Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/e5b301-0c33-48b4-847b-e98ee2381146/1/834msg5O_RtW-sVj3aGoyEa6bfw.roa
File:                     834msg5O_RtW-sVj3aGoyEa6bfw.roa (raw, json)
Hash identifier:          0hbsa2QzJYptsWTCUQYn3DSvT1S3e6iKCu9oXax0NGw=
Subject key identifier:   F3:7E:26:B2:0E:4E:FD:1B:56:FA:C5:63:DD:A1:A8:C8:46:BA:6D:FC
Certificate issuer:       /CN=91cd4c6c1260fc9a7c894bf6abe77a6eecfec06e
Certificate serial:       018CC8DE73D7CF806B4933CB091A00F8E372
Authority key identifier: 91:CD:4C:6C:12:60:FC:9A:7C:89:4B:F6:AB:E7:7A:6E:EC:FE:C0:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kc1MbBJg_Jp8iUv2q-d6buz-wG4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/e5b301-0c33-48b4-847b-e98ee2381146/1/834msg5O_RtW-sVj3aGoyEa6bfw.roa
Signing time:             Tue 02 Jan 2024 06:31:10 +0000
ROA not before:           Tue 02 Jan 2024 06:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59740
IP address blocks:        185.58.252.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/e5b301-0c33-48b4-847b-e98ee2381146/1/kc1MbBJg_Jp8iUv2q-d6buz-wG4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/e5b301-0c33-48b4-847b-e98ee2381146/1/kc1MbBJg_Jp8iUv2q-d6buz-wG4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kc1MbBJg_Jp8iUv2q-d6buz-wG4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:73:d7:cf:80:6b:49:33:cb:09:1a:00:f8:e3:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91cd4c6c1260fc9a7c894bf6abe77a6eecfec06e
        Validity
            Not Before: Jan  2 06:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f37e26b20e4efd1b56fac563dda1a8c846ba6dfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:47:4c:40:ba:d6:92:75:43:ea:93:1b:06:00:
                    06:82:c8:0a:14:ec:3c:ef:1a:c7:0b:74:a8:34:b5:
                    18:87:ad:8c:5a:71:7d:87:e5:58:41:5f:55:28:4e:
                    2c:37:69:83:d8:35:d0:cd:c1:32:57:06:f4:3c:d7:
                    39:ab:57:26:df:66:15:06:97:a7:69:b1:89:f6:12:
                    1e:4a:c9:ec:e6:db:aa:8b:ae:af:e8:da:0b:5a:e5:
                    56:af:1f:0f:e7:10:70:e0:18:c0:46:88:48:4d:36:
                    f3:a9:04:c6:b1:f2:81:9b:4f:6d:67:f9:42:f9:ba:
                    71:2f:65:87:0e:2b:bb:b1:fa:a2:a5:6c:f8:eb:58:
                    51:77:7c:8d:29:43:d4:13:cf:4a:80:7f:fe:c7:bb:
                    1a:0e:31:a9:41:75:8d:0d:4a:9a:5b:fe:a9:55:a7:
                    7b:a8:c4:0d:58:c4:17:1c:47:3a:bc:50:45:f5:a6:
                    26:14:ad:7c:47:00:6f:f1:f3:ad:92:3e:74:94:d7:
                    7b:85:ab:9a:ce:d8:db:27:79:b9:5d:59:ce:0c:ad:
                    78:a4:4f:9e:5a:ef:97:03:c6:dc:f5:46:7e:0d:46:
                    af:9c:87:c9:9d:3d:7c:ce:75:69:1c:d0:e0:d0:25:
                    9a:73:0f:ed:1b:7d:fd:b0:72:6a:9c:8f:83:94:46:
                    7f:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:7E:26:B2:0E:4E:FD:1B:56:FA:C5:63:DD:A1:A8:C8:46:BA:6D:FC
            X509v3 Authority Key Identifier:
                keyid:91:CD:4C:6C:12:60:FC:9A:7C:89:4B:F6:AB:E7:7A:6E:EC:FE:C0:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kc1MbBJg_Jp8iUv2q-d6buz-wG4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/e5b301-0c33-48b4-847b-e98ee2381146/1/834msg5O_RtW-sVj3aGoyEa6bfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/e5b301-0c33-48b4-847b-e98ee2381146/1/kc1MbBJg_Jp8iUv2q-d6buz-wG4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.58.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c8:3b:5a:e0:14:4a:9c:46:0f:aa:5e:04:96:ce:ab:11:23:8a:
         b0:9c:28:86:4f:a5:78:a7:e0:57:36:56:2b:11:56:e5:92:bc:
         9f:76:81:a0:84:8d:89:78:8f:66:16:9b:0a:fe:57:a4:81:be:
         45:6c:46:ee:6f:6b:fc:f4:86:80:90:6d:69:5a:32:9a:64:a6:
         f2:26:e7:e1:43:b7:95:38:7f:29:e7:7e:9a:ab:cb:2d:d1:dd:
         e2:de:8b:73:1c:06:79:18:e1:fd:35:08:d9:4b:20:f7:c5:29:
         0f:58:b6:65:2a:f8:02:88:4d:50:28:05:b2:42:1e:1f:0d:c1:
         50:7b:59:f9:7a:d1:57:b1:c9:52:1f:17:52:62:8b:4e:11:30:
         e4:16:46:a2:8e:d3:a1:1c:87:63:62:a7:43:53:ec:c1:1b:43:
         f6:b3:6b:0f:c9:11:2a:88:d6:2e:fc:07:c0:fc:4f:da:bb:c2:
         a5:71:ed:fe:ea:b6:aa:82:6a:c1:61:0f:3f:83:6d:47:22:e0:
         58:d6:a9:ac:c5:7d:29:5c:c6:3e:cf:0d:a8:70:97:13:e4:0b:
         d2:e0:00:5d:82:3a:cd:db:e2:da:db:f7:b1:74:0c:b2:a9:29:
         b6:d0:10:60:ef:a8:0c:44:0f:3a:f5:08:80:c2:5f:4c:62:df:
         1e:7e:3c:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3nPXz4BrSTPLCRoA+ONyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxY2Q0YzZjMTI2MGZjOWE3Yzg5NGJmNmFiZTc3YTZlZWNm
ZWMwNmUwHhcNMjQwMTAyMDYzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzdlMjZiMjBlNGVmZDFiNTZmYWM1NjNkZGExYThjODQ2YmE2ZGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUdMQLrWknVD6pMbBgAGgsgKFOw8
7xrHC3SoNLUYh62MWnF9h+VYQV9VKE4sN2mD2DXQzcEyVwb0PNc5q1cm32YVBpen
abGJ9hIeSsns5tuqi66v6NoLWuVWrx8P5xBw4BjARohITTbzqQTGsfKBm09tZ/lC
+bpxL2WHDiu7sfqipWz461hRd3yNKUPUE89KgH/+x7saDjGpQXWNDUqaW/6pVad7
qMQNWMQXHEc6vFBF9aYmFK18RwBv8fOtkj50lNd7hauaztjbJ3m5XVnODK14pE+e
Wu+XA8bc9UZ+DUavnIfJnT18znVpHNDg0CWacw/tG339sHJqnI+DlEZ/OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPN+JrIOTv0bVvrFY92hqMhGum38MB8GA1UdIwQY
MBaAFJHNTGwSYPyafIlL9qvnem7s/sBuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2MxTWJCSmdfSnA4aVV2MnEtZDZidXotd0c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9lNWIzMDEtMGMzMy00OGI0LTg0N2It
ZTk4ZWUyMzgxMTQ2LzEvODM0bXNnNU9fUnRXLXNWajNhR295RWE2YmZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9lNWIzMDEtMGMzMy00OGI0LTg0N2ItZTk4ZWUyMzgxMTQ2
LzEva2MxTWJCSmdfSnA4aVV2MnEtZDZidXotd0c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTr8MA0G
CSqGSIb3DQEBCwUAA4IBAQDIO1rgFEqcRg+qXgSWzqsRI4qwnCiGT6V4p+BXNlYr
EVblkryfdoGghI2JeI9mFpsK/lekgb5FbEbub2v89IaAkG1pWjKaZKbyJufhQ7eV
OH8p536aq8st0d3i3otzHAZ5GOH9NQjZSyD3xSkPWLZlKvgCiE1QKAWyQh4fDcFQ
e1n5etFXsclSHxdSYotOETDkFkaijtOhHIdjYqdDU+zBG0P2s2sPyREqiNYu/AfA
/E/au8Klce3+6raqgmrBYQ8/g21HIuBY1qmsxX0pXMY+zw2ocJcT5AvS4ABdgjrN
2+La2/exdAyyqSm20BBg76gMRA869QiAwl9MYt8efjzi
-----END CERTIFICATE-----