Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/5b18b5-da02-4e97-b013-4597e147c140/1/Ria73zQGELBNwwHOA9OJEt0o8EY.roa
File:                     Ria73zQGELBNwwHOA9OJEt0o8EY.roa (raw, json)
Hash identifier:          HtxAf41dbXBX0JzL39EZFMNEbag9XlRGkEzoEsFD+mI=
Subject key identifier:   46:26:BB:DF:34:06:10:B0:4D:C3:01:CE:03:D3:89:12:DD:28:F0:46
Certificate issuer:       /CN=b2e102484f73972786ccc2df1c47c2682b8b85ca
Certificate serial:       018CC6B92A474938E8DBDE3BB07CF043D45C
Authority key identifier: B2:E1:02:48:4F:73:97:27:86:CC:C2:DF:1C:47:C2:68:2B:8B:85:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/suECSE9zlyeGzMLfHEfCaCuLhco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/5b18b5-da02-4e97-b013-4597e147c140/1/Ria73zQGELBNwwHOA9OJEt0o8EY.roa
Signing time:             Mon 01 Jan 2024 20:31:12 +0000
ROA not before:           Mon 01 Jan 2024 20:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41652
IP address blocks:        91.223.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/5b18b5-da02-4e97-b013-4597e147c140/1/suECSE9zlyeGzMLfHEfCaCuLhco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/5b18b5-da02-4e97-b013-4597e147c140/1/suECSE9zlyeGzMLfHEfCaCuLhco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/suECSE9zlyeGzMLfHEfCaCuLhco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:2a:47:49:38:e8:db:de:3b:b0:7c:f0:43:d4:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2e102484f73972786ccc2df1c47c2682b8b85ca
        Validity
            Not Before: Jan  1 20:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4626bbdf340610b04dc301ce03d38912dd28f046
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:db:1c:a8:52:53:f0:d4:ed:52:48:c9:85:e8:
                    85:fd:a4:1a:2b:9f:d2:78:17:1c:f4:c6:6d:27:1a:
                    dc:ac:2c:75:41:7b:16:ef:f7:41:9a:b0:6b:b6:e6:
                    82:09:a4:af:a2:f1:0c:f0:36:3c:3c:91:7c:ed:da:
                    0f:52:b3:8b:24:64:bc:34:9d:43:a3:68:42:ee:73:
                    1c:aa:da:48:cf:6f:68:4b:f8:bc:54:ea:bf:a7:f6:
                    64:a7:9a:5c:f6:7e:a7:26:c8:46:3a:70:94:21:fd:
                    70:9d:fb:b9:77:94:af:95:c7:b0:03:9f:65:17:29:
                    02:15:43:b1:58:52:6c:41:f0:80:2a:71:57:1c:c4:
                    1b:06:ee:45:89:bd:34:fd:00:87:2b:d8:ee:e3:39:
                    c1:9f:fc:d1:25:5f:ee:73:4e:69:f2:ab:21:04:6d:
                    d9:af:ea:89:42:78:a2:6c:62:37:43:91:70:6c:25:
                    f3:95:b0:06:64:39:58:50:fb:f7:e2:c0:ec:68:6f:
                    46:a4:4b:3a:4e:f4:c5:c5:f3:ea:a7:8c:6c:29:a2:
                    32:ee:43:a7:9e:97:27:3f:71:a2:67:9c:74:cd:65:
                    09:ae:79:cb:d3:b6:52:4a:86:9e:ef:83:20:b2:23:
                    fb:1b:01:e7:1e:5e:1c:c5:ab:a9:df:ff:b9:98:23:
                    30:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:26:BB:DF:34:06:10:B0:4D:C3:01:CE:03:D3:89:12:DD:28:F0:46
            X509v3 Authority Key Identifier:
                keyid:B2:E1:02:48:4F:73:97:27:86:CC:C2:DF:1C:47:C2:68:2B:8B:85:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/suECSE9zlyeGzMLfHEfCaCuLhco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/5b18b5-da02-4e97-b013-4597e147c140/1/Ria73zQGELBNwwHOA9OJEt0o8EY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/5b18b5-da02-4e97-b013-4597e147c140/1/suECSE9zlyeGzMLfHEfCaCuLhco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:5e:70:48:6b:90:e5:82:bd:70:1a:a9:dd:1a:b8:c2:65:c0:
         fc:17:90:6f:9e:8a:71:71:b1:ac:c4:08:6e:ee:f1:30:d8:a3:
         1c:39:1c:b3:5a:1f:14:98:7c:dc:80:0b:73:76:f2:f8:cf:91:
         e5:a1:c0:e5:71:fd:47:ff:1b:a5:a9:90:a5:33:35:90:d5:5c:
         6a:8c:e2:82:da:11:37:5d:9a:ec:ce:16:95:d3:2e:ce:a9:54:
         ec:b6:dc:cb:8d:c8:d8:7a:e7:8d:93:8c:71:96:5a:31:3c:e0:
         3d:b1:0a:e3:f0:91:8a:6b:53:58:8a:73:8f:0e:dd:1e:4e:6a:
         fd:21:12:81:3c:e8:56:2e:dd:ca:1b:eb:2f:ce:70:5c:ba:2e:
         e9:0e:98:26:94:e0:95:b4:92:0d:40:68:2c:32:a1:60:3e:ff:
         0e:90:a0:68:90:60:14:7d:23:54:66:0e:73:01:dd:87:1d:be:
         1e:fd:bd:99:3d:d7:db:6e:f7:fd:5f:d5:1f:a8:86:1c:3f:d1:
         ce:f0:c0:c5:b3:1e:dd:3b:94:c7:6f:ba:25:0c:32:82:ea:a2:
         c8:b3:67:a4:b0:b7:3a:cc:6f:07:98:db:ce:84:bd:db:bd:ed:
         d8:10:89:96:1b:10:91:e8:46:4a:1b:0d:96:2b:26:37:1e:79:
         f4:69:cb:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuSpHSTjo2947sHzwQ9RcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZTEwMjQ4NGY3Mzk3Mjc4NmNjYzJkZjFjNDdjMjY4MmI4
Yjg1Y2EwHhcNMjQwMTAxMjAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjI2YmJkZjM0MDYxMGIwNGRjMzAxY2UwM2QzODkxMmRkMjhmMDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdscqFJT8NTtUkjJheiF/aQaK5/S
eBcc9MZtJxrcrCx1QXsW7/dBmrBrtuaCCaSvovEM8DY8PJF87doPUrOLJGS8NJ1D
o2hC7nMcqtpIz29oS/i8VOq/p/Zkp5pc9n6nJshGOnCUIf1wnfu5d5SvlcewA59l
FykCFUOxWFJsQfCAKnFXHMQbBu5Fib00/QCHK9ju4znBn/zRJV/uc05p8qshBG3Z
r+qJQniibGI3Q5FwbCXzlbAGZDlYUPv34sDsaG9GpEs6TvTFxfPqp4xsKaIy7kOn
npcnP3GiZ5x0zWUJrnnL07ZSSoae74MgsiP7GwHnHl4cxaup3/+5mCMwAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEYmu980BhCwTcMBzgPTiRLdKPBGMB8GA1UdIwQY
MBaAFLLhAkhPc5cnhszC3xxHwmgri4XKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3VFQ1NFOXpseWVHek1MZkhFZkNhQ3VMaGNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi81YjE4YjUtZGEwMi00ZTk3LWIwMTMt
NDU5N2UxNDdjMTQwLzEvUmlhNzN6UUdFTEJOd3dIT0E5T0pFdDBvOEVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi81YjE4YjUtZGEwMi00ZTk3LWIwMTMtNDU5N2UxNDdjMTQw
LzEvc3VFQ1NFOXpseWVHek1MZkhFZkNhQ3VMaGNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9+DMA0G
CSqGSIb3DQEBCwUAA4IBAQCHXnBIa5Dlgr1wGqndGrjCZcD8F5BvnopxcbGsxAhu
7vEw2KMcORyzWh8UmHzcgAtzdvL4z5HlocDlcf1H/xulqZClMzWQ1VxqjOKC2hE3
XZrszhaV0y7OqVTsttzLjcjYeueNk4xxlloxPOA9sQrj8JGKa1NYinOPDt0eTmr9
IRKBPOhWLt3KG+svznBcui7pDpgmlOCVtJINQGgsMqFgPv8OkKBokGAUfSNUZg5z
Ad2HHb4e/b2ZPdfbbvf9X9UfqIYcP9HO8MDFsx7dO5THb7olDDKC6qLIs2eksLc6
zG8HmNvOhL3bve3YEImWGxCR6EZKGw2WKyY3Hnn0acvF
-----END CERTIFICATE-----