Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/3dfc14-e6ab-48ca-9613-495a501c6998/1/2qDOfbZICzIhoMUglyR1__Cwbms.roa
File:                     2qDOfbZICzIhoMUglyR1__Cwbms.roa (raw, json)
Hash identifier:          bx1v1Pi50TYbZ+MVZAOrYRGwddKYfBE11+6k/7BC85w=
Subject key identifier:   DA:A0:CE:7D:B6:48:0B:32:21:A0:C5:20:97:24:75:FF:F0:B0:6E:6B
Certificate issuer:       /CN=b3ba47605cf367626263e57f16d0d87916ceddc8
Certificate serial:       018CC5DC911ADF8B0649EDD871573948012B
Authority key identifier: B3:BA:47:60:5C:F3:67:62:62:63:E5:7F:16:D0:D8:79:16:CE:DD:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s7pHYFzzZ2JiY-V_FtDYeRbO3cg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/3dfc14-e6ab-48ca-9613-495a501c6998/1/2qDOfbZICzIhoMUglyR1__Cwbms.roa
Signing time:             Mon 01 Jan 2024 16:30:15 +0000
ROA not before:           Mon 01 Jan 2024 16:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5413
IP address blocks:        91.220.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/3dfc14-e6ab-48ca-9613-495a501c6998/1/s7pHYFzzZ2JiY-V_FtDYeRbO3cg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/3dfc14-e6ab-48ca-9613-495a501c6998/1/s7pHYFzzZ2JiY-V_FtDYeRbO3cg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s7pHYFzzZ2JiY-V_FtDYeRbO3cg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:91:1a:df:8b:06:49:ed:d8:71:57:39:48:01:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3ba47605cf367626263e57f16d0d87916ceddc8
        Validity
            Not Before: Jan  1 16:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=daa0ce7db6480b3221a0c520972475fff0b06e6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:3c:c1:03:6c:b9:c9:db:5f:10:9c:b6:47:fb:
                    29:f3:27:40:e1:47:e0:f1:b1:a9:42:74:1f:39:35:
                    b1:c0:9a:40:a3:b8:ec:57:68:60:ee:67:b9:74:1a:
                    d4:37:a1:01:ed:8d:0f:a3:c2:1d:8a:13:0b:10:b7:
                    c9:4b:b4:36:a3:ba:44:0c:e0:6a:f3:1b:5b:4e:da:
                    90:4c:06:f6:42:6d:25:f1:25:93:ef:8a:e2:66:93:
                    af:95:53:70:0f:5a:bc:8e:6f:1e:98:fa:92:16:e7:
                    ca:76:09:aa:01:af:52:49:01:ea:68:80:c9:5a:2b:
                    ca:49:71:4e:4f:3e:26:98:38:19:1c:24:6e:73:ea:
                    01:1a:b1:d7:91:c3:93:1c:b4:16:ab:20:8e:4d:b9:
                    94:fe:f8:e1:a4:3d:a5:84:9c:69:d6:25:54:7f:7e:
                    49:18:dc:73:96:c2:bf:96:af:ce:75:1f:94:65:f3:
                    fd:26:fe:bc:04:7f:4e:7b:15:1f:df:36:e4:72:c9:
                    2c:6f:30:4b:b3:6f:4a:f0:98:84:8f:ca:5b:73:7c:
                    c5:25:35:f5:b4:3e:4e:87:f6:33:21:4e:d0:77:78:
                    3f:02:91:e9:4e:96:3a:d1:25:5c:94:97:56:24:de:
                    1e:c6:73:96:64:40:6a:76:20:ef:9c:25:a4:bb:05:
                    26:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:A0:CE:7D:B6:48:0B:32:21:A0:C5:20:97:24:75:FF:F0:B0:6E:6B
            X509v3 Authority Key Identifier:
                keyid:B3:BA:47:60:5C:F3:67:62:62:63:E5:7F:16:D0:D8:79:16:CE:DD:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s7pHYFzzZ2JiY-V_FtDYeRbO3cg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/3dfc14-e6ab-48ca-9613-495a501c6998/1/2qDOfbZICzIhoMUglyR1__Cwbms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/3dfc14-e6ab-48ca-9613-495a501c6998/1/s7pHYFzzZ2JiY-V_FtDYeRbO3cg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:59:71:9a:93:ed:28:37:2d:67:14:6d:54:c4:db:5e:07:0e:
         fd:3a:b9:ed:4e:f2:79:92:ba:2c:41:8a:40:c4:58:30:8a:d2:
         5e:c0:35:29:2a:86:44:be:24:ef:da:0d:73:7c:b0:e1:d3:74:
         4d:15:e3:62:09:29:35:63:f4:06:af:0a:72:1b:a6:71:0c:9d:
         cd:06:8f:6e:75:4c:8b:fe:dd:7c:b2:92:9f:b4:c2:79:a5:c7:
         4b:e9:db:e7:74:d4:a5:45:4f:58:62:be:62:19:d9:6f:99:1e:
         af:71:2b:0d:fc:22:33:01:f5:c7:19:b8:b8:36:6a:04:55:72:
         e6:97:f2:dc:33:33:65:2c:93:15:fc:e4:cb:e2:d0:00:86:35:
         95:0e:65:d7:55:c5:10:c9:e5:b8:be:e6:87:41:78:df:07:76:
         ae:78:b0:97:f8:a4:1e:de:15:e6:e5:d9:a3:53:71:47:0f:ea:
         7b:30:40:40:fa:1f:ed:49:ad:a0:c8:ff:d3:3e:16:b0:c5:a6:
         d7:8c:ca:8b:3a:e8:77:cb:2a:53:87:34:65:bc:c5:e0:87:9b:
         f7:7b:63:5a:fd:d6:88:c1:1d:1f:19:25:13:ac:5d:d1:5f:64:
         35:a4:00:26:97:98:db:50:32:7e:62:14:79:e0:7d:35:91:8e:
         71:27:3a:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3JEa34sGSe3YcVc5SAErMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYmE0NzYwNWNmMzY3NjI2MjYzZTU3ZjE2ZDBkODc5MTZj
ZWRkYzgwHhcNMjQwMTAxMTYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWEwY2U3ZGI2NDgwYjMyMjFhMGM1MjA5NzI0NzVmZmYwYjA2ZTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTzBA2y5ydtfEJy2R/sp8ydA4Ufg
8bGpQnQfOTWxwJpAo7jsV2hg7me5dBrUN6EB7Y0Po8IdihMLELfJS7Q2o7pEDOBq
8xtbTtqQTAb2Qm0l8SWT74riZpOvlVNwD1q8jm8emPqSFufKdgmqAa9SSQHqaIDJ
WivKSXFOTz4mmDgZHCRuc+oBGrHXkcOTHLQWqyCOTbmU/vjhpD2lhJxp1iVUf35J
GNxzlsK/lq/OdR+UZfP9Jv68BH9OexUf3zbkcsksbzBLs29K8JiEj8pbc3zFJTX1
tD5Oh/YzIU7Qd3g/ApHpTpY60SVclJdWJN4exnOWZEBqdiDvnCWkuwUmxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNqgzn22SAsyIaDFIJckdf/wsG5rMB8GA1UdIwQY
MBaAFLO6R2Bc82diYmPlfxbQ2HkWzt3IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczdwSFlGenpaMkppWS1WX0Z0RFllUmJPM2NnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8zZGZjMTQtZTZhYi00OGNhLTk2MTMt
NDk1YTUwMWM2OTk4LzEvMnFET2ZiWklDeklob01VZ2x5UjFfX0N3Ym1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8zZGZjMTQtZTZhYi00OGNhLTk2MTMtNDk1YTUwMWM2OTk4
LzEvczdwSFlGenpaMkppWS1WX0Z0RFllUmJPM2NnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9yNMA0G
CSqGSIb3DQEBCwUAA4IBAQDJWXGak+0oNy1nFG1UxNteBw79OrntTvJ5krosQYpA
xFgwitJewDUpKoZEviTv2g1zfLDh03RNFeNiCSk1Y/QGrwpyG6ZxDJ3NBo9udUyL
/t18spKftMJ5pcdL6dvndNSlRU9YYr5iGdlvmR6vcSsN/CIzAfXHGbi4NmoEVXLm
l/LcMzNlLJMV/OTL4tAAhjWVDmXXVcUQyeW4vuaHQXjfB3aueLCX+KQe3hXm5dmj
U3FHD+p7MEBA+h/tSa2gyP/TPhawxabXjMqLOuh3yypThzRlvMXgh5v3e2Na/daI
wR0fGSUTrF3RX2Q1pAAml5jbUDJ+YhR54H01kY5xJzre
-----END CERTIFICATE-----