Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/ad5ea9-8bd1-41ef-8356-fadc3524fa30/1/IszRMTB3G-DJ4axv_EpdvVlf6gw.roa
File:                     IszRMTB3G-DJ4axv_EpdvVlf6gw.roa (raw, json)
Hash identifier:          CY0TRU9a1uxqs27AvjddrwTXdq92hZRTpG3jg6Iljv0=
Subject key identifier:   22:CC:D1:31:30:77:1B:E0:C9:E1:AC:6F:FC:4A:5D:BD:59:5F:EA:0C
Certificate issuer:       /CN=eeb3e113ccfaeee1996ba90c461407fce290a9db
Certificate serial:       018CC500D080D5434EF4B9086B39923E10F1
Authority key identifier: EE:B3:E1:13:CC:FA:EE:E1:99:6B:A9:0C:46:14:07:FC:E2:90:A9:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rPhE8z67uGZa6kMRhQH_OKQqds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/ad5ea9-8bd1-41ef-8356-fadc3524fa30/1/IszRMTB3G-DJ4axv_EpdvVlf6gw.roa
Signing time:             Mon 01 Jan 2024 12:30:14 +0000
ROA not before:           Mon 01 Jan 2024 12:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208081
IP address blocks:        91.199.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/ad5ea9-8bd1-41ef-8356-fadc3524fa30/1/7rPhE8z67uGZa6kMRhQH_OKQqds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/ad5ea9-8bd1-41ef-8356-fadc3524fa30/1/7rPhE8z67uGZa6kMRhQH_OKQqds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rPhE8z67uGZa6kMRhQH_OKQqds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 12:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:d0:80:d5:43:4e:f4:b9:08:6b:39:92:3e:10:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eeb3e113ccfaeee1996ba90c461407fce290a9db
        Validity
            Not Before: Jan  1 12:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22ccd13130771be0c9e1ac6ffc4a5dbd595fea0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:6a:6f:7a:d5:05:95:88:79:a2:bf:c8:9c:b1:
                    75:ab:6b:94:c8:ac:c6:93:c7:7b:75:2a:63:34:f7:
                    5e:40:a5:f7:de:75:83:d6:e2:c6:25:21:bc:ab:3c:
                    32:db:48:d2:e4:a5:f7:93:93:4f:0f:b9:ce:bb:a1:
                    2c:96:04:17:8b:ee:ab:d3:39:d1:d9:fa:2c:1e:d9:
                    b0:ae:cd:ea:17:68:9e:f5:ec:23:bc:a1:22:19:4c:
                    73:10:f2:f3:68:fc:ce:7a:da:16:5c:ac:c3:fb:c2:
                    28:5c:84:42:ab:91:2a:dd:5b:25:45:e5:b1:f9:59:
                    5e:37:7d:78:d3:36:4f:44:03:a2:a8:22:c6:2c:62:
                    2a:9a:24:b7:1b:86:c4:31:97:d4:fd:91:b1:fe:41:
                    8d:d5:27:10:f2:d7:c0:d4:b7:96:a2:ab:50:c6:60:
                    c0:d4:b3:d5:89:bc:8d:00:ce:c9:2b:79:1a:b9:a9:
                    8f:9c:c9:b6:c5:2f:33:e4:76:7d:ea:5d:ff:7b:1d:
                    45:34:bb:e7:98:0c:ca:a2:ef:cb:14:ba:c9:e7:01:
                    e4:0e:09:c9:58:99:ed:4e:c0:bd:6b:10:0e:f1:45:
                    35:90:e9:b5:91:7e:44:44:80:86:59:79:84:57:ea:
                    a2:14:43:71:ba:40:b8:1b:8f:96:7d:7e:19:ae:e8:
                    22:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:CC:D1:31:30:77:1B:E0:C9:E1:AC:6F:FC:4A:5D:BD:59:5F:EA:0C
            X509v3 Authority Key Identifier:
                keyid:EE:B3:E1:13:CC:FA:EE:E1:99:6B:A9:0C:46:14:07:FC:E2:90:A9:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rPhE8z67uGZa6kMRhQH_OKQqds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/ad5ea9-8bd1-41ef-8356-fadc3524fa30/1/IszRMTB3G-DJ4axv_EpdvVlf6gw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/ad5ea9-8bd1-41ef-8356-fadc3524fa30/1/7rPhE8z67uGZa6kMRhQH_OKQqds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:8c:48:af:fc:a1:c7:8d:08:02:8d:bc:5a:c3:03:2d:cd:b6:
         06:4c:53:d1:e5:43:f1:11:11:98:1a:a5:70:87:bf:ef:71:5f:
         6b:ea:cb:73:65:5a:fd:33:e4:1b:f6:0c:70:29:89:71:39:9b:
         80:84:7e:5b:e3:47:07:ca:72:3e:3c:b1:3b:e5:e8:07:66:ff:
         c7:71:a6:74:8f:65:91:9b:3a:77:42:0b:2c:99:b7:c5:27:1b:
         5c:ac:b8:fe:04:ad:8b:b5:24:0a:cb:ad:5a:7f:e8:c3:54:86:
         3c:66:1b:ca:0b:47:2f:2a:e0:ca:95:bd:b8:95:c0:1a:67:93:
         2a:cb:6c:79:b8:62:05:9d:5d:27:2f:26:08:1c:c4:6a:39:8c:
         f3:96:1c:a2:99:2d:1a:3b:50:ac:f6:05:2a:0c:75:39:ea:4d:
         5c:89:fa:50:9e:5f:d3:f5:d4:52:c2:d6:7d:43:0d:83:c7:7f:
         be:6f:63:a8:47:d5:fc:49:a5:b6:fc:af:bb:04:bd:54:1d:1e:
         31:a5:aa:49:d1:17:3c:03:50:4e:3f:4c:b2:2f:a5:b5:74:82:
         e0:ea:53:e9:2e:44:41:7c:74:57:64:b5:11:95:7c:e3:9d:00:
         ba:46:63:8b:5e:58:37:c0:9f:2e:44:7c:e6:96:b7:95:4b:e3:
         29:06:5b:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFANCA1UNO9LkIazmSPhDxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYjNlMTEzY2NmYWVlZTE5OTZiYTkwYzQ2MTQwN2ZjZTI5
MGE5ZGIwHhcNMjQwMTAxMTIzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmNjZDEzMTMwNzcxYmUwYzllMWFjNmZmYzRhNWRiZDU5NWZlYTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8GpvetUFlYh5or/InLF1q2uUyKzG
k8d7dSpjNPdeQKX33nWD1uLGJSG8qzwy20jS5KX3k5NPD7nOu6EslgQXi+6r0znR
2fosHtmwrs3qF2ie9ewjvKEiGUxzEPLzaPzOetoWXKzD+8IoXIRCq5Eq3VslReWx
+VleN3140zZPRAOiqCLGLGIqmiS3G4bEMZfU/ZGx/kGN1ScQ8tfA1LeWoqtQxmDA
1LPVibyNAM7JK3kauamPnMm2xS8z5HZ96l3/ex1FNLvnmAzKou/LFLrJ5wHkDgnJ
WJntTsC9axAO8UU1kOm1kX5ERICGWXmEV+qiFENxukC4G4+WfX4ZrugiqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCLM0TEwdxvgyeGsb/xKXb1ZX+oMMB8GA1UdIwQY
MBaAFO6z4RPM+u7hmWupDEYUB/zikKnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3JQaEU4ejY3dUdaYTZrTVJoUUhfT0tRcWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9hZDVlYTktOGJkMS00MWVmLTgzNTYt
ZmFkYzM1MjRmYTMwLzEvSXN6Uk1UQjNHLURKNGF4dl9FcGR2VmxmNmd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9hZDVlYTktOGJkMS00MWVmLTgzNTYtZmFkYzM1MjRmYTMw
LzEvN3JQaEU4ejY3dUdaYTZrTVJoUUhfT0tRcWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8ckMA0G
CSqGSIb3DQEBCwUAA4IBAQBLjEiv/KHHjQgCjbxawwMtzbYGTFPR5UPxERGYGqVw
h7/vcV9r6stzZVr9M+Qb9gxwKYlxOZuAhH5b40cHynI+PLE75egHZv/HcaZ0j2WR
mzp3QgssmbfFJxtcrLj+BK2LtSQKy61af+jDVIY8ZhvKC0cvKuDKlb24lcAaZ5Mq
y2x5uGIFnV0nLyYIHMRqOYzzlhyimS0aO1Cs9gUqDHU56k1cifpQnl/T9dRSwtZ9
Qw2Dx3++b2OoR9X8SaW2/K+7BL1UHR4xpapJ0Rc8A1BOP0yyL6W1dILg6lPpLkRB
fHRXZLURlXzjnQC6RmOLXlg3wJ8uRHzmlreVS+MpBlvp
-----END CERTIFICATE-----