Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/59cf8e-dc67-43fb-bd37-0870e659645b/1/91GDD6pxMXsrTbd4OpYWbva8MtY.roa
File:                     91GDD6pxMXsrTbd4OpYWbva8MtY.roa (raw, json)
Hash identifier:          VpfuNMsK+quWTA1/5dd2SlVq8dYI6mMWQ86V9W6Mtc4=
Subject key identifier:   F7:51:83:0F:AA:71:31:7B:2B:4D:B7:78:3A:96:16:6E:F6:BC:32:D6
Certificate issuer:       /CN=ef9d763b49e024a7b6a19eaf7dfb98911a9c94c8
Certificate serial:       018CC348B55576C55AAD073EC4E110DF9D6D
Authority key identifier: EF:9D:76:3B:49:E0:24:A7:B6:A1:9E:AF:7D:FB:98:91:1A:9C:94:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7512O0ngJKe2oZ6vffuYkRqclMg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/59cf8e-dc67-43fb-bd37-0870e659645b/1/91GDD6pxMXsrTbd4OpYWbva8MtY.roa
Signing time:             Mon 01 Jan 2024 04:29:31 +0000
ROA not before:           Mon 01 Jan 2024 04:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8860
IP address blocks:        5.182.21.0/24 maxlen: 24
                          5.182.20.0/24 maxlen: 24
                          2a0e:b800:dddd::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/59cf8e-dc67-43fb-bd37-0870e659645b/1/7512O0ngJKe2oZ6vffuYkRqclMg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/59cf8e-dc67-43fb-bd37-0870e659645b/1/7512O0ngJKe2oZ6vffuYkRqclMg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7512O0ngJKe2oZ6vffuYkRqclMg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:b5:55:76:c5:5a:ad:07:3e:c4:e1:10:df:9d:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef9d763b49e024a7b6a19eaf7dfb98911a9c94c8
        Validity
            Not Before: Jan  1 04:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f751830faa71317b2b4db7783a96166ef6bc32d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:b8:35:a0:99:f0:bf:38:d8:73:e3:05:95:e1:
                    9a:3e:de:a9:79:29:d1:8a:e1:99:0f:54:3f:83:87:
                    2e:64:d2:85:d0:7f:8c:a9:f3:26:ed:3d:00:ce:b0:
                    63:3d:39:56:61:a1:b4:4c:6a:4c:db:da:2e:1d:60:
                    bc:45:f8:a0:50:0d:3f:1e:53:76:6c:09:6c:60:38:
                    d9:d0:5c:51:a1:2c:61:42:34:4a:f3:cc:c9:2b:fa:
                    2f:5e:32:e3:64:4b:8a:94:8e:d1:44:36:73:e9:65:
                    34:bb:57:61:4a:38:57:da:27:2f:7a:14:b4:ce:62:
                    8c:d5:5d:6a:25:a1:b1:d4:82:91:61:16:68:79:d5:
                    42:5d:8a:2d:5a:3c:96:35:1e:17:a7:e3:c6:38:ff:
                    41:48:48:f3:8a:58:0a:b3:a8:70:d5:5f:28:08:63:
                    a3:ec:94:04:65:0e:b2:f0:69:70:4c:05:5c:96:ff:
                    56:50:17:96:f7:c9:dc:76:f5:d6:b1:a5:31:c6:87:
                    04:77:be:73:69:38:b7:69:89:65:bc:67:5f:9c:cd:
                    e4:d9:0e:b8:d4:8e:16:81:b2:00:23:60:2c:43:fd:
                    2a:29:8d:a2:9c:95:4e:01:b3:e1:de:8f:52:0d:3c:
                    53:9e:35:53:b0:22:2c:9e:56:c0:48:f2:55:a9:b9:
                    e1:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:51:83:0F:AA:71:31:7B:2B:4D:B7:78:3A:96:16:6E:F6:BC:32:D6
            X509v3 Authority Key Identifier:
                keyid:EF:9D:76:3B:49:E0:24:A7:B6:A1:9E:AF:7D:FB:98:91:1A:9C:94:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7512O0ngJKe2oZ6vffuYkRqclMg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/59cf8e-dc67-43fb-bd37-0870e659645b/1/91GDD6pxMXsrTbd4OpYWbva8MtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/59cf8e-dc67-43fb-bd37-0870e659645b/1/7512O0ngJKe2oZ6vffuYkRqclMg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.20.0/23
                IPv6:
                  2a0e:b800:dddd::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:d8:75:d5:93:2a:6e:2d:20:52:bf:0c:d2:42:d5:ff:6f:6d:
         a1:bb:7f:4a:af:1a:59:8e:47:7a:9d:0b:99:9f:34:8f:d2:e4:
         66:f3:c9:0a:f7:20:c3:5b:58:bb:8f:46:25:34:92:3b:ca:bf:
         5c:12:99:3f:a7:f7:fb:6a:0b:b8:f2:98:d6:9b:06:6e:5f:c5:
         72:d1:66:3a:d3:47:ec:ec:46:47:55:b1:ab:a8:5e:95:60:0b:
         2f:fe:31:6b:81:31:cc:dc:c6:5d:44:6a:f4:e8:86:61:a1:eb:
         b4:20:88:c2:04:78:a0:d5:ba:fa:d6:a5:38:7e:94:e7:04:1c:
         7e:23:8d:59:8d:dc:9b:c8:66:51:3e:12:f3:0f:c9:f1:53:16:
         74:5f:1b:0e:56:83:8c:13:06:9a:7e:9d:37:da:b6:e2:0e:63:
         1c:1b:1c:cf:76:03:b5:3c:9a:38:71:79:5c:4e:90:b6:57:38:
         fc:36:68:eb:63:1b:b8:42:05:4b:23:3e:89:e3:90:af:42:1a:
         8a:2e:9c:0b:b3:f1:fc:66:ba:50:4b:cf:71:63:a6:4b:05:18:
         45:03:bf:2d:ab:e4:38:c1:8f:e5:38:c3:ae:e0:2c:f4:b9:6a:
         d8:ee:df:52:49:f6:e1:20:da:88:8b:2a:08:8a:3d:07:c8:4c:
         37:10:76:a3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDSLVVdsVarQc+xOEQ351tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmOWQ3NjNiNDllMDI0YTdiNmExOWVhZjdkZmI5ODkxMWE5
Yzk0YzgwHhcNMjQwMTAxMDQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzUxODMwZmFhNzEzMTdiMmI0ZGI3NzgzYTk2MTY2ZWY2YmMzMmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobg1oJnwvzjYc+MFleGaPt6peSnR
iuGZD1Q/g4cuZNKF0H+MqfMm7T0AzrBjPTlWYaG0TGpM29ouHWC8RfigUA0/HlN2
bAlsYDjZ0FxRoSxhQjRK88zJK/ovXjLjZEuKlI7RRDZz6WU0u1dhSjhX2icvehS0
zmKM1V1qJaGx1IKRYRZoedVCXYotWjyWNR4Xp+PGOP9BSEjzilgKs6hw1V8oCGOj
7JQEZQ6y8GlwTAVclv9WUBeW98ncdvXWsaUxxocEd75zaTi3aYllvGdfnM3k2Q64
1I4WgbIAI2AsQ/0qKY2inJVOAbPh3o9SDTxTnjVTsCIsnlbASPJVqbnhRQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPdRgw+qcTF7K023eDqWFm72vDLWMB8GA1UdIwQY
MBaAFO+ddjtJ4CSntqGer337mJEanJTIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzUxMk8wbmdKS2Uyb1o2dmZmdVlrUnFjbE1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS81OWNmOGUtZGM2Ny00M2ZiLWJkMzct
MDg3MGU2NTk2NDViLzEvOTFHREQ2cHhNWHNyVGJkNE9wWVdidmE4TXRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS81OWNmOGUtZGM2Ny00M2ZiLWJkMzctMDg3MGU2NTk2NDVi
LzEvNzUxMk8wbmdKS2Uyb1o2dmZmdVlrUnFjbE1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBBbYUMA8E
AgACMAkDBwAqDrgA3d0wDQYJKoZIhvcNAQELBQADggEBACHYddWTKm4tIFK/DNJC
1f9vbaG7f0qvGlmOR3qdC5mfNI/S5GbzyQr3IMNbWLuPRiU0kjvKv1wSmT+n9/tq
C7jymNabBm5fxXLRZjrTR+zsRkdVsauoXpVgCy/+MWuBMczcxl1EavTohmGh67Qg
iMIEeKDVuvrWpTh+lOcEHH4jjVmN3JvIZlE+EvMPyfFTFnRfGw5Wg4wTBpp+nTfa
tuIOYxwbHM92A7U8mjhxeVxOkLZXOPw2aOtjG7hCBUsjPonjkK9CGoounAuz8fxm
ulBLz3FjpksFGEUDvy2r5DjBj+U4w67gLPS5atju31JJ9uEg2oiLKgiKPQfITDcQ
dqM=
-----END CERTIFICATE-----