Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/wU28G3tawTJ6GLRlirJoiOEXF78.roa
File:                     wU28G3tawTJ6GLRlirJoiOEXF78.roa (raw, json)
Hash identifier:          xnMyds1gYp8SspQJyQiK0H1e/y9eCK+ELlugawtxHF8=
Subject key identifier:   C1:4D:BC:1B:7B:5A:C1:32:7A:18:B4:65:8A:B2:68:88:E1:17:17:BF
Certificate issuer:       /CN=b498c97b14c374a52833db6a4007b54b4662c5a9
Certificate serial:       018E42BE81CCE559A66B9BAD41135ABA932E
Authority key identifier: B4:98:C9:7B:14:C3:74:A5:28:33:DB:6A:40:07:B5:4B:46:62:C5:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tJjJexTDdKUoM9tqQAe1S0Zixak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/wU28G3tawTJ6GLRlirJoiOEXF78.roa
Signing time:             Fri 15 Mar 2024 15:32:45 +0000
ROA not before:           Fri 15 Mar 2024 15:32:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        91.196.160.0/23 maxlen: 23
                          91.196.162.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/tJjJexTDdKUoM9tqQAe1S0Zixak.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/tJjJexTDdKUoM9tqQAe1S0Zixak.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tJjJexTDdKUoM9tqQAe1S0Zixak.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:42:be:81:cc:e5:59:a6:6b:9b:ad:41:13:5a:ba:93:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b498c97b14c374a52833db6a4007b54b4662c5a9
        Validity
            Not Before: Mar 15 15:32:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c14dbc1b7b5ac1327a18b4658ab26888e11717bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:5d:eb:ea:40:be:38:b2:f5:b4:04:80:5d:b1:
                    21:d4:16:d4:ca:bb:ef:ca:91:f1:33:fc:32:f4:ac:
                    6d:d0:61:d0:cb:be:51:a7:3f:6d:a1:88:5e:ce:62:
                    46:dc:4a:85:f1:2b:a7:0d:05:42:85:8f:72:b5:fa:
                    b0:e1:b1:0f:7c:5d:3c:36:47:bf:87:77:e5:b7:15:
                    c6:b2:44:22:9a:af:e9:6b:e9:74:3b:df:e4:57:77:
                    6e:68:44:96:4f:c3:2e:7b:cf:38:b3:7f:7b:e1:75:
                    5a:fb:5c:ec:5a:e2:fa:cd:b0:d8:96:71:c6:67:90:
                    a6:45:e7:7b:2c:e6:c9:13:d5:91:2d:a4:92:02:57:
                    99:e5:4b:b2:70:de:12:fc:2e:13:0d:36:24:04:93:
                    b0:00:b6:95:fb:bc:66:c8:73:ce:f0:00:59:8f:05:
                    cd:d4:fa:b7:69:21:5e:e8:09:9a:73:f5:97:78:7f:
                    2d:2e:3e:86:9c:52:fa:8a:db:ae:94:b9:48:71:6d:
                    36:44:c0:6e:50:31:50:4a:91:8b:d9:e8:0c:ef:b2:
                    95:45:e3:4a:55:d7:5a:be:8f:43:29:4f:de:e4:93:
                    ef:36:7d:f7:9e:80:f6:af:5f:7d:08:32:81:fa:b7:
                    2e:63:da:3a:99:16:60:83:7b:33:94:02:e9:30:b8:
                    a2:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:4D:BC:1B:7B:5A:C1:32:7A:18:B4:65:8A:B2:68:88:E1:17:17:BF
            X509v3 Authority Key Identifier:
                keyid:B4:98:C9:7B:14:C3:74:A5:28:33:DB:6A:40:07:B5:4B:46:62:C5:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tJjJexTDdKUoM9tqQAe1S0Zixak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/wU28G3tawTJ6GLRlirJoiOEXF78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/tJjJexTDdKUoM9tqQAe1S0Zixak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:ab:47:e8:0e:e8:82:ac:5a:f4:c0:ab:8c:f2:10:0b:be:49:
         14:bc:14:45:4a:b6:73:f5:ca:f7:14:3e:de:17:3e:02:44:ca:
         73:d0:83:a9:5b:a2:02:af:c8:89:13:57:8f:06:38:66:68:ac:
         53:18:9b:a3:2a:23:c9:d9:c0:75:86:7d:8c:99:5c:4a:d3:aa:
         9e:a2:3e:7d:98:ff:f4:4b:d4:e5:cf:07:44:44:09:84:5b:27:
         b5:ed:ab:1d:84:7a:95:d1:fb:27:b0:f7:50:aa:67:7e:5f:ae:
         0c:6e:a1:6b:d3:4f:78:46:7c:fa:e2:90:c4:9e:2f:e4:e2:d6:
         ba:cd:25:9f:6b:e3:97:b0:54:6c:50:01:33:c5:4a:8b:71:73:
         b6:b2:1f:58:9e:0f:38:82:ea:46:3e:42:80:e0:1a:5e:38:83:
         f9:9b:ed:0e:40:55:d4:cb:e0:9d:32:46:8f:1b:65:15:39:64:
         9f:bf:64:9c:66:17:a7:bb:13:96:c8:a6:bf:1b:ed:e7:06:13:
         69:70:9e:71:a9:36:81:fe:ef:79:69:2a:cf:87:d3:ae:ce:e0:
         a3:7d:40:af:a7:a4:0c:d1:27:d9:4d:13:4f:f6:59:09:13:2a:
         cc:13:ee:5a:ae:e9:5b:24:4a:2d:59:5c:f9:73:14:05:f1:c6:
         0f:7a:29:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5CvoHM5Vmma5utQRNaupMuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0OThjOTdiMTRjMzc0YTUyODMzZGI2YTQwMDdiNTRiNDY2
MmM1YTkwHhcNMjQwMzE1MTUzMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTRkYmMxYjdiNWFjMTMyN2ExOGI0NjU4YWIyNjg4OGUxMTcxN2JmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAul3r6kC+OLL1tASAXbEh1BbUyrvv
ypHxM/wy9Kxt0GHQy75Rpz9toYhezmJG3EqF8SunDQVChY9ytfqw4bEPfF08Nke/
h3fltxXGskQimq/pa+l0O9/kV3duaESWT8Mue884s3974XVa+1zsWuL6zbDYlnHG
Z5CmRed7LObJE9WRLaSSAleZ5UuycN4S/C4TDTYkBJOwALaV+7xmyHPO8ABZjwXN
1Pq3aSFe6Amac/WXeH8tLj6GnFL6ituulLlIcW02RMBuUDFQSpGL2egM77KVReNK
Vddavo9DKU/e5JPvNn33noD2r199CDKB+rcuY9o6mRZgg3szlALpMLiiNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMFNvBt7WsEyehi0ZYqyaIjhFxe/MB8GA1UdIwQY
MBaAFLSYyXsUw3SlKDPbakAHtUtGYsWpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEpqSmV4VERkS1VvTTl0cVFBZTFTMFppeGFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC8xNDcwZjUtYzMxNi00ZmZmLTljMzct
ODY1NDI2NjQ1N2M2LzEvd1UyOEczdGF3VEo2R0xSbGlySm9pT0VYRjc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC8xNDcwZjUtYzMxNi00ZmZmLTljMzctODY1NDI2NjQ1N2M2
LzEvdEpqSmV4VERkS1VvTTl0cVFBZTFTMFppeGFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8SgMA0G
CSqGSIb3DQEBCwUAA4IBAQBNq0foDuiCrFr0wKuM8hALvkkUvBRFSrZz9cr3FD7e
Fz4CRMpz0IOpW6ICr8iJE1ePBjhmaKxTGJujKiPJ2cB1hn2MmVxK06qeoj59mP/0
S9TlzwdERAmEWye17asdhHqV0fsnsPdQqmd+X64MbqFr0094Rnz64pDEni/k4ta6
zSWfa+OXsFRsUAEzxUqLcXO2sh9Yng84gupGPkKA4BpeOIP5m+0OQFXUy+CdMkaP
G2UVOWSfv2ScZhenuxOWyKa/G+3nBhNpcJ5xqTaB/u95aSrPh9OuzuCjfUCvp6QM
0SfZTRNP9lkJEyrME+5arulbJEotWVz5cxQF8cYPeilt
-----END CERTIFICATE-----