Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/jEJbwEPDxpTq4bAG91eSnLi8Y00.roa
File:                     jEJbwEPDxpTq4bAG91eSnLi8Y00.roa (raw, json)
Hash identifier:          gjo6tfRAgvLDyHob5OIVO4aFNhfm+IP43RpPCjs5bSg=
Subject key identifier:   8C:42:5B:C0:43:C3:C6:94:EA:E1:B0:06:F7:57:92:9C:B8:BC:63:4D
Certificate issuer:       /CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Certificate serial:       018CC86F251EA4B1B9198F62962D5C92EF27
Authority key identifier: 2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/jEJbwEPDxpTq4bAG91eSnLi8Y00.roa
Signing time:             Tue 02 Jan 2024 04:29:36 +0000
ROA not before:           Tue 02 Jan 2024 04:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        91.92.44.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:25:1e:a4:b1:b9:19:8f:62:96:2d:5c:92:ef:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
        Validity
            Not Before: Jan  2 04:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c425bc043c3c694eae1b006f757929cb8bc634d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:42:3d:13:4f:28:32:97:43:27:92:f0:91:95:
                    58:73:fe:6c:af:92:97:a0:70:f6:21:51:c7:dc:81:
                    96:5a:7f:8c:9f:b8:40:1c:31:de:66:9e:61:2b:f2:
                    47:b1:a3:b9:13:1b:59:e0:64:65:a2:b9:54:21:aa:
                    81:f4:7d:4f:a7:fc:39:74:22:30:ba:0d:dd:96:ca:
                    d6:a2:8c:6f:3f:ec:57:42:01:8f:30:c9:9a:9c:71:
                    a3:a4:67:35:04:73:b8:b7:1f:de:58:50:4b:ff:c3:
                    d5:b0:00:df:bc:04:0d:04:0d:65:a2:a1:07:9b:48:
                    7a:b7:f5:7a:99:22:6d:4a:97:59:83:ac:1f:85:f3:
                    3e:31:ed:b4:be:ef:ee:ef:db:3a:39:f8:a6:ca:2e:
                    44:14:27:1e:8a:9f:64:75:22:b6:4e:e6:35:85:82:
                    50:35:31:7a:9e:8a:26:f4:04:c8:60:1d:43:4a:b6:
                    6e:89:2d:b1:d9:97:d4:2c:22:1a:ad:39:78:f3:3b:
                    7c:f3:d7:c3:5d:cb:60:a0:01:76:89:c4:d1:2b:41:
                    05:52:37:1c:0d:dd:b1:08:65:00:32:b5:c6:02:1b:
                    0c:8c:07:b3:5c:e2:cb:6a:05:ec:d3:3e:c4:92:90:
                    06:77:cb:fa:0e:17:bc:10:2a:aa:96:05:50:a8:e4:
                    ef:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:42:5B:C0:43:C3:C6:94:EA:E1:B0:06:F7:57:92:9C:B8:BC:63:4D
            X509v3 Authority Key Identifier:
                keyid:2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/jEJbwEPDxpTq4bAG91eSnLi8Y00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.92.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:2a:c8:bb:31:6d:6f:fc:54:b2:45:8b:2c:98:fa:80:2b:c6:
         c5:5d:64:ba:98:8d:9c:fc:4e:be:5e:50:03:cf:2f:5e:6f:f6:
         e8:22:c0:75:22:e1:78:73:2b:a7:40:2b:93:db:70:66:9e:4f:
         24:68:be:9f:03:4f:2c:90:c1:cd:20:b1:ab:5a:6f:98:82:1f:
         db:77:20:95:1f:f1:db:90:ab:9a:c6:1f:f9:f2:88:42:a1:33:
         f0:6f:18:8f:80:b0:7f:f9:5c:2b:56:15:d5:6f:b6:d7:2d:b4:
         27:f6:46:3f:4d:a1:74:f9:8a:84:b0:6a:c1:62:d6:8e:5e:b7:
         d4:91:dd:a6:ba:f2:6c:b8:63:ee:d3:0d:6c:88:ec:dc:76:2d:
         eb:d2:28:2b:ab:b9:76:e6:1a:ae:86:f9:d7:0e:67:fc:9b:63:
         d9:1e:68:b5:ef:e7:bb:47:b5:41:f4:b0:3e:a0:60:bf:4d:6c:
         3b:48:ef:6b:5b:34:56:23:98:54:e7:25:d1:3d:ee:d8:61:c3:
         fc:37:2d:91:69:47:1c:13:d0:53:f5:b1:02:45:a6:64:b2:29:
         9e:5d:bb:3d:1c:39:d1:2f:45:c5:6a:51:90:d8:98:d4:41:db:
         d0:4b:2f:bb:c7:d8:ab:a5:03:4c:12:a7:d8:04:c8:3c:6d:76:
         31:65:d7:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbyUepLG5GY9ili1cku8nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMWNhYTY5MzU4ZjhjOThmN2E3MTlmMjU5N2Q1ZGFkZGJk
MDAxOGMwHhcNMjQwMTAyMDQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzQyNWJjMDQzYzNjNjk0ZWFlMWIwMDZmNzU3OTI5Y2I4YmM2MzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAikI9E08oMpdDJ5LwkZVYc/5sr5KX
oHD2IVHH3IGWWn+Mn7hAHDHeZp5hK/JHsaO5ExtZ4GRlorlUIaqB9H1Pp/w5dCIw
ug3dlsrWooxvP+xXQgGPMMmanHGjpGc1BHO4tx/eWFBL/8PVsADfvAQNBA1loqEH
m0h6t/V6mSJtSpdZg6wfhfM+Me20vu/u79s6Ofimyi5EFCceip9kdSK2TuY1hYJQ
NTF6noom9ATIYB1DSrZuiS2x2ZfULCIarTl48zt889fDXctgoAF2icTRK0EFUjcc
Dd2xCGUAMrXGAhsMjAezXOLLagXs0z7EkpAGd8v6Dhe8ECqqlgVQqOTvDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIxCW8BDw8aU6uGwBvdXkpy4vGNNMB8GA1UdIwQY
MBaAFC0cqmk1j4yY96cZ8ll9Xa3b0AGMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2Yjct
MjliMDg1ZGQyM2FkLzEvakVKYndFUER4cFRxNGJBRzkxZVNuTGk4WTAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2YjctMjliMDg1ZGQyM2Fk
LzEvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW1wsMA0G
CSqGSIb3DQEBCwUAA4IBAQB6Ksi7MW1v/FSyRYssmPqAK8bFXWS6mI2c/E6+XlAD
zy9eb/boIsB1IuF4cyunQCuT23Bmnk8kaL6fA08skMHNILGrWm+Ygh/bdyCVH/Hb
kKuaxh/58ohCoTPwbxiPgLB/+VwrVhXVb7bXLbQn9kY/TaF0+YqEsGrBYtaOXrfU
kd2muvJsuGPu0w1siOzcdi3r0igrq7l25hquhvnXDmf8m2PZHmi17+e7R7VB9LA+
oGC/TWw7SO9rWzRWI5hU5yXRPe7YYcP8Ny2RaUccE9BT9bECRaZksimeXbs9HDnR
L0XFalGQ2JjUQdvQSy+7x9irpQNMEqfYBMg8bXYxZdcR
-----END CERTIFICATE-----