Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/7YOcpnsVU6or0kXd0kAIvUXls6k.roa
File:                     7YOcpnsVU6or0kXd0kAIvUXls6k.roa (raw, json)
Hash identifier:          5dHvz7nZ1S7a1QdmVui4d4VK/Vxk+LTZZUcf0yNm+YU=
Subject key identifier:   ED:83:9C:A6:7B:15:53:AA:2B:D2:45:DD:D2:40:08:BD:45:E5:B3:A9
Certificate issuer:       /CN=b27261d715348bfd73ce9dbb72488656993ba2f1
Certificate serial:       018CC793EA26AD809BFA81987E5D1B5A10D3
Authority key identifier: B2:72:61:D7:15:34:8B:FD:73:CE:9D:BB:72:48:86:56:99:3B:A2:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/7YOcpnsVU6or0kXd0kAIvUXls6k.roa
Signing time:             Tue 02 Jan 2024 00:30:08 +0000
ROA not before:           Tue 02 Jan 2024 00:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35297
IP address blocks:        91.184.224.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:ea:26:ad:80:9b:fa:81:98:7e:5d:1b:5a:10:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b27261d715348bfd73ce9dbb72488656993ba2f1
        Validity
            Not Before: Jan  2 00:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed839ca67b1553aa2bd245ddd24008bd45e5b3a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:12:18:e2:b5:11:ad:09:6f:0b:8b:de:c1:1a:
                    98:8d:58:b0:43:52:1d:be:c4:18:f8:8b:28:62:e5:
                    73:08:2b:42:c1:9f:eb:19:f9:20:15:37:e8:3c:83:
                    bb:cd:eb:0d:46:fd:2f:af:00:9a:91:37:37:79:ed:
                    ac:25:5c:f9:67:9e:f7:9f:3c:ca:d1:c8:05:49:70:
                    ce:7c:70:ca:46:04:e1:ac:b8:32:ae:ea:ca:55:b4:
                    95:aa:d2:b7:67:74:f1:33:ec:4b:84:12:03:c0:4f:
                    4b:e7:57:52:05:59:69:30:2c:dc:72:31:43:24:0e:
                    f2:c1:82:dd:5b:f2:4b:f5:df:49:b6:40:fe:13:38:
                    86:35:bc:13:2b:9c:1d:45:05:95:cc:9d:ba:f6:27:
                    10:01:94:34:ab:ce:dd:c6:19:f5:4f:de:60:d9:95:
                    d1:41:68:dd:af:b9:21:dd:1d:99:f9:23:39:13:ad:
                    8e:7f:a4:df:b4:26:42:49:06:86:18:92:df:07:70:
                    41:03:23:39:d2:af:a4:b6:39:65:d8:f2:48:cb:5c:
                    b0:74:e6:d2:73:68:36:c8:2b:a6:8e:af:38:59:f6:
                    6b:0c:01:1d:4b:12:97:5d:0b:c1:17:45:76:d7:cd:
                    d4:7e:2b:df:39:4d:90:08:0b:c5:48:ab:07:20:73:
                    e0:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:83:9C:A6:7B:15:53:AA:2B:D2:45:DD:D2:40:08:BD:45:E5:B3:A9
            X509v3 Authority Key Identifier:
                keyid:B2:72:61:D7:15:34:8B:FD:73:CE:9D:BB:72:48:86:56:99:3B:A2:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/7YOcpnsVU6or0kXd0kAIvUXls6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.184.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:29:2a:32:a9:2c:0e:29:f9:80:cd:a9:92:39:f5:ab:3a:4b:
