Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/4e3cc2-1a33-495a-999f-d7a684a57b19/1/B2Re_Ve9Dah9y9HH9_FoO-sh9SM.roa
File:                     B2Re_Ve9Dah9y9HH9_FoO-sh9SM.roa (raw, json)
Hash identifier:          /JfSf9AnD0vvJlhJn4fd9mkbKh0HL80sOXqwtr8ubFU=
Subject key identifier:   07:64:5E:FD:57:BD:0D:A8:7D:CB:D1:C7:F7:F1:68:3B:EB:21:F5:23
Certificate issuer:       /CN=c72a524f9b1b3801dbd7c89a160aec076b57e729
Certificate serial:       018CC50029308C0E4BB80146A8A1F37C7184
Authority key identifier: C7:2A:52:4F:9B:1B:38:01:DB:D7:C8:9A:16:0A:EC:07:6B:57:E7:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xypST5sbOAHb18iaFgrsB2tX5yk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/4e3cc2-1a33-495a-999f-d7a684a57b19/1/B2Re_Ve9Dah9y9HH9_FoO-sh9SM.roa
Signing time:             Mon 01 Jan 2024 12:29:31 +0000
ROA not before:           Mon 01 Jan 2024 12:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57562
IP address blocks:        91.205.188.0/23 maxlen: 23
                          91.205.188.0/24 maxlen: 24
                          91.205.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/4e3cc2-1a33-495a-999f-d7a684a57b19/1/xypST5sbOAHb18iaFgrsB2tX5yk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/4e3cc2-1a33-495a-999f-d7a684a57b19/1/xypST5sbOAHb18iaFgrsB2tX5yk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xypST5sbOAHb18iaFgrsB2tX5yk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:29:30:8c:0e:4b:b8:01:46:a8:a1:f3:7c:71:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c72a524f9b1b3801dbd7c89a160aec076b57e729
        Validity
            Not Before: Jan  1 12:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07645efd57bd0da87dcbd1c7f7f1683beb21f523
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:12:10:ef:91:a3:9f:44:e1:c5:9e:96:64:b8:
                    02:18:86:db:4c:bf:dd:6f:cc:6e:e2:01:3a:17:72:
                    1b:2b:ea:57:41:2b:c5:fa:3d:b0:7e:57:54:d4:1f:
                    ec:b2:01:41:21:97:4d:e6:22:2a:6e:f3:0b:86:19:
                    45:49:2b:bf:ec:0d:1b:c2:92:80:25:00:8a:25:63:
                    77:1a:79:39:27:49:08:f2:f0:84:78:b1:0d:95:15:
                    80:d0:e7:aa:1a:a8:ae:cc:f1:a0:e1:4d:02:0f:b2:
                    74:28:e5:26:27:3a:b1:0f:e2:ba:ff:90:75:56:d1:
                    e8:8b:32:8d:06:c7:4a:eb:14:c9:76:87:65:6a:c3:
                    a6:05:54:26:fb:bf:d5:c1:8e:da:eb:6b:aa:ca:f7:
                    97:22:ad:ea:2a:55:cb:ca:4d:24:7e:04:45:71:16:
                    03:87:ef:0e:d3:28:10:c0:dd:dc:db:83:74:96:79:
                    2c:30:58:67:70:5b:67:27:ab:d7:da:71:2f:33:89:
                    46:b1:91:5a:da:3d:48:4d:45:6f:a4:90:5d:84:ef:
                    ff:d4:fa:96:dc:d4:f3:38:09:fd:c1:a7:64:13:b2:
                    54:27:7c:f5:11:5c:ec:6e:54:88:9d:b8:2d:72:10:
                    1c:2d:a1:25:bb:3e:69:58:52:79:a5:44:fa:13:d7:
                    61:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:64:5E:FD:57:BD:0D:A8:7D:CB:D1:C7:F7:F1:68:3B:EB:21:F5:23
            X509v3 Authority Key Identifier:
                keyid:C7:2A:52:4F:9B:1B:38:01:DB:D7:C8:9A:16:0A:EC:07:6B:57:E7:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xypST5sbOAHb18iaFgrsB2tX5yk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/4e3cc2-1a33-495a-999f-d7a684a57b19/1/B2Re_Ve9Dah9y9HH9_FoO-sh9SM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/4e3cc2-1a33-495a-999f-d7a684a57b19/1/xypST5sbOAHb18iaFgrsB2tX5yk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.188.0/23

    Signature Algorithm: sha256WithRSAEncryption
         35:df:ee:00:e0:81:76:de:03:35:0e:7e:03:90:cf:ce:cc:21:
         7e:8f:09:98:b0:e3:62:ca:fa:aa:d8:f9:8c:08:dd:ab:df:41:
         de:1c:96:ce:be:22:84:81:3b:62:d2:ad:79:02:08:45:df:11:
         1f:5a:46:51:fa:45:20:ba:e6:44:9d:a0:61:2a:26:ce:ec:4a:
         9a:92:40:5d:dd:ed:d4:eb:52:30:ad:b7:a3:2a:ab:9f:f9:1c:
         fb:ad:e7:54:fd:d9:61:21:56:8a:4d:e1:af:d5:91:46:7f:d2:
         5a:8b:ce:e2:56:d5:e8:48:5a:3c:f6:0c:b7:fc:a1:94:ff:66:
         b3:b5:79:b1:f1:9e:a4:1f:24:fb:34:76:69:3e:db:44:23:83:
         6e:27:41:f4:bf:df:5d:c0:fd:e1:eb:96:f5:74:78:99:b4:98:
         ae:78:4b:09:38:f2:39:57:18:e5:2e:86:ec:6a:6d:26:e0:0a:
         41:af:b1:36:db:7d:83:e9:18:e8:07:19:12:30:7f:3c:0b:a2:
         07:d2:9f:d3:d8:47:c1:44:c1:76:98:30:0b:99:07:a0:16:7f:
         69:c3:df:be:6d:4e:f9:a3:26:08:ae:9b:8a:1a:c7:64:8e:52:
         cc:bf:f0:6d:ad:6e:06:b5:71:b9:0b:35:53:14:76:cd:df:08:
         c2:59:50:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFACkwjA5LuAFGqKHzfHGEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3MmE1MjRmOWIxYjM4MDFkYmQ3Yzg5YTE2MGFlYzA3NmI1
N2U3MjkwHhcNMjQwMTAxMTIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzY0NWVmZDU3YmQwZGE4N2RjYmQxYzdmN2YxNjgzYmViMjFmNTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBIQ75Gjn0ThxZ6WZLgCGIbbTL/d
b8xu4gE6F3IbK+pXQSvF+j2wfldU1B/ssgFBIZdN5iIqbvMLhhlFSSu/7A0bwpKA
JQCKJWN3Gnk5J0kI8vCEeLENlRWA0OeqGqiuzPGg4U0CD7J0KOUmJzqxD+K6/5B1
VtHoizKNBsdK6xTJdodlasOmBVQm+7/VwY7a62uqyveXIq3qKlXLyk0kfgRFcRYD
h+8O0ygQwN3c24N0lnksMFhncFtnJ6vX2nEvM4lGsZFa2j1ITUVvpJBdhO//1PqW
3NTzOAn9wadkE7JUJ3z1EVzsblSInbgtchAcLaEluz5pWFJ5pUT6E9dhmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAdkXv1XvQ2ofcvRx/fxaDvrIfUjMB8GA1UdIwQY
MBaAFMcqUk+bGzgB29fImhYK7AdrV+cpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHlwU1Q1c2JPQUhiMThpYUZncnNCMnRYNXlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My80ZTNjYzItMWEzMy00OTVhLTk5OWYt
ZDdhNjg0YTU3YjE5LzEvQjJSZV9WZTlEYWg5eTlISDlfRm9PLXNoOVNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My80ZTNjYzItMWEzMy00OTVhLTk5OWYtZDdhNjg0YTU3YjE5
LzEveHlwU1Q1c2JPQUhiMThpYUZncnNCMnRYNXlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW828MA0G
CSqGSIb3DQEBCwUAA4IBAQA13+4A4IF23gM1Dn4DkM/OzCF+jwmYsONiyvqq2PmM
CN2r30HeHJbOviKEgTti0q15AghF3xEfWkZR+kUguuZEnaBhKibO7EqakkBd3e3U
61IwrbejKquf+Rz7redU/dlhIVaKTeGv1ZFGf9Jai87iVtXoSFo89gy3/KGU/2az
tXmx8Z6kHyT7NHZpPttEI4NuJ0H0v99dwP3h65b1dHiZtJiueEsJOPI5VxjlLobs
am0m4ApBr7E2232D6RjoBxkSMH88C6IH0p/T2EfBRMF2mDALmQegFn9pw9++bU75
oyYIrpuKGsdkjlLMv/BtrW4GtXG5CzVTFHbN3wjCWVDW
-----END CERTIFICATE-----