Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/b5f6af-3c83-4cb5-b5eb-ba14843c549c/1/CSiL6Yyeg0xQXBcj8XOK4HgrYxI.roa
File:                     CSiL6Yyeg0xQXBcj8XOK4HgrYxI.roa (raw, json)
Hash identifier:          s+ixpHOOBgmvBKRK/+ubiTkSvkUa1at28/oEorgp1hc=
Subject key identifier:   09:28:8B:E9:8C:9E:83:4C:50:5C:17:23:F1:73:8A:E0:78:2B:63:12
Certificate issuer:       /CN=502c37e7ecb59b667fa82ecf093e5ed87661a8e2
Certificate serial:       018E3DA321D4DAFE27E5D038B61C8CFBA2E2
Authority key identifier: 50:2C:37:E7:EC:B5:9B:66:7F:A8:2E:CF:09:3E:5E:D8:76:61:A8:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UCw35-y1m2Z_qC7PCT5e2HZhqOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/b5f6af-3c83-4cb5-b5eb-ba14843c549c/1/CSiL6Yyeg0xQXBcj8XOK4HgrYxI.roa
Signing time:             Thu 14 Mar 2024 15:44:44 +0000
ROA not before:           Thu 14 Mar 2024 15:44:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        91.220.159.0/24 maxlen: 24
                          91.221.120.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/b5f6af-3c83-4cb5-b5eb-ba14843c549c/1/UCw35-y1m2Z_qC7PCT5e2HZhqOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/b5f6af-3c83-4cb5-b5eb-ba14843c549c/1/UCw35-y1m2Z_qC7PCT5e2HZhqOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UCw35-y1m2Z_qC7PCT5e2HZhqOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3d:a3:21:d4:da:fe:27:e5:d0:38:b6:1c:8c:fb:a2:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=502c37e7ecb59b667fa82ecf093e5ed87661a8e2
        Validity
            Not Before: Mar 14 15:44:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09288be98c9e834c505c1723f1738ae0782b6312
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e2:78:1b:c6:04:ea:25:24:62:a5:75:48:61:
                    1e:e9:01:f9:d3:cb:2b:45:75:6d:a5:f9:82:87:a4:
                    ce:2f:c8:28:27:a8:aa:ca:6e:0d:6e:9b:88:3c:29:
                    1a:37:2e:1c:7f:41:68:2a:b1:60:12:c7:44:c2:3a:
                    e3:9a:49:42:93:21:9d:48:66:e0:7c:7c:7a:20:1b:
                    87:b9:a0:8c:4c:f8:b9:2e:a4:23:70:4c:23:a1:a0:
                    23:5d:91:fb:13:f8:5d:e9:78:f2:1d:78:df:5d:16:
                    91:84:e1:7f:fc:06:aa:39:92:6d:41:60:bc:7f:56:
                    7d:0e:08:dd:d9:ff:0e:26:37:a6:8a:fe:db:e4:6a:
                    8f:34:74:4e:28:a5:e1:30:70:a7:37:f1:7d:d9:39:
                    ef:48:58:a6:54:94:a9:e5:7c:be:00:cb:8f:d9:36:
                    bf:6f:9d:c7:33:55:99:bd:4a:8c:69:2a:b4:48:f1:
                    c9:f5:0b:cc:ae:0e:cd:07:90:a4:27:1c:89:bb:f3:
                    90:f6:57:36:dd:2f:8d:f2:29:1c:d7:af:c8:c9:78:
                    93:15:21:fa:a5:10:0e:e1:2f:5b:8c:f6:96:ec:76:
                    f2:59:89:15:88:2e:66:32:99:a4:80:0e:04:51:72:
                    56:f0:98:73:ad:79:c6:61:25:3a:e3:b2:e6:cd:e7:
                    1d:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:28:8B:E9:8C:9E:83:4C:50:5C:17:23:F1:73:8A:E0:78:2B:63:12
            X509v3 Authority Key Identifier:
                keyid:50:2C:37:E7:EC:B5:9B:66:7F:A8:2E:CF:09:3E:5E:D8:76:61:A8:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UCw35-y1m2Z_qC7PCT5e2HZhqOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/b5f6af-3c83-4cb5-b5eb-ba14843c549c/1/CSiL6Yyeg0xQXBcj8XOK4HgrYxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/b5f6af-3c83-4cb5-b5eb-ba14843c549c/1/UCw35-y1m2Z_qC7PCT5e2HZhqOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.159.0/24
                  91.221.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         07:0f:9b:67:f3:87:1c:2d:93:b3:96:24:48:9a:84:94:9d:c7:
         c5:db:4d:e7:92:96:31:82:4a:4e:41:11:d4:13:46:c8:61:07:
         14:e2:02:a7:07:3a:8d:8d:4d:1e:1c:81:42:85:5d:70:7f:83:
         88:02:8a:00:64:d5:99:00:69:fd:9e:4b:d9:7a:f6:71:2f:08:
         0b:2b:10:17:14:65:b6:87:1f:20:b7:80:8c:3d:fc:81:9e:a4:
         db:26:c6:9d:75:81:e0:7f:9c:94:62:e7:47:34:60:48:30:b3:
         e4:ee:61:5b:16:56:11:7b:6f:9a:61:f6:64:91:98:0d:6d:38:
         bf:96:d7:e0:12:be:7d:8a:2d:b4:23:5d:92:81:17:ba:57:76:
         5e:19:4b:26:b6:90:23:9c:9a:ea:52:60:ff:c6:2a:92:3d:32:
         c7:e3:76:90:cd:42:62:d6:e1:8c:ce:9e:95:2a:f4:00:2f:63:
         9a:df:a3:b6:f8:e6:d7:21:61:23:e2:bc:bb:ab:24:d4:4c:8e:
         f0:64:26:d1:45:a6:f8:5b:39:c3:75:2d:ff:80:7d:df:6e:1a:
         33:60:07:f1:2f:30:79:a1:72:2a:4b:5a:9f:80:fb:59:e2:ce:
         ef:cd:25:45:c3:e7:ed:e1:f7:32:c5:60:9e:45:c5:b1:6e:19:
         d2:2c:37:a0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY49oyHU2v4n5dA4thyM+6LiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMmMzN2U3ZWNiNTliNjY3ZmE4MmVjZjA5M2U1ZWQ4NzY2
MWE4ZTIwHhcNMjQwMzE0MTU0NDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTI4OGJlOThjOWU4MzRjNTA1YzE3MjNmMTczOGFlMDc4MmI2MzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+J4G8YE6iUkYqV1SGEe6QH508sr
RXVtpfmCh6TOL8goJ6iqym4NbpuIPCkaNy4cf0FoKrFgEsdEwjrjmklCkyGdSGbg
fHx6IBuHuaCMTPi5LqQjcEwjoaAjXZH7E/hd6XjyHXjfXRaRhOF//AaqOZJtQWC8
f1Z9Dgjd2f8OJjemiv7b5GqPNHROKKXhMHCnN/F92TnvSFimVJSp5Xy+AMuP2Ta/
b53HM1WZvUqMaSq0SPHJ9QvMrg7NB5CkJxyJu/OQ9lc23S+N8ikc16/IyXiTFSH6
pRAO4S9bjPaW7HbyWYkViC5mMpmkgA4EUXJW8JhzrXnGYSU647LmzecdBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAkoi+mMnoNMUFwXI/FziuB4K2MSMB8GA1UdIwQY
MBaAFFAsN+fstZtmf6guzwk+Xth2YajiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUN3MzUteTFtMlpfcUM3UENUNWUySFpocU9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9iNWY2YWYtM2M4My00Y2I1LWI1ZWIt
YmExNDg0M2M1NDljLzEvQ1NpTDZZeWVnMHhRWEJjajhYT0s0SGdyWXhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9iNWY2YWYtM2M4My00Y2I1LWI1ZWItYmExNDg0M2M1NDlj
LzEvVUN3MzUteTFtMlpfcUM3UENUNWUySFpocU9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9yfAwQB
W914MA0GCSqGSIb3DQEBCwUAA4IBAQAHD5tn84ccLZOzliRImoSUncfF203nkpYx
gkpOQRHUE0bIYQcU4gKnBzqNjU0eHIFChV1wf4OIAooAZNWZAGn9nkvZevZxLwgL
KxAXFGW2hx8gt4CMPfyBnqTbJsaddYHgf5yUYudHNGBIMLPk7mFbFlYRe2+aYfZk
kZgNbTi/ltfgEr59ii20I12SgRe6V3ZeGUsmtpAjnJrqUmD/xiqSPTLH43aQzUJi
1uGMzp6VKvQAL2Oa36O2+ObXIWEj4ry7qyTUTI7wZCbRRab4WznDdS3/gH3fbhoz
YAfxLzB5oXIqS1qfgPtZ4s7vzSVFw+ft4fcyxWCeRcWxbhnSLDeg
-----END CERTIFICATE-----