         b1:e3:d9:9f:8d:60:af:3f:2a:13:75:2e:6c:ee:6e:70:1b:7b:
         2d:e0:8d:cb:fb:92:20:35:4c:4a:3c:00:84:bb:16:90:22:81:
         73:b7:e0:fb:78:76:e1:0a:c1:97:33:0c:86:6b:1c:b2:ec:a2:
         3d:ad:7e:0e:9b:38:72:89:78:c0:d5:ec:f3:8f:75:89:28:ed:
         03:21:43:ab:44:41:9b:77:23:1f:8f:9c:59:c1:91:a4:97:ad:
         5d:0e:36:85:f0:2e:00:5f:79:8e:ba:57:27:f1:d0:45:b7:eb:
         ba:13:2d:e3:f5:c0:bb:45:e3:83:6e:b5:db:c0:4a:a3:a5:e6:
         b5:ec:2f:76:17:b1:49:bf:b0:af:dc:68:3c:44:4e:5e:84:57:
         fe:0c:43:5c:79:ba:25:da:0f:5e:ab:1a:e2:b9:50:6f:20:95:
         ce:90:95:a7:6e:24:35:1e:bb:b4:87:e9:d5:7d:9e:eb:65:d0:
         d3:fb:63:95:9c:48:8f:87:eb:51:50:aa:0c:07:52:14:d6:f0:
         55:d7:09:23:e9:69:2c:e2:61:1a:3c:73:18:b3:76:43:e7:c2:
         a1:e5:c9:18:99:4a:56:8f:c9:ff:44:07:e4:d7:7c:18:68:d7:
         97:f5:ff:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk+omrYCb+oGYfl0bWhDTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNzI2MWQ3MTUzNDhiZmQ3M2NlOWRiYjcyNDg4NjU2OTkz
YmEyZjEwHhcNMjQwMTAyMDAzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDgzOWNhNjdiMTU1M2FhMmJkMjQ1ZGRkMjQwMDhiZDQ1ZTViM2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphIY4rURrQlvC4vewRqYjViwQ1Id
vsQY+IsoYuVzCCtCwZ/rGfkgFTfoPIO7zesNRv0vrwCakTc3ee2sJVz5Z573nzzK
0cgFSXDOfHDKRgThrLgyrurKVbSVqtK3Z3TxM+xLhBIDwE9L51dSBVlpMCzccjFD
JA7ywYLdW/JL9d9JtkD+EziGNbwTK5wdRQWVzJ269icQAZQ0q87dxhn1T95g2ZXR
QWjdr7kh3R2Z+SM5E62Of6TftCZCSQaGGJLfB3BBAyM50q+ktjll2PJIy1ywdObS
c2g2yCumjq84WfZrDAEdSxKXXQvBF0V2183UfivfOU2QCAvFSKsHIHPgswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO2DnKZ7FVOqK9JF3dJACL1F5bOpMB8GA1UdIwQY
MBaAFLJyYdcVNIv9c86du3JIhlaZO6LxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc25KaDF4VTBpXzF6enAyN2NraUdWcGs3b3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9hYmE1MDItZDE5MS00ZmQ3LWE3Y2Yt
NTA0ZjI3NjY3NjBmLzEvN1lPY3Buc1ZVNm9yMGtYZDBrQUl2VVhsczZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9hYmE1MDItZDE5MS00ZmQ3LWE3Y2YtNTA0ZjI3NjY3NjBm
LzEvc25KaDF4VTBpXzF6enAyN2NraUdWcGs3b3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW7jgMA0G
CSqGSIb3DQEBCwUAA4IBAQCDKSoyqSwOKfmAzamSOfWrOkux49mfjWCvPyoTdS5s
7m5wG3st4I3L+5IgNUxKPACEuxaQIoFzt+D7eHbhCsGXMwyGaxyy7KI9rX4Omzhy
iXjA1ezzj3WJKO0DIUOrREGbdyMfj5xZwZGkl61dDjaF8C4AX3mOulcn8dBFt+u6
Ey3j9cC7ReODbrXbwEqjpea17C92F7FJv7Cv3Gg8RE5ehFf+DENcebol2g9eqxri
uVBvIJXOkJWnbiQ1Hru0h+nVfZ7rZdDT+2OVnEiPh+tRUKoMB1IU1vBV1wkj6Wks
4mEaPHMYs3ZD58Kh5ckYmUpWj8n/RAfk13wYaNeX9f98
-----END CERTIFICATE-----