Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/a0735a-511c-48c9-a61a-0c2ff7937e6f/1/1edC6yW53ueZauW7Qv02bcMwu28.roa
File:                     1edC6yW53ueZauW7Qv02bcMwu28.roa (raw, json)
Hash identifier:          IAOi3SELH8GOcgNEiEpYRVlf6baZwL8pA06tH+zUSaM=
Subject key identifier:   D5:E7:42:EB:25:B9:DE:E7:99:6A:E5:BB:42:FD:36:6D:C3:30:BB:6F
Certificate issuer:       /CN=20d5b8483b1712b7023541056e73085366d29346
Certificate serial:       018CC42539FD299D82EBB2549C82FD915C3E
Authority key identifier: 20:D5:B8:48:3B:17:12:B7:02:35:41:05:6E:73:08:53:66:D2:93:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/INW4SDsXErcCNUEFbnMIU2bSk0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/a0735a-511c-48c9-a61a-0c2ff7937e6f/1/1edC6yW53ueZauW7Qv02bcMwu28.roa
Signing time:             Mon 01 Jan 2024 08:30:23 +0000
ROA not before:           Mon 01 Jan 2024 08:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51838
IP address blocks:        91.220.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/a0735a-511c-48c9-a61a-0c2ff7937e6f/1/INW4SDsXErcCNUEFbnMIU2bSk0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/a0735a-511c-48c9-a61a-0c2ff7937e6f/1/INW4SDsXErcCNUEFbnMIU2bSk0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/INW4SDsXErcCNUEFbnMIU2bSk0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:39:fd:29:9d:82:eb:b2:54:9c:82:fd:91:5c:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20d5b8483b1712b7023541056e73085366d29346
        Validity
            Not Before: Jan  1 08:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5e742eb25b9dee7996ae5bb42fd366dc330bb6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:6c:10:fd:ad:85:3e:ed:0d:dd:b3:d1:90:30:
                    f2:a9:58:a1:2e:d0:9e:2a:72:1a:bb:86:03:25:0b:
                    5a:e6:a9:92:1f:c5:fc:72:dd:bd:7e:36:69:93:d1:
                    1b:fc:71:68:04:7c:dd:b3:87:5e:e4:ac:df:4e:da:
                    96:ca:1c:c1:6a:12:dc:8c:d5:fd:b8:43:0c:bb:32:
                    7a:77:a1:72:37:58:63:fd:bd:c1:36:0c:34:28:4c:
                    e9:cb:1f:69:c7:f6:24:84:ae:e8:11:b2:24:31:ab:
                    72:b7:b8:9f:11:51:4f:4a:e1:4e:02:bd:6a:c8:fe:
                    1e:10:e6:49:66:e7:5c:a2:df:0c:d6:7b:32:a1:b1:
                    4c:e3:b3:7f:9b:53:04:dd:49:9e:46:46:72:50:94:
                    6f:1f:05:7a:70:60:9e:35:34:2c:52:92:85:23:a8:
                    eb:f6:e6:44:ba:3d:59:c6:c4:2f:0f:b7:1e:74:b4:
                    7a:ac:56:c0:13:eb:41:84:ea:f6:0e:32:a9:8d:98:
                    e1:d1:6e:4c:28:1a:2c:a9:23:85:56:dd:f4:63:db:
                    29:43:6d:ae:66:5f:6f:44:9a:b7:35:ae:9b:d5:d6:
                    ad:13:3c:89:18:d6:12:db:cc:d7:44:df:6b:ee:47:
                    57:25:32:7d:7c:24:1d:22:29:ff:11:de:f0:f5:3e:
                    cf:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:E7:42:EB:25:B9:DE:E7:99:6A:E5:BB:42:FD:36:6D:C3:30:BB:6F
            X509v3 Authority Key Identifier:
                keyid:20:D5:B8:48:3B:17:12:B7:02:35:41:05:6E:73:08:53:66:D2:93:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/INW4SDsXErcCNUEFbnMIU2bSk0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/a0735a-511c-48c9-a61a-0c2ff7937e6f/1/1edC6yW53ueZauW7Qv02bcMwu28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/a0735a-511c-48c9-a61a-0c2ff7937e6f/1/INW4SDsXErcCNUEFbnMIU2bSk0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:e0:8d:d0:7a:aa:80:d9:7a:a2:47:94:05:d3:e0:a5:94:bf:
         de:a8:6f:cd:d5:81:09:ce:d7:a0:bb:69:6d:d0:20:d2:62:11:
         5a:79:a1:86:d9:7f:b3:26:9f:6d:d3:de:e7:76:43:d7:e1:0c:
         ef:c4:ae:d4:9d:dd:80:05:7f:31:0b:fb:b5:84:e5:2c:97:86:
         4a:c3:eb:7b:1b:c0:fb:e2:11:25:b3:b7:f2:a4:72:20:8d:5a:
         09:00:0d:20:e5:8d:02:81:c5:d8:de:7d:9d:9e:a2:1c:63:9f:
         a7:9a:fa:69:bb:de:a8:36:36:5e:00:80:67:dd:87:7e:e0:34:
         23:42:4d:b1:6e:78:27:5f:84:fe:7e:a1:cd:bd:84:ff:ca:ba:
         6c:29:cd:f7:03:80:01:d9:13:17:54:84:05:a1:e9:68:71:ce:
         95:07:58:a7:3a:3b:88:ac:dd:7e:b1:a9:da:8c:e4:17:fb:ca:
         df:26:0f:1b:ce:3c:63:3b:93:cc:27:f7:45:d6:f9:61:5d:5b:
         dc:d9:2f:74:09:92:09:06:60:4a:3d:a4:91:09:87:36:02:9b:
         f1:58:35:81:5a:18:27:c1:53:bf:b1:d1:1d:b2:65:61:ff:d6:
         b4:18:0b:21:a1:99:b8:34:ff:bf:39:34:68:4c:92:85:29:73:
         27:be:ab:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJTn9KZ2C67JUnIL9kVw+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZDViODQ4M2IxNzEyYjcwMjM1NDEwNTZlNzMwODUzNjZk
MjkzNDYwHhcNMjQwMTAxMDgzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWU3NDJlYjI1YjlkZWU3OTk2YWU1YmI0MmZkMzY2ZGMzMzBiYjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmwQ/a2FPu0N3bPRkDDyqVihLtCe
KnIau4YDJQta5qmSH8X8ct29fjZpk9Eb/HFoBHzds4de5KzfTtqWyhzBahLcjNX9
uEMMuzJ6d6FyN1hj/b3BNgw0KEzpyx9px/YkhK7oEbIkMatyt7ifEVFPSuFOAr1q
yP4eEOZJZudcot8M1nsyobFM47N/m1ME3UmeRkZyUJRvHwV6cGCeNTQsUpKFI6jr
9uZEuj1ZxsQvD7cedLR6rFbAE+tBhOr2DjKpjZjh0W5MKBosqSOFVt30Y9spQ22u
Zl9vRJq3Na6b1datEzyJGNYS28zXRN9r7kdXJTJ9fCQdIin/Ed7w9T7PdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNXnQuslud7nmWrlu0L9Nm3DMLtvMB8GA1UdIwQY
MBaAFCDVuEg7FxK3AjVBBW5zCFNm0pNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU5XNFNEc1hFcmNDTlVFRmJuTUlVMmJTazBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9hMDczNWEtNTExYy00OGM5LWE2MWEt
MGMyZmY3OTM3ZTZmLzEvMWVkQzZ5VzUzdWVaYXVXN1F2MDJiY013dTI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9hMDczNWEtNTExYy00OGM5LWE2MWEtMGMyZmY3OTM3ZTZm
LzEvSU5XNFNEc1hFcmNDTlVFRmJuTUlVMmJTazBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9yRMA0G
CSqGSIb3DQEBCwUAA4IBAQAY4I3QeqqA2XqiR5QF0+CllL/eqG/N1YEJztegu2lt
0CDSYhFaeaGG2X+zJp9t097ndkPX4QzvxK7Und2ABX8xC/u1hOUsl4ZKw+t7G8D7
4hEls7fypHIgjVoJAA0g5Y0CgcXY3n2dnqIcY5+nmvppu96oNjZeAIBn3Yd+4DQj
Qk2xbngnX4T+fqHNvYT/yrpsKc33A4AB2RMXVIQFoelocc6VB1inOjuIrN1+sana
jOQX+8rfJg8bzjxjO5PMJ/dF1vlhXVvc2S90CZIJBmBKPaSRCYc2ApvxWDWBWhgn
wVO/sdEdsmVh/9a0GAshoZm4NP+/OTRoTJKFKXMnvqvH
-----END CERTIFICATE-----