Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/d7f2d8-46cd-41fd-8008-a4296ad98635/1/1ScihSxDiMCH17x4HZfAle-gKnQ.roa
File:                     1ScihSxDiMCH17x4HZfAle-gKnQ.roa (raw, json)
Hash identifier:          1u/T51bPUGHBNWqj2BB4PeMxLE1jdI72oOIcDjDZBC0=
Subject key identifier:   D5:27:22:85:2C:43:88:C0:87:D7:BC:78:1D:97:C0:95:EF:A0:2A:74
Certificate issuer:       /CN=13d8042a28015d27f35b1f1ab73611e8511b6923
Certificate serial:       018CC2DADE18ADFAEB02AFA5C9C74283401C
Authority key identifier: 13:D8:04:2A:28:01:5D:27:F3:5B:1F:1A:B7:36:11:E8:51:1B:69:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E9gEKigBXSfzWx8atzYR6FEbaSM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/d7f2d8-46cd-41fd-8008-a4296ad98635/1/1ScihSxDiMCH17x4HZfAle-gKnQ.roa
Signing time:             Mon 01 Jan 2024 02:29:32 +0000
ROA not before:           Mon 01 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197522
IP address blocks:        91.221.218.0/24 maxlen: 24
                          91.221.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/d7f2d8-46cd-41fd-8008-a4296ad98635/1/E9gEKigBXSfzWx8atzYR6FEbaSM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/d7f2d8-46cd-41fd-8008-a4296ad98635/1/E9gEKigBXSfzWx8atzYR6FEbaSM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E9gEKigBXSfzWx8atzYR6FEbaSM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:de:18:ad:fa:eb:02:af:a5:c9:c7:42:83:40:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13d8042a28015d27f35b1f1ab73611e8511b6923
        Validity
            Not Before: Jan  1 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d52722852c4388c087d7bc781d97c095efa02a74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:e3:37:9a:09:e0:17:4f:18:2b:6d:3f:79:b6:
                    98:58:45:db:23:be:d9:ae:05:29:42:08:d1:71:c2:
                    b8:78:cd:b6:cf:d4:bf:02:11:51:72:2a:34:21:95:
                    5d:4f:28:bb:db:af:8d:f8:bc:ba:c2:9c:7d:9b:d6:
                    fd:82:54:55:e5:c5:54:ae:ed:07:86:68:41:c4:27:
                    f7:65:d8:35:9e:c3:e2:b5:ba:5f:c3:3a:9b:18:37:
                    0a:ec:db:e1:5d:21:dd:46:29:56:dc:71:af:21:13:
                    4f:c3:d5:7d:d4:ab:c7:be:c8:19:aa:97:1b:6d:e2:
                    6f:e7:fb:d8:02:44:57:b3:45:fa:c0:d4:88:e4:8f:
                    a4:d6:7d:0d:ac:f9:fd:dc:6d:91:b4:f8:51:49:7d:
                    d4:89:3f:33:82:c7:93:bb:b5:90:44:33:f1:03:ad:
                    d8:4a:c8:33:f5:e9:c3:3e:f0:a1:91:7d:e5:b5:1b:
                    84:d6:c4:f3:95:95:26:ee:7c:9f:da:28:b7:59:16:
                    45:15:bc:77:6f:84:fe:36:3c:b1:a2:20:02:9f:6e:
                    39:cd:4e:df:fd:15:dc:2b:ad:71:ff:a3:96:0a:40:
                    3d:77:c0:36:75:bd:94:bb:1f:23:21:b5:e6:fd:f5:
                    39:39:d4:23:4f:52:6f:ec:cc:10:6a:0d:70:89:24:
                    b7:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:27:22:85:2C:43:88:C0:87:D7:BC:78:1D:97:C0:95:EF:A0:2A:74
            X509v3 Authority Key Identifier:
                keyid:13:D8:04:2A:28:01:5D:27:F3:5B:1F:1A:B7:36:11:E8:51:1B:69:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E9gEKigBXSfzWx8atzYR6FEbaSM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/d7f2d8-46cd-41fd-8008-a4296ad98635/1/1ScihSxDiMCH17x4HZfAle-gKnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/d7f2d8-46cd-41fd-8008-a4296ad98635/1/E9gEKigBXSfzWx8atzYR6FEbaSM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:19:a1:3e:17:43:91:89:a9:cb:f8:01:47:ad:4f:c8:92:28:
         6b:4c:4a:f5:00:81:aa:3c:41:c0:74:bc:18:b1:dc:97:c7:6c:
         cf:f6:ff:13:58:b5:18:3a:b8:c7:b3:29:82:30:12:1a:a9:fc:
         47:41:83:6b:55:5a:2f:65:8b:a6:ac:71:7b:ad:9c:20:c2:31:
         6f:7b:20:3b:ab:bc:8d:1f:0e:2d:6f:36:1f:98:f8:d3:ea:cf:
         58:90:fa:5f:c1:9c:25:5c:58:c5:7a:e2:b5:63:5d:38:aa:4a:
         9a:91:b0:53:3c:90:7e:67:55:c8:fb:43:b4:f4:aa:83:d1:32:
         e8:68:28:3e:b4:9d:4f:be:45:ed:0d:0c:32:2f:77:4b:60:66:
         f3:fe:c9:26:cc:b1:92:cd:70:c7:d6:43:82:45:b3:ca:4b:26:
         2d:5d:92:9c:78:09:15:17:85:ca:77:a5:6e:44:b5:b1:4d:05:
         2d:11:cd:f0:c1:02:08:62:de:ef:e8:bf:9b:bf:24:2f:72:99:
         3b:4d:d3:fb:49:39:13:42:b0:30:f3:91:da:85:f7:a3:9c:17:
         28:3a:51:5c:c6:25:ef:9d:06:0f:ff:e8:fb:be:fc:29:a4:30:
         37:98:aa:ef:07:2d:f9:e9:80:c4:47:1a:05:62:2e:af:74:bf:
         c0:bf:80:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2t4YrfrrAq+lycdCg0AcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZDgwNDJhMjgwMTVkMjdmMzViMWYxYWI3MzYxMWU4NTEx
YjY5MjMwHhcNMjQwMTAxMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTI3MjI4NTJjNDM4OGMwODdkN2JjNzgxZDk3YzA5NWVmYTAyYTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuuM3mgngF08YK20/ebaYWEXbI77Z
rgUpQgjRccK4eM22z9S/AhFRcio0IZVdTyi726+N+Ly6wpx9m9b9glRV5cVUru0H
hmhBxCf3Zdg1nsPitbpfwzqbGDcK7NvhXSHdRilW3HGvIRNPw9V91KvHvsgZqpcb
beJv5/vYAkRXs0X6wNSI5I+k1n0NrPn93G2RtPhRSX3UiT8zgseTu7WQRDPxA63Y
Ssgz9enDPvChkX3ltRuE1sTzlZUm7nyf2ii3WRZFFbx3b4T+NjyxoiACn245zU7f
/RXcK61x/6OWCkA9d8A2db2Uux8jIbXm/fU5OdQjT1Jv7MwQag1wiSS3fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNUnIoUsQ4jAh9e8eB2XwJXvoCp0MB8GA1UdIwQY
MBaAFBPYBCooAV0n81sfGrc2EehRG2kjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTlnRUtpZ0JYU2Z6V3g4YXR6WVI2RkViYVNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9kN2YyZDgtNDZjZC00MWZkLTgwMDgt
YTQyOTZhZDk4NjM1LzEvMVNjaWhTeERpTUNIMTd4NEhaZkFsZS1nS25RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9kN2YyZDgtNDZjZC00MWZkLTgwMDgtYTQyOTZhZDk4NjM1
LzEvRTlnRUtpZ0JYU2Z6V3g4YXR6WVI2RkViYVNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW93aMA0G
CSqGSIb3DQEBCwUAA4IBAQA3GaE+F0ORianL+AFHrU/IkihrTEr1AIGqPEHAdLwY
sdyXx2zP9v8TWLUYOrjHsymCMBIaqfxHQYNrVVovZYumrHF7rZwgwjFveyA7q7yN
Hw4tbzYfmPjT6s9YkPpfwZwlXFjFeuK1Y104qkqakbBTPJB+Z1XI+0O09KqD0TLo
aCg+tJ1PvkXtDQwyL3dLYGbz/skmzLGSzXDH1kOCRbPKSyYtXZKceAkVF4XKd6Vu
RLWxTQUtEc3wwQIIYt7v6L+bvyQvcpk7TdP7STkTQrAw85HahfejnBcoOlFcxiXv
nQYP/+j7vvwppDA3mKrvBy356YDERxoFYi6vdL/Av4Cw
-----END CERTIFICATE-----