Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/b5f6af-3c83-4cb5-b5eb-ba14843c549c/1/Z5Wj4ETCBwwFJoDKH5Fj58u-pFU.roa
File:                     Z5Wj4ETCBwwFJoDKH5Fj58u-pFU.roa (raw, json)
Hash identifier:          HnoyoyObavcuS/eILrDrrZ4EIOLhnlSVEA6BYmwlkwo=
Subject key identifier:   67:95:A3:E0:44:C2:07:0C:05:26:80:CA:1F:91:63:E7:CB:BE:A4:55
Certificate issuer:       /CN=502c37e7ecb59b667fa82ecf093e5ed87661a8e2
Certificate serial:       018E3DA322AA71D9D8BAFC0A7A456998E1A1
Authority key identifier: 50:2C:37:E7:EC:B5:9B:66:7F:A8:2E:CF:09:3E:5E:D8:76:61:A8:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UCw35-y1m2Z_qC7PCT5e2HZhqOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/b5f6af-3c83-4cb5-b5eb-ba14843c549c/1/Z5Wj4ETCBwwFJoDKH5Fj58u-pFU.roa
Signing time:             Thu 14 Mar 2024 15:44:45 +0000
ROA not before:           Thu 14 Mar 2024 15:44:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51887
IP address blocks:        91.220.159.0/24 maxlen: 24
                          91.221.120.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/b5f6af-3c83-4cb5-b5eb-ba14843c549c/1/UCw35-y1m2Z_qC7PCT5e2HZhqOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/b5f6af-3c83-4cb5-b5eb-ba14843c549c/1/UCw35-y1m2Z_qC7PCT5e2HZhqOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UCw35-y1m2Z_qC7PCT5e2HZhqOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3d:a3:22:aa:71:d9:d8:ba:fc:0a:7a:45:69:98:e1:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=502c37e7ecb59b667fa82ecf093e5ed87661a8e2
        Validity
            Not Before: Mar 14 15:44:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6795a3e044c2070c052680ca1f9163e7cbbea455
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:97:51:8a:a6:bc:dc:70:75:72:98:17:ca:d3:
                    58:7d:5c:8e:55:1f:c3:57:cb:c4:7d:8c:4e:a1:2d:
                    39:ba:6c:ce:09:bf:ef:ca:e0:85:a3:da:38:10:0a:
                    bd:0a:5d:77:5d:7a:11:6b:96:76:eb:e3:10:54:ca:
                    b3:59:ae:66:7c:db:24:41:c5:ff:53:9f:cc:09:38:
                    18:42:62:20:f3:52:d0:74:f6:ad:64:82:92:54:61:
                    f1:28:28:24:4c:2f:e3:44:47:a6:d7:7d:48:b3:a4:
                    ab:bc:81:05:cd:53:36:c1:75:fc:7b:a5:b3:e6:f8:
                    84:d2:0e:b9:d5:86:3f:a3:54:b2:72:de:77:cb:a2:
                    ff:04:75:6b:a5:d9:29:9b:63:2b:ed:05:92:c3:9f:
                    2d:3f:09:5b:c3:ed:b7:9b:0a:2f:b6:8c:12:25:0a:
                    f2:8b:61:96:04:3a:8a:63:47:dc:23:7c:16:20:bf:
                    e0:d7:7a:1a:cc:3a:9f:8b:0c:54:63:b3:f6:73:27:
                    23:ba:7e:b4:b5:90:c1:64:d1:78:3f:8a:f8:c8:61:
                    a5:73:9b:ce:7e:7b:81:e9:a3:82:5a:93:5d:ba:32:
                    c5:2e:6a:14:51:0c:6c:25:ea:fe:5b:67:3c:ed:8c:
                    a5:d7:81:92:43:35:c9:42:91:00:65:25:77:cc:94:
                    50:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:95:A3:E0:44:C2:07:0C:05:26:80:CA:1F:91:63:E7:CB:BE:A4:55
            X509v3 Authority Key Identifier:
                keyid:50:2C:37:E7:EC:B5:9B:66:7F:A8:2E:CF:09:3E:5E:D8:76:61:A8:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UCw35-y1m2Z_qC7PCT5e2HZhqOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/b5f6af-3c83-4cb5-b5eb-ba14843c549c/1/Z5Wj4ETCBwwFJoDKH5Fj58u-pFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/b5f6af-3c83-4cb5-b5eb-ba14843c549c/1/UCw35-y1m2Z_qC7PCT5e2HZhqOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.159.0/24
                  91.221.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ba:90:e9:d8:0a:57:20:5c:f6:96:f2:d1:93:3f:18:43:e0:2a:
         a6:c0:4f:94:47:2c:67:78:1f:e2:b3:d3:b5:d0:4d:8f:e0:84:
         e8:a4:09:67:aa:4f:9d:17:a9:f8:ce:87:70:71:01:da:b9:3e:
         43:5c:0c:3f:53:6c:f7:50:db:02:79:cb:76:4e:fa:32:50:9d:
         82:f6:1f:e3:a2:c1:90:4b:ae:ce:bb:c9:30:f3:ab:b7:11:60:
         41:ec:5d:19:11:30:be:90:bc:5f:d2:d4:87:bb:7d:36:d3:ef:
         5d:63:f2:31:44:db:c3:c3:6e:10:90:44:2a:c7:c7:4a:a0:6b:
         d2:e5:fb:40:cd:32:5a:56:1b:f6:00:f4:1e:8d:ea:0a:2a:42:
         98:cf:ed:9d:be:3c:d5:17:f4:5e:0e:52:59:3c:78:43:de:3b:
         87:63:62:de:ac:14:49:96:dc:67:e2:38:bc:1b:82:54:ba:69:
         4d:71:06:71:36:41:b9:d5:39:1e:fb:d1:f3:cf:ac:af:f5:72:
         1b:74:1a:6b:bd:14:3a:a5:f4:e6:19:bd:6d:31:48:c6:79:63:
         92:6e:94:04:c5:9e:8e:0c:19:e1:93:7a:20:4d:bf:54:d1:88:
         81:48:00:8c:8f:3c:a0:4a:ab:4a:57:e6:58:13:78:a0:c5:f6:
         1b:1f:0b:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY49oyKqcdnYuvwKekVpmOGhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMmMzN2U3ZWNiNTliNjY3ZmE4MmVjZjA5M2U1ZWQ4NzY2
MWE4ZTIwHhcNMjQwMzE0MTU0NDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Nzk1YTNlMDQ0YzIwNzBjMDUyNjgwY2ExZjkxNjNlN2NiYmVhNDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi5dRiqa83HB1cpgXytNYfVyOVR/D
V8vEfYxOoS05umzOCb/vyuCFo9o4EAq9Cl13XXoRa5Z26+MQVMqzWa5mfNskQcX/
U5/MCTgYQmIg81LQdPatZIKSVGHxKCgkTC/jREem131Is6SrvIEFzVM2wXX8e6Wz
5viE0g651YY/o1Syct53y6L/BHVrpdkpm2Mr7QWSw58tPwlbw+23mwovtowSJQry
i2GWBDqKY0fcI3wWIL/g13oazDqfiwxUY7P2cycjun60tZDBZNF4P4r4yGGlc5vO
fnuB6aOCWpNdujLFLmoUUQxsJer+W2c87Yyl14GSQzXJQpEAZSV3zJRQtwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGeVo+BEwgcMBSaAyh+RY+fLvqRVMB8GA1UdIwQY
MBaAFFAsN+fstZtmf6guzwk+Xth2YajiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUN3MzUteTFtMlpfcUM3UENUNWUySFpocU9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9iNWY2YWYtM2M4My00Y2I1LWI1ZWIt
YmExNDg0M2M1NDljLzEvWjVXajRFVENCd3dGSm9ES0g1Rmo1OHUtcEZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9iNWY2YWYtM2M4My00Y2I1LWI1ZWItYmExNDg0M2M1NDlj
LzEvVUN3MzUteTFtMlpfcUM3UENUNWUySFpocU9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9yfAwQB
W914MA0GCSqGSIb3DQEBCwUAA4IBAQC6kOnYClcgXPaW8tGTPxhD4CqmwE+URyxn
eB/is9O10E2P4ITopAlnqk+dF6n4zodwcQHauT5DXAw/U2z3UNsCect2TvoyUJ2C
9h/josGQS67Ou8kw86u3EWBB7F0ZETC+kLxf0tSHu3020+9dY/IxRNvDw24QkEQq
x8dKoGvS5ftAzTJaVhv2APQejeoKKkKYz+2dvjzVF/ReDlJZPHhD3juHY2LerBRJ
ltxn4ji8G4JUumlNcQZxNkG51Tke+9Hzz6yv9XIbdBprvRQ6pfTmGb1tMUjGeWOS
bpQExZ6ODBnhk3ogTb9U0YiBSACMjzygSqtKV+ZYE3igxfYbHwsa
-----END CERTIFICATE-----