Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/edae6a-6a5d-4e89-8986-e88d884c20ef/1/qfyMTo_xyODm_AVDbM0xOhr_OsY.roa
File:                     qfyMTo_xyODm_AVDbM0xOhr_OsY.roa (raw, json)
Hash identifier:          HCN2MX6gLUf8aQ8PkbEQwlErjHH4kuLGkKqZ9fR47h4=
Subject key identifier:   A9:FC:8C:4E:8F:F1:C8:E0:E6:FC:05:43:6C:CD:31:3A:1A:FF:3A:C6
Certificate issuer:       /CN=51bdf0d4de40057f5cc3fd1e70bfc11f5351738d
Certificate serial:       018CC2DAF20AC90E5B43717BC0E7D7404069
Authority key identifier: 51:BD:F0:D4:DE:40:05:7F:5C:C3:FD:1E:70:BF:C1:1F:53:51:73:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ub3w1N5ABX9cw_0ecL_BH1NRc40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/edae6a-6a5d-4e89-8986-e88d884c20ef/1/qfyMTo_xyODm_AVDbM0xOhr_OsY.roa
Signing time:             Mon 01 Jan 2024 02:29:37 +0000
ROA not before:           Mon 01 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48634
IP address blocks:        91.211.158.0/24 maxlen: 24
                          91.211.159.0/24 maxlen: 24
                          91.211.156.0/22 maxlen: 22
                          91.211.156.0/24 maxlen: 24
                          91.211.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/edae6a-6a5d-4e89-8986-e88d884c20ef/1/Ub3w1N5ABX9cw_0ecL_BH1NRc40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/edae6a-6a5d-4e89-8986-e88d884c20ef/1/Ub3w1N5ABX9cw_0ecL_BH1NRc40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ub3w1N5ABX9cw_0ecL_BH1NRc40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f2:0a:c9:0e:5b:43:71:7b:c0:e7:d7:40:40:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51bdf0d4de40057f5cc3fd1e70bfc11f5351738d
        Validity
            Not Before: Jan  1 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9fc8c4e8ff1c8e0e6fc05436ccd313a1aff3ac6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d8:cb:4b:6d:88:1e:a2:46:5c:df:3b:ae:98:
                    7c:98:1e:2f:1e:f5:c1:b4:a7:65:12:60:f2:3c:e4:
                    81:4a:ec:db:d6:84:84:41:c8:d7:72:80:ea:a1:27:
                    a0:10:4a:79:eb:da:e4:69:38:16:c6:ad:ac:7c:dc:
                    46:00:1b:ed:29:bd:47:3c:4d:97:94:4b:7b:ba:b9:
                    a1:4b:52:fa:31:d4:36:98:17:63:f8:e0:52:01:3e:
                    2e:4c:c3:56:bb:28:fb:66:d3:d4:1b:58:6c:0b:f1:
                    e8:d7:8f:83:37:7d:b2:12:54:5b:db:7b:75:3f:25:
                    1c:05:6b:14:51:84:67:33:df:ca:d3:85:13:75:56:
                    ab:92:0b:1b:7f:78:5b:90:c5:c6:3a:37:06:49:24:
                    87:fe:eb:c5:4d:9d:26:d2:cb:b3:66:b8:e6:91:8b:
                    00:aa:bc:7f:4e:8d:a6:ce:02:38:11:ed:4d:a9:8d:
                    dc:25:6e:b6:35:56:f7:51:b0:51:22:1e:04:d7:c3:
                    8e:07:63:c5:e6:3e:8f:30:41:db:18:8a:64:7e:1a:
                    ab:90:6a:0d:34:53:d2:49:68:08:cb:c6:98:98:86:
                    f1:70:c7:77:7f:d4:96:b6:fb:c9:c3:3b:02:58:89:
                    b3:92:13:28:40:d1:95:71:92:14:ec:47:1c:fe:ff:
                    be:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:FC:8C:4E:8F:F1:C8:E0:E6:FC:05:43:6C:CD:31:3A:1A:FF:3A:C6
