Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/4fe76a-ab81-42a4-aecf-44644dd5ed44/1/RkhJ3n2h0nJIWlzUM7_t-qIo7Q4.roa
File:                     RkhJ3n2h0nJIWlzUM7_t-qIo7Q4.roa (raw, json)
Hash identifier:          KmCTVD5UBt7KfQaE8+YkUbkuISe+2RJNU8pPPRIfPv4=
Subject key identifier:   46:48:49:DE:7D:A1:D2:72:48:5A:5C:D4:33:BF:ED:FA:A2:28:ED:0E
Certificate issuer:       /CN=dc43ea2cd07997ecdfe17188872708652e172df2
Certificate serial:       018CC94D83DF129E8BD2E9F9A74049FB4879
Authority key identifier: DC:43:EA:2C:D0:79:97:EC:DF:E1:71:88:87:27:08:65:2E:17:2D:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3EPqLNB5l-zf4XGIhycIZS4XLfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/4fe76a-ab81-42a4-aecf-44644dd5ed44/1/RkhJ3n2h0nJIWlzUM7_t-qIo7Q4.roa
Signing time:             Tue 02 Jan 2024 08:32:29 +0000
ROA not before:           Tue 02 Jan 2024 08:32:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35332
IP address blocks:        91.220.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/4fe76a-ab81-42a4-aecf-44644dd5ed44/1/3EPqLNB5l-zf4XGIhycIZS4XLfI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/4fe76a-ab81-42a4-aecf-44644dd5ed44/1/3EPqLNB5l-zf4XGIhycIZS4XLfI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3EPqLNB5l-zf4XGIhycIZS4XLfI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:83:df:12:9e:8b:d2:e9:f9:a7:40:49:fb:48:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc43ea2cd07997ecdfe17188872708652e172df2
        Validity
            Not Before: Jan  2 08:32:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=464849de7da1d272485a5cd433bfedfaa228ed0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:18:9f:d2:47:a1:71:13:88:0c:cc:60:cc:9c:
                    a4:00:5f:c0:a4:af:0a:55:d5:23:f1:08:e3:63:37:
                    4d:a7:7a:4e:01:e0:f0:f7:4f:16:e2:76:36:2f:7d:
                    5d:da:f1:7e:1b:2f:46:18:4e:f6:95:5a:18:aa:ae:
                    c5:c9:5d:00:f4:aa:2a:6c:1b:ae:cb:6c:98:b1:3d:
                    1e:78:aa:ed:88:3f:ec:cc:c9:63:36:55:3d:03:4a:
                    3f:29:ca:d9:c7:8c:2b:a5:c2:5b:fb:10:bf:b1:cd:
                    41:32:d3:af:59:6a:d9:c5:ff:4e:1a:06:32:f7:95:
                    cd:c9:0b:7e:e1:5d:a6:db:03:7b:10:4f:98:9e:e3:
                    4e:07:cd:dd:1e:0d:f7:c3:38:f4:3c:e6:e7:07:b3:
                    d9:57:a0:ec:71:46:76:cf:9d:81:59:16:82:66:b9:
                    d4:9d:9b:75:9d:39:20:7f:6a:59:e4:03:cf:40:9e:
                    78:fd:56:81:31:a0:1d:c2:e2:2e:bf:52:21:c1:04:
                    4a:2b:12:41:ab:df:5c:24:49:dd:7d:aa:65:f7:53:
                    de:5e:3a:fd:37:5f:2c:71:ef:76:45:ee:78:65:b7:
                    1e:26:fc:c7:6f:aa:6b:21:d5:f8:55:d1:ef:0c:70:
                    d9:1e:61:59:9e:bd:5f:f2:9b:75:35:93:48:a0:1b:
                    b5:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:48:49:DE:7D:A1:D2:72:48:5A:5C:D4:33:BF:ED:FA:A2:28:ED:0E
            X509v3 Authority Key Identifier:
