Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/7560e4-fc7d-4a64-b500-e7f05f029a48/1/IRK51922TIQ01VczbP_ojVXe_28.roa
File:                     IRK51922TIQ01VczbP_ojVXe_28.roa (raw, json)
Hash identifier:          y+UdhhclrwlipDHLHAxA8DNN+23lrHqBWjuwhIoGm/o=
Subject key identifier:   21:12:B9:D7:DD:B6:4C:84:34:D5:57:33:6C:FF:E8:8D:55:DE:FF:6F
Certificate issuer:       /CN=af05d4291cae8185c6c342e25dee9b7e920f76dd
Certificate serial:       018F123930258D0AF6357B1C598199CBBD1D
Authority key identifier: AF:05:D4:29:1C:AE:81:85:C6:C3:42:E2:5D:EE:9B:7E:92:0F:76:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rwXUKRyugYXGw0LiXe6bfpIPdt0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/7560e4-fc7d-4a64-b500-e7f05f029a48/1/IRK51922TIQ01VczbP_ojVXe_28.roa
Signing time:             Wed 24 Apr 2024 22:28:08 +0000
ROA not before:           Wed 24 Apr 2024 22:28:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205367
IP address blocks:        185.93.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/7560e4-fc7d-4a64-b500-e7f05f029a48/1/rwXUKRyugYXGw0LiXe6bfpIPdt0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/7560e4-fc7d-4a64-b500-e7f05f029a48/1/rwXUKRyugYXGw0LiXe6bfpIPdt0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rwXUKRyugYXGw0LiXe6bfpIPdt0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:12:39:30:25:8d:0a:f6:35:7b:1c:59:81:99:cb:bd:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af05d4291cae8185c6c342e25dee9b7e920f76dd
        Validity
            Not Before: Apr 24 22:28:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2112b9d7ddb64c8434d557336cffe88d55deff6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:75:4a:8d:cf:3d:33:2b:db:e2:38:be:c7:1d:
                    c4:c2:35:eb:a7:1b:9e:24:33:f8:38:a6:98:0e:24:
                    b8:03:1a:da:e2:22:fa:7a:3a:5c:4e:8c:6f:72:73:
                    e9:b8:00:79:d1:b9:f1:a9:bc:2b:44:63:09:e1:3d:
                    1a:48:76:50:8c:a6:3f:e3:ec:a3:c3:6d:1a:fb:c5:
                    94:ab:1d:ee:9c:12:f8:02:2b:13:01:27:9d:91:5e:
                    f5:98:2d:e0:71:b3:6e:b6:bb:6a:b3:20:50:81:a4:
                    90:eb:1f:b2:50:00:48:e8:32:f5:5c:c2:49:f8:8c:
                    46:d0:4d:c9:a8:90:86:8d:f3:b3:0f:d2:77:6d:a5:
                    e2:c2:63:63:ac:49:ac:a0:12:67:61:38:e8:1f:0b:
                    0c:f4:cd:03:4f:6d:3f:dd:58:bb:db:5a:41:31:9e:
                    e9:00:d5:59:fa:f2:5d:20:69:4d:44:c5:76:58:41:
                    96:8a:e7:62:cc:2a:ef:ab:40:c5:fd:d1:ab:e2:3b:
                    77:02:33:af:8e:fb:13:55:5a:a5:e7:9d:f3:43:10:
                    49:61:8f:46:9e:e4:3f:5f:3b:3a:37:c6:e0:4c:8d:
                    71:02:c8:f5:ad:cf:32:75:96:2c:b7:a4:66:00:ab:
                    95:33:51:6c:5e:a2:e8:b3:0d:61:1f:18:a0:f8:03:
                    02:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:12:B9:D7:DD:B6:4C:84:34:D5:57:33:6C:FF:E8:8D:55:DE:FF:6F
            X509v3 Authority Key Identifier:
