Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/044402-c4d4-4259-93e2-7fbf5ee290ac/1/pz9Gg6fFB4wZI0yBjfghMRLJ1QQ.roa
File:                     pz9Gg6fFB4wZI0yBjfghMRLJ1QQ.roa (raw, json)
Hash identifier:          jKQ3TJLgaHyvrXDOwXNKnjgWBCZkIKVHIgP8ZPbc7nI=
Subject key identifier:   A7:3F:46:83:A7:C5:07:8C:19:23:4C:81:8D:F8:21:31:12:C9:D5:04
Certificate issuer:       /CN=b5b0a86659ec314f13a04e3a03dbdb1244a0e0a9
Certificate serial:       018CC7271DDE98D20C6ABACCA4DAE81057BE
Authority key identifier: B5:B0:A8:66:59:EC:31:4F:13:A0:4E:3A:03:DB:DB:12:44:A0:E0:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tbCoZlnsMU8ToE46A9vbEkSg4Kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/044402-c4d4-4259-93e2-7fbf5ee290ac/1/pz9Gg6fFB4wZI0yBjfghMRLJ1QQ.roa
Signing time:             Mon 01 Jan 2024 22:31:18 +0000
ROA not before:           Mon 01 Jan 2024 22:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47856
IP address blocks:        91.206.144.0/23 maxlen: 24
                          193.28.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/044402-c4d4-4259-93e2-7fbf5ee290ac/1/tbCoZlnsMU8ToE46A9vbEkSg4Kk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/044402-c4d4-4259-93e2-7fbf5ee290ac/1/tbCoZlnsMU8ToE46A9vbEkSg4Kk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tbCoZlnsMU8ToE46A9vbEkSg4Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:1d:de:98:d2:0c:6a:ba:cc:a4:da:e8:10:57:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5b0a86659ec314f13a04e3a03dbdb1244a0e0a9
        Validity
            Not Before: Jan  1 22:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a73f4683a7c5078c19234c818df8213112c9d504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:7e:27:c0:7b:6f:4e:e5:2d:e4:6a:55:b8:f8:
                    07:14:59:30:a9:02:1d:1c:f1:0c:42:dd:4f:c5:d4:
                    7d:41:7c:9c:59:d7:14:e9:82:9c:e8:f4:3d:ed:8c:
                    c1:2e:7b:38:37:2d:46:42:35:5b:00:b3:b6:0d:c4:
                    e7:1b:a8:e3:55:4e:45:25:46:e9:6e:e8:32:c5:38:
                    6f:5c:e5:01:ea:0d:a0:5b:f6:11:a5:ff:8a:af:2a:
                    2d:30:a8:80:d9:eb:91:5d:5d:2f:ed:17:6f:31:53:
                    1a:28:f8:7e:1a:94:e1:92:23:e9:49:86:b0:08:64:
                    c9:21:b4:b7:b1:82:38:a2:af:8e:50:dc:5b:d4:df:
                    af:58:17:1c:f8:ec:8f:24:d4:ea:53:74:73:de:01:
                    2d:81:64:5a:b5:2e:6c:a5:f8:ca:c0:c6:a5:4e:a5:
                    cc:fc:ec:b0:00:0a:8a:b1:b1:96:be:cc:76:3d:f7:
                    d0:94:7b:d4:4d:12:75:da:58:cf:48:4b:ae:a2:e1:
                    8b:3b:83:56:6b:ba:5b:bc:3b:70:91:d6:92:17:1c:
                    4c:ca:d6:d4:91:b9:d7:26:12:55:e1:46:40:5f:53:
                    24:40:03:59:26:2e:5b:fc:7c:44:ee:13:eb:0a:60:
                    41:36:0f:f1:cc:f3:42:2a:e9:3c:ce:6a:b2:aa:20:
                    e8:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:3F:46:83:A7:C5:07:8C:19:23:4C:81:8D:F8:21:31:12:C9:D5:04
            X509v3 Authority Key Identifier:
                keyid:B5:B0:A8:66:59:EC:31:4F:13:A0:4E:3A:03:DB:DB:12:44:A0:E0:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tbCoZlnsMU8ToE46A9vbEkSg4Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/044402-c4d4-4259-93e2-7fbf5ee290ac/1/pz9Gg6fFB4wZI0yBjfghMRLJ1QQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/044402-c4d4-4259-93e2-7fbf5ee290ac/1/tbCoZlnsMU8ToE46A9vbEkSg4Kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.144.0/23
                  193.28.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:af:4a:c2:9f:7a:e7:7e:23:9e:2b:5a:fe:33:99:a5:66:ae:
         ea:47:3e:37:13:7e:fe:1a:2b:b1:0a:c0:5e:2d:c3:e7:ef:35:
         b1:0a:f6:16:ff:87:ec:31:cb:71:27:d3:51:b1:23:31:64:c4:
         7b:ec:a8:6c:fe:6f:8f:94:7b:cd:98:75:d8:d6:e4:8b:1f:b4:
         df:00:26:98:53:8c:d5:23:97:32:64:1d:42:cd:26:58:1c:2f:
         6e:5c:63:76:4e:e1:48:96:02:82:da:75:58:51:4c:57:a5:8b:
         20:9c:ac:f9:6b:10:ec:dc:28:13:74:03:71:57:08:d9:b5:2f:
         3f:63:61:3e:5f:67:af:cc:ef:f3:fe:bb:2f:ea:0a:55:10:41:
         97:94:fa:28:bc:31:31:03:3c:59:81:8b:8e:c0:38:db:cc:3e:
         b6:4b:c8:08:92:79:81:96:86:ad:04:1b:97:ee:9e:bb:93:b0:
         68:42:99:4d:f5:9a:b5:12:d8:39:3b:7c:2a:55:7c:6f:30:45:
         6c:10:0a:e2:1c:d3:8c:d4:d4:67:6a:ed:c9:ea:51:7b:dd:ff:
         71:d4:03:04:b2:0c:19:1e:22:e9:a1:7c:fe:2b:f7:2b:2b:2e:
         d1:27:64:18:d2:e8:36:8e:0e:2a:42:fe:82:4b:e9:8e:f8:ee:
         85:dc:af:c7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJx3emNIMarrMpNroEFe+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1YjBhODY2NTllYzMxNGYxM2EwNGUzYTAzZGJkYjEyNDRh
MGUwYTkwHhcNMjQwMTAxMjIzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzNmNDY4M2E3YzUwNzhjMTkyMzRjODE4ZGY4MjEzMTEyYzlkNTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkn4nwHtvTuUt5GpVuPgHFFkwqQId
HPEMQt1PxdR9QXycWdcU6YKc6PQ97YzBLns4Ny1GQjVbALO2DcTnG6jjVU5FJUbp
bugyxThvXOUB6g2gW/YRpf+KryotMKiA2euRXV0v7RdvMVMaKPh+GpThkiPpSYaw
CGTJIbS3sYI4oq+OUNxb1N+vWBcc+OyPJNTqU3Rz3gEtgWRatS5spfjKwMalTqXM
/OywAAqKsbGWvsx2PffQlHvUTRJ12ljPSEuuouGLO4NWa7pbvDtwkdaSFxxMytbU
kbnXJhJV4UZAX1MkQANZJi5b/HxE7hPrCmBBNg/xzPNCKuk8zmqyqiDohwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKc/RoOnxQeMGSNMgY34ITESydUEMB8GA1UdIwQY
MBaAFLWwqGZZ7DFPE6BOOgPb2xJEoOCpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGJDb1psbnNNVThUb0U0NkE5dmJFa1NnNEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8wNDQ0MDItYzRkNC00MjU5LTkzZTIt
N2ZiZjVlZTI5MGFjLzEvcHo5R2c2ZkZCNHdaSTB5QmpmZ2hNUkxKMVFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8wNDQ0MDItYzRkNC00MjU5LTkzZTItN2ZiZjVlZTI5MGFj
LzEvdGJDb1psbnNNVThUb0U0NkE5dmJFa1NnNEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW86QAwQA
wRyfMA0GCSqGSIb3DQEBCwUAA4IBAQBTr0rCn3rnfiOeK1r+M5mlZq7qRz43E37+
GiuxCsBeLcPn7zWxCvYW/4fsMctxJ9NRsSMxZMR77Khs/m+PlHvNmHXY1uSLH7Tf
ACaYU4zVI5cyZB1CzSZYHC9uXGN2TuFIlgKC2nVYUUxXpYsgnKz5axDs3CgTdANx
VwjZtS8/Y2E+X2evzO/z/rsv6gpVEEGXlPoovDExAzxZgYuOwDjbzD62S8gIknmB
loatBBuX7p67k7BoQplN9Zq1Etg5O3wqVXxvMEVsEAriHNOM1NRnau3J6lF73f9x
1AMEsgwZHiLpoXz+K/crKy7RJ2QY0ug2jg4qQv6CS+mO+O6F3K/H
-----END CERTIFICATE-----