Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/15cc52-51ee-460e-9aeb-ee5559b3658b/1/x51pPjjY-oOdn9qxjx1-3fXDZJw.roa
File:                     x51pPjjY-oOdn9qxjx1-3fXDZJw.roa (raw, json)
Hash identifier:          t4VpZTv6GJlwNCc85prenDYiVXsIE10iv2c9qx8I+o4=
Subject key identifier:   C7:9D:69:3E:38:D8:FA:83:9D:9F:DA:B1:8F:1D:7E:DD:F5:C3:64:9C
Certificate issuer:       /CN=91a071508338260551a55f01fd0708fdf5e08287
Certificate serial:       018CC348B17B4D7A4931A9784B0942F8C822
Authority key identifier: 91:A0:71:50:83:38:26:05:51:A5:5F:01:FD:07:08:FD:F5:E0:82:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kaBxUIM4JgVRpV8B_QcI_fXggoc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/15cc52-51ee-460e-9aeb-ee5559b3658b/1/x51pPjjY-oOdn9qxjx1-3fXDZJw.roa
Signing time:             Mon 01 Jan 2024 04:29:30 +0000
ROA not before:           Mon 01 Jan 2024 04:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8467
IP address blocks:        185.83.244.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/15cc52-51ee-460e-9aeb-ee5559b3658b/1/kaBxUIM4JgVRpV8B_QcI_fXggoc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/15cc52-51ee-460e-9aeb-ee5559b3658b/1/kaBxUIM4JgVRpV8B_QcI_fXggoc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kaBxUIM4JgVRpV8B_QcI_fXggoc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:b1:7b:4d:7a:49:31:a9:78:4b:09:42:f8:c8:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91a071508338260551a55f01fd0708fdf5e08287
        Validity
            Not Before: Jan  1 04:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c79d693e38d8fa839d9fdab18f1d7eddf5c3649c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:bb:8e:7d:02:2d:bd:0f:b8:cc:78:49:57:6f:
                    6c:c5:9a:97:c3:68:fb:ab:89:9d:8b:0e:d4:dc:72:
                    1f:63:63:07:18:1d:a8:0c:2a:54:59:5f:4e:b1:82:
                    e5:a9:0c:d4:08:b9:3e:87:d5:ad:f6:88:44:5c:30:
                    15:33:c2:a6:72:cf:5f:de:e6:9f:72:3d:ab:57:b2:
                    2e:e3:15:b0:f9:63:68:8b:22:e3:26:aa:ef:d5:7f:
                    29:cd:7e:8c:1b:de:44:01:6b:88:24:85:6d:5d:89:
                    35:37:08:0e:da:9b:09:57:26:0c:fa:86:68:75:db:
                    33:2f:19:f6:0c:96:93:8e:53:37:57:7f:b4:38:ff:
                    ac:3f:a3:86:8a:e8:b3:6b:30:f9:42:7f:72:ab:ed:
                    38:c2:b0:62:1e:82:be:3f:35:e3:cf:45:2e:5e:05:
                    26:87:86:a6:61:d5:00:e2:a1:38:39:10:ba:43:c1:
                    75:b5:2e:af:2e:62:d0:d6:24:06:d3:ef:a1:44:89:
                    e0:6c:61:55:e7:6a:cc:28:96:9b:d3:74:3d:56:fe:
                    4e:10:51:38:63:f2:2d:2e:e5:e2:11:2b:d3:83:a2:
                    76:17:a1:cf:33:21:96:6e:79:36:63:5d:ce:3a:28:
                    90:af:be:ea:57:f7:47:6b:ab:ab:d1:98:31:71:ba:
                    1f:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:9D:69:3E:38:D8:FA:83:9D:9F:DA:B1:8F:1D:7E:DD:F5:C3:64:9C
            X509v3 Authority Key Identifier:
                keyid:91:A0:71:50:83:38:26:05:51:A5:5F:01:FD:07:08:FD:F5:E0:82:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kaBxUIM4JgVRpV8B_QcI_fXggoc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/15cc52-51ee-460e-9aeb-ee5559b3658b/1/x51pPjjY-oOdn9qxjx1-3fXDZJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/15cc52-51ee-460e-9aeb-ee5559b3658b/1/kaBxUIM4JgVRpV8B_QcI_fXggoc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:3c:e7:32:23:26:63:53:f4:c0:90:bf:c6:5c:c6:0f:e4:16:
         6d:d2:f9:e5:c3:8d:66:bb:65:be:f4:6a:f5:22:45:57:33:18:
         c5:e1:75:c6:9e:1a:3b:85:98:88:68:9b:8f:a0:e0:c2:2b:c8:
         e4:81:10:73:6b:93:67:93:47:4c:ba:76:37:81:56:f0:b8:70:
         84:2c:01:2b:3d:04:b1:aa:01:b9:b6:bd:97:8d:0c:d1:c3:4a:
         c9:31:90:27:d8:07:70:05:30:cb:3e:8a:c3:46:4a:fb:52:b1:
         82:4d:43:f2:68:27:d9:ae:67:14:38:25:f7:1f:ec:c2:60:d3:
         9d:b9:ef:98:2e:09:8c:b1:f9:93:cf:d3:fc:63:9a:fc:ae:49:
         bb:c4:cc:61:0a:4b:51:5d:d5:0f:44:82:cf:ae:01:89:b0:21:
         96:c2:81:21:b7:ac:80:23:c2:9a:5b:1a:5a:ed:42:d0:c6:d5:
         63:b2:6c:84:98:47:fe:a2:c5:d6:77:ff:de:8a:5d:9c:80:d2:
         74:54:f3:b2:82:7c:c9:88:2c:13:b0:16:12:2d:38:a0:9b:bd:
         4f:83:fc:87:03:9c:31:9e:b9:52:fb:ba:b3:10:7d:b7:8d:3a:
         a9:08:d3:e3:17:85:b7:25:29:17:bc:23:6d:4e:ba:4e:3d:60:
         67:1f:8c:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSLF7TXpJMal4SwlC+MgiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxYTA3MTUwODMzODI2MDU1MWE1NWYwMWZkMDcwOGZkZjVl
MDgyODcwHhcNMjQwMTAxMDQyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzlkNjkzZTM4ZDhmYTgzOWQ5ZmRhYjE4ZjFkN2VkZGY1YzM2NDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgruOfQItvQ+4zHhJV29sxZqXw2j7
q4mdiw7U3HIfY2MHGB2oDCpUWV9OsYLlqQzUCLk+h9Wt9ohEXDAVM8Kmcs9f3uaf
cj2rV7Iu4xWw+WNoiyLjJqrv1X8pzX6MG95EAWuIJIVtXYk1NwgO2psJVyYM+oZo
ddszLxn2DJaTjlM3V3+0OP+sP6OGiuizazD5Qn9yq+04wrBiHoK+PzXjz0UuXgUm
h4amYdUA4qE4ORC6Q8F1tS6vLmLQ1iQG0++hRIngbGFV52rMKJab03Q9Vv5OEFE4
Y/ItLuXiESvTg6J2F6HPMyGWbnk2Y13OOiiQr77qV/dHa6ur0Zgxcbof+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMedaT442PqDnZ/asY8dft31w2ScMB8GA1UdIwQY
MBaAFJGgcVCDOCYFUaVfAf0HCP314IKHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2FCeFVJTTRKZ1ZScFY4Ql9RY0lfZlhnZ29jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8xNWNjNTItNTFlZS00NjBlLTlhZWIt
ZWU1NTU5YjM2NThiLzEveDUxcFBqalktb09kbjlxeGp4MS0zZlhEWkp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8xNWNjNTItNTFlZS00NjBlLTlhZWItZWU1NTU5YjM2NThi
LzEva2FCeFVJTTRKZ1ZScFY4Ql9RY0lfZlhnZ29jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVP0MA0G
CSqGSIb3DQEBCwUAA4IBAQA3POcyIyZjU/TAkL/GXMYP5BZt0vnlw41mu2W+9Gr1
IkVXMxjF4XXGnho7hZiIaJuPoODCK8jkgRBza5Nnk0dMunY3gVbwuHCELAErPQSx
qgG5tr2XjQzRw0rJMZAn2AdwBTDLPorDRkr7UrGCTUPyaCfZrmcUOCX3H+zCYNOd
ue+YLgmMsfmTz9P8Y5r8rkm7xMxhCktRXdUPRILPrgGJsCGWwoEht6yAI8KaWxpa
7ULQxtVjsmyEmEf+osXWd//eil2cgNJ0VPOygnzJiCwTsBYSLTigm71Pg/yHA5wx
nrlS+7qzEH23jTqpCNPjF4W3JSkXvCNtTrpOPWBnH4ys
-----END CERTIFICATE-----