Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/sU6clqwdFtnejfbTwdbtC2cPnd0.roa
File:                     sU6clqwdFtnejfbTwdbtC2cPnd0.roa (raw, json)
Hash identifier:          NeT7h1+4e3VCsIc/x/1nTweKur8kptkXKqwRsDZ390E=
Subject key identifier:   B1:4E:9C:96:AC:1D:16:D9:DE:8D:F6:D3:C1:D6:ED:0B:67:0F:9D:DD
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018EE178B10D11A8D1C45150568898C12D48
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/sU6clqwdFtnejfbTwdbtC2cPnd0.roa
Signing time:             Mon 15 Apr 2024 11:16:06 +0000
ROA not before:           Mon 15 Apr 2024 11:16:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398343
IP address blocks:        91.216.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e1:78:b1:0d:11:a8:d1:c4:51:50:56:88:98:c1:2d:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr 15 11:16:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b14e9c96ac1d16d9de8df6d3c1d6ed0b670f9ddd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:a5:c3:eb:68:34:1c:0d:d3:7c:82:ae:38:8c:
                    d3:5a:4c:bd:79:30:d0:67:4f:9b:a4:2d:b6:52:59:
                    ad:a9:40:db:34:de:9d:26:bd:93:1b:8d:35:18:7e:
                    f8:6e:79:8c:e7:ba:71:cd:53:b7:0c:86:bb:ff:a5:
                    f2:a6:71:74:43:d2:07:1a:78:52:1a:43:53:ee:8d:
                    4d:b6:dd:9d:e1:81:1e:ee:5c:e3:55:2e:8e:93:68:
                    3a:77:0d:5e:a0:03:9d:b6:d8:22:9a:f9:54:e2:e6:
                    2f:c0:19:24:db:06:50:f2:51:b2:22:a0:ea:39:c7:
                    d2:e3:a5:95:59:39:b1:62:a6:da:a7:21:c9:dd:4a:
                    f9:72:e4:35:15:f3:a3:c2:05:fc:a9:85:03:34:3e:
                    42:29:b9:e8:66:99:33:c0:1f:bf:84:0d:e1:45:8c:
                    d8:13:67:48:21:b9:5b:cf:81:ef:5b:8d:b8:c0:ea:
                    fd:dd:e0:e3:64:5e:69:eb:6f:da:e6:ff:e0:50:86:
                    24:c2:a3:2e:14:86:23:c4:f6:99:b8:0d:a8:cc:c1:
                    94:2c:e5:58:2d:ea:10:59:16:ea:52:ed:c6:82:25:
                    fa:0b:83:35:a2:87:ae:9c:92:d4:cd:9c:6c:1a:f1:
                    bf:55:b2:da:a2:4f:8d:fe:e4:90:07:76:25:2f:2c:
                    48:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:4E:9C:96:AC:1D:16:D9:DE:8D:F6:D3:C1:D6:ED:0B:67:0F:9D:DD
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/sU6clqwdFtnejfbTwdbtC2cPnd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:07:d2:c3:0a:85:4a:c2:a8:7b:17:af:b4:79:eb:a9:ef:20:
         c0:3c:e7:f9:1d:f0:f7:75:bb:a4:34:d1:57:99:73:cc:c9:43:
         a5:d2:36:37:96:51:b4:02:14:04:c5:5e:45:50:03:49:fd:f3:
         eb:f1:0d:c6:49:ac:42:84:45:c3:1f:03:79:17:b7:cf:10:0b:
         a5:3d:56:4f:98:29:9b:e5:fb:1b:eb:7b:85:d1:2c:6f:2b:d0:
         52:47:d8:29:43:94:2b:15:01:5d:97:92:d7:6a:d9:0b:35:eb:
         92:ed:63:88:d2:1a:f5:8e:bc:ab:49:a9:2b:ba:e0:6c:d3:f2:
         7b:30:87:3f:90:9a:c9:bb:a5:84:08:41:22:39:7d:1e:26:c0:
         95:1a:24:9b:ea:55:3f:e5:70:90:2f:0b:54:81:52:29:9b:f2:
         93:f9:ba:0a:d1:17:8f:9e:c7:2c:4e:4d:2c:c7:f1:2a:7c:bf:
         4b:60:4e:20:a3:75:19:5f:6a:f2:bf:e4:e7:a7:7b:8e:bf:81:
         e4:44:8c:d8:c9:2c:28:9d:24:49:8d:7a:fc:ed:06:0a:55:40:
         3d:f7:4c:b9:c0:39:6b:98:82:ca:36:f7:58:e7:6f:d8:75:f5:
         f5:18:d6:71:51:60:43:cd:4a:a6:da:aa:78:57:46:7c:ff:e9:
         25:b0:9c:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7heLENEajRxFFQVoiYwS1IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwNDE1MTExNjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTRlOWM5NmFjMWQxNmQ5ZGU4ZGY2ZDNjMWQ2ZWQwYjY3MGY5ZGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkaXD62g0HA3TfIKuOIzTWky9eTDQ
Z0+bpC22UlmtqUDbNN6dJr2TG401GH74bnmM57pxzVO3DIa7/6XypnF0Q9IHGnhS
GkNT7o1Ntt2d4YEe7lzjVS6Ok2g6dw1eoAOdttgimvlU4uYvwBkk2wZQ8lGyIqDq
OcfS46WVWTmxYqbapyHJ3Ur5cuQ1FfOjwgX8qYUDND5CKbnoZpkzwB+/hA3hRYzY
E2dIIblbz4HvW424wOr93eDjZF5p62/a5v/gUIYkwqMuFIYjxPaZuA2ozMGULOVY
LeoQWRbqUu3GgiX6C4M1ooeunJLUzZxsGvG/VbLaok+N/uSQB3YlLyxISQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLFOnJasHRbZ3o3208HW7QtnD53dMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvc1U2Y2xxd2RGdG5lamZiVHdkYnRDMmNQbmQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9i5MA0G
CSqGSIb3DQEBCwUAA4IBAQBDB9LDCoVKwqh7F6+0eeup7yDAPOf5HfD3dbukNNFX
mXPMyUOl0jY3llG0AhQExV5FUANJ/fPr8Q3GSaxChEXDHwN5F7fPEAulPVZPmCmb
5fsb63uF0SxvK9BSR9gpQ5QrFQFdl5LXatkLNeuS7WOI0hr1jryrSakruuBs0/J7
MIc/kJrJu6WECEEiOX0eJsCVGiSb6lU/5XCQLwtUgVIpm/KT+boK0RePnscsTk0s
x/EqfL9LYE4go3UZX2ryv+Tnp3uOv4HkRIzYySwonSRJjXr87QYKVUA990y5wDlr
mILKNvdY52/YdfX1GNZxUWBDzUqm2qp4V0Z8/+klsJyY
-----END CERTIFICATE-----