Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/d7f2d8-46cd-41fd-8008-a4296ad98635/1/_V2N6yGiiB5Cb7e4_o5usAPiSJY.roa
File:                     _V2N6yGiiB5Cb7e4_o5usAPiSJY.roa (raw, json)
Hash identifier:          PVtLNo3DY0c9cLZjQnX1MnYDbaJhTA3lU6PPlaBFrjI=
Subject key identifier:   FD:5D:8D:EB:21:A2:88:1E:42:6F:B7:B8:FE:8E:6E:B0:03:E2:48:96
Certificate issuer:       /CN=13d8042a28015d27f35b1f1ab73611e8511b6923
Certificate serial:       018CC2DADDED5459AAA773E5939B8F3FAD1B
Authority key identifier: 13:D8:04:2A:28:01:5D:27:F3:5B:1F:1A:B7:36:11:E8:51:1B:69:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E9gEKigBXSfzWx8atzYR6FEbaSM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/d7f2d8-46cd-41fd-8008-a4296ad98635/1/_V2N6yGiiB5Cb7e4_o5usAPiSJY.roa
Signing time:             Mon 01 Jan 2024 02:29:32 +0000
ROA not before:           Mon 01 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52074
IP address blocks:        91.221.219.0/24 maxlen: 24
                          91.221.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/d7f2d8-46cd-41fd-8008-a4296ad98635/1/E9gEKigBXSfzWx8atzYR6FEbaSM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/d7f2d8-46cd-41fd-8008-a4296ad98635/1/E9gEKigBXSfzWx8atzYR6FEbaSM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E9gEKigBXSfzWx8atzYR6FEbaSM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 10:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:dd:ed:54:59:aa:a7:73:e5:93:9b:8f:3f:ad:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13d8042a28015d27f35b1f1ab73611e8511b6923
        Validity
            Not Before: Jan  1 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd5d8deb21a2881e426fb7b8fe8e6eb003e24896
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:28:ab:01:e5:96:1c:6e:af:5a:40:aa:aa:c8:
                    e2:93:18:70:c8:47:ff:8b:f8:09:9e:e2:b7:96:aa:
                    6a:5a:29:a6:96:69:6c:c6:62:d1:77:3b:c2:6c:f0:
                    74:15:2b:52:7e:21:4a:4a:1b:19:ab:98:1c:49:11:
                    a4:c1:12:3a:a6:04:0c:72:61:5f:0d:98:d1:a7:ad:
                    02:d1:03:79:fa:94:22:1f:55:84:7a:a3:ae:dd:29:
                    bb:41:b9:16:76:2e:47:99:0f:7e:c5:d7:0a:ed:cf:
                    49:ca:db:12:ad:79:d9:2a:05:bd:3d:2b:0d:b4:5c:
                    f4:01:8a:bc:f3:db:40:42:d7:26:f9:63:9d:d4:21:
                    01:bb:11:ee:d7:c5:86:b5:8d:6d:67:36:32:3c:d6:
                    3f:6a:6c:06:da:14:ba:46:b3:bd:65:01:14:13:fb:
                    ec:7c:94:b9:ca:0e:25:d4:e4:76:55:9f:f9:a1:9b:
                    85:38:6e:56:97:dd:e6:43:a3:ae:55:ce:04:c9:12:
                    b5:4f:00:b5:7d:e7:0b:d7:3b:31:66:e2:21:b0:93:
                    7d:f2:9e:d4:33:38:99:fc:fd:1f:db:32:66:ea:34:
                    f4:1d:20:18:4d:ef:3f:da:a2:45:47:49:10:3b:20:
                    82:01:3c:cc:ab:13:ce:25:dd:40:0e:4f:3a:9f:99:
                    e4:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:5D:8D:EB:21:A2:88:1E:42:6F:B7:B8:FE:8E:6E:B0:03:E2:48:96
            X509v3 Authority Key Identifier:
                keyid:13:D8:04:2A:28:01:5D:27:F3:5B:1F:1A:B7:36:11:E8:51:1B:69:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E9gEKigBXSfzWx8atzYR6FEbaSM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/d7f2d8-46cd-41fd-8008-a4296ad98635/1/_V2N6yGiiB5Cb7e4_o5usAPiSJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/d7f2d8-46cd-41fd-8008-a4296ad98635/1/E9gEKigBXSfzWx8atzYR6FEbaSM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         44:2b:7d:8f:d2:d5:42:42:46:eb:3f:ba:27:d6:4c:da:e1:b1:
         45:b5:a1:7d:04:bf:64:da:3b:17:e3:0c:9b:cf:a2:0a:c1:39:
         15:8e:d5:23:a7:5f:cb:76:97:a6:15:f9:10:30:0a:ac:c1:c7:
         3f:92:26:ca:74:69:ca:ee:8a:c1:e6:17:e6:c4:bb:51:6f:ad:
         cb:6a:b5:01:e8:c4:76:72:7c:c1:ac:bf:4a:0d:43:63:10:f6:
         3b:f8:0c:33:ff:5c:8c:46:df:4e:d3:3f:5d:7b:e3:2c:7f:72:
         af:a8:a8:b4:c3:24:c0:bc:84:7a:78:15:62:9d:0b:6d:a0:4d:
         d7:1d:c9:21:4e:a6:bb:2e:aa:6a:ea:2b:ff:d3:f3:2e:e8:e1:
         9a:62:db:9a:23:08:4b:fd:6e:3a:b4:c5:42:9d:43:5a:e7:4b:
         b4:fb:11:13:c8:29:37:2e:ea:4c:d2:50:87:32:e3:f3:3f:d5:
         d9:09:6e:b5:10:db:0c:ad:15:c0:ed:e6:f8:ac:af:73:e1:5a:
         60:e6:75:2a:50:0b:af:f3:86:05:79:35:6a:eb:88:59:05:6c:
         95:af:c6:94:12:b5:2b:7c:a1:dd:a5:18:86:2b:29:0b:7f:84:
         67:9e:99:ca:18:95:ec:ce:4c:67:51:3c:a9:7f:fa:1b:cf:d1:
         8b:e7:18:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2t3tVFmqp3Plk5uPP60bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZDgwNDJhMjgwMTVkMjdmMzViMWYxYWI3MzYxMWU4NTEx
YjY5MjMwHhcNMjQwMTAxMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDVkOGRlYjIxYTI4ODFlNDI2ZmI3YjhmZThlNmViMDAzZTI0ODk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhCirAeWWHG6vWkCqqsjikxhwyEf/
i/gJnuK3lqpqWimmlmlsxmLRdzvCbPB0FStSfiFKShsZq5gcSRGkwRI6pgQMcmFf
DZjRp60C0QN5+pQiH1WEeqOu3Sm7QbkWdi5HmQ9+xdcK7c9JytsSrXnZKgW9PSsN
tFz0AYq889tAQtcm+WOd1CEBuxHu18WGtY1tZzYyPNY/amwG2hS6RrO9ZQEUE/vs
fJS5yg4l1OR2VZ/5oZuFOG5Wl93mQ6OuVc4EyRK1TwC1fecL1zsxZuIhsJN98p7U
MziZ/P0f2zJm6jT0HSAYTe8/2qJFR0kQOyCCATzMqxPOJd1ADk86n5nktwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP1djeshoogeQm+3uP6ObrAD4kiWMB8GA1UdIwQY
MBaAFBPYBCooAV0n81sfGrc2EehRG2kjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTlnRUtpZ0JYU2Z6V3g4YXR6WVI2RkViYVNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9kN2YyZDgtNDZjZC00MWZkLTgwMDgt
YTQyOTZhZDk4NjM1LzEvX1YyTjZ5R2lpQjVDYjdlNF9vNXVzQVBpU0pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9kN2YyZDgtNDZjZC00MWZkLTgwMDgtYTQyOTZhZDk4NjM1
LzEvRTlnRUtpZ0JYU2Z6V3g4YXR6WVI2RkViYVNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW93aMA0G
CSqGSIb3DQEBCwUAA4IBAQBEK32P0tVCQkbrP7on1kza4bFFtaF9BL9k2jsX4wyb
z6IKwTkVjtUjp1/LdpemFfkQMAqswcc/kibKdGnK7orB5hfmxLtRb63LarUB6MR2
cnzBrL9KDUNjEPY7+Awz/1yMRt9O0z9de+Msf3KvqKi0wyTAvIR6eBVinQttoE3X
HckhTqa7Lqpq6iv/0/Mu6OGaYtuaIwhL/W46tMVCnUNa50u0+xETyCk3LupM0lCH
MuPzP9XZCW61ENsMrRXA7eb4rK9z4Vpg5nUqUAuv84YFeTVq64hZBWyVr8aUErUr
fKHdpRiGKykLf4RnnpnKGJXszkxnUTypf/obz9GL5xg8
-----END CERTIFICATE-----