Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/d8ec03-fb84-444e-a6ef-985231635421/1/52rq-3MBRfX8X22GVLrREbFVIRk.roa
File:                     52rq-3MBRfX8X22GVLrREbFVIRk.roa (raw, json)
Hash identifier:          5ddCYE2Vuf3WaDjRqu1lUlLEBvlQrYumMtdX0tAPszs=
Subject key identifier:   E7:6A:EA:FB:73:01:45:F5:FC:5F:6D:86:54:BA:D1:11:B1:55:21:19
Certificate issuer:       /CN=673f8874d9731f67682a213e6fe5e0b0df34e6cb
Certificate serial:       018CC3B724EFDC29B61ADFC32B098BE3642E
Authority key identifier: 67:3F:88:74:D9:73:1F:67:68:2A:21:3E:6F:E5:E0:B0:DF:34:E6:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zz-IdNlzH2doKiE-b-XgsN805ss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/d8ec03-fb84-444e-a6ef-985231635421/1/52rq-3MBRfX8X22GVLrREbFVIRk.roa
Signing time:             Mon 01 Jan 2024 06:30:08 +0000
ROA not before:           Mon 01 Jan 2024 06:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34562
IP address blocks:        91.217.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/d8ec03-fb84-444e-a6ef-985231635421/1/Zz-IdNlzH2doKiE-b-XgsN805ss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/d8ec03-fb84-444e-a6ef-985231635421/1/Zz-IdNlzH2doKiE-b-XgsN805ss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zz-IdNlzH2doKiE-b-XgsN805ss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:24:ef:dc:29:b6:1a:df:c3:2b:09:8b:e3:64:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=673f8874d9731f67682a213e6fe5e0b0df34e6cb
        Validity
            Not Before: Jan  1 06:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e76aeafb730145f5fc5f6d8654bad111b1552119
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a5:b5:2f:53:83:f2:93:c3:68:e8:37:b5:1f:
                    a1:14:cd:32:9f:66:5e:4a:99:d4:dd:a5:18:d7:0e:
                    d7:5c:09:d8:86:1f:db:82:a8:0a:89:42:47:bf:1e:
                    23:43:23:56:5f:8d:f9:61:c8:f7:d4:0d:4d:a6:c6:
                    05:85:3f:c5:7b:f2:22:40:93:ca:cf:b1:4c:5d:de:
                    07:96:63:a5:9b:8f:42:5d:8f:da:ca:b9:23:1b:6c:
                    3d:74:25:76:c3:cd:1e:e6:7b:0a:25:8c:91:cd:93:
                    58:6e:cd:ea:69:ee:d0:41:48:ea:5a:76:7a:7f:1c:
                    f9:d1:f8:d1:76:dc:5b:40:cb:8d:5d:a2:b0:9c:15:
                    65:38:aa:68:ce:39:2c:92:00:9a:8c:28:3a:a3:b5:
                    05:bb:b5:3b:3f:d8:48:e0:c7:6b:41:bf:e2:9e:e9:
                    7d:e7:ed:48:b2:0e:91:d3:63:1d:f6:7e:f1:b0:e1:
                    e2:f3:1b:0e:63:92:62:60:3d:55:d3:09:af:37:66:
                    a8:35:d8:2c:62:e1:6a:01:be:07:de:a2:43:ee:f1:
                    60:4e:30:ad:0b:4d:af:6f:d6:92:f2:ae:2e:15:81:
                    52:8f:43:1d:dc:2c:e5:0e:e0:d4:b7:27:19:6b:f5:
                    84:86:f6:16:aa:1c:39:95:f4:61:18:42:de:59:e6:
                    56:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:6A:EA:FB:73:01:45:F5:FC:5F:6D:86:54:BA:D1:11:B1:55:21:19
            X509v3 Authority Key Identifier:
