Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/fc87fa-cbfa-4f3c-88d3-ba922bb1ebb4/1/nH_leTNKotKN_QlSObKEN2eiN-4.roa
File:                     nH_leTNKotKN_QlSObKEN2eiN-4.roa (raw, json)
Hash identifier:          6DumOebPnkZ9O+ELYD/JxBD768jwQY0cYkY/1MfMYUo=
Subject key identifier:   9C:7F:E5:79:33:4A:A2:D2:8D:FD:09:52:39:B2:84:37:67:A2:37:EE
Certificate issuer:       /CN=8ef66691ad3a41652f5bd8596230b3ac743d2a2c
Certificate serial:       018F142D5B30727B9E1C3CDED63B91041ED5
Authority key identifier: 8E:F6:66:91:AD:3A:41:65:2F:5B:D8:59:62:30:B3:AC:74:3D:2A:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jvZmka06QWUvW9hZYjCzrHQ9Kiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/fc87fa-cbfa-4f3c-88d3-ba922bb1ebb4/1/nH_leTNKotKN_QlSObKEN2eiN-4.roa
Signing time:             Thu 25 Apr 2024 07:34:27 +0000
ROA not before:           Thu 25 Apr 2024 07:34:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48031
IP address blocks:        91.210.28.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/fc87fa-cbfa-4f3c-88d3-ba922bb1ebb4/1/jvZmka06QWUvW9hZYjCzrHQ9Kiw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/fc87fa-cbfa-4f3c-88d3-ba922bb1ebb4/1/jvZmka06QWUvW9hZYjCzrHQ9Kiw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jvZmka06QWUvW9hZYjCzrHQ9Kiw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:14:2d:5b:30:72:7b:9e:1c:3c:de:d6:3b:91:04:1e:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ef66691ad3a41652f5bd8596230b3ac743d2a2c
        Validity
            Not Before: Apr 25 07:34:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c7fe579334aa2d28dfd095239b2843767a237ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:96:18:21:52:1e:02:d3:65:5e:8f:63:2b:7b:
                    ac:dd:3c:8b:b3:a7:1c:eb:6f:a4:1c:84:63:e2:4e:
                    9f:e0:68:6e:cd:d9:c1:d3:55:81:13:f4:0a:93:18:
                    67:ed:36:45:61:3b:16:07:d9:6a:39:83:4f:95:71:
                    b6:fb:56:18:53:cd:70:19:e5:6a:bd:11:3d:21:a0:
                    2a:81:5c:d6:01:fc:16:91:5a:ed:62:58:f3:ba:0d:
                    d2:9a:23:36:1d:50:65:ee:1b:27:bf:72:bc:9a:90:
                    a5:9a:11:cf:62:3f:98:2c:ba:2c:b8:53:67:31:ba:
                    f8:70:72:90:f9:fa:11:f8:fb:22:df:e8:63:55:c0:
                    36:7c:e9:da:d7:32:61:2f:8c:60:b7:b0:92:2f:a7:
                    7d:d8:bd:a1:72:16:da:00:25:9a:1f:db:e0:d0:83:
                    01:b4:c2:dc:90:3d:9d:4c:64:f0:28:18:0d:9e:53:
                    14:6c:ae:2e:d3:6c:fe:76:e0:bd:0a:55:1c:c6:8a:
                    b3:93:09:f6:4a:45:ac:8f:09:26:af:1b:55:cc:17:
                    38:bb:ae:27:7d:cb:78:94:1f:c0:18:0f:44:98:b9:
                    e8:ae:8c:70:16:95:6d:d4:65:66:b4:2d:5f:8a:4d:
                    25:64:59:d4:7c:6b:4c:b8:56:cf:69:ac:d3:bf:f0:
                    12:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:7F:E5:79:33:4A:A2:D2:8D:FD:09:52:39:B2:84:37:67:A2:37:EE
            X509v3 Authority Key Identifier:
                keyid:8E:F6:66:91:AD:3A:41:65:2F:5B:D8:59:62:30:B3:AC:74:3D:2A:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jvZmka06QWUvW9hZYjCzrHQ9Kiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/fc87fa-cbfa-4f3c-88d3-ba922bb1ebb4/1/nH_leTNKotKN_QlSObKEN2eiN-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/fc87fa-cbfa-4f3c-88d3-ba922bb1ebb4/1/jvZmka06QWUvW9hZYjCzrHQ9Kiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:c2:bd:1e:8e:ef:8e:95:0c:db:31:7b:6d:d6:9a:26:ee:f9:
         90:7d:65:07:2b:91:af:9e:47:94:c3:d4:49:3d:39:e9:03:3f:
         0d:b1:22:25:2d:ac:65:46:2c:97:7a:fe:66:91:4a:c2:0e:8d:
         8c:21:1a:7a:b6:ba:9c:c6:c7:95:01:fc:b3:3b:0e:d4:95:02:
         88:0e:ec:7e:c8:0c:64:03:2c:1c:07:a5:70:fe:54:27:06:96:
         bf:c4:32:f6:5b:46:3a:de:f5:4f:f3:3b:a1:85:62:fe:61:fa:
         3e:66:91:3a:33:e4:cd:ad:4a:ac:3a:af:84:0f:4e:80:5d:cb:
         a9:fd:55:af:4f:e9:ce:e5:93:08:b9:7d:c6:12:7f:d1:dd:fd:
         28:5c:86:1d:3b:98:18:24:8a:9f:97:89:79:7c:b7:37:f5:f7:
         fd:2e:4b:8a:27:83:f6:82:66:6b:44:b7:dc:e2:0f:32:c7:f8:
         af:c7:0d:8f:40:fd:12:12:92:de:f6:ea:85:9a:74:f7:27:9d:
         42:75:b5:d0:09:af:b4:09:38:ca:8b:b7:97:b6:26:18:f5:bf:
         0b:5c:b5:26:7f:6f:bf:6e:b4:a5:76:a2:29:1a:58:26:5b:7e:
         38:50:db:0d:a7:ed:ce:a8:92:58:60:a7:73:dd:b0:70:88:d9:
         ed:de:2c:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8ULVswcnueHDze1juRBB7VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlZjY2NjkxYWQzYTQxNjUyZjViZDg1OTYyMzBiM2FjNzQz
ZDJhMmMwHhcNMjQwNDI1MDczNDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzdmZTU3OTMzNGFhMmQyOGRmZDA5NTIzOWIyODQzNzY3YTIzN2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZYYIVIeAtNlXo9jK3us3TyLs6cc
62+kHIRj4k6f4GhuzdnB01WBE/QKkxhn7TZFYTsWB9lqOYNPlXG2+1YYU81wGeVq
vRE9IaAqgVzWAfwWkVrtYljzug3SmiM2HVBl7hsnv3K8mpClmhHPYj+YLLosuFNn
Mbr4cHKQ+foR+Psi3+hjVcA2fOna1zJhL4xgt7CSL6d92L2hchbaACWaH9vg0IMB
tMLckD2dTGTwKBgNnlMUbK4u02z+duC9ClUcxoqzkwn2SkWsjwkmrxtVzBc4u64n
fct4lB/AGA9EmLnoroxwFpVt1GVmtC1fik0lZFnUfGtMuFbPaazTv/ASfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJx/5XkzSqLSjf0JUjmyhDdnojfuMB8GA1UdIwQY
MBaAFI72ZpGtOkFlL1vYWWIws6x0PSosMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanZabWthMDZRV1V2VzloWllqQ3pySFE5S2l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9mYzg3ZmEtY2JmYS00ZjNjLTg4ZDMt
YmE5MjJiYjFlYmI0LzEvbkhfbGVUTktvdEtOX1FsU09iS0VOMmVpTi00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9mYzg3ZmEtY2JmYS00ZjNjLTg4ZDMtYmE5MjJiYjFlYmI0
LzEvanZabWthMDZRV1V2VzloWllqQ3pySFE5S2l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9IcMA0G
CSqGSIb3DQEBCwUAA4IBAQAawr0eju+OlQzbMXtt1pom7vmQfWUHK5GvnkeUw9RJ
PTnpAz8NsSIlLaxlRiyXev5mkUrCDo2MIRp6trqcxseVAfyzOw7UlQKIDux+yAxk
AywcB6Vw/lQnBpa/xDL2W0Y63vVP8zuhhWL+Yfo+ZpE6M+TNrUqsOq+ED06AXcup
/VWvT+nO5ZMIuX3GEn/R3f0oXIYdO5gYJIqfl4l5fLc39ff9LkuKJ4P2gmZrRLfc
4g8yx/ivxw2PQP0SEpLe9uqFmnT3J51CdbXQCa+0CTjKi7eXtiYY9b8LXLUmf2+/
brSldqIpGlgmW344UNsNp+3OqJJYYKdz3bBwiNnt3ixl
-----END CERTIFICATE-----