Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/55ae2d-37a2-4f67-9516-9081545f5691/1/xt47wHkM35P6tMvJpmpsr99vda8.roa
File:                     xt47wHkM35P6tMvJpmpsr99vda8.roa (raw, json)
Hash identifier:          15WXc4Wcbd2cJFDZb+aW9fAQE6Ww2ST6pgXU2xtKE9k=
Subject key identifier:   C6:DE:3B:C0:79:0C:DF:93:FA:B4:CB:C9:A6:6A:6C:AF:DF:6F:75:AF
Certificate issuer:       /CN=e3ce069dfc5b608876d6424a32e783a98a92eff2
Certificate serial:       018CC94D97D8E19DD9F6BA162A914B8A28C5
Authority key identifier: E3:CE:06:9D:FC:5B:60:88:76:D6:42:4A:32:E7:83:A9:8A:92:EF:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/484GnfxbYIh21kJKMueDqYqS7_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/55ae2d-37a2-4f67-9516-9081545f5691/1/xt47wHkM35P6tMvJpmpsr99vda8.roa
Signing time:             Tue 02 Jan 2024 08:32:34 +0000
ROA not before:           Tue 02 Jan 2024 08:32:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57130
IP address blocks:        91.230.241.0/24 maxlen: 24
                          194.9.22.0/24 maxlen: 24
                          194.9.23.0/24 maxlen: 24
                          91.230.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/55ae2d-37a2-4f67-9516-9081545f5691/1/484GnfxbYIh21kJKMueDqYqS7_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/55ae2d-37a2-4f67-9516-9081545f5691/1/484GnfxbYIh21kJKMueDqYqS7_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/484GnfxbYIh21kJKMueDqYqS7_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 02:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:97:d8:e1:9d:d9:f6:ba:16:2a:91:4b:8a:28:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3ce069dfc5b608876d6424a32e783a98a92eff2
        Validity
            Not Before: Jan  2 08:32:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6de3bc0790cdf93fab4cbc9a66a6cafdf6f75af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:5c:ff:cf:af:20:a9:32:aa:4f:db:93:1a:09:
                    e0:1c:21:c0:7b:b7:e7:1c:1c:f1:89:6b:c5:2f:cc:
                    9f:c4:43:d4:8c:7a:7f:f9:87:be:94:53:f1:3b:53:
                    66:ce:12:22:d9:7b:54:e5:6d:29:d7:ad:96:2c:6f:
                    7d:7e:6e:08:3e:96:06:df:5d:28:60:c3:f5:5f:07:
                    05:c7:31:f4:6b:4c:65:dd:27:11:9e:aa:cf:9a:0e:
                    37:cd:c5:4a:94:c6:6c:08:da:bc:1d:0a:1e:7a:80:
                    e0:de:83:ba:62:8c:6f:65:d6:28:2c:a7:11:8e:f4:
                    82:c6:7d:4c:29:82:ad:1f:f3:60:56:a1:71:0e:a9:
                    52:30:3c:f3:bf:8d:8e:86:d1:c2:b2:e2:4c:46:74:
                    a5:11:e6:3c:cb:6e:1d:4a:8a:07:3f:14:dc:10:73:
                    58:55:83:6e:87:b6:f0:0c:7a:02:27:c8:27:25:24:
                    c7:fd:bc:53:df:65:c0:97:22:11:e7:59:e1:25:76:
                    8d:9b:4a:a7:30:59:ce:14:6f:f0:6b:24:80:ac:a3:
                    20:81:4f:22:b7:aa:98:7d:73:27:1f:65:4e:b5:6f:
                    cb:16:55:b9:db:a9:6f:05:84:32:ea:dc:07:95:37:
                    92:9e:e3:82:18:58:36:0e:e6:ff:64:97:ba:80:e8:
                    71:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:DE:3B:C0:79:0C:DF:93:FA:B4:CB:C9:A6:6A:6C:AF:DF:6F:75:AF
