Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/7a160e-a56d-41c8-8930-95817ee944ce/1/iegW170z-94OMAHE3NHY-PeStUQ.roa
File:                     iegW170z-94OMAHE3NHY-PeStUQ.roa (raw, json)
Hash identifier:          YXgZ5RY1q9jHW3L4VeUA0NluwlXzZK5JRBQDnFsNHg4=
Subject key identifier:   89:E8:16:D7:BD:33:FB:DE:0E:30:01:C4:DC:D1:D8:F8:F7:92:B5:44
Certificate issuer:       /CN=73bbc213c6f90bd8f007139eae6fe0cafa435ece
Certificate serial:       018CC64B8AE6958C4E17D9DCF3998A0A0BCF
Authority key identifier: 73:BB:C2:13:C6:F9:0B:D8:F0:07:13:9E:AE:6F:E0:CA:FA:43:5E:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c7vCE8b5C9jwBxOerm_gyvpDXs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/7a160e-a56d-41c8-8930-95817ee944ce/1/iegW170z-94OMAHE3NHY-PeStUQ.roa
Signing time:             Mon 01 Jan 2024 18:31:28 +0000
ROA not before:           Mon 01 Jan 2024 18:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50599
IP address blocks:        91.224.60.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/7a160e-a56d-41c8-8930-95817ee944ce/1/c7vCE8b5C9jwBxOerm_gyvpDXs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/7a160e-a56d-41c8-8930-95817ee944ce/1/c7vCE8b5C9jwBxOerm_gyvpDXs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c7vCE8b5C9jwBxOerm_gyvpDXs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:8a:e6:95:8c:4e:17:d9:dc:f3:99:8a:0a:0b:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73bbc213c6f90bd8f007139eae6fe0cafa435ece
        Validity
            Not Before: Jan  1 18:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89e816d7bd33fbde0e3001c4dcd1d8f8f792b544
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:38:dd:ba:f6:93:0b:a2:60:2e:b8:db:aa:48:
                    27:99:48:47:c7:fd:f6:82:16:f7:b7:7f:3e:1c:5f:
                    52:de:e8:71:5d:67:ee:2b:7e:75:49:c7:b5:42:68:
                    01:c1:23:e4:08:5d:31:85:d1:53:5d:d3:f2:1e:d1:
                    89:22:e0:95:6a:70:f1:bd:a1:53:69:0a:19:32:1e:
                    43:e3:4f:b2:69:a1:c4:59:b9:6b:fc:f1:42:19:46:
                    fa:1e:48:11:10:6c:c2:f5:cd:36:c5:44:28:6b:90:
                    7f:66:25:e5:a9:9c:3d:75:62:bb:e7:f9:eb:8e:e8:
                    47:a0:8f:6e:89:d9:dc:c6:a0:94:9e:d0:d7:73:6e:
                    5b:e1:de:d0:7f:34:0e:17:ea:e7:40:32:a9:52:94:
                    ef:cc:4c:9a:11:8f:ea:0b:6d:43:e3:e8:29:76:d1:
                    b4:34:10:61:09:eb:06:63:f3:00:56:5f:03:e4:14:
                    ef:44:15:2f:d4:42:15:be:e0:3e:ad:1c:34:3b:34:
                    7d:25:63:af:14:68:06:6d:63:81:a2:6f:eb:7e:f9:
                    f6:11:35:be:19:f9:68:c4:5c:da:f5:03:ee:39:ce:
                    e0:66:84:4d:ab:a5:3c:99:0c:8d:f9:80:f0:3a:7d:
                    cb:4e:6d:be:0b:bc:5e:58:69:e0:de:ff:f4:85:59:
                    81:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:E8:16:D7:BD:33:FB:DE:0E:30:01:C4:DC:D1:D8:F8:F7:92:B5:44
            X509v3 Authority Key Identifier:
                keyid:73:BB:C2:13:C6:F9:0B:D8:F0:07:13:9E:AE:6F:E0:CA:FA:43:5E:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7vCE8b5C9jwBxOerm_gyvpDXs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/7a160e-a56d-41c8-8930-95817ee944ce/1/iegW170z-94OMAHE3NHY-PeStUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/7a160e-a56d-41c8-8930-95817ee944ce/1/c7vCE8b5C9jwBxOerm_gyvpDXs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:c9:3e:50:4c:a2:ea:a1:af:60:99:7c:fd:55:56:ce:d8:92:
         26:d5:ad:c5:3e:68:8f:d3:26:3e:ed:c4:1f:bf:41:82:cd:f1:
         6c:10:c0:87:b1:a8:72:27:cf:fb:6b:02:c8:d3:f3:86:90:17:
         b5:1f:1d:f2:fe:22:ff:22:c5:cd:22:4d:cb:48:b0:cd:b0:0a:
         f7:06:29:e6:13:32:8e:47:7e:00:79:a4:57:d8:cf:04:22:44:
         c3:68:75:59:2c:44:f8:97:36:2a:3b:63:ae:23:c7:d7:4f:5b:
         36:eb:58:9f:ef:e5:bd:c5:5e:a1:3f:58:42:98:25:a7:1b:0e:
         12:3f:2c:b2:d0:ee:8e:a7:d7:c8:82:61:93:2a:e6:b5:ab:ce:
         8b:03:36:27:39:eb:1f:9c:5a:c5:67:54:95:ea:01:02:35:3a:
         d6:85:be:b8:29:ce:d3:b0:3b:97:7d:5d:66:67:b5:e9:2e:f6:
         a7:87:97:99:3b:5a:5c:d8:50:44:a1:cd:d5:9b:49:28:42:e1:
         07:5d:ec:45:d9:3a:0f:64:38:88:df:a1:21:25:36:61:01:cf:
         bc:a2:b9:14:96:39:a8:c3:1c:e5:3a:c6:82:4c:08:54:01:99:
         a5:43:a8:12:55:a4:7c:fe:52:15:fa:ca:0f:0a:f4:42:19:5b:
         08:6f:84:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS4rmlYxOF9nc85mKCgvPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYmJjMjEzYzZmOTBiZDhmMDA3MTM5ZWFlNmZlMGNhZmE0
MzVlY2UwHhcNMjQwMTAxMTgzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWU4MTZkN2JkMzNmYmRlMGUzMDAxYzRkY2QxZDhmOGY3OTJiNTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjjduvaTC6JgLrjbqkgnmUhHx/32
ghb3t38+HF9S3uhxXWfuK351Sce1QmgBwSPkCF0xhdFTXdPyHtGJIuCVanDxvaFT
aQoZMh5D40+yaaHEWblr/PFCGUb6HkgREGzC9c02xUQoa5B/ZiXlqZw9dWK75/nr
juhHoI9uidncxqCUntDXc25b4d7QfzQOF+rnQDKpUpTvzEyaEY/qC21D4+gpdtG0
NBBhCesGY/MAVl8D5BTvRBUv1EIVvuA+rRw0OzR9JWOvFGgGbWOBom/rfvn2ETW+
GfloxFza9QPuOc7gZoRNq6U8mQyN+YDwOn3LTm2+C7xeWGng3v/0hVmBkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFInoFte9M/veDjABxNzR2Pj3krVEMB8GA1UdIwQY
MBaAFHO7whPG+QvY8AcTnq5v4Mr6Q17OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzd2Q0U4YjVDOWp3QnhPZXJtX2d5dnBEWHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi83YTE2MGUtYTU2ZC00MWM4LTg5MzAt
OTU4MTdlZTk0NGNlLzEvaWVnVzE3MHotOTRPTUFIRTNOSFktUGVTdFVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi83YTE2MGUtYTU2ZC00MWM4LTg5MzAtOTU4MTdlZTk0NGNl
LzEvYzd2Q0U4YjVDOWp3QnhPZXJtX2d5dnBEWHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+A8MA0G
CSqGSIb3DQEBCwUAA4IBAQADyT5QTKLqoa9gmXz9VVbO2JIm1a3FPmiP0yY+7cQf
v0GCzfFsEMCHsahyJ8/7awLI0/OGkBe1Hx3y/iL/IsXNIk3LSLDNsAr3BinmEzKO
R34AeaRX2M8EIkTDaHVZLET4lzYqO2OuI8fXT1s261if7+W9xV6hP1hCmCWnGw4S
Pyyy0O6Op9fIgmGTKua1q86LAzYnOesfnFrFZ1SV6gECNTrWhb64Kc7TsDuXfV1m
Z7XpLvanh5eZO1pc2FBEoc3Vm0koQuEHXexF2ToPZDiI36EhJTZhAc+8orkUljmo
wxzlOsaCTAhUAZmlQ6gSVaR8/lIV+soPCvRCGVsIb4RI
-----END CERTIFICATE-----