Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/f0767c-b019-463c-a0b1-8d4bfd0aace8/1/pP3tjTRH6WZgkKGsdcRS59zhg0w.roa
File:                     pP3tjTRH6WZgkKGsdcRS59zhg0w.roa (raw, json)
Hash identifier:          6v/xRdq1hxrLXSZGVZsQvyYTje+p7pFtXe5qBPJx8Nw=
Subject key identifier:   A4:FD:ED:8D:34:47:E9:66:60:90:A1:AC:75:C4:52:E7:DC:E1:83:4C
Certificate issuer:       /CN=925cecefe522817405d26fc92bb5104ac90cfdc5
Certificate serial:       018CC5DC1C2ECAB6783C8BA0CB7DC302DDBF
Authority key identifier: 92:5C:EC:EF:E5:22:81:74:05:D2:6F:C9:2B:B5:10:4A:C9:0C:FD:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/klzs7-UigXQF0m_JK7UQSskM_cU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/f0767c-b019-463c-a0b1-8d4bfd0aace8/1/pP3tjTRH6WZgkKGsdcRS59zhg0w.roa
Signing time:             Mon 01 Jan 2024 16:29:45 +0000
ROA not before:           Mon 01 Jan 2024 16:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39793
IP address blocks:        91.229.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/f0767c-b019-463c-a0b1-8d4bfd0aace8/1/klzs7-UigXQF0m_JK7UQSskM_cU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/f0767c-b019-463c-a0b1-8d4bfd0aace8/1/klzs7-UigXQF0m_JK7UQSskM_cU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/klzs7-UigXQF0m_JK7UQSskM_cU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:1c:2e:ca:b6:78:3c:8b:a0:cb:7d:c3:02:dd:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=925cecefe522817405d26fc92bb5104ac90cfdc5
        Validity
            Not Before: Jan  1 16:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4fded8d3447e9666090a1ac75c452e7dce1834c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:72:34:7f:11:5a:83:8f:7b:a8:38:4f:25:2f:
                    ba:b7:4e:e6:24:15:68:e3:1c:7a:e5:e1:8e:7a:a6:
                    84:84:76:88:68:99:94:67:e8:de:75:3b:36:7a:3b:
                    3c:15:ee:8f:8a:64:5b:81:8c:26:76:34:d0:37:77:
                    18:ae:2c:5f:1c:b9:b0:fc:66:b9:63:3c:12:b9:2e:
                    78:35:27:3c:82:92:0a:7d:ce:f0:9d:b5:dd:a3:30:
                    32:39:e5:17:85:43:11:49:18:77:de:4f:a5:72:a1:
                    94:4a:cc:61:ec:cf:d4:8e:74:09:0c:d4:70:41:06:
                    63:33:f3:6e:df:30:86:a1:a9:d0:c1:5c:e4:81:05:
                    42:33:ee:8f:8e:2c:95:b3:b7:87:83:94:57:33:49:
                    f2:3d:f0:39:d9:c3:80:55:24:2d:c0:fa:42:2d:5b:
                    69:e6:d1:13:e0:ea:92:76:6f:f2:41:8f:72:fd:5f:
                    96:ab:00:11:0b:26:6f:46:ba:f5:ed:dd:41:84:d1:
                    69:ac:3f:41:b9:2f:e7:fc:b4:81:35:d8:d6:24:4c:
                    bb:71:a7:cf:c8:b2:1f:9a:62:b1:b4:c2:01:a5:a8:
                    6c:9f:64:1e:18:51:e6:ac:e8:ff:d0:25:fe:a0:58:
                    f5:30:45:ca:b4:ed:1f:c3:2c:dd:77:fd:32:2f:da:
                    06:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:FD:ED:8D:34:47:E9:66:60:90:A1:AC:75:C4:52:E7:DC:E1:83:4C
            X509v3 Authority Key Identifier:
                keyid:92:5C:EC:EF:E5:22:81:74:05:D2:6F:C9:2B:B5:10:4A:C9:0C:FD:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/klzs7-UigXQF0m_JK7UQSskM_cU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/f0767c-b019-463c-a0b1-8d4bfd0aace8/1/pP3tjTRH6WZgkKGsdcRS59zhg0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/f0767c-b019-463c-a0b1-8d4bfd0aace8/1/klzs7-UigXQF0m_JK7UQSskM_cU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:0e:65:65:4d:3a:a6:1f:09:d4:b5:60:78:fc:80:f4:73:78:
         47:53:77:c8:e3:79:48:86:92:b2:b3:e7:01:0b:c4:a8:06:c2:
         f9:5e:6a:57:14:32:0c:8b:99:84:f4:94:7e:31:a8:8e:e9:c4:
         32:07:37:11:84:60:65:90:a5:b6:c7:59:23:ba:d7:d6:33:01:
         f8:4c:f6:27:fb:75:b0:67:fa:6b:c3:28:36:19:fc:e6:be:7e:
         fa:f4:18:cf:de:c1:e8:d7:23:da:fe:53:0f:28:9d:6c:93:5a:
         7c:f9:f4:c1:4d:b0:97:4a:9d:7d:33:dc:ed:78:54:ad:4b:98:
         11:e4:d4:ac:31:b5:01:03:dd:13:e5:aa:ea:3f:f6:bc:c0:bd:
         b0:d6:36:a7:6c:21:1e:f6:5a:c8:d1:0e:26:18:af:43:ef:50:
         e4:17:f5:74:f5:78:ca:67:8a:21:aa:66:ce:ea:aa:4d:cd:72:
         21:f8:97:a8:d9:59:5e:91:0f:b1:a3:7f:4d:5e:8b:49:c2:81:
         fc:ff:00:90:b4:25:63:3a:16:75:b0:b1:d3:14:6d:2e:09:a0:
         b8:75:d5:7d:77:a8:9e:10:60:ed:2e:69:e1:fe:98:05:f6:ea:
         e0:2c:07:f8:50:5e:c7:22:c6:8c:7f:98:a8:4e:e8:fe:e4:29:
         8d:d9:04:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3BwuyrZ4PIugy33DAt2/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNWNlY2VmZTUyMjgxNzQwNWQyNmZjOTJiYjUxMDRhYzkw
Y2ZkYzUwHhcNMjQwMTAxMTYyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGZkZWQ4ZDM0NDdlOTY2NjA5MGExYWM3NWM0NTJlN2RjZTE4MzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAinI0fxFag497qDhPJS+6t07mJBVo
4xx65eGOeqaEhHaIaJmUZ+jedTs2ejs8Fe6PimRbgYwmdjTQN3cYrixfHLmw/Ga5
YzwSuS54NSc8gpIKfc7wnbXdozAyOeUXhUMRSRh33k+lcqGUSsxh7M/UjnQJDNRw
QQZjM/Nu3zCGoanQwVzkgQVCM+6PjiyVs7eHg5RXM0nyPfA52cOAVSQtwPpCLVtp
5tET4OqSdm/yQY9y/V+WqwARCyZvRrr17d1BhNFprD9BuS/n/LSBNdjWJEy7cafP
yLIfmmKxtMIBpahsn2QeGFHmrOj/0CX+oFj1MEXKtO0fwyzdd/0yL9oGhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKT97Y00R+lmYJChrHXEUufc4YNMMB8GA1UdIwQY
MBaAFJJc7O/lIoF0BdJvySu1EErJDP3FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2x6czctVWlnWFFGMG1fSks3VVFTc2tNX2NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mMDc2N2MtYjAxOS00NjNjLWEwYjEt
OGQ0YmZkMGFhY2U4LzEvcFAzdGpUUkg2V1pna0tHc2RjUlM1OXpoZzB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mMDc2N2MtYjAxOS00NjNjLWEwYjEtOGQ0YmZkMGFhY2U4
LzEva2x6czctVWlnWFFGMG1fSks3VVFTc2tNX2NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+W5MA0G
CSqGSIb3DQEBCwUAA4IBAQB9DmVlTTqmHwnUtWB4/ID0c3hHU3fI43lIhpKys+cB
C8SoBsL5XmpXFDIMi5mE9JR+MaiO6cQyBzcRhGBlkKW2x1kjutfWMwH4TPYn+3Ww
Z/prwyg2Gfzmvn769BjP3sHo1yPa/lMPKJ1sk1p8+fTBTbCXSp19M9zteFStS5gR
5NSsMbUBA90T5arqP/a8wL2w1janbCEe9lrI0Q4mGK9D71DkF/V09XjKZ4ohqmbO
6qpNzXIh+Jeo2VlekQ+xo39NXotJwoH8/wCQtCVjOhZ1sLHTFG0uCaC4ddV9d6ie
EGDtLmnh/pgF9urgLAf4UF7HIsaMf5ioTuj+5CmN2QS2
-----END CERTIFICATE-----