Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/e17644-93d4-4457-8e5e-9675068857f1/1/iNIpA6NRoHEtD1Gdwv0RcZxMEOY.roa
File:                     iNIpA6NRoHEtD1Gdwv0RcZxMEOY.roa (raw, json)
Hash identifier:          QoWSCTkZW/GH9j1mmy2Sv0c+Jd5oUQpoqRVhrzgy26s=
Subject key identifier:   88:D2:29:03:A3:51:A0:71:2D:0F:51:9D:C2:FD:11:71:9C:4C:10:E6
Certificate issuer:       /CN=c22d553b28c5d0ea5b1ef60c9bce33df50bcb493
Certificate serial:       0194266B605413383AC3FB3D36784E43FAB9
Authority key identifier: C2:2D:55:3B:28:C5:D0:EA:5B:1E:F6:0C:9B:CE:33:DF:50:BC:B4:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wi1VOyjF0OpbHvYMm84z31C8tJM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/e17644-93d4-4457-8e5e-9675068857f1/1/iNIpA6NRoHEtD1Gdwv0RcZxMEOY.roa
Signing time:             Thu 02 Jan 2025 09:49:18 +0000
ROA not before:           Thu 02 Jan 2025 09:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25447
IP address blocks:        91.210.220.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/e17644-93d4-4457-8e5e-9675068857f1/1/wi1VOyjF0OpbHvYMm84z31C8tJM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/e17644-93d4-4457-8e5e-9675068857f1/1/wi1VOyjF0OpbHvYMm84z31C8tJM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wi1VOyjF0OpbHvYMm84z31C8tJM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:60:54:13:38:3a:c3:fb:3d:36:78:4e:43:fa:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c22d553b28c5d0ea5b1ef60c9bce33df50bcb493
        Validity
            Not Before: Jan  2 09:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88d22903a351a0712d0f519dc2fd11719c4c10e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c0:d9:96:4e:7e:17:27:97:82:e1:87:3b:72:
                    05:f6:74:ef:b5:9a:36:77:fc:66:a2:14:37:fc:af:
                    4b:8d:c7:8a:18:2c:46:06:e1:9f:34:20:87:7b:58:
                    04:52:8c:31:65:c8:c3:dc:89:93:df:d8:18:5d:48:
                    e1:c4:5d:a7:e6:fd:89:57:0e:27:32:30:46:ff:89:
                    0f:24:35:42:93:e4:24:9e:c4:32:bc:b0:71:03:18:
                    3a:91:e6:2f:ee:a9:72:65:82:bd:a3:ad:03:46:f4:
                    04:12:8b:51:f7:5c:9b:a3:4a:e3:a8:c4:70:c3:10:
                    ec:59:bf:82:1c:21:61:2d:bb:75:57:69:84:dc:19:
                    97:c8:db:be:6c:03:ae:a8:68:7e:1b:eb:32:bd:e6:
                    2c:c0:ab:1f:6f:a0:49:55:80:c5:45:fb:03:e4:aa:
                    62:43:cb:2b:d1:07:d2:fe:20:b7:6e:9a:41:fa:6e:
                    d1:8b:28:f0:f3:f1:82:23:33:1e:47:71:8a:2e:c4:
                    59:79:ef:b9:29:88:b7:07:aa:7d:7b:38:52:6c:6d:
                    c9:cb:a0:91:dd:d7:37:0a:c9:c1:38:96:ad:9a:8c:
                    ef:a5:fc:b6:b0:95:61:20:67:7e:2d:47:b1:bc:d8:
                    ab:d5:5e:59:fe:d1:93:f0:5c:62:f1:d7:80:cd:9e:
                    9d:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:D2:29:03:A3:51:A0:71:2D:0F:51:9D:C2:FD:11:71:9C:4C:10:E6
            X509v3 Authority Key Identifier:
                keyid:C2:2D:55:3B:28:C5:D0:EA:5B:1E:F6:0C:9B:CE:33:DF:50:BC:B4:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wi1VOyjF0OpbHvYMm84z31C8tJM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/e17644-93d4-4457-8e5e-9675068857f1/1/iNIpA6NRoHEtD1Gdwv0RcZxMEOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/e17644-93d4-4457-8e5e-9675068857f1/1/wi1VOyjF0OpbHvYMm84z31C8tJM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:5b:79:94:27:3f:03:d1:3a:3b:bc:56:ee:e3:bc:5a:19:39:
         10:e3:f9:a9:82:1d:61:f8:9a:63:fc:6b:a0:b3:a1:d2:f1:24:
         83:37:d7:bf:8d:1f:9a:61:4a:ee:bd:9e:ae:53:df:0e:cb:75:
         f1:c1:bd:17:c2:f0:dc:e2:5d:c6:df:d7:b0:1a:a6:68:3d:76:
         ea:28:88:62:64:57:1c:44:9d:60:91:e8:e2:f1:d5:81:f8:4d:
         1e:e3:01:78:c5:81:07:8b:d7:92:28:ab:3d:9e:a2:eb:2a:d5:
         62:6f:3e:4e:1c:0b:9b:46:bf:3e:a7:cc:2d:b9:6f:40:25:8b:
         a2:92:17:86:ff:e6:13:61:35:84:04:d1:ff:c7:bf:f2:15:d9:
         e9:e3:01:a2:53:79:19:09:f5:6e:0d:b5:8d:71:e7:7d:9a:56:
         9f:6d:34:9f:62:c3:1e:87:8d:9b:a3:96:88:36:16:ae:75:a1:
         e8:ec:de:cd:c5:50:c7:fc:4a:ff:66:44:1b:aa:e9:14:16:3d:
         d8:62:4a:54:4e:72:83:d5:63:86:e9:8a:51:18:9f:1c:48:53:
         21:f3:df:8a:fe:79:40:b4:0c:03:ea:48:d0:51:d3:e7:e6:2c:
         01:38:2d:d7:59:fa:46:6b:55:64:dc:d1:a6:20:db:57:01:e7:
         9d:a2:fb:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma2BUEzg6w/s9NnhOQ/q5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMmQ1NTNiMjhjNWQwZWE1YjFlZjYwYzliY2UzM2RmNTBi
Y2I0OTMwHhcNMjUwMTAyMDk0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGQyMjkwM2EzNTFhMDcxMmQwZjUxOWRjMmZkMTE3MTljNGMxMGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8DZlk5+FyeXguGHO3IF9nTvtZo2
d/xmohQ3/K9LjceKGCxGBuGfNCCHe1gEUowxZcjD3ImT39gYXUjhxF2n5v2JVw4n
MjBG/4kPJDVCk+QknsQyvLBxAxg6keYv7qlyZYK9o60DRvQEEotR91ybo0rjqMRw
wxDsWb+CHCFhLbt1V2mE3BmXyNu+bAOuqGh+G+syveYswKsfb6BJVYDFRfsD5Kpi
Q8sr0QfS/iC3bppB+m7Riyjw8/GCIzMeR3GKLsRZee+5KYi3B6p9ezhSbG3Jy6CR
3dc3CsnBOJatmozvpfy2sJVhIGd+LUexvNir1V5Z/tGT8Fxi8deAzZ6dQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIjSKQOjUaBxLQ9RncL9EXGcTBDmMB8GA1UdIwQY
MBaAFMItVTsoxdDqWx72DJvOM99QvLSTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2kxVk95akYwT3BiSHZZTW04NHozMUM4dEpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9lMTc2NDQtOTNkNC00NDU3LThlNWUt
OTY3NTA2ODg1N2YxLzEvaU5JcEE2TlJvSEV0RDFHZHd2MFJjWnhNRU9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9lMTc2NDQtOTNkNC00NDU3LThlNWUtOTY3NTA2ODg1N2Yx
LzEvd2kxVk95akYwT3BiSHZZTW04NHozMUM4dEpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9LcMA0G
CSqGSIb3DQEBCwUAA4IBAQACW3mUJz8D0To7vFbu47xaGTkQ4/mpgh1h+Jpj/Gug
s6HS8SSDN9e/jR+aYUruvZ6uU98Oy3Xxwb0XwvDc4l3G39ewGqZoPXbqKIhiZFcc
RJ1gkeji8dWB+E0e4wF4xYEHi9eSKKs9nqLrKtVibz5OHAubRr8+p8wtuW9AJYui
kheG/+YTYTWEBNH/x7/yFdnp4wGiU3kZCfVuDbWNced9mlafbTSfYsMeh42bo5aI
NhaudaHo7N7NxVDH/Er/ZkQbqukUFj3YYkpUTnKD1WOG6YpRGJ8cSFMh89+K/nlA
tAwD6kjQUdPn5iwBOC3XWfpGa1Vk3NGmINtXAeedovui
-----END CERTIFICATE-----