            X509v3 Authority Key Identifier:
                keyid:51:BD:F0:D4:DE:40:05:7F:5C:C3:FD:1E:70:BF:C1:1F:53:51:73:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ub3w1N5ABX9cw_0ecL_BH1NRc40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/edae6a-6a5d-4e89-8986-e88d884c20ef/1/qfyMTo_xyODm_AVDbM0xOhr_OsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/edae6a-6a5d-4e89-8986-e88d884c20ef/1/Ub3w1N5ABX9cw_0ecL_BH1NRc40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ad:ad:a4:98:09:07:a0:97:68:a1:b0:ee:67:ae:82:2c:ac:cf:
         7f:33:e5:f3:08:a7:30:52:9d:04:fd:a2:3c:4d:ff:23:27:c8:
         ec:47:e3:06:07:9e:09:e0:fd:46:ac:85:6e:c9:7e:93:1f:3c:
         17:a3:5b:49:41:44:28:23:ce:0d:1f:c1:3f:d6:44:81:a4:19:
         22:23:67:ad:03:42:6c:a0:01:41:dd:c3:0b:b7:a6:d5:72:0a:
         39:96:0c:eb:5c:92:87:2f:22:82:e3:51:67:2b:6f:51:66:06:
         9b:38:5e:08:b2:bc:c0:c7:3c:6b:37:9b:2a:58:98:f6:32:a7:
         9f:1b:89:4e:ff:7b:12:d2:d4:a9:96:15:43:79:18:7d:43:fa:
         13:58:4d:79:1f:15:24:e2:18:57:5b:f6:95:21:9e:79:6c:56:
         11:42:e8:45:41:29:a4:b8:6c:ac:01:89:a2:7d:8c:bd:40:6a:
         7f:a4:a4:9d:2c:f8:22:5a:67:ae:83:97:2e:f6:40:87:4f:90:
         89:c8:1a:7b:b9:a7:44:48:dc:ef:69:ee:93:aa:9f:c9:2a:6d:
         15:bf:d9:de:10:8f:3b:0d:b2:72:f6:aa:97:97:5e:d8:40:dc:
         31:61:c4:e2:ca:e7:02:06:12:44:35:8c:59:78:1c:0d:cb:d2:
         d6:eb:82:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2vIKyQ5bQ3F7wOfXQEBpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYmRmMGQ0ZGU0MDA1N2Y1Y2MzZmQxZTcwYmZjMTFmNTM1
MTczOGQwHhcNMjQwMTAxMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWZjOGM0ZThmZjFjOGUwZTZmYzA1NDM2Y2NkMzEzYTFhZmYzYWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9jLS22IHqJGXN87rph8mB4vHvXB
tKdlEmDyPOSBSuzb1oSEQcjXcoDqoSegEEp569rkaTgWxq2sfNxGABvtKb1HPE2X
lEt7urmhS1L6MdQ2mBdj+OBSAT4uTMNWuyj7ZtPUG1hsC/Ho14+DN32yElRb23t1
PyUcBWsUUYRnM9/K04UTdVarkgsbf3hbkMXGOjcGSSSH/uvFTZ0m0suzZrjmkYsA
qrx/To2mzgI4Ee1NqY3cJW62NVb3UbBRIh4E18OOB2PF5j6PMEHbGIpkfhqrkGoN
NFPSSWgIy8aYmIbxcMd3f9SWtvvJwzsCWImzkhMoQNGVcZIU7Ecc/v++hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKn8jE6P8cjg5vwFQ2zNMToa/zrGMB8GA1UdIwQY
MBaAFFG98NTeQAV/XMP9HnC/wR9TUXONMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWIzdzFONUFCWDljd18wZWNMX0JIMU5SYzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9lZGFlNmEtNmE1ZC00ZTg5LTg5ODYt
ZTg4ZDg4NGMyMGVmLzEvcWZ5TVRvX3h5T0RtX0FWRGJNMHhPaHJfT3NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9lZGFlNmEtNmE1ZC00ZTg5LTg5ODYtZTg4ZDg4NGMyMGVm
LzEvVWIzdzFONUFCWDljd18wZWNMX0JIMU5SYzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9OcMA0G
CSqGSIb3DQEBCwUAA4IBAQCtraSYCQegl2ihsO5nroIsrM9/M+XzCKcwUp0E/aI8
Tf8jJ8jsR+MGB54J4P1GrIVuyX6THzwXo1tJQUQoI84NH8E/1kSBpBkiI2etA0Js
oAFB3cMLt6bVcgo5lgzrXJKHLyKC41FnK29RZgabOF4IsrzAxzxrN5sqWJj2Mqef
G4lO/3sS0tSplhVDeRh9Q/oTWE15HxUk4hhXW/aVIZ55bFYRQuhFQSmkuGysAYmi
fYy9QGp/pKSdLPgiWmeug5cu9kCHT5CJyBp7uadESNzvae6Tqp/JKm0Vv9neEI87
DbJy9qqXl17YQNwxYcTiyucCBhJENYxZeBwNy9LW64Kt
-----END CERTIFICATE-----