Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/25e6d6-ced1-4283-8c9f-c84ccba4e607/1/BK4MQc0rP9ct0kbh3w4OHfnUafU.roa
File:                     BK4MQc0rP9ct0kbh3w4OHfnUafU.roa (raw, json)
Hash identifier:          0tRa0hvHnLZswg2XreAP2ayFZb1Fg8al7LGZKokljk4=
Subject key identifier:   04:AE:0C:41:CD:2B:3F:D7:2D:D2:46:E1:DF:0E:0E:1D:F9:D4:69:F5
Certificate issuer:       /CN=b543ef9bc3c2132361c1240972a180912bf7a859
Certificate serial:       018CC795575ABCDCE13E2FDE39166E6AED7F
Authority key identifier: B5:43:EF:9B:C3:C2:13:23:61:C1:24:09:72:A1:80:91:2B:F7:A8:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tUPvm8PCEyNhwSQJcqGAkSv3qFk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/25e6d6-ced1-4283-8c9f-c84ccba4e607/1/BK4MQc0rP9ct0kbh3w4OHfnUafU.roa
Signing time:             Tue 02 Jan 2024 00:31:42 +0000
ROA not before:           Tue 02 Jan 2024 00:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9044
IP address blocks:        91.199.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/25e6d6-ced1-4283-8c9f-c84ccba4e607/1/tUPvm8PCEyNhwSQJcqGAkSv3qFk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/25e6d6-ced1-4283-8c9f-c84ccba4e607/1/tUPvm8PCEyNhwSQJcqGAkSv3qFk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tUPvm8PCEyNhwSQJcqGAkSv3qFk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:57:5a:bc:dc:e1:3e:2f:de:39:16:6e:6a:ed:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b543ef9bc3c2132361c1240972a180912bf7a859
        Validity
            Not Before: Jan  2 00:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04ae0c41cd2b3fd72dd246e1df0e0e1df9d469f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:be:23:24:06:6b:de:32:17:42:84:7c:65:1a:
                    9b:3b:ac:54:e8:72:5f:07:1c:c7:00:6f:64:8d:09:
                    11:4e:29:76:62:3e:ac:c7:18:3b:c2:74:ab:81:1d:
                    c2:3d:33:ce:6e:eb:17:6b:11:32:4f:4f:18:a0:c6:
                    09:64:a0:7f:1d:c0:35:2e:da:9b:34:1c:de:1c:13:
                    7b:f2:97:b7:33:af:11:c8:02:ce:72:d2:34:49:57:
                    72:1e:56:3f:24:38:70:2c:4a:24:9e:cf:b4:51:df:
                    9e:51:3a:57:6f:37:65:f6:0c:46:73:57:5e:76:dd:
                    cb:48:67:95:5f:13:bf:73:b8:36:5e:01:33:b3:5e:
                    a6:9f:0c:21:11:cb:ee:87:4d:b2:60:f5:ff:a2:12:
                    3c:88:43:7a:c1:86:20:88:b6:02:04:16:b7:63:01:
                    e3:90:69:f4:43:68:98:0e:61:2d:ea:10:84:e7:c4:
                    dd:ff:95:4f:f3:74:36:23:9f:5f:77:78:4f:cd:e0:
                    bd:de:8c:d1:3b:ee:8b:ed:2d:6a:17:a5:b9:53:5d:
                    f4:31:58:fc:d7:91:8f:29:87:d2:5d:6b:a4:6a:42:
                    a1:96:5f:c0:cc:d2:44:c7:86:8f:45:5e:2a:77:62:
                    28:68:04:8b:fe:66:31:d1:40:50:3f:79:de:ee:77:
                    3d:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:AE:0C:41:CD:2B:3F:D7:2D:D2:46:E1:DF:0E:0E:1D:F9:D4:69:F5
            X509v3 Authority Key Identifier:
                keyid:B5:43:EF:9B:C3:C2:13:23:61:C1:24:09:72:A1:80:91:2B:F7:A8:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tUPvm8PCEyNhwSQJcqGAkSv3qFk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/25e6d6-ced1-4283-8c9f-c84ccba4e607/1/BK4MQc0rP9ct0kbh3w4OHfnUafU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/25e6d6-ced1-4283-8c9f-c84ccba4e607/1/tUPvm8PCEyNhwSQJcqGAkSv3qFk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:30:07:5c:68:1d:38:f6:91:ee:d8:0c:50:89:fb:cc:6a:c9:
         51:87:17:ae:eb:26:5d:5f:5b:1d:e6:43:49:44:da:74:81:32:
         f1:b9:4c:69:f9:8a:bd:7d:90:48:cc:92:4f:9c:99:c1:43:ae:
         76:ac:7f:ea:51:42:c9:ef:6e:0c:fa:1b:5c:85:51:cd:ec:5a:
         54:aa:dd:31:78:47:ff:8d:25:6b:f1:62:5a:65:92:21:5f:c3:
         71:48:a0:a1:00:f7:92:a6:64:24:aa:c0:12:2f:64:f4:f7:9c:
         be:c5:60:0f:46:dd:4b:94:a5:a3:d8:07:28:39:aa:89:64:28:
         ea:d1:f3:69:9e:02:bb:32:de:1f:bd:15:31:0d:0d:99:fe:b6:
         10:35:6c:b5:8b:bc:ea:4a:20:12:b1:2d:bc:e0:33:56:10:44:
         06:f9:1b:ef:e2:ce:ec:4a:9a:a5:db:33:98:db:e8:9a:0d:87:
         fb:19:9f:20:35:3a:82:9e:bb:8d:d0:f4:3b:21:dd:60:17:76:
         26:f7:08:d4:2e:48:26:5e:28:b7:24:18:69:9c:65:d7:01:8e:
         d0:b4:5b:ff:b8:e3:4b:ba:f7:07:ac:cc:37:03:12:68:fc:f2:
         0c:3e:1a:27:9b:43:5e:0d:5e:f8:72:f1:34:2c:ed:9b:64:39:
         6f:26:2c:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlVdavNzhPi/eORZuau1/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NDNlZjliYzNjMjEzMjM2MWMxMjQwOTcyYTE4MDkxMmJm
N2E4NTkwHhcNMjQwMTAyMDAzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGFlMGM0MWNkMmIzZmQ3MmRkMjQ2ZTFkZjBlMGUxZGY5ZDQ2OWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApr4jJAZr3jIXQoR8ZRqbO6xU6HJf
BxzHAG9kjQkRTil2Yj6sxxg7wnSrgR3CPTPObusXaxEyT08YoMYJZKB/HcA1Ltqb
NBzeHBN78pe3M68RyALOctI0SVdyHlY/JDhwLEokns+0Ud+eUTpXbzdl9gxGc1de
dt3LSGeVXxO/c7g2XgEzs16mnwwhEcvuh02yYPX/ohI8iEN6wYYgiLYCBBa3YwHj
kGn0Q2iYDmEt6hCE58Td/5VP83Q2I59fd3hPzeC93ozRO+6L7S1qF6W5U130MVj8
15GPKYfSXWukakKhll/AzNJEx4aPRV4qd2IoaASL/mYx0UBQP3ne7nc9TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFASuDEHNKz/XLdJG4d8ODh351Gn1MB8GA1UdIwQY
MBaAFLVD75vDwhMjYcEkCXKhgJEr96hZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFVQdm04UENFeU5od1NRSmNxR0FrU3YzcUZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC8yNWU2ZDYtY2VkMS00MjgzLThjOWYt
Yzg0Y2NiYTRlNjA3LzEvQks0TVFjMHJQOWN0MGtiaDN3NE9IZm5VYWZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC8yNWU2ZDYtY2VkMS00MjgzLThjOWYtYzg0Y2NiYTRlNjA3
LzEvdFVQdm04UENFeU5od1NRSmNxR0FrU3YzcUZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8fkMA0G
CSqGSIb3DQEBCwUAA4IBAQCIMAdcaB049pHu2AxQifvMaslRhxeu6yZdX1sd5kNJ
RNp0gTLxuUxp+Yq9fZBIzJJPnJnBQ652rH/qUULJ724M+htchVHN7FpUqt0xeEf/
jSVr8WJaZZIhX8NxSKChAPeSpmQkqsASL2T095y+xWAPRt1LlKWj2AcoOaqJZCjq
0fNpngK7Mt4fvRUxDQ2Z/rYQNWy1i7zqSiASsS284DNWEEQG+Rvv4s7sSpql2zOY
2+iaDYf7GZ8gNTqCnruN0PQ7Id1gF3Ym9wjULkgmXii3JBhpnGXXAY7QtFv/uONL
uvcHrMw3AxJo/PIMPhonm0NeDV74cvE0LO2bZDlvJiyH
-----END CERTIFICATE-----