Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/55dc83-2707-4917-b63f-95c4e94ad0a9/1/f9WpYGc4X-vfaMSVL8l1kUA6-Pk.roa
File:                     f9WpYGc4X-vfaMSVL8l1kUA6-Pk.roa (raw, json)
Hash identifier:          Im+FzFm3wjg0wLGvWgha47mS8AwWYqd4tSABA4stAKw=
Subject key identifier:   7F:D5:A9:60:67:38:5F:EB:DF:68:C4:95:2F:C9:75:91:40:3A:F8:F9
Certificate issuer:       /CN=363548ed4628966248204c2fe69065f0d7b527a3
Certificate serial:       018CC49387E253AB026AC9CADA99FE8BBCFF
Authority key identifier: 36:35:48:ED:46:28:96:62:48:20:4C:2F:E6:90:65:F0:D7:B5:27:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NjVI7UYolmJIIEwv5pBl8Ne1J6M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/55dc83-2707-4917-b63f-95c4e94ad0a9/1/f9WpYGc4X-vfaMSVL8l1kUA6-Pk.roa
Signing time:             Mon 01 Jan 2024 10:30:52 +0000
ROA not before:           Mon 01 Jan 2024 10:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202523
IP address blocks:        185.91.240.0/22 maxlen: 22
                          2a05:ee80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/55dc83-2707-4917-b63f-95c4e94ad0a9/1/NjVI7UYolmJIIEwv5pBl8Ne1J6M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/55dc83-2707-4917-b63f-95c4e94ad0a9/1/NjVI7UYolmJIIEwv5pBl8Ne1J6M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NjVI7UYolmJIIEwv5pBl8Ne1J6M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:87:e2:53:ab:02:6a:c9:ca:da:99:fe:8b:bc:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=363548ed4628966248204c2fe69065f0d7b527a3
        Validity
            Not Before: Jan  1 10:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7fd5a96067385febdf68c4952fc97591403af8f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:83:22:44:36:22:ea:c9:63:44:7d:19:c5:55:
                    7a:cc:e5:24:a8:20:09:13:f3:12:53:58:5a:08:20:
                    5a:87:67:fa:ba:6d:8b:33:89:53:f7:7c:b4:dc:46:
                    c8:72:cc:e6:8c:f4:b6:25:35:51:5f:55:6c:c2:ca:
                    66:87:e6:c7:e4:52:2d:3e:f6:91:29:d6:02:7a:8a:
                    3d:39:b7:4d:0d:bf:af:92:eb:ba:0a:23:4a:88:2d:
                    9a:13:a2:55:87:d6:ac:6f:63:8a:3a:91:a2:3f:d4:
                    d5:57:1a:d3:cf:c5:f6:0f:64:62:c2:3c:3f:8f:37:
                    85:4b:d6:c0:9b:47:f1:f1:84:e0:df:ec:18:d1:da:
                    1b:38:b8:b6:dc:b6:ec:23:2d:9d:6a:f7:4d:7d:ee:
                    ce:10:dc:72:a4:29:04:ae:04:e1:80:65:70:7e:42:
                    e3:51:37:64:43:c8:57:2d:27:ac:a2:b4:12:82:ff:
                    83:96:f9:3a:46:02:c0:b2:f0:a3:18:40:ac:44:10:
                    27:53:57:dd:d8:6f:19:4c:58:7f:9f:c5:76:5d:b5:
                    b5:6a:24:70:ae:2e:24:cd:6d:80:49:82:37:3f:a1:
                    2d:c7:d2:e7:7b:83:e8:12:2c:4c:13:95:71:8d:7a:
                    ec:e7:62:f4:4a:4a:4a:3e:ed:df:71:1f:ff:02:fa:
                    1d:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:D5:A9:60:67:38:5F:EB:DF:68:C4:95:2F:C9:75:91:40:3A:F8:F9
            X509v3 Authority Key Identifier:
                keyid:36:35:48:ED:46:28:96:62:48:20:4C:2F:E6:90:65:F0:D7:B5:27:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NjVI7UYolmJIIEwv5pBl8Ne1J6M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/55dc83-2707-4917-b63f-95c4e94ad0a9/1/f9WpYGc4X-vfaMSVL8l1kUA6-Pk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/55dc83-2707-4917-b63f-95c4e94ad0a9/1/NjVI7UYolmJIIEwv5pBl8Ne1J6M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.240.0/22
                IPv6:
                  2a05:ee80::/29

    Signature Algorithm: sha256WithRSAEncryption
         8a:3f:a8:1b:af:e1:58:8d:b3:cd:3b:ad:b6:9f:3f:ca:61:a0:
         19:e0:51:ad:97:7e:3e:2a:1f:c4:f0:92:3c:86:11:79:b6:fc:
         ce:3c:a2:9b:d2:ae:dc:94:9d:a4:87:bf:38:dc:b5:30:ea:c1:
         fa:64:5d:f5:ac:58:c8:81:cd:e5:c0:d6:96:16:2c:3b:cc:12:
         b3:26:8b:f3:48:28:38:34:30:fd:92:3d:ad:96:85:f9:0e:29:
         5d:f0:04:66:81:d9:22:a8:0d:58:2e:96:09:34:09:79:f5:85:
         ff:5b:43:65:68:de:17:df:81:28:9f:13:38:a1:1b:f1:5c:52:
         f3:d7:02:b7:52:cb:55:5f:2c:ec:e8:56:63:01:a5:8a:c5:b3:
         c7:31:45:39:4e:b0:a1:22:e8:76:ed:b9:3a:42:b8:21:99:04:
         c3:1a:ee:16:9f:41:02:c5:8d:08:55:a7:17:a9:6e:f5:6e:c8:
         5f:70:5e:be:79:e3:fa:d6:15:06:35:28:b5:94:1b:2c:21:7c:
         26:35:5b:88:96:c1:09:ad:ac:14:0b:17:b0:80:38:93:4a:cf:
         8a:6f:c2:39:d6:6e:ae:e6:6a:f6:b8:b1:84:c6:45:5c:a5:27:
         33:59:f7:bc:47:de:84:bb:0d:84:02:04:0e:2d:ec:32:69:aa:
         ea:3e:75:c1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEk4fiU6sCasnK2pn+i7z/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MzU0OGVkNDYyODk2NjI0ODIwNGMyZmU2OTA2NWYwZDdi
NTI3YTMwHhcNMjQwMTAxMTAzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmQ1YTk2MDY3Mzg1ZmViZGY2OGM0OTUyZmM5NzU5MTQwM2FmOGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIMiRDYi6sljRH0ZxVV6zOUkqCAJ
E/MSU1haCCBah2f6um2LM4lT93y03EbIcszmjPS2JTVRX1Vswspmh+bH5FItPvaR
KdYCeoo9ObdNDb+vkuu6CiNKiC2aE6JVh9asb2OKOpGiP9TVVxrTz8X2D2Riwjw/
jzeFS9bAm0fx8YTg3+wY0dobOLi23LbsIy2davdNfe7OENxypCkErgThgGVwfkLj
UTdkQ8hXLSesorQSgv+Dlvk6RgLAsvCjGECsRBAnU1fd2G8ZTFh/n8V2XbW1aiRw
ri4kzW2ASYI3P6Etx9Lne4PoEixME5VxjXrs52L0SkpKPu3fcR//AvoduQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH/VqWBnOF/r32jElS/JdZFAOvj5MB8GA1UdIwQY
MBaAFDY1SO1GKJZiSCBML+aQZfDXtSejMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmpWSTdVWW9sbUpJSUV3djVwQmw4TmUxSjZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi81NWRjODMtMjcwNy00OTE3LWI2M2Yt
OTVjNGU5NGFkMGE5LzEvZjlXcFlHYzRYLXZmYU1TVkw4bDFrVUE2LVBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi81NWRjODMtMjcwNy00OTE3LWI2M2YtOTVjNGU5NGFkMGE5
LzEvTmpWSTdVWW9sbUpJSUV3djVwQmw4TmUxSjZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVvwMA0E
AgACMAcDBQMqBe6AMA0GCSqGSIb3DQEBCwUAA4IBAQCKP6gbr+FYjbPNO622nz/K
YaAZ4FGtl34+Kh/E8JI8hhF5tvzOPKKb0q7clJ2kh7843LUw6sH6ZF31rFjIgc3l
wNaWFiw7zBKzJovzSCg4NDD9kj2tloX5Dild8ARmgdkiqA1YLpYJNAl59YX/W0Nl
aN4X34EonxM4oRvxXFLz1wK3UstVXyzs6FZjAaWKxbPHMUU5TrChIuh27bk6Qrgh
mQTDGu4Wn0ECxY0IVacXqW71bshfcF6+eeP61hUGNSi1lBssIXwmNVuIlsEJrawU
CxewgDiTSs+Kb8I51m6u5mr2uLGExkVcpSczWfe8R96Euw2EAgQOLewyaarqPnXB
-----END CERTIFICATE-----