Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/c60f08-b24b-4dc4-a27c-fc0aa72e8ead/1/sBeShjxnDhxRTvOlViISQA5DsZI.roa
File:                     sBeShjxnDhxRTvOlViISQA5DsZI.roa (raw, json)
Hash identifier:          olk0oEcAlfP8ST3qtd1klAfm0k6qHj0lRrQ7jnxe2n8=
Subject key identifier:   B0:17:92:86:3C:67:0E:1C:51:4E:F3:A5:56:22:12:40:0E:43:B1:92
Certificate issuer:       /CN=282e432ed88bec1ad1454449632814d43996b1e0
Certificate serial:       018CC26D5E6F6163B9E397617A40C69A7C90
Authority key identifier: 28:2E:43:2E:D8:8B:EC:1A:D1:45:44:49:63:28:14:D4:39:96:B1:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KC5DLtiL7BrRRURJYygU1DmWseA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/c60f08-b24b-4dc4-a27c-fc0aa72e8ead/1/sBeShjxnDhxRTvOlViISQA5DsZI.roa
Signing time:             Mon 01 Jan 2024 00:29:56 +0000
ROA not before:           Mon 01 Jan 2024 00:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197639
IP address blocks:        91.223.204.0/24 maxlen: 24
                          2001:67c:620::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/c60f08-b24b-4dc4-a27c-fc0aa72e8ead/1/KC5DLtiL7BrRRURJYygU1DmWseA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/c60f08-b24b-4dc4-a27c-fc0aa72e8ead/1/KC5DLtiL7BrRRURJYygU1DmWseA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KC5DLtiL7BrRRURJYygU1DmWseA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:5e:6f:61:63:b9:e3:97:61:7a:40:c6:9a:7c:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=282e432ed88bec1ad1454449632814d43996b1e0
        Validity
            Not Before: Jan  1 00:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b01792863c670e1c514ef3a5562212400e43b192
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:52:c1:0b:05:bf:a2:c9:7b:c2:bc:c0:0c:5a:
                    2b:d8:e3:b3:35:1b:ac:ed:d6:44:4b:c2:f3:8e:28:
                    db:35:28:e7:7d:cb:99:f5:17:7d:4b:15:73:cd:c5:
                    6b:0a:1c:ec:53:02:ec:12:04:ea:a4:b3:18:c6:8c:
                    de:dd:df:3d:9c:a8:c8:96:19:8a:1d:a7:a9:d5:11:
                    3e:ac:e9:c5:0a:92:78:fb:49:ea:f1:73:ae:02:d3:
                    d9:88:03:ff:b7:00:e7:11:16:50:2a:4b:d0:e5:75:
                    79:33:1d:e7:47:ca:6a:87:d4:98:9e:cf:9f:b0:33:
                    3e:fa:00:69:8f:85:8f:75:be:cd:61:5c:8d:c6:90:
                    ee:70:c5:52:65:1e:57:0c:34:f6:2d:52:0d:72:9e:
                    d4:d3:08:05:05:11:79:f4:5d:6c:64:53:66:5f:6b:
                    68:6d:d7:e7:c4:a5:6e:ab:f7:2a:0d:fa:81:f4:ec:
                    95:c1:02:dd:48:bd:43:b9:f7:11:30:05:2d:14:55:
                    b6:7b:42:26:ae:11:4e:0c:ac:75:2b:7b:40:29:54:
                    fa:ed:3d:50:65:85:83:8b:30:6e:90:3a:2c:ca:0c:
                    28:c3:51:f7:28:2f:0d:ab:78:68:11:0d:9d:1d:eb:
                    f9:bf:d5:a0:27:00:7c:24:47:b1:ac:dd:b1:ac:84:
                    08:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:17:92:86:3C:67:0E:1C:51:4E:F3:A5:56:22:12:40:0E:43:B1:92
            X509v3 Authority Key Identifier:
