Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/8e7e1d-158f-4c6e-aba3-39f13e76afa3/1/PTYEV-nQj_TirheSpkI-SkU7jnI.roa
File:                     PTYEV-nQj_TirheSpkI-SkU7jnI.roa (raw, json)
Hash identifier:          Pi2be4jAhKkdB3PDBv/+QJxZlTIJwkoaB2qFJbZ2dzw=
Subject key identifier:   3D:36:04:57:E9:D0:8F:F4:E2:AE:17:92:A6:42:3E:4A:45:3B:8E:72
Certificate issuer:       /CN=ea2c4ea79ddb7b003de01f1d05f6dbf716b11336
Certificate serial:       018CC870895FE13E5B9D44C17CADD55127FE
Authority key identifier: EA:2C:4E:A7:9D:DB:7B:00:3D:E0:1F:1D:05:F6:DB:F7:16:B1:13:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6ixOp53bewA94B8dBfbb9xaxEzY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/8e7e1d-158f-4c6e-aba3-39f13e76afa3/1/PTYEV-nQj_TirheSpkI-SkU7jnI.roa
Signing time:             Tue 02 Jan 2024 04:31:07 +0000
ROA not before:           Tue 02 Jan 2024 04:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206314
IP address blocks:        91.241.24.0/22 maxlen: 22
                          91.238.172.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/8e7e1d-158f-4c6e-aba3-39f13e76afa3/1/6ixOp53bewA94B8dBfbb9xaxEzY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/8e7e1d-158f-4c6e-aba3-39f13e76afa3/1/6ixOp53bewA94B8dBfbb9xaxEzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6ixOp53bewA94B8dBfbb9xaxEzY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:89:5f:e1:3e:5b:9d:44:c1:7c:ad:d5:51:27:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea2c4ea79ddb7b003de01f1d05f6dbf716b11336
        Validity
            Not Before: Jan  2 04:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d360457e9d08ff4e2ae1792a6423e4a453b8e72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:f9:62:52:2c:03:87:9c:d0:b7:5e:b3:32:4c:
                    f5:04:18:03:3e:cb:76:6b:21:5b:a4:7f:66:df:12:
                    17:8c:48:aa:7a:5f:0f:c4:5c:f5:02:be:7f:b9:88:
                    17:b9:92:fa:cd:db:2e:99:62:6d:c5:9f:2e:e3:04:
                    03:d0:d4:1e:c5:d1:58:fe:f6:c1:b8:0d:c8:f8:58:
                    c6:01:94:c4:0f:75:6b:b3:42:72:2e:26:ed:32:5f:
                    9d:82:ed:32:f0:e0:d6:ff:8b:b3:9c:51:05:e0:05:
                    35:6a:af:74:c9:ca:0c:b7:f5:23:bb:c5:02:bc:e6:
                    f6:11:6e:dc:e7:9d:75:16:f9:62:18:c4:cb:71:cf:
                    5a:28:89:f3:83:aa:29:3b:7d:61:03:b6:57:8c:37:
                    6d:a8:d2:6e:40:26:e3:4a:d8:2c:4e:ce:70:92:69:
                    1a:0e:34:ac:34:09:7c:c6:58:92:a7:78:20:29:d0:
                    c8:b0:2e:4a:4c:db:f9:c7:9d:a2:f8:25:d3:da:07:
                    6d:e3:3f:9c:71:27:1a:03:0c:3c:19:d6:e1:c8:7a:
                    75:5e:4c:f1:44:7a:17:00:8b:9e:6a:8d:86:2b:15:
                    6a:86:b9:c8:3b:b2:13:55:9d:34:30:6d:7c:6e:d1:
                    61:9a:df:40:c7:53:62:bb:f8:70:68:6c:2b:99:6a:
                    be:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:36:04:57:E9:D0:8F:F4:E2:AE:17:92:A6:42:3E:4A:45:3B:8E:72
            X509v3 Authority Key Identifier:
                keyid:EA:2C:4E:A7:9D:DB:7B:00:3D:E0:1F:1D:05:F6:DB:F7:16:B1:13:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6ixOp53bewA94B8dBfbb9xaxEzY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/8e7e1d-158f-4c6e-aba3-39f13e76afa3/1/PTYEV-nQj_TirheSpkI-SkU7jnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/8e7e1d-158f-4c6e-aba3-39f13e76afa3/1/6ixOp53bewA94B8dBfbb9xaxEzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.172.0/22
                  91.241.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cd:6d:34:21:f2:9b:c6:dd:94:42:72:1a:b6:f6:84:f8:64:01:
         3e:52:d9:65:49:01:cc:0c:54:67:cf:9c:6a:fe:f0:0c:c3:8c:
         ed:38:13:73:10:1d:6d:6a:c7:f5:c7:90:29:06:7e:04:3f:75:
         94:6d:bd:55:5b:8a:f0:72:46:52:5b:c0:5d:58:0e:b6:1f:ba:
         02:94:07:dd:a6:d5:89:d5:97:0a:3c:91:c0:59:49:7f:4e:20:
         56:88:1e:55:e9:1b:7d:d6:85:86:c1:35:80:c5:bf:41:26:b5:
         63:80:35:bc:51:2d:06:5e:d4:ba:04:29:66:00:fb:dd:10:7b:
         5d:ef:f3:0d:70:69:51:b1:2c:2f:27:04:86:d6:09:37:bc:d5:
         b4:5f:f1:2d:db:e3:bb:eb:ea:99:54:33:49:e2:7d:cb:aa:a2:
         01:68:e8:a2:cb:60:25:00:65:3c:d7:3d:45:48:6b:45:9a:45:
         f3:f2:2c:e8:b8:e2:35:6a:91:86:4a:c3:37:c0:7a:25:e9:e2:
         bc:c5:1f:84:1d:fd:30:21:d9:ae:55:3a:27:23:89:11:58:45:
         36:32:14:82:a3:d0:4a:20:a1:61:8b:8c:fc:80:e0:b9:ef:6c:
         8a:fa:5c:83:53:d9:5f:02:fe:85:05:7c:a9:3a:0b:06:71:08:
         6e:db:12:b1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIcIlf4T5bnUTBfK3VUSf+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhMmM0ZWE3OWRkYjdiMDAzZGUwMWYxZDA1ZjZkYmY3MTZi
MTEzMzYwHhcNMjQwMTAyMDQzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDM2MDQ1N2U5ZDA4ZmY0ZTJhZTE3OTJhNjQyM2U0YTQ1M2I4ZTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifliUiwDh5zQt16zMkz1BBgDPst2
ayFbpH9m3xIXjEiqel8PxFz1Ar5/uYgXuZL6zdsumWJtxZ8u4wQD0NQexdFY/vbB
uA3I+FjGAZTED3Vrs0JyLibtMl+dgu0y8ODW/4uznFEF4AU1aq90ycoMt/Uju8UC
vOb2EW7c5511FvliGMTLcc9aKInzg6opO31hA7ZXjDdtqNJuQCbjStgsTs5wkmka
DjSsNAl8xliSp3ggKdDIsC5KTNv5x52i+CXT2gdt4z+ccScaAww8GdbhyHp1Xkzx
RHoXAIueao2GKxVqhrnIO7ITVZ00MG18btFhmt9Ax1Niu/hwaGwrmWq+EwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD02BFfp0I/04q4XkqZCPkpFO45yMB8GA1UdIwQY
MBaAFOosTqed23sAPeAfHQX22/cWsRM2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNml4T3A1M2Jld0E5NEI4ZEJmYmI5eGF4RXpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC84ZTdlMWQtMTU4Zi00YzZlLWFiYTMt
MzlmMTNlNzZhZmEzLzEvUFRZRVYtblFqX1RpcmhlU3BrSS1Ta1U3am5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC84ZTdlMWQtMTU4Zi00YzZlLWFiYTMtMzlmMTNlNzZhZmEz
LzEvNml4T3A1M2Jld0E5NEI4ZEJmYmI5eGF4RXpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW+6sAwQC
W/EYMA0GCSqGSIb3DQEBCwUAA4IBAQDNbTQh8pvG3ZRCchq29oT4ZAE+UtllSQHM
DFRnz5xq/vAMw4ztOBNzEB1tasf1x5ApBn4EP3WUbb1VW4rwckZSW8BdWA62H7oC
lAfdptWJ1ZcKPJHAWUl/TiBWiB5V6Rt91oWGwTWAxb9BJrVjgDW8US0GXtS6BClm
APvdEHtd7/MNcGlRsSwvJwSG1gk3vNW0X/Et2+O76+qZVDNJ4n3LqqIBaOiiy2Al
AGU81z1FSGtFmkXz8izouOI1apGGSsM3wHol6eK8xR+EHf0wIdmuVTonI4kRWEU2
MhSCo9BKIKFhi4z8gOC572yK+lyDU9lfAv6FBXypOgsGcQhu2xKx
-----END CERTIFICATE-----