Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/39ef81-db85-47d6-87c2-57eb5ef896e1/1/YqUEKxue8n3jd3pLAFG2upOJRvs.roa
File:                     YqUEKxue8n3jd3pLAFG2upOJRvs.roa (raw, json)
Hash identifier:          pA+dC2Im5K52KnAuUyTgNEQm1xNxczu2U+S7+jDR9Q0=
Subject key identifier:   62:A5:04:2B:1B:9E:F2:7D:E3:77:7A:4B:00:51:B6:BA:93:89:46:FB
Certificate issuer:       /CN=c551472480683c61970f605fb199eeb6eae1218b
Certificate serial:       018CC348F9AE1AFB905EC809FB414F991436
Authority key identifier: C5:51:47:24:80:68:3C:61:97:0F:60:5F:B1:99:EE:B6:EA:E1:21:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xVFHJIBoPGGXD2BfsZnuturhIYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/39ef81-db85-47d6-87c2-57eb5ef896e1/1/YqUEKxue8n3jd3pLAFG2upOJRvs.roa
Signing time:             Mon 01 Jan 2024 04:29:48 +0000
ROA not before:           Mon 01 Jan 2024 04:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56544
IP address blocks:        91.225.176.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/39ef81-db85-47d6-87c2-57eb5ef896e1/1/xVFHJIBoPGGXD2BfsZnuturhIYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/39ef81-db85-47d6-87c2-57eb5ef896e1/1/xVFHJIBoPGGXD2BfsZnuturhIYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xVFHJIBoPGGXD2BfsZnuturhIYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f9:ae:1a:fb:90:5e:c8:09:fb:41:4f:99:14:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c551472480683c61970f605fb199eeb6eae1218b
        Validity
            Not Before: Jan  1 04:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62a5042b1b9ef27de3777a4b0051b6ba938946fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:84:00:91:0e:76:78:8b:dd:3e:f4:78:57:35:
                    e5:7c:7b:ed:bd:b9:48:e5:33:c2:17:92:6c:4a:b7:
                    4b:c5:dd:58:59:1c:5c:f2:a2:78:67:8d:3f:d1:5f:
                    e9:c1:5f:a4:d1:17:15:1b:a5:8e:f6:bd:00:1a:4e:
                    e5:e2:c9:42:52:01:b0:14:97:86:65:a1:da:89:7a:
                    53:e6:54:53:5b:df:d3:84:e1:ea:dc:87:21:3a:25:
                    6f:62:eb:52:d0:03:e4:3b:b1:6a:9f:8f:54:42:5d:
                    92:34:8d:a6:dd:19:bf:9b:4c:50:6f:19:2c:0d:ba:
                    eb:95:bb:90:11:ea:39:97:c5:4e:6c:fa:80:72:68:
                    6b:ba:ba:f4:96:7e:c5:9b:2e:4d:3d:91:9c:2d:3b:
                    4d:77:db:16:d4:ed:76:57:19:6d:45:9a:38:8d:6c:
                    8e:d1:31:0e:aa:6e:52:1e:b5:d1:7a:96:7b:49:de:
                    ac:4a:60:97:b8:df:02:03:1f:29:d6:32:78:c1:0a:
                    77:2b:f0:d8:a5:1b:d7:29:12:c9:d6:6c:eb:ee:c9:
                    7b:bc:a1:af:23:65:84:22:01:b0:72:ff:eb:56:7d:
                    dd:2b:33:43:aa:06:3f:40:f8:bb:84:5b:90:43:bf:
                    47:bb:e8:ed:4f:47:f9:96:97:a2:e9:88:5b:6e:5a:
                    d2:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:A5:04:2B:1B:9E:F2:7D:E3:77:7A:4B:00:51:B6:BA:93:89:46:FB
            X509v3 Authority Key Identifier:
                keyid:C5:51:47:24:80:68:3C:61:97:0F:60:5F:B1:99:EE:B6:EA:E1:21:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xVFHJIBoPGGXD2BfsZnuturhIYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/39ef81-db85-47d6-87c2-57eb5ef896e1/1/YqUEKxue8n3jd3pLAFG2upOJRvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/39ef81-db85-47d6-87c2-57eb5ef896e1/1/xVFHJIBoPGGXD2BfsZnuturhIYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.225.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:54:be:07:2f:26:66:65:9c:4b:df:6d:15:5d:42:cf:37:3a:
         8b:75:c1:c0:54:70:80:8b:d5:7f:85:6a:4c:d7:a1:ef:0c:91:
         6c:e9:61:fd:c4:7f:98:64:c9:12:0b:a7:a4:32:36:24:22:27:
         13:78:88:9a:f9:52:95:9a:9a:29:5d:ac:83:0e:07:97:5f:77:
         43:91:69:7b:d4:ac:3b:6d:b0:68:bc:09:aa:c4:ed:18:71:7b:
         42:ed:67:2a:4e:1b:fd:96:82:d3:2a:eb:fd:e8:68:29:14:f7:
         c0:24:31:54:44:56:4a:b3:6d:2c:ab:12:dd:47:2c:e8:1f:5b:
         87:e3:33:2f:d7:61:53:3f:f8:f4:28:2b:5f:09:8d:c1:d5:64:
         9f:3d:36:2d:e2:35:51:1e:08:1a:9d:a8:09:50:df:dd:1f:9c:
         44:39:2e:d5:53:1a:e1:d2:ab:72:21:fc:45:dc:c2:18:4f:0b:
         92:de:82:ed:39:56:6b:f9:56:44:b6:1a:27:96:b9:04:b2:fb:
         fd:dd:05:16:7b:3e:28:ea:ba:19:e1:3c:59:c1:e1:ee:83:f3:
         04:da:ef:a3:81:1e:57:c5:eb:c8:f9:e3:5d:7b:d2:87:b3:18:
         91:50:c4:ae:bc:35:f3:c3:fd:95:86:e6:e6:3b:73:a9:79:2c:
         1d:bd:3d:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSPmuGvuQXsgJ+0FPmRQ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1NTE0NzI0ODA2ODNjNjE5NzBmNjA1ZmIxOTllZWI2ZWFl
MTIxOGIwHhcNMjQwMTAxMDQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmE1MDQyYjFiOWVmMjdkZTM3NzdhNGIwMDUxYjZiYTkzODk0NmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxIQAkQ52eIvdPvR4VzXlfHvtvblI
5TPCF5JsSrdLxd1YWRxc8qJ4Z40/0V/pwV+k0RcVG6WO9r0AGk7l4slCUgGwFJeG
ZaHaiXpT5lRTW9/ThOHq3IchOiVvYutS0APkO7Fqn49UQl2SNI2m3Rm/m0xQbxks
DbrrlbuQEeo5l8VObPqAcmhrurr0ln7Fmy5NPZGcLTtNd9sW1O12VxltRZo4jWyO
0TEOqm5SHrXRepZ7Sd6sSmCXuN8CAx8p1jJ4wQp3K/DYpRvXKRLJ1mzr7sl7vKGv
I2WEIgGwcv/rVn3dKzNDqgY/QPi7hFuQQ79Hu+jtT0f5lpei6YhbblrSHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGKlBCsbnvJ943d6SwBRtrqTiUb7MB8GA1UdIwQY
MBaAFMVRRySAaDxhlw9gX7GZ7rbq4SGLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFZGSEpJQm9QR0dYRDJCZnNabnV0dXJoSVlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8zOWVmODEtZGI4NS00N2Q2LTg3YzIt
NTdlYjVlZjg5NmUxLzEvWXFVRUt4dWU4bjNqZDNwTEFGRzJ1cE9KUnZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8zOWVmODEtZGI4NS00N2Q2LTg3YzItNTdlYjVlZjg5NmUx
LzEveFZGSEpJQm9QR0dYRDJCZnNabnV0dXJoSVlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+GwMA0G
CSqGSIb3DQEBCwUAA4IBAQBPVL4HLyZmZZxL320VXULPNzqLdcHAVHCAi9V/hWpM
16HvDJFs6WH9xH+YZMkSC6ekMjYkIicTeIia+VKVmpopXayDDgeXX3dDkWl71Kw7
bbBovAmqxO0YcXtC7WcqThv9loLTKuv96GgpFPfAJDFURFZKs20sqxLdRyzoH1uH
4zMv12FTP/j0KCtfCY3B1WSfPTYt4jVRHgganagJUN/dH5xEOS7VUxrh0qtyIfxF
3MIYTwuS3oLtOVZr+VZEthonlrkEsvv93QUWez4o6roZ4TxZweHug/ME2u+jgR5X
xevI+eNde9KHsxiRUMSuvDXzw/2VhubmO3OpeSwdvT1l
-----END CERTIFICATE-----