                keyid:AF:05:D4:29:1C:AE:81:85:C6:C3:42:E2:5D:EE:9B:7E:92:0F:76:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rwXUKRyugYXGw0LiXe6bfpIPdt0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/7560e4-fc7d-4a64-b500-e7f05f029a48/1/IRK51922TIQ01VczbP_ojVXe_28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/7560e4-fc7d-4a64-b500-e7f05f029a48/1/rwXUKRyugYXGw0LiXe6bfpIPdt0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:22:9a:8a:79:82:82:0c:96:0e:d3:be:cf:98:8f:08:8a:ec:
         28:71:3a:c3:a6:12:9a:52:ce:1c:72:42:92:f8:3e:fb:1f:6c:
         ec:b3:f8:07:31:08:98:e9:8d:25:88:ea:c4:b8:5b:90:bd:cd:
         24:11:12:1e:82:32:a8:4e:50:0f:d3:18:45:df:9a:22:ef:97:
         11:5b:92:41:26:00:69:52:f8:e5:9b:d0:db:8f:a0:18:ab:5e:
         08:21:7e:e0:7a:30:25:c1:03:9d:56:3d:90:b6:ad:2b:71:f0:
         0f:a7:28:9f:3a:7e:d9:5f:3e:09:39:6d:12:ea:6d:60:46:ab:
         f9:a4:74:fc:b9:77:6d:ed:41:eb:14:8b:08:76:81:7c:74:38:
         71:97:11:6e:be:4d:cf:2f:c8:bb:82:41:f8:03:41:01:a0:aa:
         f6:78:a0:ac:8b:46:c5:63:77:d5:8b:6c:89:b1:56:98:cd:00:
         33:e3:50:94:97:16:93:99:36:19:91:71:ce:6e:6a:cd:53:65:
         b8:5b:96:b7:9e:fa:c5:f8:c6:31:d0:1a:9e:89:c9:5c:ef:31:
         6e:c1:c0:f4:1b:55:2f:4e:d1:10:6a:2e:34:ba:ca:0a:6b:5c:
         18:ae:bb:04:99:42:da:57:70:e7:01:a0:9a:84:bb:ce:11:74:
         76:f2:4b:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8SOTAljQr2NXscWYGZy70dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMDVkNDI5MWNhZTgxODVjNmMzNDJlMjVkZWU5YjdlOTIw
Zjc2ZGQwHhcNMjQwNDI0MjIyODA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTEyYjlkN2RkYjY0Yzg0MzRkNTU3MzM2Y2ZmZTg4ZDU1ZGVmZjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonVKjc89Myvb4ji+xx3EwjXrpxue
JDP4OKaYDiS4Axra4iL6ejpcToxvcnPpuAB50bnxqbwrRGMJ4T0aSHZQjKY/4+yj
w20a+8WUqx3unBL4AisTASedkV71mC3gcbNutrtqsyBQgaSQ6x+yUABI6DL1XMJJ
+IxG0E3JqJCGjfOzD9J3baXiwmNjrEmsoBJnYTjoHwsM9M0DT20/3Vi721pBMZ7p
ANVZ+vJdIGlNRMV2WEGWiudizCrvq0DF/dGr4jt3AjOvjvsTVVql553zQxBJYY9G
nuQ/Xzs6N8bgTI1xAsj1rc8ydZYst6RmAKuVM1FsXqLosw1hHxig+AMCpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCESudfdtkyENNVXM2z/6I1V3v9vMB8GA1UdIwQY
MBaAFK8F1CkcroGFxsNC4l3um36SD3bdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcndYVUtSeXVnWVhHdzBMaVhlNmJmcElQZHQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy83NTYwZTQtZmM3ZC00YTY0LWI1MDAt
ZTdmMDVmMDI5YTQ4LzEvSVJLNTE5MjJUSVEwMVZjemJQX29qVlhlXzI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy83NTYwZTQtZmM3ZC00YTY0LWI1MDAtZTdmMDVmMDI5YTQ4
LzEvcndYVUtSeXVnWVhHdzBMaVhlNmJmcElQZHQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV1bMA0G
CSqGSIb3DQEBCwUAA4IBAQB0IpqKeYKCDJYO077PmI8IiuwocTrDphKaUs4cckKS
+D77H2zss/gHMQiY6Y0liOrEuFuQvc0kERIegjKoTlAP0xhF35oi75cRW5JBJgBp
Uvjlm9Dbj6AYq14IIX7gejAlwQOdVj2Qtq0rcfAPpyifOn7ZXz4JOW0S6m1gRqv5
pHT8uXdt7UHrFIsIdoF8dDhxlxFuvk3PL8i7gkH4A0EBoKr2eKCsi0bFY3fVi2yJ
sVaYzQAz41CUlxaTmTYZkXHObmrNU2W4W5a3nvrF+MYx0Bqeiclc7zFuwcD0G1Uv
TtEQai40usoKa1wYrrsEmULaV3DnAaCahLvOEXR28kv+
-----END CERTIFICATE-----