Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/775190-cb94-4063-8c1a-ad147d915791/1/e-RnjFIlCm8TZxht82B3LxYS3ac.roa
File:                     e-RnjFIlCm8TZxht82B3LxYS3ac.roa (raw, json)
Hash identifier:          ohh6LP4UqlNdOtm6OENVkdIGvrhFcseay8nWl5jLWDE=
Subject key identifier:   7B:E4:67:8C:52:25:0A:6F:13:67:18:6D:F3:60:77:2F:16:12:DD:A7
Certificate issuer:       /CN=4f8477e569d1d7d60f0469a7cc8a7f4746039bb7
Certificate serial:       018CCA2B5EBDBA78F667F2D61053BD699352
Authority key identifier: 4F:84:77:E5:69:D1:D7:D6:0F:04:69:A7:CC:8A:7F:47:46:03:9B:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4R35WnR19YPBGmnzIp_R0YDm7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/775190-cb94-4063-8c1a-ad147d915791/1/e-RnjFIlCm8TZxht82B3LxYS3ac.roa
Signing time:             Tue 02 Jan 2024 12:34:49 +0000
ROA not before:           Tue 02 Jan 2024 12:34:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197386
IP address blocks:        91.220.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/775190-cb94-4063-8c1a-ad147d915791/1/T4R35WnR19YPBGmnzIp_R0YDm7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/775190-cb94-4063-8c1a-ad147d915791/1/T4R35WnR19YPBGmnzIp_R0YDm7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4R35WnR19YPBGmnzIp_R0YDm7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:5e:bd:ba:78:f6:67:f2:d6:10:53:bd:69:93:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8477e569d1d7d60f0469a7cc8a7f4746039bb7
        Validity
            Not Before: Jan  2 12:34:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7be4678c52250a6f1367186df360772f1612dda7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ca:ab:51:3d:17:3e:4d:68:6d:df:d1:ae:72:
                    3a:90:b7:4c:b6:3b:26:ea:99:68:f6:28:1b:b2:32:
                    70:dd:3c:0b:85:76:c0:f6:18:0a:d9:78:ea:26:e2:
                    37:e4:23:77:7b:23:3a:77:7f:2e:9c:81:b6:ba:0a:
                    f0:74:ac:33:10:32:5e:5e:a2:e0:3d:d0:99:59:93:
                    d2:45:a6:4f:b5:8e:31:39:2e:16:51:28:ee:c1:9d:
                    70:81:99:29:f1:a3:0b:c0:84:26:e0:9c:92:ca:47:
                    ec:0c:f4:b4:78:01:38:cf:1c:29:15:45:90:2f:b2:
                    e2:48:e4:b9:40:10:fc:a8:9b:7d:9b:16:31:12:bd:
                    22:45:42:8f:38:ac:a3:11:1f:d1:fa:8c:e0:96:f0:
                    e8:77:f3:50:6f:8a:ee:75:7a:56:8d:57:91:d1:fc:
                    3c:09:72:35:dd:40:58:8d:eb:a6:39:6a:53:75:6b:
                    ec:ab:df:ca:d2:cf:9f:cc:2f:9e:c9:6e:ad:0c:e7:
                    98:b5:f0:7a:d3:95:78:b8:0f:e3:a1:72:85:af:ba:
                    73:90:cd:08:61:38:71:c6:a8:d6:04:bb:12:2f:07:
                    ce:e7:1d:2b:eb:b7:fd:58:bb:4e:5c:46:4e:dc:46:
                    5c:97:e8:b9:6b:73:66:96:1a:fc:74:22:71:e8:88:
                    a8:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:E4:67:8C:52:25:0A:6F:13:67:18:6D:F3:60:77:2F:16:12:DD:A7
            X509v3 Authority Key Identifier:
                keyid:4F:84:77:E5:69:D1:D7:D6:0F:04:69:A7:CC:8A:7F:47:46:03:9B:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4R35WnR19YPBGmnzIp_R0YDm7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/775190-cb94-4063-8c1a-ad147d915791/1/e-RnjFIlCm8TZxht82B3LxYS3ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/775190-cb94-4063-8c1a-ad147d915791/1/T4R35WnR19YPBGmnzIp_R0YDm7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:c2:52:53:00:cb:88:cd:3f:cb:d8:82:ee:03:6b:20:3d:70:
         f2:05:bf:f4:a5:30:60:2c:2d:89:7c:13:07:9b:63:13:0d:9e:
         f7:70:88:03:bb:6e:b4:20:32:87:cc:93:64:d8:e7:36:2c:f4:
         96:39:20:95:75:ef:62:b1:62:72:35:d0:f4:b5:45:19:89:fa:
         cf:0e:92:03:7d:fe:10:7b:e2:82:0d:a1:d3:6f:bc:24:a4:02:
         3e:99:84:fc:ba:f7:28:89:51:f9:1e:56:d7:70:2e:ec:78:a1:
         51:92:21:19:bc:1d:59:74:62:71:28:63:0e:67:2f:e4:ff:32:
         f9:47:93:6d:da:8c:4b:14:97:82:b0:2f:b8:27:98:3d:9a:18:
         04:60:20:40:42:01:91:29:d6:ae:b5:60:e8:69:3d:37:df:ff:
         83:1b:b1:24:83:32:73:ef:bc:40:79:ed:2b:35:ed:61:f5:e2:
         ef:f2:db:e1:53:9e:68:77:00:d1:d3:ed:dd:2e:09:d3:dc:f2:
         8e:a7:da:2b:0b:34:70:33:78:f2:f2:3b:17:84:b2:6e:bd:95:
         96:87:8a:c0:95:73:d2:f5:f2:4d:1e:94:50:a4:02:9a:74:25:
         51:ad:a8:be:3b:9a:79:d9:75:f7:f5:62:9a:eb:5f:24:df:fb:
         a4:2b:8c:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK169unj2Z/LWEFO9aZNSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmODQ3N2U1NjlkMWQ3ZDYwZjA0NjlhN2NjOGE3ZjQ3NDYw
MzliYjcwHhcNMjQwMTAyMTIzNDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmU0Njc4YzUyMjUwYTZmMTM2NzE4NmRmMzYwNzcyZjE2MTJkZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcqrUT0XPk1obd/RrnI6kLdMtjsm
6plo9igbsjJw3TwLhXbA9hgK2XjqJuI35CN3eyM6d38unIG2ugrwdKwzEDJeXqLg
PdCZWZPSRaZPtY4xOS4WUSjuwZ1wgZkp8aMLwIQm4JySykfsDPS0eAE4zxwpFUWQ
L7LiSOS5QBD8qJt9mxYxEr0iRUKPOKyjER/R+ozglvDod/NQb4rudXpWjVeR0fw8
CXI13UBYjeumOWpTdWvsq9/K0s+fzC+eyW6tDOeYtfB605V4uA/joXKFr7pzkM0I
YThxxqjWBLsSLwfO5x0r67f9WLtOXEZO3EZcl+i5a3Nmlhr8dCJx6IioPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHvkZ4xSJQpvE2cYbfNgdy8WEt2nMB8GA1UdIwQY
MBaAFE+Ed+Vp0dfWDwRpp8yKf0dGA5u3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRSMzVXblIxOVlQQkdtbnpJcF9SMFlEbTdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC83NzUxOTAtY2I5NC00MDYzLThjMWEt
YWQxNDdkOTE1NzkxLzEvZS1SbmpGSWxDbThUWnhodDgyQjNMeFlTM2FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC83NzUxOTAtY2I5NC00MDYzLThjMWEtYWQxNDdkOTE1Nzkx
LzEvVDRSMzVXblIxOVlQQkdtbnpJcF9SMFlEbTdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9wyMA0G
CSqGSIb3DQEBCwUAA4IBAQCPwlJTAMuIzT/L2ILuA2sgPXDyBb/0pTBgLC2JfBMH
m2MTDZ73cIgDu260IDKHzJNk2Oc2LPSWOSCVde9isWJyNdD0tUUZifrPDpIDff4Q
e+KCDaHTb7wkpAI+mYT8uvcoiVH5HlbXcC7seKFRkiEZvB1ZdGJxKGMOZy/k/zL5
R5Nt2oxLFJeCsC+4J5g9mhgEYCBAQgGRKdautWDoaT033/+DG7EkgzJz77xAee0r
Ne1h9eLv8tvhU55odwDR0+3dLgnT3PKOp9orCzRwM3jy8jsXhLJuvZWWh4rAlXPS
9fJNHpRQpAKadCVRrai+O5p52XX39WKa618k3/ukK4y4
-----END CERTIFICATE-----