh/r0B7Z
hdZ4awgVdTWp9iwAUH9X6p7a7zr+FHL4oYUXUqYCIYmnjCiQd/ZQvj4XHEJchtti
0o2eefVfN06w1ZFkAu3D/rD5TQkAo9mZnVO4wPuhY0LqL6IZkKHoGhNSIYG8
-----END CERTIFICATE-----