Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/5OP5ndR10GHZW07nd31gCw7yNH4.roa
File:                     5OP5ndR10GHZW07nd31gCw7yNH4.roa (raw, json)
Hash identifier:          7ZfEeiMkCAOOWG/UpR1SCHfiZXSKo3MGHtevyRDA2Go=
Subject key identifier:   E4:E3:F9:9D:D4:75:D0:61:D9:5B:4E:E7:77:7D:60:0B:0E:F2:34:7E
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       018EF0314A9F53EE10875A56D6731C204C60
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/5OP5ndR10GHZW07nd31gCw7yNH4.roa
Signing time:             Thu 18 Apr 2024 07:52:25 +0000
ROA not before:           Thu 18 Apr 2024 07:52:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215355
IP address blocks:        91.103.120.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f0:31:4a:9f:53:ee:10:87:5a:56:d6:73:1c:20:4c:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Apr 18 07:52:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4e3f99dd475d061d95b4ee7777d600b0ef2347e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:dc:a0:f5:23:58:f3:56:59:33:06:41:2e:4c:
                    14:0a:e1:de:af:86:6b:94:f6:ee:ec:b1:83:26:56:
                    bd:7d:60:67:4a:f3:d2:66:82:ad:e1:18:88:22:85:
                    35:ba:4b:03:9c:96:d6:f6:6c:8f:b0:66:7f:4c:d0:
                    56:22:e0:bb:08:d7:14:95:c2:29:37:88:ba:0d:70:
                    dc:6d:9b:de:08:58:b8:90:c0:b1:7f:8e:14:1a:c6:
                    01:d8:04:8f:1b:f7:4c:9f:27:56:7f:b6:e1:76:21:
                    d0:e0:2b:f5:b2:d5:03:f7:45:99:ff:38:a9:d3:6d:
                    be:34:ab:f9:73:ba:b0:ec:c6:82:65:38:84:d6:46:
                    93:5c:05:88:95:58:e0:b4:26:b1:ca:fc:3d:52:68:
                    7d:9d:54:32:be:f9:20:7c:09:11:ac:39:6e:f2:7d:
                    64:c4:d8:54:8d:59:a4:e4:91:5b:ae:3a:85:3e:7f:
                    33:ae:75:d2:88:0e:34:86:af:9c:77:30:5a:ad:e9:
                    6d:1e:00:b2:09:56:85:87:97:12:48:5f:f2:47:44:
                    d1:85:87:86:49:07:a1:68:d8:2e:69:81:ec:aa:d1:
                    43:f4:da:a6:ce:c2:19:21:3b:93:19:6c:75:00:57:
                    ef:e2:73:7d:78:20:09:3a:ba:63:19:00:ca:a5:0a:
                    fd:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:E3:F9:9D:D4:75:D0:61:D9:5B:4E:E7:77:7D:60:0B:0E:F2:34:7E
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/5OP5ndR10GHZW07nd31gCw7yNH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.103.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:fb:58:4d:94:6b:82:c3:14:20:9b:77:9a:bb:ce:64:5c:ce:
         d7:71:a8:f0:92:f0:84:67:ec:a3:66:be:3d:21:fe:54:8f:19:
         74:34:c4:dc:db:63:1f:91:10:67:80:33:72:66:ae:e0:ca:d3:
         83:2e:85:57:5e:12:48:74:68:66:39:e2:cf:47:23:34:da:80:
         86:7c:a5:e8:09:3f:7a:41:8d:2b:97:8e:7b:45:16:b4:de:a7:
         cd:1b:6d:dd:c2:69:f4:a3:d7:d5:73:3d:73:5f:e1:c8:1e:18:
         63:ec:35:50:3e:85:7c:1e:90:bc:6e:68:29:65:2b:85:07:c0:
         a4:86:d7:be:31:19:d5:d4:ef:1f:f5:8a:7d:ae:99:03:d9:ba:
         8b:2d:37:f3:e1:44:3c:50:f2:87:74:33:a1:f3:ea:a3:83:bc:
         0b:01:17:db:c7:02:3b:f5:0d:85:04:81:29:26:57:e6:cf:d0:
         cd:c6:49:d7:e3:ff:db:a5:7e:82:e5:4c:53:87:eb:4a:9e:ef:
         5f:4f:f8:f2:35:a9:8e:58:a0:41:c8:a6:74:7b:2b:41:2b:a3:
         d9:18:6d:2e:ce:83:f0:63:ef:c7:e2:ce:18:05:79:c0:d0:b6:
         ff:fe:2b:66:68:72:14:3b:bb:94:ff:3a:43:59:e1:11:1d:34:
         4a:59:96:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7wMUqfU+4Qh1pW1nMcIExgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjQwNDE4MDc1MjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGUzZjk5ZGQ0NzVkMDYxZDk1YjRlZTc3NzdkNjAwYjBlZjIzNDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9yg9SNY81ZZMwZBLkwUCuHer4Zr
lPbu7LGDJla9fWBnSvPSZoKt4RiIIoU1uksDnJbW9myPsGZ/TNBWIuC7CNcUlcIp
N4i6DXDcbZveCFi4kMCxf44UGsYB2ASPG/dMnydWf7bhdiHQ4Cv1stUD90WZ/zip
022+NKv5c7qw7MaCZTiE1kaTXAWIlVjgtCaxyvw9Umh9nVQyvvkgfAkRrDlu8n1k
xNhUjVmk5JFbrjqFPn8zrnXSiA40hq+cdzBareltHgCyCVaFh5cSSF/yR0TRhYeG
SQehaNguaYHsqtFD9NqmzsIZITuTGWx1AFfv4nN9eCAJOrpjGQDKpQr9dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOTj+Z3UddBh2VtO53d9YAsO8jR+MB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvNU9QNW5kUjEwR0haVzA3bmQzMWdDdzd5Tkg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW2d4MA0G
CSqGSIb3DQEBCwUAA4IBAQCQ+1hNlGuCwxQgm3eau85kXM7XcajwkvCEZ+yjZr49
If5Ujxl0NMTc22MfkRBngDNyZq7gytODLoVXXhJIdGhmOeLPRyM02oCGfKXoCT96
QY0rl457RRa03qfNG23dwmn0o9fVcz1zX+HIHhhj7DVQPoV8HpC8bmgpZSuFB8Ck
hte+MRnV1O8f9Yp9rpkD2bqLLTfz4UQ8UPKHdDOh8+qjg7wLARfbxwI79Q2FBIEp
Jlfmz9DNxknX4//bpX6C5UxTh+tKnu9fT/jyNamOWKBByKZ0eytBK6PZGG0uzoPw
Y+/H4s4YBXnA0Lb//itmaHIUO7uU/zpDWeERHTRKWZaZ
-----END CERTIFICATE-----