                keyid:67:3F:88:74:D9:73:1F:67:68:2A:21:3E:6F:E5:E0:B0:DF:34:E6:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zz-IdNlzH2doKiE-b-XgsN805ss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/d8ec03-fb84-444e-a6ef-985231635421/1/52rq-3MBRfX8X22GVLrREbFVIRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/d8ec03-fb84-444e-a6ef-985231635421/1/Zz-IdNlzH2doKiE-b-XgsN805ss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:1d:79:ac:44:5b:c8:58:42:ce:62:fd:85:07:c0:2d:19:23:
         89:c0:22:31:d3:2f:44:35:d1:dc:e2:9b:b7:dc:04:85:03:46:
         17:01:2f:d7:81:64:80:79:17:e2:d4:d4:74:be:9f:61:db:c3:
         e6:bb:d1:3b:ff:ce:a0:c4:5d:09:8b:eb:71:fa:cd:41:ac:9d:
         1f:ba:b6:31:c3:e2:35:f5:07:53:20:2f:e0:78:a2:ac:a0:94:
         69:ce:ca:9b:d2:43:cf:9a:4e:24:50:30:69:71:b9:dd:07:dc:
         4a:6e:01:78:5d:1f:31:2e:c0:5f:fa:86:be:90:57:24:fb:57:
         3f:62:61:c7:37:48:a4:dc:d8:69:47:a2:ae:ce:ca:ae:ea:fe:
         4f:4c:7e:49:56:1e:a7:d6:17:81:e1:a3:08:4f:be:7b:f7:3d:
         4e:e3:d8:5e:8c:ae:de:74:ee:3b:b5:9e:70:51:bb:3f:7e:8f:
         19:ad:28:4b:06:5e:ad:7d:63:b2:cb:24:06:9e:f4:2f:6c:8a:
         9b:2c:1e:f7:36:ba:5b:d2:46:14:5c:b2:84:64:22:cb:30:71:
         96:9e:d8:ad:de:ef:b7:de:22:cd:96:b9:31:7e:eb:f8:5b:85:
         49:de:ca:ab:fc:70:34:bb:87:4e:28:64:3e:c3:b3:4d:88:ba:
         bc:1f:0b:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtyTv3Cm2Gt/DKwmL42QuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3M2Y4ODc0ZDk3MzFmNjc2ODJhMjEzZTZmZTVlMGIwZGYz
NGU2Y2IwHhcNMjQwMTAxMDYzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzZhZWFmYjczMDE0NWY1ZmM1ZjZkODY1NGJhZDExMWIxNTUyMTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6W1L1OD8pPDaOg3tR+hFM0yn2Ze
SpnU3aUY1w7XXAnYhh/bgqgKiUJHvx4jQyNWX435Ycj31A1NpsYFhT/Fe/IiQJPK
z7FMXd4HlmOlm49CXY/ayrkjG2w9dCV2w80e5nsKJYyRzZNYbs3qae7QQUjqWnZ6
fxz50fjRdtxbQMuNXaKwnBVlOKpozjkskgCajCg6o7UFu7U7P9hI4MdrQb/inul9
5+1Isg6R02Md9n7xsOHi8xsOY5JiYD1V0wmvN2aoNdgsYuFqAb4H3qJD7vFgTjCt
C02vb9aS8q4uFYFSj0Md3CzlDuDUtycZa/WEhvYWqhw5lfRhGELeWeZW0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOdq6vtzAUX1/F9thlS60RGxVSEZMB8GA1UdIwQY
MBaAFGc/iHTZcx9naCohPm/l4LDfNObLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnotSWRObHpIMmRvS2lFLWItWGdzTjgwNXNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9kOGVjMDMtZmI4NC00NDRlLWE2ZWYt
OTg1MjMxNjM1NDIxLzEvNTJycS0zTUJSZlg4WDIyR1ZMclJFYkZWSVJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9kOGVjMDMtZmI4NC00NDRlLWE2ZWYtOTg1MjMxNjM1NDIx
LzEvWnotSWRObHpIMmRvS2lFLWItWGdzTjgwNXNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9nrMA0G
CSqGSIb3DQEBCwUAA4IBAQAnHXmsRFvIWELOYv2FB8AtGSOJwCIx0y9ENdHc4pu3
3ASFA0YXAS/XgWSAeRfi1NR0vp9h28Pmu9E7/86gxF0Ji+tx+s1BrJ0furYxw+I1
9QdTIC/geKKsoJRpzsqb0kPPmk4kUDBpcbndB9xKbgF4XR8xLsBf+oa+kFck+1c/
YmHHN0ik3NhpR6Kuzsqu6v5PTH5JVh6n1heB4aMIT7579z1O49hejK7edO47tZ5w
Ubs/fo8ZrShLBl6tfWOyyyQGnvQvbIqbLB73Nrpb0kYUXLKEZCLLMHGWntit3u+3
3iLNlrkxfuv4W4VJ3sqr/HA0u4dOKGQ+w7NNiLq8Hwts
-----END CERTIFICATE-----