                keyid:28:2E:43:2E:D8:8B:EC:1A:D1:45:44:49:63:28:14:D4:39:96:B1:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KC5DLtiL7BrRRURJYygU1DmWseA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/c60f08-b24b-4dc4-a27c-fc0aa72e8ead/1/sBeShjxnDhxRTvOlViISQA5DsZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/c60f08-b24b-4dc4-a27c-fc0aa72e8ead/1/KC5DLtiL7BrRRURJYygU1DmWseA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.204.0/24
                IPv6:
                  2001:67c:620::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:1b:44:c8:ad:a3:02:12:d2:8b:1f:d9:f7:c0:b9:f1:69:9f:
         dd:28:d3:9b:43:43:df:34:39:31:12:5a:df:f6:7a:89:8c:c2:
         90:8f:9a:aa:6a:19:02:7e:a0:fe:57:b4:61:f6:76:1b:91:8c:
         f4:26:10:dc:ee:2d:bc:5b:77:f9:35:b6:0d:04:87:54:3a:c5:
         81:e6:42:85:90:7f:d1:95:2b:6a:66:6f:c8:5e:1a:e8:78:ac:
         9a:b1:e5:72:7b:01:63:a3:ad:27:ad:f6:9b:b8:5d:02:6e:60:
         64:16:43:a7:91:8b:de:29:84:b8:17:15:c9:0f:bb:f2:86:2b:
         68:df:f6:fc:df:6b:c4:09:7a:38:cd:27:ef:01:62:a3:aa:65:
         4a:79:5a:6d:33:c8:6b:02:0e:61:cc:6b:b4:f7:7f:14:ee:46:
         b2:ed:e2:ff:40:82:76:11:26:66:0e:bd:a5:a6:90:c3:a7:62:
         be:41:6f:d4:26:57:0f:8d:02:23:47:6c:8b:5a:12:fb:00:45:
         e6:9e:fe:1e:85:d8:83:1e:34:fa:c5:6f:e5:c9:dc:96:4d:ff:
         c4:da:70:90:97:0f:25:2b:10:cf:5b:10:a5:8e:07:ed:eb:e5:
         de:d3:07:7e:35:60:50:b1:90:02:bd:37:74:94:0b:fb:e4:36:
         6d:7a:e1:0d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzCbV5vYWO545dhekDGmnyQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MmU0MzJlZDg4YmVjMWFkMTQ1NDQ0OTYzMjgxNGQ0Mzk5
NmIxZTAwHhcNMjQwMTAxMDAyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDE3OTI4NjNjNjcwZTFjNTE0ZWYzYTU1NjIyMTI0MDBlNDNiMTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVLBCwW/osl7wrzADFor2OOzNRus
7dZES8LzjijbNSjnfcuZ9Rd9SxVzzcVrChzsUwLsEgTqpLMYxoze3d89nKjIlhmK
Haep1RE+rOnFCpJ4+0nq8XOuAtPZiAP/twDnERZQKkvQ5XV5Mx3nR8pqh9SYns+f
sDM++gBpj4WPdb7NYVyNxpDucMVSZR5XDDT2LVINcp7U0wgFBRF59F1sZFNmX2to
bdfnxKVuq/cqDfqB9OyVwQLdSL1DufcRMAUtFFW2e0ImrhFODKx1K3tAKVT67T1Q
ZYWDizBukDosygwow1H3KC8Nq3hoEQ2dHev5v9WgJwB8JEexrN2xrIQI8wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLAXkoY8Zw4cUU7zpVYiEkAOQ7GSMB8GA1UdIwQY
MBaAFCguQy7Yi+wa0UVESWMoFNQ5lrHgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0M1REx0aUw3QnJSUlVSSll5Z1UxRG1Xc2VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9jNjBmMDgtYjI0Yi00ZGM0LWEyN2Mt
ZmMwYWE3MmU4ZWFkLzEvc0JlU2hqeG5EaHhSVHZPbFZpSVNRQTVEc1pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9jNjBmMDgtYjI0Yi00ZGM0LWEyN2MtZmMwYWE3MmU4ZWFk
LzEvS0M1REx0aUw3QnJSUlVSSll5Z1UxRG1Xc2VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9/MMA8E
AgACMAkDBwAgAQZ8BiAwDQYJKoZIhvcNAQELBQADggEBAFsbRMitowIS0osf2ffA
ufFpn90o05tDQ980OTESWt/2eomMwpCPmqpqGQJ+oP5XtGH2dhuRjPQmENzuLbxb
d/k1tg0Eh1Q6xYHmQoWQf9GVK2pmb8heGuh4rJqx5XJ7AWOjrSet9pu4XQJuYGQW
Q6eRi94phLgXFckPu/KGK2jf9vzfa8QJejjNJ+8BYqOqZUp5Wm0zyGsCDmHMa7T3
fxTuRrLt4v9AgnYRJmYOvaWmkMOnYr5Bb9QmVw+NAiNHbItaEvsAReae/h6F2IMe
NPrFb+XJ3JZN/8TacJCXDyUrEM9bEKWOB+3r5d7TB341YFCxkAK9N3SUC/vkNm16
4Q0=
-----END CERTIFICATE-----