Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/ac38c4-4b83-40b7-8d0e-7ceabce34e0d/1/gMtglEWvMubaTDKcQPymc-H-pE4.roa
File:                     gMtglEWvMubaTDKcQPymc-H-pE4.roa (raw, json)
Hash identifier:          1C7pOGbfYU6irujavRVMq3AhYVQgg3Vpthm6lE6crAY=
Subject key identifier:   80:CB:60:94:45:AF:32:E6:DA:4C:32:9C:40:FC:A6:73:E1:FE:A4:4E
Certificate issuer:       /CN=58d3e953b5fe17a531c9cf71560748df41ff714a
Certificate serial:       018CC86F8E4A04F7F92EBC7390D29CEA4AC5
Authority key identifier: 58:D3:E9:53:B5:FE:17:A5:31:C9:CF:71:56:07:48:DF:41:FF:71:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WNPpU7X-F6Uxyc9xVgdI30H_cUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/ac38c4-4b83-40b7-8d0e-7ceabce34e0d/1/gMtglEWvMubaTDKcQPymc-H-pE4.roa
Signing time:             Tue 02 Jan 2024 04:30:03 +0000
ROA not before:           Tue 02 Jan 2024 04:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56537
IP address blocks:        193.22.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/ac38c4-4b83-40b7-8d0e-7ceabce34e0d/1/WNPpU7X-F6Uxyc9xVgdI30H_cUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/ac38c4-4b83-40b7-8d0e-7ceabce34e0d/1/WNPpU7X-F6Uxyc9xVgdI30H_cUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WNPpU7X-F6Uxyc9xVgdI30H_cUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:8e:4a:04:f7:f9:2e:bc:73:90:d2:9c:ea:4a:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58d3e953b5fe17a531c9cf71560748df41ff714a
        Validity
            Not Before: Jan  2 04:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80cb609445af32e6da4c329c40fca673e1fea44e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:a8:a2:0d:87:30:58:b0:56:a6:fc:a6:81:3c:
                    17:9c:9c:11:c2:98:6f:fc:dd:8e:d5:ab:ab:70:a8:
                    0f:cd:7c:58:6c:86:19:64:3d:79:74:28:02:e2:13:
                    b6:83:6c:38:11:5f:ec:9c:bf:85:09:6e:87:7a:f5:
                    05:52:e4:45:b5:fd:9b:e6:3a:28:e3:73:a4:7f:a6:
                    88:0f:f8:81:0c:86:2a:b8:4a:70:9f:1a:b8:ab:c7:
                    28:18:ed:9f:28:88:d9:e2:7f:85:68:08:04:bf:3d:
                    38:da:92:82:f9:59:0c:a6:e9:f4:7e:30:6e:8e:2d:
                    65:75:ef:2d:90:2f:ac:0a:89:00:20:7d:3f:29:fd:
                    75:85:ce:88:c6:89:ef:38:1b:c8:b9:a7:b7:a9:46:
                    0c:3f:82:14:db:13:68:9c:45:7d:1f:5d:3d:a7:55:
                    db:0a:57:e9:11:82:47:01:ca:6d:77:8d:e2:16:4f:
                    63:a9:0b:3c:f7:ec:e6:10:dd:33:f0:9b:b0:56:89:
                    12:13:74:f1:81:0a:1a:64:f4:82:24:e8:0f:0b:7e:
                    6a:2d:e3:68:22:8a:e7:a8:9b:6d:d1:48:a8:88:96:
                    f2:1a:c0:c6:70:c6:05:b2:54:87:55:18:aa:2b:8d:
                    e1:31:04:e3:7c:4f:3a:81:72:88:d6:40:a2:20:de:
                    5f:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:CB:60:94:45:AF:32:E6:DA:4C:32:9C:40:FC:A6:73:E1:FE:A4:4E
            X509v3 Authority Key Identifier:
                keyid:58:D3:E9:53:B5:FE:17:A5:31:C9:CF:71:56:07:48:DF:41:FF:71:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WNPpU7X-F6Uxyc9xVgdI30H_cUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/ac38c4-4b83-40b7-8d0e-7ceabce34e0d/1/gMtglEWvMubaTDKcQPymc-H-pE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/ac38c4-4b83-40b7-8d0e-7ceabce34e0d/1/WNPpU7X-F6Uxyc9xVgdI30H_cUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:c2:36:a3:ed:49:69:06:2e:14:58:96:2f:3e:83:8e:a9:6d:
         e6:8b:28:92:e5:8d:5e:3a:3c:6a:42:25:e7:ff:94:7d:6f:92:
         50:a8:15:45:95:a1:c9:5b:20:37:19:52:6f:aa:64:4a:8b:46:
         33:eb:5d:cc:1a:2c:77:35:ff:1a:e3:bf:7f:88:fa:a0:be:3b:
         b7:d1:51:ae:2b:22:96:a7:81:f2:d7:9b:45:55:4c:c5:81:6b:
         9b:ec:a0:c0:ec:84:f5:58:30:c2:ad:95:61:b0:e1:18:ab:0e:
         6e:b1:9a:c8:7f:2c:ee:6c:9c:1d:2b:29:be:92:0a:78:d5:17:
         24:f1:1b:9c:fc:4a:86:6e:2d:4c:90:e9:17:75:87:2f:5d:4f:
         ae:4d:6a:9e:fb:8d:1c:03:ad:b9:1b:f2:bd:86:c8:e4:5f:b6:
         a4:b5:ef:8c:a7:cd:71:a7:2d:35:dd:1e:5d:38:10:8e:6a:30:
         be:9b:aa:48:ef:33:51:02:96:98:bd:e0:4d:b5:b5:65:bc:ec:
         aa:39:0e:a4:e9:8f:61:3e:79:ae:0d:b3:f9:36:35:16:38:f1:
         63:73:25:3b:c9:7d:c2:22:dc:19:29:c3:d6:4e:d6:11:d3:2d:
         7f:45:f0:70:46:dc:19:48:28:c8:f1:33:a8:95:b5:5a:5f:50:
         ce:34:b3:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb45KBPf5LrxzkNKc6krFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ZDNlOTUzYjVmZTE3YTUzMWM5Y2Y3MTU2MDc0OGRmNDFm
ZjcxNGEwHhcNMjQwMTAyMDQzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGNiNjA5NDQ1YWYzMmU2ZGE0YzMyOWM0MGZjYTY3M2UxZmVhNDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjKiiDYcwWLBWpvymgTwXnJwRwphv
/N2O1aurcKgPzXxYbIYZZD15dCgC4hO2g2w4EV/snL+FCW6HevUFUuRFtf2b5joo
43Okf6aID/iBDIYquEpwnxq4q8coGO2fKIjZ4n+FaAgEvz042pKC+VkMpun0fjBu
ji1lde8tkC+sCokAIH0/Kf11hc6IxonvOBvIuae3qUYMP4IU2xNonEV9H109p1Xb
ClfpEYJHAcptd43iFk9jqQs89+zmEN0z8JuwVokSE3TxgQoaZPSCJOgPC35qLeNo
IornqJtt0UioiJbyGsDGcMYFslSHVRiqK43hMQTjfE86gXKI1kCiIN5f9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIDLYJRFrzLm2kwynED8pnPh/qROMB8GA1UdIwQY
MBaAFFjT6VO1/helMcnPcVYHSN9B/3FKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV05QcFU3WC1GNlV4eWM5eFZnZEkzMEhfY1VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9hYzM4YzQtNGI4My00MGI3LThkMGUt
N2NlYWJjZTM0ZTBkLzEvZ010Z2xFV3ZNdWJhVERLY1FQeW1jLUgtcEU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9hYzM4YzQtNGI4My00MGI3LThkMGUtN2NlYWJjZTM0ZTBk
LzEvV05QcFU3WC1GNlV4eWM5eFZnZEkzMEhfY1VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRZYMA0G
CSqGSIb3DQEBCwUAA4IBAQAnwjaj7UlpBi4UWJYvPoOOqW3miyiS5Y1eOjxqQiXn
/5R9b5JQqBVFlaHJWyA3GVJvqmRKi0Yz613MGix3Nf8a479/iPqgvju30VGuKyKW
p4Hy15tFVUzFgWub7KDA7IT1WDDCrZVhsOEYqw5usZrIfyzubJwdKym+kgp41Rck
8Ruc/EqGbi1MkOkXdYcvXU+uTWqe+40cA625G/K9hsjkX7akte+Mp81xpy013R5d
OBCOajC+m6pI7zNRApaYveBNtbVlvOyqOQ6k6Y9hPnmuDbP5NjUWOPFjcyU7yX3C
ItwZKcPWTtYR0y1/RfBwRtwZSCjI8TOolbVaX1DONLOa
-----END CERTIFICATE-----