Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/f5c6ba-170d-47c5-9c7c-1766a277d85b/1/NKiIy2qt0pzOt1dVeYL2U-GEPbs.roa
File:                     NKiIy2qt0pzOt1dVeYL2U-GEPbs.roa (raw, json)
Hash identifier:          Lmojelah2OlTab8O1+U+G3CjB6zbqGCimDGkFv1z/dY=
Subject key identifier:   34:A8:88:CB:6A:AD:D2:9C:CE:B7:57:55:79:82:F6:53:E1:84:3D:BB
Certificate issuer:       /CN=4dd23422264a79c0315482ed4f27c751353f26bb
Certificate serial:       018CC500C9A6E486D9C1202AF10A4AAB035C
Authority key identifier: 4D:D2:34:22:26:4A:79:C0:31:54:82:ED:4F:27:C7:51:35:3F:26:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdI0IiZKecAxVILtTyfHUTU_Jrs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/f5c6ba-170d-47c5-9c7c-1766a277d85b/1/NKiIy2qt0pzOt1dVeYL2U-GEPbs.roa
Signing time:             Mon 01 Jan 2024 12:30:12 +0000
ROA not before:           Mon 01 Jan 2024 12:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43625
IP address blocks:        91.198.84.0/24 maxlen: 24
                          185.160.132.0/22 maxlen: 22
                          109.232.48.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/f5c6ba-170d-47c5-9c7c-1766a277d85b/1/TdI0IiZKecAxVILtTyfHUTU_Jrs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/f5c6ba-170d-47c5-9c7c-1766a277d85b/1/TdI0IiZKecAxVILtTyfHUTU_Jrs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdI0IiZKecAxVILtTyfHUTU_Jrs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:c9:a6:e4:86:d9:c1:20:2a:f1:0a:4a:ab:03:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd23422264a79c0315482ed4f27c751353f26bb
        Validity
            Not Before: Jan  1 12:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34a888cb6aadd29cceb757557982f653e1843dbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:9c:5f:04:0e:2b:de:46:8d:40:05:3e:1f:4a:
                    40:ed:7d:75:81:f4:0d:eb:54:cd:9b:67:72:8c:0c:
                    d7:40:02:3a:64:70:3d:21:ec:97:67:09:39:14:f9:
                    a0:1a:99:03:b3:d7:8c:02:58:42:c7:f2:89:07:cf:
                    ae:48:c1:33:ce:7b:98:fe:0b:cf:f7:c2:07:bc:7d:
                    86:fd:b6:f0:4f:d6:12:97:74:41:e9:5e:66:4d:ec:
                    d8:09:4b:86:01:13:8e:65:19:f8:05:07:0d:69:39:
                    7d:35:5b:db:5d:3f:59:35:5e:a4:27:7e:3c:05:39:
                    42:9e:f0:1b:50:bf:ea:7a:8c:bb:49:37:11:e3:0d:
                    1a:32:5a:3a:7e:1a:ee:b4:68:5c:63:9d:08:76:5f:
                    7a:cb:56:f5:9f:92:03:b4:3a:a3:ed:d0:96:88:25:
                    b2:4f:d8:3c:df:27:6d:6a:36:ae:bb:68:fb:16:1b:
                    58:0f:a7:b5:80:cd:32:f0:79:5a:62:85:ce:84:d9:
                    f7:27:aa:b2:f1:75:7b:6e:ea:56:c0:9b:d0:14:f5:
                    41:23:81:6e:1f:7f:f7:d3:fd:24:f3:cc:36:66:c3:
                    ea:56:4c:94:cc:d6:a1:eb:c2:6f:bb:2e:e7:3f:c0:
                    a0:39:4a:cf:4a:58:23:d4:90:68:ec:e2:13:af:7b:
                    de:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:A8:88:CB:6A:AD:D2:9C:CE:B7:57:55:79:82:F6:53:E1:84:3D:BB
            X509v3 Authority Key Identifier:
                keyid:4D:D2:34:22:26:4A:79:C0:31:54:82:ED:4F:27:C7:51:35:3F:26:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdI0IiZKecAxVILtTyfHUTU_Jrs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/f5c6ba-170d-47c5-9c7c-1766a277d85b/1/NKiIy2qt0pzOt1dVeYL2U-GEPbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/f5c6ba-170d-47c5-9c7c-1766a277d85b/1/TdI0IiZKecAxVILtTyfHUTU_Jrs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.84.0/24
                  109.232.48.0/21
                  185.160.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:47:56:5b:7a:2b:f7:a1:1b:f6:97:2f:dd:54:bf:dc:22:7d:
         a4:db:0e:1b:7b:b9:7e:c5:5c:2e:e3:2f:a2:6f:d9:68:56:09:
         7c:b4:7f:0b:16:66:fa:c1:3b:66:a3:dd:1f:78:f4:ff:23:3d:
         b8:a7:c9:7d:bc:88:41:b6:1a:76:4d:73:e9:e9:ae:87:4c:57:
         6b:98:f4:5d:06:bd:84:e8:45:8c:f9:2e:03:84:d3:e2:cd:8a:
         53:91:0a:52:7a:3b:a5:07:b5:58:a7:75:73:f5:52:e5:d4:61:
         ac:72:01:55:ac:78:cb:cf:fd:cd:7c:ae:ce:f0:54:af:d2:40:
         1a:2c:db:5d:02:25:a1:66:13:82:59:61:2a:55:e0:4a:67:c7:
         62:85:a0:33:c6:75:9d:80:23:82:f2:96:b6:62:06:e6:93:15:
         cb:c7:23:51:36:33:da:77:67:12:eb:7f:a7:f0:0e:62:9b:ef:
         54:9a:09:fb:84:ed:55:59:f4:ae:f3:43:c1:dc:16:c0:1a:da:
         0c:e9:26:62:da:66:d4:71:26:44:e3:d8:da:7f:5d:82:e5:ad:
         a2:b0:91:f4:07:7e:cb:1e:72:a8:54:b5:11:35:da:59:7e:b4:
         96:91:a0:2d:46:1a:5a:43:f0:73:09:a4:23:20:97:77:77:54:
         07:02:30:2b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFAMmm5IbZwSAq8QpKqwNcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDIzNDIyMjY0YTc5YzAzMTU0ODJlZDRmMjdjNzUxMzUz
ZjI2YmIwHhcNMjQwMTAxMTIzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGE4ODhjYjZhYWRkMjljY2ViNzU3NTU3OTgyZjY1M2UxODQzZGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5xfBA4r3kaNQAU+H0pA7X11gfQN
61TNm2dyjAzXQAI6ZHA9IeyXZwk5FPmgGpkDs9eMAlhCx/KJB8+uSMEzznuY/gvP
98IHvH2G/bbwT9YSl3RB6V5mTezYCUuGAROOZRn4BQcNaTl9NVvbXT9ZNV6kJ348
BTlCnvAbUL/qeoy7STcR4w0aMlo6fhrutGhcY50Idl96y1b1n5IDtDqj7dCWiCWy
T9g83ydtajauu2j7FhtYD6e1gM0y8HlaYoXOhNn3J6qy8XV7bupWwJvQFPVBI4Fu
H3/30/0k88w2ZsPqVkyUzNah68Jvuy7nP8CgOUrPSlgj1JBo7OITr3vewQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDSoiMtqrdKczrdXVXmC9lPhhD27MB8GA1UdIwQY
MBaAFE3SNCImSnnAMVSC7U8nx1E1Pya7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRJMElpWktlY0F4VklMdFR5ZkhVVFVfSnJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9mNWM2YmEtMTcwZC00N2M1LTljN2Mt
MTc2NmEyNzdkODViLzEvTktpSXkycXQwcHpPdDFkVmVZTDJVLUdFUGJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9mNWM2YmEtMTcwZC00N2M1LTljN2MtMTc2NmEyNzdkODVi
LzEvVGRJMElpWktlY0F4VklMdFR5ZkhVVFVfSnJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW8ZUAwQD
begwAwQCuaCEMA0GCSqGSIb3DQEBCwUAA4IBAQBSR1Zbeiv3oRv2ly/dVL/cIn2k
2w4be7l+xVwu4y+ib9loVgl8tH8LFmb6wTtmo90fePT/Iz24p8l9vIhBthp2TXPp
6a6HTFdrmPRdBr2E6EWM+S4DhNPizYpTkQpSejulB7VYp3Vz9VLl1GGscgFVrHjL
z/3NfK7O8FSv0kAaLNtdAiWhZhOCWWEqVeBKZ8dihaAzxnWdgCOC8pa2YgbmkxXL
xyNRNjPad2cS63+n8A5im+9Umgn7hO1VWfSu80PB3BbAGtoM6SZi2mbUcSZE49ja
f12C5a2isJH0B37LHnKoVLURNdpZfrSWkaAtRhpaQ/BzCaQjIJd3d1QHAjAr
-----END CERTIFICATE-----