Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/Cljh7KoccmYNLvOVHw_dl9cXyGk.roa
File:                     Cljh7KoccmYNLvOVHw_dl9cXyGk.roa (raw, json)
Hash identifier:          J9ep7qkkaZ0CoYMTz0ijbWvER14h/4NeLhO2yepVLlQ=
Subject key identifier:   0A:58:E1:EC:AA:1C:72:66:0D:2E:F3:95:1F:0F:DD:97:D7:17:C8:69
Certificate issuer:       /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial:       018CC348AA2A073B8B58EF6C28AB69B760A4
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/Cljh7KoccmYNLvOVHw_dl9cXyGk.roa
Signing time:             Mon 01 Jan 2024 04:29:28 +0000
ROA not before:           Mon 01 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34494
IP address blocks:        91.211.100.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:aa:2a:07:3b:8b:58:ef:6c:28:ab:69:b7:60:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
        Validity
            Not Before: Jan  1 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a58e1ecaa1c72660d2ef3951f0fdd97d717c869
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:48:45:7a:7a:da:37:a9:1c:85:c5:b4:4f:25:
                    ad:7e:4c:68:44:5a:f8:dd:00:75:6a:cf:26:93:99:
                    55:a2:73:0c:99:09:c5:a4:c6:66:fd:5b:98:8d:07:
                    5a:64:48:48:35:50:23:b0:86:98:c7:db:b0:42:55:
                    24:ab:87:0a:01:1e:25:3d:e3:a9:bb:97:de:7b:32:
                    b0:af:f3:53:56:fc:d0:1d:7e:08:c6:d2:b9:40:25:
                    f8:29:57:8c:38:5f:f8:c7:61:bd:c9:73:72:f1:c8:
                    58:ae:0a:b5:14:7f:7f:be:3d:ec:60:9f:00:a4:3d:
                    80:6e:98:ee:e6:38:52:0c:1d:95:2f:a6:dd:b7:ab:
                    97:17:12:02:39:9f:93:8b:3c:20:ad:5d:9e:49:e9:
                    79:b2:21:e5:a7:ab:75:a2:b7:35:92:80:9c:cf:b2:
                    21:24:cb:94:b2:e9:e1:9a:26:74:f8:1d:a8:23:0a:
                    9a:72:88:bf:2e:af:fa:fa:c8:6b:c3:36:c9:d6:26:
                    15:ac:1c:10:97:2b:ed:4c:55:81:cd:aa:69:0c:f7:
                    fe:5a:c0:19:06:ec:55:90:84:b9:b9:8a:e2:45:88:
                    d3:54:db:d7:cb:59:34:cd:a6:20:9f:6a:6a:bd:e8:
                    e5:eb:a3:25:f4:79:bc:c5:34:16:f0:ea:16:8c:96:
                    3a:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:58:E1:EC:AA:1C:72:66:0D:2E:F3:95:1F:0F:DD:97:D7:17:C8:69
            X509v3 Authority Key Identifier:
                keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/Cljh7KoccmYNLvOVHw_dl9cXyGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:43:60:2d:ed:c1:da:d3:1c:cf:2a:47:c5:d3:69:76:b4:0a:
         1e:ce:3d:ec:c5:43:d5:bf:8d:da:d9:c8:b8:d5:8c:2f:f6:aa:
         b6:4e:42:0a:05:97:42:0b:90:02:1f:52:f1:c1:6a:c4:ba:03:
         c9:e4:35:57:c5:34:3f:ca:01:12:b4:9c:67:66:43:80:74:be:
         a4:4d:55:d6:d2:bf:6a:76:24:58:50:c7:db:5f:79:5b:59:55:
         34:51:6d:14:82:f6:59:95:75:f1:65:38:81:e9:31:69:26:0a:
         9c:a1:89:d6:c2:15:fd:82:5f:b9:23:0e:0c:73:bf:d0:0f:dd:
         36:96:bd:0c:bf:30:e8:84:09:61:ea:35:95:6b:cb:f4:85:8d:
         18:92:24:95:0f:b2:11:cc:c3:c9:b7:36:e2:66:ce:10:92:c4:
         06:26:d2:49:b5:fc:90:f9:b1:91:aa:24:99:e8:64:ba:a7:18:
         92:89:4f:9c:d1:fa:84:74:2e:26:90:3c:f2:e5:a3:f3:be:89:
         76:6a:1f:ea:a1:c5:e4:ac:b8:56:bc:16:cb:a5:f8:91:67:28:
         9f:51:cc:19:72:b6:63:96:fb:64:d5:cc:b1:2b:94:7a:c7:c4:
         2a:32:40:5c:63:2d:7e:17:94:bf:72:da:18:80:3d:08:d5:0d:
         70:a4:f6:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKoqBzuLWO9sKKtpt2CkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjQwMTAxMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTU4ZTFlY2FhMWM3MjY2MGQyZWYzOTUxZjBmZGQ5N2Q3MTdjODY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEhFenraN6kchcW0TyWtfkxoRFr4
3QB1as8mk5lVonMMmQnFpMZm/VuYjQdaZEhINVAjsIaYx9uwQlUkq4cKAR4lPeOp
u5feezKwr/NTVvzQHX4IxtK5QCX4KVeMOF/4x2G9yXNy8chYrgq1FH9/vj3sYJ8A
pD2Abpju5jhSDB2VL6bdt6uXFxICOZ+TizwgrV2eSel5siHlp6t1orc1koCcz7Ih
JMuUsunhmiZ0+B2oIwqacoi/Lq/6+shrwzbJ1iYVrBwQlyvtTFWBzappDPf+WsAZ
BuxVkIS5uYriRYjTVNvXy1k0zaYgn2pqvejl66Ml9Hm8xTQW8OoWjJY6owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFApY4eyqHHJmDS7zlR8P3ZfXF8hpMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvQ2xqaDdLb2NjbVlOTHZPVkh3X2RsOWNYeUdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9NkMA0G
CSqGSIb3DQEBCwUAA4IBAQBwQ2At7cHa0xzPKkfF02l2tAoezj3sxUPVv43a2ci4
1Ywv9qq2TkIKBZdCC5ACH1LxwWrEugPJ5DVXxTQ/ygEStJxnZkOAdL6kTVXW0r9q
diRYUMfbX3lbWVU0UW0UgvZZlXXxZTiB6TFpJgqcoYnWwhX9gl+5Iw4Mc7/QD902
lr0MvzDohAlh6jWVa8v0hY0YkiSVD7IRzMPJtzbiZs4QksQGJtJJtfyQ+bGRqiSZ
6GS6pxiSiU+c0fqEdC4mkDzy5aPzvol2ah/qocXkrLhWvBbLpfiRZyifUcwZcrZj
lvtk1cyxK5R6x8QqMkBcYy1+F5S/ctoYgD0I1Q1wpPbl
-----END CERTIFICATE-----