Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/18ae02-e72d-4430-85d8-473c5ba55362/1/30wVTJEMPZv25L4bkYaDdluqDSM.roa
File:                     30wVTJEMPZv25L4bkYaDdluqDSM.roa (raw, json)
Hash identifier:          6Ybo+ONdorARWpO0gEg151LJsGBME8QVZnw+4Yt4fAE=
Subject key identifier:   DF:4C:15:4C:91:0C:3D:9B:F6:E4:BE:1B:91:86:83:76:5B:AA:0D:23
Certificate issuer:       /CN=64ee0489158fe95e1991fd5ce725ea067e11a1fb
Certificate serial:       018CC7946734756BDE1A6413E1444C3E0D49
Authority key identifier: 64:EE:04:89:15:8F:E9:5E:19:91:FD:5C:E7:25:EA:06:7E:11:A1:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZO4EiRWP6V4Zkf1c5yXqBn4Rofs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/18ae02-e72d-4430-85d8-473c5ba55362/1/30wVTJEMPZv25L4bkYaDdluqDSM.roa
Signing time:             Tue 02 Jan 2024 00:30:40 +0000
ROA not before:           Tue 02 Jan 2024 00:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53856
IP address blocks:        91.218.50.0/23 maxlen: 23
                          91.218.48.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/18ae02-e72d-4430-85d8-473c5ba55362/1/ZO4EiRWP6V4Zkf1c5yXqBn4Rofs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/18ae02-e72d-4430-85d8-473c5ba55362/1/ZO4EiRWP6V4Zkf1c5yXqBn4Rofs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZO4EiRWP6V4Zkf1c5yXqBn4Rofs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:67:34:75:6b:de:1a:64:13:e1:44:4c:3e:0d:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64ee0489158fe95e1991fd5ce725ea067e11a1fb
        Validity
            Not Before: Jan  2 00:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df4c154c910c3d9bf6e4be1b918683765baa0d23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:3c:64:09:0c:9f:08:f1:af:d9:8f:85:0d:48:
                    44:b6:8d:78:62:32:1f:a0:fd:62:33:f1:0b:d1:09:
                    af:b4:17:fe:cd:94:eb:4c:a6:63:89:77:f1:44:bd:
                    1a:9f:ef:42:25:b8:dd:2d:31:4d:f1:51:81:b4:6d:
                    22:8a:bc:5f:0a:7e:0e:c5:8f:54:55:87:2c:20:74:
                    d9:fa:26:63:b6:37:44:1b:c6:bd:3e:36:69:b7:27:
                    5d:0b:58:f8:9e:6e:b0:16:7d:6c:17:16:6c:82:fc:
                    96:d2:a1:26:b8:34:1e:8d:1c:54:63:64:d5:2a:c6:
                    14:fe:36:0a:47:19:f7:30:a6:05:43:cb:be:91:85:
                    1c:1e:1e:99:7a:56:11:71:ec:bb:23:42:8d:b7:48:
                    14:73:2e:1c:71:11:1e:dd:0c:f8:f4:ac:11:79:c1:
                    4c:dd:00:86:13:e6:fa:a3:91:e6:47:66:f3:ef:b0:
                    ce:cc:d6:da:41:4e:de:36:40:3f:17:08:25:d4:6c:
                    f1:c5:a1:a0:1e:57:1f:eb:7f:fc:bf:9c:f9:8a:83:
                    c6:d1:35:d5:77:83:81:0d:07:7f:4e:d4:3c:0c:4d:
                    aa:29:16:70:f0:48:ed:cb:30:2b:f5:d3:75:89:aa:
                    ab:c9:79:56:1f:57:b3:e1:8c:34:59:33:71:9a:cb:
                    b0:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:4C:15:4C:91:0C:3D:9B:F6:E4:BE:1B:91:86:83:76:5B:AA:0D:23
            X509v3 Authority Key Identifier:
                keyid:64:EE:04:89:15:8F:E9:5E:19:91:FD:5C:E7:25:EA:06:7E:11:A1:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZO4EiRWP6V4Zkf1c5yXqBn4Rofs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/18ae02-e72d-4430-85d8-473c5ba55362/1/30wVTJEMPZv25L4bkYaDdluqDSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/18ae02-e72d-4430-85d8-473c5ba55362/1/ZO4EiRWP6V4Zkf1c5yXqBn4Rofs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.218.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:3b:18:12:4a:35:ee:ab:f1:20:33:d6:0f:50:44:0a:2e:f9:
         c2:04:19:bb:eb:c0:c5:97:5f:af:f0:60:09:fb:8f:1c:31:2a:
         24:ad:ba:91:2c:e1:51:87:eb:aa:1e:13:3c:fa:26:13:41:25:
         6f:95:a8:99:95:a2:85:45:4c:47:52:c1:b8:7d:b3:b5:a1:80:
         ce:7a:00:8b:39:19:84:62:67:cf:ca:72:3d:9e:85:60:da:75:
         fa:bf:08:90:3e:98:02:2b:cb:1b:2e:60:8b:51:38:47:29:42:
         77:35:86:ee:b1:8a:c6:60:d5:99:7f:93:19:5f:ce:ee:cc:c2:
         16:e2:31:72:f0:5c:35:70:e2:ba:82:bd:33:ec:04:b3:59:20:
         5a:1e:91:9e:26:50:87:c0:63:a0:c8:5f:00:17:dd:a0:1d:1c:
         a5:ec:2d:86:79:f9:af:18:d2:db:be:87:57:c1:10:bf:73:be:
         b2:40:36:7a:8b:39:3e:e3:b2:21:66:9a:15:07:32:6f:a0:35:
         b5:16:b1:d6:34:c6:2a:08:94:1b:89:14:71:5e:b3:f5:dc:da:
         e8:24:f2:26:b7:17:57:66:44:6d:9c:9a:3d:ee:67:55:79:6b:
         8d:73:b8:3a:e3:09:ce:9f:2e:15:57:14:af:18:c4:91:26:32:
         c6:81:c0:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlGc0dWveGmQT4URMPg1JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZWUwNDg5MTU4ZmU5NWUxOTkxZmQ1Y2U3MjVlYTA2N2Ux
MWExZmIwHhcNMjQwMTAyMDAzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjRjMTU0YzkxMGMzZDliZjZlNGJlMWI5MTg2ODM3NjViYWEwZDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozxkCQyfCPGv2Y+FDUhEto14YjIf
oP1iM/EL0QmvtBf+zZTrTKZjiXfxRL0an+9CJbjdLTFN8VGBtG0iirxfCn4OxY9U
VYcsIHTZ+iZjtjdEG8a9PjZptyddC1j4nm6wFn1sFxZsgvyW0qEmuDQejRxUY2TV
KsYU/jYKRxn3MKYFQ8u+kYUcHh6ZelYRcey7I0KNt0gUcy4ccREe3Qz49KwRecFM
3QCGE+b6o5HmR2bz77DOzNbaQU7eNkA/Fwgl1GzxxaGgHlcf63/8v5z5ioPG0TXV
d4OBDQd/TtQ8DE2qKRZw8EjtyzAr9dN1iaqryXlWH1ez4Yw0WTNxmsuwAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN9MFUyRDD2b9uS+G5GGg3Zbqg0jMB8GA1UdIwQY
MBaAFGTuBIkVj+leGZH9XOcl6gZ+EaH7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk80RWlSV1A2VjRaa2YxYzV5WHFCbjRSb2ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8xOGFlMDItZTcyZC00NDMwLTg1ZDgt
NDczYzViYTU1MzYyLzEvMzB3VlRKRU1QWnYyNUw0YmtZYURkbHVxRFNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8xOGFlMDItZTcyZC00NDMwLTg1ZDgtNDczYzViYTU1MzYy
LzEvWk80RWlSV1A2VjRaa2YxYzV5WHFCbjRSb2ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9owMA0G
CSqGSIb3DQEBCwUAA4IBAQASOxgSSjXuq/EgM9YPUEQKLvnCBBm768DFl1+v8GAJ
+48cMSokrbqRLOFRh+uqHhM8+iYTQSVvlaiZlaKFRUxHUsG4fbO1oYDOegCLORmE
YmfPynI9noVg2nX6vwiQPpgCK8sbLmCLUThHKUJ3NYbusYrGYNWZf5MZX87uzMIW
4jFy8Fw1cOK6gr0z7ASzWSBaHpGeJlCHwGOgyF8AF92gHRyl7C2GefmvGNLbvodX
wRC/c76yQDZ6izk+47IhZpoVBzJvoDW1FrHWNMYqCJQbiRRxXrP13NroJPImtxdX
ZkRtnJo97mdVeWuNc7g64wnOny4VVxSvGMSRJjLGgcAl
-----END CERTIFICATE-----