Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/1dd81c-665e-4b76-91fb-44dc52a19ce5/1/ep4JQ8qKMs_yRqBMO7-7l8vN-YI.roa
File:                     ep4JQ8qKMs_yRqBMO7-7l8vN-YI.roa (raw, json)
Hash identifier:          K/dwqfp1Hv75NzXJnF+g+5BlX2BNZ7NFRoKfRkzguMc=
Subject key identifier:   7A:9E:09:43:CA:8A:32:CF:F2:46:A0:4C:3B:BF:BB:97:CB:CD:F9:82
Certificate issuer:       /CN=5aa4e5710a46536bef2af36bf63f1940bc37bd42
Certificate serial:       018CC500148E0F8B5F8F718E73E24EC8D733
Authority key identifier: 5A:A4:E5:71:0A:46:53:6B:EF:2A:F3:6B:F6:3F:19:40:BC:37:BD:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WqTlcQpGU2vvKvNr9j8ZQLw3vUI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/1dd81c-665e-4b76-91fb-44dc52a19ce5/1/ep4JQ8qKMs_yRqBMO7-7l8vN-YI.roa
Signing time:             Mon 01 Jan 2024 12:29:25 +0000
ROA not before:           Mon 01 Jan 2024 12:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198606
IP address blocks:        91.237.96.0/24 maxlen: 24
                          2001:67c:28c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/1dd81c-665e-4b76-91fb-44dc52a19ce5/1/WqTlcQpGU2vvKvNr9j8ZQLw3vUI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/1dd81c-665e-4b76-91fb-44dc52a19ce5/1/WqTlcQpGU2vvKvNr9j8ZQLw3vUI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WqTlcQpGU2vvKvNr9j8ZQLw3vUI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:14:8e:0f:8b:5f:8f:71:8e:73:e2:4e:c8:d7:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5aa4e5710a46536bef2af36bf63f1940bc37bd42
        Validity
            Not Before: Jan  1 12:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a9e0943ca8a32cff246a04c3bbfbb97cbcdf982
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:0a:c1:a2:09:be:44:a9:a2:cc:3e:e3:c0:27:
                    ba:28:2a:b8:a4:ae:fc:25:eb:07:b1:4d:7b:06:2e:
                    c3:eb:59:ae:32:96:7c:35:ef:47:58:05:9e:93:12:
                    17:7d:80:58:f7:20:0e:59:9c:b3:42:e6:a1:a7:e4:
                    2f:17:09:b3:97:20:d7:c1:6f:6e:49:a8:5d:8d:96:
                    8c:ba:71:06:7e:f9:de:2c:25:7d:38:31:5b:a3:fa:
                    a7:a3:57:7c:50:db:77:43:1e:8a:eb:31:a3:19:12:
                    e8:3a:c7:f5:a0:a0:c4:01:20:28:77:90:ed:e2:41:
                    48:eb:61:9f:08:b0:81:77:49:1b:5d:a3:53:c0:38:
                    64:01:1b:81:64:25:10:18:22:ea:d3:46:32:26:ff:
                    25:89:8e:16:ea:fd:0c:5f:01:ca:5c:e1:29:5e:7b:
                    73:77:72:f8:e9:b0:69:a2:09:b8:2d:04:8c:da:fb:
                    0d:c4:d3:9b:4d:03:2f:f9:74:db:4c:db:4a:68:78:
                    e7:4b:df:e2:d4:cc:2b:16:96:0f:d3:13:6c:0a:9d:
                    a3:66:d2:ee:a3:c7:35:20:16:40:72:62:d2:32:48:
                    ec:dc:28:0a:a3:b0:96:22:da:08:e4:f2:f4:03:38:
                    db:d3:e2:cb:13:f8:4c:70:1b:4b:71:ec:60:b4:5d:
                    8e:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:9E:09:43:CA:8A:32:CF:F2:46:A0:4C:3B:BF:BB:97:CB:CD:F9:82
            X509v3 Authority Key Identifier:
                keyid:5A:A4:E5:71:0A:46:53:6B:EF:2A:F3:6B:F6:3F:19:40:BC:37:BD:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WqTlcQpGU2vvKvNr9j8ZQLw3vUI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/1dd81c-665e-4b76-91fb-44dc52a19ce5/1/ep4JQ8qKMs_yRqBMO7-7l8vN-YI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/1dd81c-665e-4b76-91fb-44dc52a19ce5/1/WqTlcQpGU2vvKvNr9j8ZQLw3vUI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.96.0/24
                IPv6:
                  2001:67c:28c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:c9:7c:3f:77:31:44:9b:83:42:63:ea:b8:c5:b2:7f:7b:ce:
         79:c8:69:95:ee:79:2f:84:3f:36:5a:3a:fc:f4:41:e8:3d:3d:
         6f:3b:de:0f:52:f9:4e:46:33:98:55:80:c9:41:74:cb:e0:dc:
         56:5e:35:dc:7f:b2:de:92:b0:b7:5c:bc:aa:ef:14:64:4c:d8:
         1d:93:df:aa:cc:df:ca:15:6e:27:64:e0:e7:a4:5c:21:ac:21:
         a2:d8:fb:41:78:37:8a:54:56:5c:2d:b6:94:de:ba:35:07:a8:
         5e:8b:ae:16:84:a9:07:1f:dd:f2:0c:e9:d3:4a:f0:ae:c6:13:
         ad:22:b1:f1:77:d3:91:e3:27:5d:07:46:be:ce:0a:a0:c7:bb:
         93:8f:01:92:bb:48:55:7e:cf:8d:d7:34:95:8c:fe:27:51:cc:
         4e:a6:85:29:9e:48:15:32:2f:ca:94:0b:8a:04:4a:e6:f1:0d:
         32:af:3d:70:47:30:10:08:1f:a5:89:5c:2e:31:0b:c6:dc:7b:
         0b:3f:84:83:0f:bf:e2:64:18:02:09:dc:a8:7d:46:a7:07:ee:
         3b:13:e4:13:da:e7:f7:34:87:2d:f6:8b:eb:94:b7:49:90:4e:
         ee:07:c9:f1:7d:c6:38:b3:ed:f6:d5:63:1f:59:48:bd:ea:f2:
         fe:4b:61:a6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzFABSOD4tfj3GOc+JOyNczMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhYTRlNTcxMGE0NjUzNmJlZjJhZjM2YmY2M2YxOTQwYmMz
N2JkNDIwHhcNMjQwMTAxMTIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTllMDk0M2NhOGEzMmNmZjI0NmEwNGMzYmJmYmI5N2NiY2RmOTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoArBogm+RKmizD7jwCe6KCq4pK78
JesHsU17Bi7D61muMpZ8Ne9HWAWekxIXfYBY9yAOWZyzQuahp+QvFwmzlyDXwW9u
SahdjZaMunEGfvneLCV9ODFbo/qno1d8UNt3Qx6K6zGjGRLoOsf1oKDEASAod5Dt
4kFI62GfCLCBd0kbXaNTwDhkARuBZCUQGCLq00YyJv8liY4W6v0MXwHKXOEpXntz
d3L46bBpogm4LQSM2vsNxNObTQMv+XTbTNtKaHjnS9/i1MwrFpYP0xNsCp2jZtLu
o8c1IBZAcmLSMkjs3CgKo7CWItoI5PL0Azjb0+LLE/hMcBtLcexgtF2OsQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHqeCUPKijLP8kagTDu/u5fLzfmCMB8GA1UdIwQY
MBaAFFqk5XEKRlNr7yrza/Y/GUC8N71CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3FUbGNRcEdVMnZ2S3ZOcjlqOFpRTHczdlVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xZGQ4MWMtNjY1ZS00Yjc2LTkxZmIt
NDRkYzUyYTE5Y2U1LzEvZXA0SlE4cUtNc195UnFCTU83LTdsOHZOLVlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xZGQ4MWMtNjY1ZS00Yjc2LTkxZmItNDRkYzUyYTE5Y2U1
LzEvV3FUbGNRcEdVMnZ2S3ZOcjlqOFpRTHczdlVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW+1gMA8E
AgACMAkDBwAgAQZ8KMAwDQYJKoZIhvcNAQELBQADggEBACHJfD93MUSbg0Jj6rjF
sn97znnIaZXueS+EPzZaOvz0Qeg9PW873g9S+U5GM5hVgMlBdMvg3FZeNdx/st6S
sLdcvKrvFGRM2B2T36rM38oVbidk4OekXCGsIaLY+0F4N4pUVlwttpTeujUHqF6L
rhaEqQcf3fIM6dNK8K7GE60isfF305HjJ10HRr7OCqDHu5OPAZK7SFV+z43XNJWM
/idRzE6mhSmeSBUyL8qUC4oESubxDTKvPXBHMBAIH6WJXC4xC8bcews/hIMPv+Jk
GAIJ3Kh9RqcH7jsT5BPa5/c0hy32i+uUt0mQTu4HyfF9xjiz7fbVYx9ZSL3q8v5L
YaY=
-----END CERTIFICATE-----