                keyid:DC:43:EA:2C:D0:79:97:EC:DF:E1:71:88:87:27:08:65:2E:17:2D:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3EPqLNB5l-zf4XGIhycIZS4XLfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4fe76a-ab81-42a4-aecf-44644dd5ed44/1/RkhJ3n2h0nJIWlzUM7_t-qIo7Q4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4fe76a-ab81-42a4-aecf-44644dd5ed44/1/3EPqLNB5l-zf4XGIhycIZS4XLfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:0a:71:36:38:28:0e:a4:fb:2b:6c:6f:db:90:24:6c:fa:f0:
         52:49:c6:85:25:5d:45:69:a5:29:f6:81:2f:9a:a4:aa:4d:82:
         06:26:51:37:dd:b5:22:25:df:8c:45:31:1f:db:5f:7a:3f:7b:
         cb:07:28:9c:93:4f:78:b9:ac:fc:78:7a:eb:a6:94:c1:42:89:
         21:61:d6:f5:2e:d5:bf:6c:6b:7c:8a:9b:d2:97:4b:96:bb:8d:
         e6:0b:2f:0b:29:4c:01:f9:60:ba:4f:a3:f3:46:b8:6d:19:b7:
         a9:1e:ca:1c:2a:18:8d:c4:b1:fe:77:19:03:37:7c:68:33:38:
         8f:b3:7d:15:e5:ac:74:cb:84:23:bf:c1:4f:1c:ab:df:d3:a8:
         40:5f:67:72:f2:82:6c:1b:e7:a7:fb:0f:ee:55:03:1a:29:c1:
         56:25:f8:7e:77:7d:cc:22:41:73:4c:25:f5:f6:6f:ac:a9:d5:
         f5:ee:48:c7:e0:ea:bd:17:7d:7c:ad:02:b7:13:28:64:37:ce:
         0e:3a:c6:98:7d:c9:22:22:67:9e:35:a0:66:54:b9:a0:f1:7c:
         53:b7:87:68:76:f2:9f:f0:1e:07:c6:31:d3:52:81:ab:72:4f:
         7e:a4:cd:c7:4b:de:c2:6c:b4:ce:d8:3a:96:47:65:9c:73:03:
         77:c2:9d:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTYPfEp6L0un5p0BJ+0h5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNDNlYTJjZDA3OTk3ZWNkZmUxNzE4ODg3MjcwODY1MmUx
NzJkZjIwHhcNMjQwMTAyMDgzMjI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjQ4NDlkZTdkYTFkMjcyNDg1YTVjZDQzM2JmZWRmYWEyMjhlZDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjRif0kehcROIDMxgzJykAF/ApK8K
VdUj8QjjYzdNp3pOAeDw908W4nY2L31d2vF+Gy9GGE72lVoYqq7FyV0A9KoqbBuu
y2yYsT0eeKrtiD/szMljNlU9A0o/KcrZx4wrpcJb+xC/sc1BMtOvWWrZxf9OGgYy
95XNyQt+4V2m2wN7EE+YnuNOB83dHg33wzj0PObnB7PZV6DscUZ2z52BWRaCZrnU
nZt1nTkgf2pZ5APPQJ54/VaBMaAdwuIuv1IhwQRKKxJBq99cJEndfapl91PeXjr9
N18sce92Re54ZbceJvzHb6prIdX4VdHvDHDZHmFZnr1f8pt1NZNIoBu1XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEZISd59odJySFpc1DO/7fqiKO0OMB8GA1UdIwQY
MBaAFNxD6izQeZfs3+FxiIcnCGUuFy3yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0VQcUxOQjVsLXpmNFhHSWh5Y0laUzRYTGZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS80ZmU3NmEtYWI4MS00MmE0LWFlY2Yt
NDQ2NDRkZDVlZDQ0LzEvUmtoSjNuMmgwbkpJV2x6VU03X3QtcUlvN1E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS80ZmU3NmEtYWI4MS00MmE0LWFlY2YtNDQ2NDRkZDVlZDQ0
LzEvM0VQcUxOQjVsLXpmNFhHSWh5Y0laUzRYTGZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9wVMA0G
CSqGSIb3DQEBCwUAA4IBAQBWCnE2OCgOpPsrbG/bkCRs+vBSScaFJV1FaaUp9oEv
mqSqTYIGJlE33bUiJd+MRTEf2196P3vLByick094uaz8eHrrppTBQokhYdb1LtW/
bGt8ipvSl0uWu43mCy8LKUwB+WC6T6PzRrhtGbepHsocKhiNxLH+dxkDN3xoMziP
s30V5ax0y4Qjv8FPHKvf06hAX2dy8oJsG+en+w/uVQMaKcFWJfh+d33MIkFzTCX1
9m+sqdX17kjH4Oq9F318rQK3EyhkN84OOsaYfckiImeeNaBmVLmg8XxTt4dodvKf
8B4HxjHTUoGrck9+pM3HS97CbLTO2DqWR2WccwN3wp3Q
-----END CERTIFICATE-----