Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/d230cf-853f-43b7-9741-dca8da876fe6/1/acBMsz_18v0du8QSs2xwMYZDI8U.roa
File:                     acBMsz_18v0du8QSs2xwMYZDI8U.roa (raw, json)
Hash identifier:          riFRzw3qpK1oAq2keEsmGGcJXlyll4pe8QzpP7ABCYU=
Subject key identifier:   69:C0:4C:B3:3F:F5:F2:FD:1D:BB:C4:12:B3:6C:70:31:86:43:23:C5
Certificate issuer:       /CN=61aa7d6313abdc27c92d0ba549e8683f9a8f150f
Certificate serial:       018DE5AFD194A52F7ABD479ECC6EA6EF1C84
Authority key identifier: 61:AA:7D:63:13:AB:DC:27:C9:2D:0B:A5:49:E8:68:3F:9A:8F:15:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yap9YxOr3CfJLQulSehoP5qPFQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/d230cf-853f-43b7-9741-dca8da876fe6/1/acBMsz_18v0du8QSs2xwMYZDI8U.roa
Signing time:             Mon 26 Feb 2024 13:52:01 +0000
ROA not before:           Mon 26 Feb 2024 13:52:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56827
IP address blocks:        91.227.232.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/d230cf-853f-43b7-9741-dca8da876fe6/1/Yap9YxOr3CfJLQulSehoP5qPFQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/d230cf-853f-43b7-9741-dca8da876fe6/1/Yap9YxOr3CfJLQulSehoP5qPFQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yap9YxOr3CfJLQulSehoP5qPFQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e5:af:d1:94:a5:2f:7a:bd:47:9e:cc:6e:a6:ef:1c:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61aa7d6313abdc27c92d0ba549e8683f9a8f150f
        Validity
            Not Before: Feb 26 13:52:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69c04cb33ff5f2fd1dbbc412b36c7031864323c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:5e:67:ed:22:a9:ca:d8:bd:fd:e1:9c:4c:bd:
                    cd:21:7e:9b:ae:cc:bc:a9:bd:d6:6f:b0:46:67:ee:
                    a8:ce:47:8a:f3:75:70:42:d8:55:88:24:71:49:9f:
                    3e:2f:7f:c2:56:be:ae:6a:af:08:ed:29:24:12:60:
                    e6:df:ec:12:a6:44:e4:17:f9:e6:da:0c:93:0e:20:
                    80:b4:92:85:37:54:95:46:be:99:ba:65:79:76:2b:
                    5f:29:69:0f:52:f4:8a:cb:07:64:26:44:29:6c:fe:
                    5e:d9:87:5c:90:0e:7c:2c:12:a8:a9:fb:12:5f:3a:
                    fd:2f:17:e7:9a:83:ee:b7:ac:8d:7d:a9:ab:2f:c9:
                    55:c2:d2:ca:3a:be:72:a8:1b:39:f4:7c:b3:b0:d6:
                    7a:f5:e4:f2:61:aa:4b:61:8f:7d:e4:a4:73:0d:53:
                    b1:01:44:53:3f:84:c8:ea:e7:fd:10:01:86:d5:be:
                    7b:2a:01:86:2c:36:f7:96:20:f2:69:60:c6:35:0d:
                    d0:a9:1e:04:68:a0:41:40:3c:aa:ba:1c:5a:5f:34:
                    99:56:e3:6a:7f:be:7e:f2:ae:3d:4c:a8:95:dd:b3:
                    34:f6:c2:4f:a6:ca:f4:5d:c2:96:6b:97:a0:4c:ca:
                    d0:66:12:36:90:65:2e:cd:e7:d4:e7:90:15:f3:d9:
                    f0:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:C0:4C:B3:3F:F5:F2:FD:1D:BB:C4:12:B3:6C:70:31:86:43:23:C5
            X509v3 Authority Key Identifier:
                keyid:61:AA:7D:63:13:AB:DC:27:C9:2D:0B:A5:49:E8:68:3F:9A:8F:15:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yap9YxOr3CfJLQulSehoP5qPFQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/d230cf-853f-43b7-9741-dca8da876fe6/1/acBMsz_18v0du8QSs2xwMYZDI8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/d230cf-853f-43b7-9741-dca8da876fe6/1/Yap9YxOr3CfJLQulSehoP5qPFQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:f8:bd:d0:37:31:15:64:94:c3:02:8e:10:11:bd:ca:4d:29:
         e5:e7:9a:3d:9c:02:63:c8:4e:4a:0e:42:da:06:95:89:89:7e:
         80:e2:9a:3c:f4:5a:59:bf:d2:ad:45:28:d8:cf:f6:cc:8d:7b:
         9d:68:d4:c4:30:8e:9a:8a:f0:aa:28:9c:2c:af:11:ef:c2:db:
         2b:92:88:31:ad:03:68:21:1c:54:ca:9d:57:d8:69:38:72:91:
         d5:18:c2:0b:75:76:79:91:78:50:df:82:a8:8c:de:a5:51:6a:
         46:78:fd:87:56:8c:7e:a7:e8:9d:28:f0:3b:09:22:a5:b2:78:
         e1:63:0e:19:8f:97:ca:c6:f1:a8:8f:1c:89:be:b2:09:7a:aa:
         41:31:51:34:97:bb:69:ec:8e:3b:20:96:38:57:ef:53:a3:e7:
         3a:e2:5b:0a:10:c3:01:fb:a8:0c:85:21:7b:6d:4b:af:e8:6c:
         c0:c9:b0:fb:7a:fe:7e:2e:e2:78:70:df:76:26:cf:ec:ae:eb:
         39:ba:51:5a:77:9e:cf:6f:19:2f:06:41:00:f6:6f:b2:b6:c5:
         3a:35:bf:ff:a2:c1:75:cf:ae:db:5a:57:6f:b9:de:cf:88:98:
         56:93:55:2c:69:84:0d:6f:dd:a3:b8:49:b8:3a:01:be:32:b0:
         6f:65:bc:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3lr9GUpS96vUeezG6m7xyEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYWE3ZDYzMTNhYmRjMjdjOTJkMGJhNTQ5ZTg2ODNmOWE4
ZjE1MGYwHhcNMjQwMjI2MTM1MjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWMwNGNiMzNmZjVmMmZkMWRiYmM0MTJiMzZjNzAzMTg2NDMyM2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqF5n7SKpyti9/eGcTL3NIX6brsy8
qb3Wb7BGZ+6ozkeK83VwQthViCRxSZ8+L3/CVr6uaq8I7SkkEmDm3+wSpkTkF/nm
2gyTDiCAtJKFN1SVRr6ZumV5ditfKWkPUvSKywdkJkQpbP5e2YdckA58LBKoqfsS
Xzr9LxfnmoPut6yNfamrL8lVwtLKOr5yqBs59HyzsNZ69eTyYapLYY995KRzDVOx
AURTP4TI6uf9EAGG1b57KgGGLDb3liDyaWDGNQ3QqR4EaKBBQDyquhxaXzSZVuNq
f75+8q49TKiV3bM09sJPpsr0XcKWa5egTMrQZhI2kGUuzefU55AV89nwBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGnATLM/9fL9HbvEErNscDGGQyPFMB8GA1UdIwQY
MBaAFGGqfWMTq9wnyS0LpUnoaD+ajxUPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWFwOVl4T3IzQ2ZKTFF1bFNlaG9QNXFQRlE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9kMjMwY2YtODUzZi00M2I3LTk3NDEt
ZGNhOGRhODc2ZmU2LzEvYWNCTXN6XzE4djBkdThRU3MyeHdNWVpESThVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9kMjMwY2YtODUzZi00M2I3LTk3NDEtZGNhOGRhODc2ZmU2
LzEvWWFwOVl4T3IzQ2ZKTFF1bFNlaG9QNXFQRlE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+PoMA0G
CSqGSIb3DQEBCwUAA4IBAQAt+L3QNzEVZJTDAo4QEb3KTSnl55o9nAJjyE5KDkLa
BpWJiX6A4po89FpZv9KtRSjYz/bMjXudaNTEMI6aivCqKJwsrxHvwtsrkogxrQNo
IRxUyp1X2Gk4cpHVGMILdXZ5kXhQ34KojN6lUWpGeP2HVox+p+idKPA7CSKlsnjh
Yw4Zj5fKxvGojxyJvrIJeqpBMVE0l7tp7I47IJY4V+9To+c64lsKEMMB+6gMhSF7
bUuv6GzAybD7ev5+LuJ4cN92Js/srus5ulFad57PbxkvBkEA9m+ytsU6Nb//osF1
z67bWldvud7PiJhWk1UsaYQNb92juEm4OgG+MrBvZbxq
-----END CERTIFICATE-----