Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/4cc0a8-ec44-49dd-a3e2-2926fc5f61b7/1/mX4UyaDHEu_Yz_DNN-gMYgseEZM.roa
File:                     mX4UyaDHEu_Yz_DNN-gMYgseEZM.roa (raw, json)
Hash identifier:          yCd3Yu2QCwM8guGeye9CaM7s+WzKA7Tpit/vK58fCvk=
Subject key identifier:   99:7E:14:C9:A0:C7:12:EF:D8:CF:F0:CD:37:E8:0C:62:0B:1E:11:93
Certificate issuer:       /CN=626aa89132d2a684d8d2a1a3f7e40f2234636f38
Certificate serial:       018CC9BCFB5434B4FD993A7015D670E20880
Authority key identifier: 62:6A:A8:91:32:D2:A6:84:D8:D2:A1:A3:F7:E4:0F:22:34:63:6F:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YmqokTLSpoTY0qGj9-QPIjRjbzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/4cc0a8-ec44-49dd-a3e2-2926fc5f61b7/1/mX4UyaDHEu_Yz_DNN-gMYgseEZM.roa
Signing time:             Tue 02 Jan 2024 10:34:14 +0000
ROA not before:           Tue 02 Jan 2024 10:34:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51793
IP address blocks:        91.221.78.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/4cc0a8-ec44-49dd-a3e2-2926fc5f61b7/1/YmqokTLSpoTY0qGj9-QPIjRjbzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/4cc0a8-ec44-49dd-a3e2-2926fc5f61b7/1/YmqokTLSpoTY0qGj9-QPIjRjbzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YmqokTLSpoTY0qGj9-QPIjRjbzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 16:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:fb:54:34:b4:fd:99:3a:70:15:d6:70:e2:08:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=626aa89132d2a684d8d2a1a3f7e40f2234636f38
        Validity
            Not Before: Jan  2 10:34:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=997e14c9a0c712efd8cff0cd37e80c620b1e1193
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:df:da:9a:0a:a0:3d:a1:73:a4:0a:98:ca:6b:
                    77:10:bb:b7:55:c4:a9:d6:79:1c:15:a7:6f:de:a7:
                    ee:70:e5:17:e1:3f:6f:59:c0:45:17:80:8a:58:05:
                    85:2e:7e:da:f7:ce:63:cf:be:9f:de:db:50:ea:b5:
                    5b:95:ea:ed:a2:05:c1:a0:63:31:62:a5:e4:c5:19:
                    dd:e8:eb:27:c5:c9:c7:04:a2:82:50:8b:42:ba:10:
                    c7:32:f5:c9:d5:d3:ff:8b:dc:4f:5b:7b:13:ad:fb:
                    68:a4:18:4a:2b:7e:00:13:b9:60:49:0e:50:f4:84:
                    2a:d0:91:e6:64:36:bd:0e:6f:3b:0f:7e:5b:3f:b1:
                    c3:e6:93:c2:58:ec:8d:5c:f0:cc:34:de:fe:78:05:
                    31:78:c3:34:93:db:69:d9:18:79:5f:c5:d0:ec:97:
                    96:e5:7d:b3:00:7f:13:d9:64:93:e6:da:c6:f3:fd:
                    f1:9a:22:e1:2c:f7:79:e1:50:4e:49:8b:36:ec:eb:
                    99:95:53:20:7b:dd:ef:44:9c:75:e7:73:c0:af:57:
                    a8:c7:ec:83:f5:ae:ad:4a:67:10:b4:aa:44:21:9b:
                    3d:69:81:e0:76:36:57:26:37:82:91:03:6c:fa:dd:
                    d9:a7:ae:07:d6:6f:e7:b5:c5:2d:93:86:b5:59:d8:
                    8a:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:7E:14:C9:A0:C7:12:EF:D8:CF:F0:CD:37:E8:0C:62:0B:1E:11:93
            X509v3 Authority Key Identifier:
