Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/830639-bdde-47b6-b558-04d6274bf1d0/1/dYAd-IFuTjfe6rII8vtshygqE9A.roa
File:                     dYAd-IFuTjfe6rII8vtshygqE9A.roa (raw, json)
Hash identifier:          orsx3h1Me1xBB1QxWOG5oCqWTRCTjZRQ3u/h6jtXE94=
Subject key identifier:   75:80:1D:F8:81:6E:4E:37:DE:EA:B2:08:F2:FB:6C:87:28:2A:13:D0
Certificate issuer:       /CN=e7dcdf80f30734bd2162a57c1354ae5b1e746ee6
Certificate serial:       018CC56E57EC19DC81F618D3FCE29716DC63
Authority key identifier: E7:DC:DF:80:F3:07:34:BD:21:62:A5:7C:13:54:AE:5B:1E:74:6E:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/59zfgPMHNL0hYqV8E1SuWx50buY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/830639-bdde-47b6-b558-04d6274bf1d0/1/dYAd-IFuTjfe6rII8vtshygqE9A.roa
Signing time:             Mon 01 Jan 2024 14:29:52 +0000
ROA not before:           Mon 01 Jan 2024 14:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196688
IP address blocks:        91.215.204.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/830639-bdde-47b6-b558-04d6274bf1d0/1/59zfgPMHNL0hYqV8E1SuWx50buY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/830639-bdde-47b6-b558-04d6274bf1d0/1/59zfgPMHNL0hYqV8E1SuWx50buY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/59zfgPMHNL0hYqV8E1SuWx50buY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:57:ec:19:dc:81:f6:18:d3:fc:e2:97:16:dc:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7dcdf80f30734bd2162a57c1354ae5b1e746ee6
        Validity
            Not Before: Jan  1 14:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75801df8816e4e37deeab208f2fb6c87282a13d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:bc:bf:2b:9a:21:ad:07:27:4b:59:9d:61:99:
                    d5:10:62:8b:31:f9:32:6e:b5:53:1a:05:b8:dc:e1:
                    e9:b1:f2:57:1c:6c:5a:55:37:1a:dd:f6:7b:d1:99:
                    ff:32:bb:72:65:ab:30:b0:5b:58:82:f9:de:d9:e7:
                    05:df:d9:a4:13:07:f4:5e:6c:23:23:e6:0b:f6:ac:
                    48:43:63:30:86:5a:7c:49:61:7a:94:7d:1e:74:7c:
                    a5:39:53:c7:ef:37:d6:4f:d1:9f:61:9f:a5:d5:10:
                    c4:ba:f0:ca:2d:74:2a:c0:ce:e0:c8:6b:62:64:11:
                    2e:fb:8e:9b:90:cc:94:52:93:36:08:45:26:fe:ae:
                    1a:b7:5f:49:85:ca:88:48:6f:35:d9:f1:7b:5f:ea:
                    a8:64:c8:e6:31:c3:9a:a1:77:b1:27:70:a9:f6:b5:
                    bc:fc:3f:46:04:0c:74:49:66:40:8a:37:13:01:0e:
                    1f:8d:fd:38:59:6e:0f:ee:09:8f:4a:8e:bf:a9:24:
                    ac:c8:9b:bb:68:9d:b9:d9:ed:50:87:35:40:c1:88:
                    d2:4d:b5:ea:c7:be:73:64:08:7e:bb:cf:b8:ec:1d:
                    b1:83:d4:83:c8:00:a0:50:c9:7f:cf:52:2a:6d:43:
                    29:b8:43:00:a9:c3:b0:b2:5e:54:9b:9e:06:b0:c6:
                    23:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:80:1D:F8:81:6E:4E:37:DE:EA:B2:08:F2:FB:6C:87:28:2A:13:D0
            X509v3 Authority Key Identifier:
                keyid:E7:DC:DF:80:F3:07:34:BD:21:62:A5:7C:13:54:AE:5B:1E:74:6E:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/59zfgPMHNL0hYqV8E1SuWx50buY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/830639-bdde-47b6-b558-04d6274bf1d0/1/dYAd-IFuTjfe6rII8vtshygqE9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/830639-bdde-47b6-b558-04d6274bf1d0/1/59zfgPMHNL0hYqV8E1SuWx50buY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.215.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:20:bf:67:03:9b:96:85:f8:d4:08:d3:06:ba:24:35:17:ca:
         23:25:a4:3e:be:4d:b4:be:c7:37:68:39:ba:df:6b:b6:fc:f8:
         39:fe:16:f1:49:5f:08:e0:3a:7f:3c:11:6b:0d:93:f9:ac:52:
         95:15:e6:bc:9f:fb:66:0f:ca:ba:94:0b:f7:b8:e5:25:97:d4:
         1a:79:15:dd:9e:3e:6c:51:04:54:ff:2b:6a:b4:a9:e6:41:dd:
         98:c3:87:93:70:70:49:6b:cb:18:1b:27:22:68:2c:c8:35:2b:
         f0:a5:e5:3b:49:42:7f:cf:ea:2d:86:49:86:26:ea:ac:f2:ea:
         44:af:4b:20:86:ad:33:d4:d4:75:9c:ba:fe:f0:77:01:8d:5d:
         7d:62:eb:c7:d3:29:53:61:9b:d4:89:59:70:19:9b:3c:0e:e4:
         38:c0:8d:97:e2:67:9d:bc:1f:c5:41:ef:ac:71:6e:69:4c:a7:
         7c:f6:2c:c8:9a:2b:bd:ae:40:f3:dc:15:01:c5:06:4c:18:a6:
         9f:22:1f:2c:e0:1e:58:29:65:ff:f8:08:cf:31:c7:70:1b:3d:
         7e:27:1a:3c:b0:e4:a9:1b:c9:1d:e1:8d:15:ad:f4:42:70:0f:
         48:11:82:be:93:e6:04:a2:d6:34:ad:86:66:54:5d:e6:af:54:
         b1:7c:fc:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFblfsGdyB9hjT/OKXFtxjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZGNkZjgwZjMwNzM0YmQyMTYyYTU3YzEzNTRhZTViMWU3
NDZlZTYwHhcNMjQwMTAxMTQyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTgwMWRmODgxNmU0ZTM3ZGVlYWIyMDhmMmZiNmM4NzI4MmExM2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7y/K5ohrQcnS1mdYZnVEGKLMfky
brVTGgW43OHpsfJXHGxaVTca3fZ70Zn/MrtyZaswsFtYgvne2ecF39mkEwf0Xmwj
I+YL9qxIQ2Mwhlp8SWF6lH0edHylOVPH7zfWT9GfYZ+l1RDEuvDKLXQqwM7gyGti
ZBEu+46bkMyUUpM2CEUm/q4at19JhcqISG812fF7X+qoZMjmMcOaoXexJ3Cp9rW8
/D9GBAx0SWZAijcTAQ4fjf04WW4P7gmPSo6/qSSsyJu7aJ252e1QhzVAwYjSTbXq
x75zZAh+u8+47B2xg9SDyACgUMl/z1IqbUMpuEMAqcOwsl5Um54GsMYjfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHWAHfiBbk433uqyCPL7bIcoKhPQMB8GA1UdIwQY
MBaAFOfc34DzBzS9IWKlfBNUrlsedG7mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTl6ZmdQTUhOTDBoWXFWOEUxU3VXeDUwYnVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni84MzA2MzktYmRkZS00N2I2LWI1NTgt
MDRkNjI3NGJmMWQwLzEvZFlBZC1JRnVUamZlNnJJSTh2dHNoeWdxRTlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni84MzA2MzktYmRkZS00N2I2LWI1NTgtMDRkNjI3NGJmMWQw
LzEvNTl6ZmdQTUhOTDBoWXFWOEUxU3VXeDUwYnVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9fMMA0G
CSqGSIb3DQEBCwUAA4IBAQB1IL9nA5uWhfjUCNMGuiQ1F8ojJaQ+vk20vsc3aDm6
32u2/Pg5/hbxSV8I4Dp/PBFrDZP5rFKVFea8n/tmD8q6lAv3uOUll9QaeRXdnj5s
UQRU/ytqtKnmQd2Yw4eTcHBJa8sYGyciaCzINSvwpeU7SUJ/z+othkmGJuqs8upE
r0sghq0z1NR1nLr+8HcBjV19YuvH0ylTYZvUiVlwGZs8DuQ4wI2X4medvB/FQe+s
cW5pTKd89izImiu9rkDz3BUBxQZMGKafIh8s4B5YKWX/+AjPMcdwGz1+Jxo8sOSp
G8kd4Y0VrfRCcA9IEYK+k+YEotY0rYZmVF3mr1SxfPzR
-----END CERTIFICATE-----