Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/Is89xbRBA4C22VhXwh0VI_Y51ts.roa
File:                     Is89xbRBA4C22VhXwh0VI_Y51ts.roa (raw, json)
Hash identifier:          Mfxc07p0/VgcaCTv0/wPHD8dhzPE4bAXuyCGrvZb59g=
Subject key identifier:   22:CF:3D:C5:B4:41:03:80:B6:D9:58:57:C2:1D:15:23:F6:39:D6:DB
Certificate issuer:       /CN=ec65d31440bf75d25c606f7915c236ca614464a2
Certificate serial:       018CC26D109A71068E64EE76E7C445B2502F
Authority key identifier: EC:65:D3:14:40:BF:75:D2:5C:60:6F:79:15:C2:36:CA:61:44:64:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7GXTFEC_ddJcYG95FcI2ymFEZKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/Is89xbRBA4C22VhXwh0VI_Y51ts.roa
Signing time:             Mon 01 Jan 2024 00:29:36 +0000
ROA not before:           Mon 01 Jan 2024 00:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203086
IP address blocks:        91.150.190.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/7GXTFEC_ddJcYG95FcI2ymFEZKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/7GXTFEC_ddJcYG95FcI2ymFEZKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7GXTFEC_ddJcYG95FcI2ymFEZKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:10:9a:71:06:8e:64:ee:76:e7:c4:45:b2:50:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec65d31440bf75d25c606f7915c236ca614464a2
        Validity
            Not Before: Jan  1 00:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22cf3dc5b4410380b6d95857c21d1523f639d6db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:9b:cb:a0:4c:fb:93:2e:f7:79:c9:67:48:e4:
                    0a:2a:50:aa:4e:d2:be:07:f8:70:c3:24:d8:7a:20:
                    fe:2d:36:b9:63:f6:7b:d2:6c:60:f1:27:dd:34:a2:
                    32:28:22:3c:d2:a3:07:38:e8:80:e9:58:4c:ba:f1:
                    e0:c8:d9:3a:73:bc:a7:1d:e7:b2:19:7a:8c:6e:d5:
                    21:ec:4e:33:30:1f:c0:24:1b:89:eb:8e:07:2d:63:
                    86:d0:da:a2:b8:ac:37:1f:9b:5d:00:ae:43:80:93:
                    2a:a5:53:b7:4c:7a:a2:33:62:7e:69:9f:2e:23:99:
                    56:7f:b2:c6:7d:a2:90:f9:82:ca:2a:84:6a:60:81:
                    58:a2:10:8b:f6:26:2b:f9:e2:1a:08:89:2b:9d:73:
                    0d:eb:d2:51:0a:84:58:94:f7:15:42:4b:92:46:3a:
                    84:34:00:53:ea:f7:26:cd:11:da:e8:b1:70:7f:8c:
                    4d:0f:9f:6a:12:de:f3:4a:50:90:a6:e2:b1:d6:49:
                    22:42:fc:7d:95:4b:11:32:73:0c:35:11:1d:e3:43:
                    55:b6:be:1e:d7:5f:2e:e8:1f:19:bb:a5:e9:d2:93:
                    43:cf:97:34:d9:93:65:69:a4:d5:19:05:67:0e:46:
                    aa:ed:ce:c9:9c:08:af:94:2f:d8:06:5a:db:91:45:
                    4d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:CF:3D:C5:B4:41:03:80:B6:D9:58:57:C2:1D:15:23:F6:39:D6:DB
            X509v3 Authority Key Identifier:
                keyid:EC:65:D3:14:40:BF:75:D2:5C:60:6F:79:15:C2:36:CA:61:44:64:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7GXTFEC_ddJcYG95FcI2ymFEZKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/Is89xbRBA4C22VhXwh0VI_Y51ts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/7GXTFEC_ddJcYG95FcI2ymFEZKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.150.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:4b:b6:a3:ee:c5:f3:92:fa:17:dd:f3:48:b8:e8:b0:bf:3d:
         e7:31:e9:77:ac:6c:6e:63:dc:2e:fd:8d:75:6a:9c:1c:d9:c5:
         d1:41:fc:fb:31:0a:fa:1a:41:30:8a:ec:7e:e1:b1:5f:c0:99:
         1a:7c:90:ea:34:18:39:87:47:97:43:e6:74:a3:ca:da:94:89:
         b2:be:40:10:19:0f:d1:b9:51:f4:64:24:16:bb:a5:ac:8f:f8:
         05:a0:76:52:57:f7:e8:6e:07:f7:26:fb:68:95:38:fb:58:18:
         26:61:ec:bf:9c:a2:ae:1c:0c:ba:93:b4:71:90:8f:35:28:b5:
         71:85:fa:d7:e2:ed:a5:87:ef:ea:03:7c:49:31:49:49:cd:8b:
         56:22:1d:8f:8b:fb:bf:e5:d0:ba:6c:44:7d:1f:3b:1d:cd:9e:
         02:bc:a2:f1:ef:16:27:5d:9e:88:93:95:30:77:61:5d:f2:1c:
         89:cd:66:4a:e2:e2:a4:ed:de:21:c8:82:19:58:60:97:05:24:
         0d:4f:35:4e:41:e1:60:10:c3:79:81:bb:ce:63:a6:c3:2f:57:
         3e:a5:16:7e:b4:46:95:95:9c:72:1b:67:cf:e5:c8:cb:96:46:
         9e:12:20:53:d1:cc:4f:59:2f:8f:5e:19:2d:80:25:62:12:21:
         79:94:49:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbRCacQaOZO5258RFslAvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNjVkMzE0NDBiZjc1ZDI1YzYwNmY3OTE1YzIzNmNhNjE0
NDY0YTIwHhcNMjQwMTAxMDAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmNmM2RjNWI0NDEwMzgwYjZkOTU4NTdjMjFkMTUyM2Y2MzlkNmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJvLoEz7ky73eclnSOQKKlCqTtK+
B/hwwyTYeiD+LTa5Y/Z70mxg8SfdNKIyKCI80qMHOOiA6VhMuvHgyNk6c7ynHeey
GXqMbtUh7E4zMB/AJBuJ644HLWOG0NqiuKw3H5tdAK5DgJMqpVO3THqiM2J+aZ8u
I5lWf7LGfaKQ+YLKKoRqYIFYohCL9iYr+eIaCIkrnXMN69JRCoRYlPcVQkuSRjqE
NABT6vcmzRHa6LFwf4xND59qEt7zSlCQpuKx1kkiQvx9lUsRMnMMNREd40NVtr4e
118u6B8Zu6Xp0pNDz5c02ZNlaaTVGQVnDkaq7c7JnAivlC/YBlrbkUVNzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCLPPcW0QQOAttlYV8IdFSP2OdbbMB8GA1UdIwQY
MBaAFOxl0xRAv3XSXGBveRXCNsphRGSiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0dYVEZFQ19kZEpjWUc5NUZjSTJ5bUZFWktJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8yYTZkZjUtODIzNi00MTJkLWFkNzkt
ZTI5NTg5ZTg5NjRhLzEvSXM4OXhiUkJBNEMyMlZoWHdoMFZJX1k1MXRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8yYTZkZjUtODIzNi00MTJkLWFkNzktZTI5NTg5ZTg5NjRh
LzEvN0dYVEZFQ19kZEpjWUc5NUZjSTJ5bUZFWktJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW5a+MA0G
CSqGSIb3DQEBCwUAA4IBAQALS7aj7sXzkvoX3fNIuOiwvz3nMel3rGxuY9wu/Y11
apwc2cXRQfz7MQr6GkEwiux+4bFfwJkafJDqNBg5h0eXQ+Z0o8ralImyvkAQGQ/R
uVH0ZCQWu6Wsj/gFoHZSV/fobgf3JvtolTj7WBgmYey/nKKuHAy6k7RxkI81KLVx
hfrX4u2lh+/qA3xJMUlJzYtWIh2Pi/u/5dC6bER9HzsdzZ4CvKLx7xYnXZ6Ik5Uw
d2Fd8hyJzWZK4uKk7d4hyIIZWGCXBSQNTzVOQeFgEMN5gbvOY6bDL1c+pRZ+tEaV
lZxyG2fP5cjLlkaeEiBT0cxPWS+PXhktgCViEiF5lEnb
-----END CERTIFICATE-----