                keyid:62:6A:A8:91:32:D2:A6:84:D8:D2:A1:A3:F7:E4:0F:22:34:63:6F:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YmqokTLSpoTY0qGj9-QPIjRjbzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/4cc0a8-ec44-49dd-a3e2-2926fc5f61b7/1/mX4UyaDHEu_Yz_DNN-gMYgseEZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/4cc0a8-ec44-49dd-a3e2-2926fc5f61b7/1/YmqokTLSpoTY0qGj9-QPIjRjbzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:42:a9:aa:dd:49:28:8f:de:f4:2a:00:1d:7d:60:36:55:3e:
         db:95:2e:fe:77:00:e1:4b:a2:7a:5c:22:60:99:13:fb:0b:c3:
         4a:61:3b:4a:01:48:16:09:68:ba:17:38:fa:76:33:40:21:6a:
         5d:cc:06:f2:56:7a:f8:84:de:7b:2e:7c:a5:aa:5c:2e:98:04:
         e4:82:e3:1f:88:d1:61:6b:42:42:65:71:d3:56:58:83:2a:ff:
         e4:4c:0b:2c:e6:9f:cc:0d:69:65:96:16:98:5a:0a:d2:f0:7d:
         e1:bd:37:0b:60:3a:da:43:13:2c:a9:ea:02:8e:86:38:c7:65:
         c2:30:6f:1a:d8:26:7c:0a:c9:d1:ab:a2:38:5f:bd:ff:38:a4:
         24:4d:7f:9b:c4:52:56:2a:14:bc:0b:da:03:91:54:75:fb:34:
         16:1d:75:d8:6e:26:98:c6:a5:42:f4:dd:fb:47:b9:e2:64:f4:
         e4:43:d2:7d:4d:07:82:b7:16:07:8b:06:9b:fb:44:ae:aa:73:
         7f:8a:59:2d:06:ac:5f:37:71:a4:66:5a:c8:16:2a:f5:63:30:
         c3:39:20:05:bf:84:35:a5:19:35:85:5d:a1:bb:ac:d0:85:60:
         69:24:87:bc:57:7a:1f:d4:43:f7:a4:7b:49:fb:b6:86:1d:7e:
         9c:28:6a:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvPtUNLT9mTpwFdZw4giAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmFhODkxMzJkMmE2ODRkOGQyYTFhM2Y3ZTQwZjIyMzQ2
MzZmMzgwHhcNMjQwMTAyMTAzNDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTdlMTRjOWEwYzcxMmVmZDhjZmYwY2QzN2U4MGM2MjBiMWUxMTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnd/amgqgPaFzpAqYymt3ELu3VcSp
1nkcFadv3qfucOUX4T9vWcBFF4CKWAWFLn7a985jz76f3ttQ6rVblertogXBoGMx
YqXkxRnd6OsnxcnHBKKCUItCuhDHMvXJ1dP/i9xPW3sTrftopBhKK34AE7lgSQ5Q
9IQq0JHmZDa9Dm87D35bP7HD5pPCWOyNXPDMNN7+eAUxeMM0k9tp2Rh5X8XQ7JeW
5X2zAH8T2WST5trG8/3xmiLhLPd54VBOSYs27OuZlVMge93vRJx153PAr1eox+yD
9a6tSmcQtKpEIZs9aYHgdjZXJjeCkQNs+t3Zp64H1m/ntcUtk4a1WdiK0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJl+FMmgxxLv2M/wzTfoDGILHhGTMB8GA1UdIwQY
MBaAFGJqqJEy0qaE2NKho/fkDyI0Y284MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1xb2tUTFNwb1RZMHFHajktUVBJalJqYnpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC80Y2MwYTgtZWM0NC00OWRkLWEzZTIt
MjkyNmZjNWY2MWI3LzEvbVg0VXlhREhFdV9Zel9ETk4tZ01ZZ3NlRVpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC80Y2MwYTgtZWM0NC00OWRkLWEzZTItMjkyNmZjNWY2MWI3
LzEvWW1xb2tUTFNwb1RZMHFHajktUVBJalJqYnpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW91OMA0G
CSqGSIb3DQEBCwUAA4IBAQAlQqmq3Ukoj970KgAdfWA2VT7blS7+dwDhS6J6XCJg
mRP7C8NKYTtKAUgWCWi6Fzj6djNAIWpdzAbyVnr4hN57LnylqlwumATkguMfiNFh
a0JCZXHTVliDKv/kTAss5p/MDWlllhaYWgrS8H3hvTcLYDraQxMsqeoCjoY4x2XC
MG8a2CZ8CsnRq6I4X73/OKQkTX+bxFJWKhS8C9oDkVR1+zQWHXXYbiaYxqVC9N37
R7niZPTkQ9J9TQeCtxYHiwab+0SuqnN/ilktBqxfN3GkZlrIFir1YzDDOSAFv4Q1
pRk1hV2hu6zQhWBpJIe8V3of1EP3pHtJ+7aGHX6cKGoo
-----END CERTIFICATE-----