            X509v3 Authority Key Identifier:
                keyid:E3:CE:06:9D:FC:5B:60:88:76:D6:42:4A:32:E7:83:A9:8A:92:EF:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/484GnfxbYIh21kJKMueDqYqS7_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/55ae2d-37a2-4f67-9516-9081545f5691/1/xt47wHkM35P6tMvJpmpsr99vda8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/55ae2d-37a2-4f67-9516-9081545f5691/1/484GnfxbYIh21kJKMueDqYqS7_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.240.0/23
                  194.9.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         19:c2:d7:1d:40:64:0e:f9:69:37:80:eb:c9:ad:ba:c7:36:e7:
         64:d3:90:16:3d:2f:56:8b:93:02:4b:00:a4:32:6d:b6:39:73:
         45:d3:57:7f:db:c6:ae:54:48:03:8a:d4:b5:61:97:41:d3:74:
         65:30:54:ba:57:1d:45:a5:49:4b:44:3f:62:ca:5f:36:49:17:
         03:1d:3c:8d:16:1d:ec:f8:af:39:28:b0:c7:9c:e7:c3:60:96:
         08:6d:fd:69:80:9c:3c:40:86:00:ec:2d:6b:33:2e:35:92:96:
         1e:00:40:14:a5:31:2e:ba:47:64:a7:33:61:d1:ea:fa:2d:15:
         29:6d:b9:3a:6a:ca:31:f7:d5:ce:87:9a:67:1c:60:f0:94:e5:
         3d:03:66:e5:d6:6b:e5:7b:92:59:c7:9a:65:42:9f:a5:d6:7b:
         3a:a2:1f:c7:ee:77:bc:54:64:a9:3d:60:a5:45:1a:df:da:57:
         95:b9:46:30:4a:46:b7:10:9c:5f:11:b4:e1:35:2d:c3:98:cc:
         14:6d:7a:65:28:4d:02:0a:31:6e:c5:28:5d:11:f5:13:14:37:
         2b:a1:24:85:25:79:c0:27:7f:be:03:b8:60:1d:2b:3b:1d:57:
         64:98:48:05:82:57:ab:c3:57:de:02:dd:74:ea:3a:83:33:ef:
         16:35:29:7d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTZfY4Z3Z9roWKpFLiijFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzY2UwNjlkZmM1YjYwODg3NmQ2NDI0YTMyZTc4M2E5OGE5
MmVmZjIwHhcNMjQwMTAyMDgzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmRlM2JjMDc5MGNkZjkzZmFiNGNiYzlhNjZhNmNhZmRmNmY3NWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFz/z68gqTKqT9uTGgngHCHAe7fn
HBzxiWvFL8yfxEPUjHp/+Ye+lFPxO1NmzhIi2XtU5W0p162WLG99fm4IPpYG310o
YMP1XwcFxzH0a0xl3ScRnqrPmg43zcVKlMZsCNq8HQoeeoDg3oO6YoxvZdYoLKcR
jvSCxn1MKYKtH/NgVqFxDqlSMDzzv42OhtHCsuJMRnSlEeY8y24dSooHPxTcEHNY
VYNuh7bwDHoCJ8gnJSTH/bxT32XAlyIR51nhJXaNm0qnMFnOFG/waySArKMggU8i
t6qYfXMnH2VOtW/LFlW526lvBYQy6twHlTeSnuOCGFg2Dub/ZJe6gOhxMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMbeO8B5DN+T+rTLyaZqbK/fb3WvMB8GA1UdIwQY
MBaAFOPOBp38W2CIdtZCSjLng6mKku/yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDg0R25meGJZSWgyMWtKS011ZURxWXFTN19JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS81NWFlMmQtMzdhMi00ZjY3LTk1MTYt
OTA4MTU0NWY1NjkxLzEveHQ0N3dIa00zNVA2dE12SnBtcHNyOTl2ZGE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS81NWFlMmQtMzdhMi00ZjY3LTk1MTYtOTA4MTU0NWY1Njkx
LzEvNDg0R25meGJZSWgyMWtKS011ZURxWXFTN19JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+bwAwQB
wgkWMA0GCSqGSIb3DQEBCwUAA4IBAQAZwtcdQGQO+Wk3gOvJrbrHNudk05AWPS9W
i5MCSwCkMm22OXNF01d/28auVEgDitS1YZdB03RlMFS6Vx1FpUlLRD9iyl82SRcD
HTyNFh3s+K85KLDHnOfDYJYIbf1pgJw8QIYA7C1rMy41kpYeAEAUpTEuukdkpzNh
0er6LRUpbbk6asox99XOh5pnHGDwlOU9A2bl1mvle5JZx5plQp+l1ns6oh/H7ne8
VGSpPWClRRrf2leVuUYwSka3EJxfEbThNS3DmMwUbXplKE0CCjFuxShdEfUTFDcr
oSSFJXnAJ3++A7hgHSs7HVdkmEgFglerw1feAt106jqDM+8WNSl9
-----END CERTIFICATE-----