Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/PI4iT-dZmPj0l-jsN7vVVwNCpZ0.roa
File:                     PI4iT-dZmPj0l-jsN7vVVwNCpZ0.roa (raw, json)
Hash identifier:          hWaozefFR9PVGxaBz1jtOrhrT9fqumBXoC49cD0QR2Y=
Subject key identifier:   3C:8E:22:4F:E7:59:98:F8:F4:97:E8:EC:37:BB:D5:57:03:42:A5:9D
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       0191A2130B97A21DC1AA4D8AE450FECE6759
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/PI4iT-dZmPj0l-jsN7vVVwNCpZ0.roa
Signing time:             Fri 30 Aug 2024 06:57:22 +0000
ROA not before:           Fri 30 Aug 2024 06:57:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5591
IP address blocks:        217.22.172.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a2:13:0b:97:a2:1d:c1:aa:4d:8a:e4:50:fe:ce:67:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Aug 30 06:57:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c8e224fe75998f8f497e8ec37bbd5570342a59d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:85:3f:06:b8:c8:6e:0b:8f:b9:46:41:3b:2d:
                    fb:41:19:48:6d:b7:2b:e0:a6:5b:0b:bf:b6:d5:44:
                    89:d5:40:c6:e1:82:6f:97:85:dd:3f:59:c6:82:4b:
                    20:5b:f8:a4:07:27:91:6c:cd:4f:d5:2d:76:c8:92:
                    ce:d4:fd:74:92:fb:0c:65:33:16:f1:94:78:57:b9:
                    b5:31:15:e3:0f:64:0e:72:8e:1d:48:c3:aa:6c:1c:
                    2f:dd:c6:df:24:45:84:47:31:d6:6e:13:b1:1e:3c:
                    b3:45:2e:c2:84:22:e2:19:81:72:db:4e:c7:76:93:
                    bd:b5:1a:cf:05:76:d8:3d:90:f4:1c:0d:7e:da:85:
                    0e:c1:95:0f:b7:04:6b:7c:ff:52:9b:b3:3e:5d:2f:
                    6b:47:7e:28:dc:22:e3:73:25:1e:34:ef:90:5a:78:
                    5b:eb:5b:f0:4e:67:9b:8e:47:1b:19:de:bb:50:1d:
                    0d:71:12:73:03:e8:71:7a:e8:e4:68:a5:47:0a:70:
                    63:35:72:3f:69:f0:4e:a4:9c:4d:fc:d7:dc:f5:a8:
                    ee:e5:55:ac:a0:bf:f2:15:1e:c8:fb:79:91:30:56:
                    ff:95:2a:0c:57:e2:0e:49:03:18:da:18:db:97:2e:
                    66:19:85:74:03:50:3f:c3:1e:7d:ec:4a:e4:a6:1e:
                    f5:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:8E:22:4F:E7:59:98:F8:F4:97:E8:EC:37:BB:D5:57:03:42:A5:9D
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/PI4iT-dZmPj0l-jsN7vVVwNCpZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.22.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         80:e9:7c:b5:55:df:12:59:91:95:80:b8:97:ef:aa:82:b7:12:
         6b:a2:0a:45:06:ce:41:0d:ae:ad:11:e3:04:ec:0d:87:19:a3:
         95:88:1d:25:30:17:e7:72:23:01:a7:b7:ff:fc:07:5a:2f:0f:
         de:d5:b6:f9:ec:b1:0d:65:85:91:8a:85:3d:1f:f2:da:64:94:
         52:d4:8d:c3:2a:a2:da:58:a2:23:da:77:31:2f:a3:d4:5b:2d:
         2c:09:6f:27:02:b3:b3:bb:e6:16:df:10:6c:33:9f:46:3b:fd:
         1e:cb:c1:58:b4:06:85:0c:a2:6b:8b:8e:85:bd:bb:1c:ab:92:
         ad:d2:e1:dc:06:7f:f2:81:33:38:4c:05:d6:ac:47:d5:21:05:
         a9:ed:71:ec:60:b9:56:5b:64:04:ce:dd:36:e6:61:06:15:45:
         79:e8:44:b2:90:73:f3:09:08:b1:41:84:9f:fd:5f:f7:40:31:
         29:df:11:80:44:02:8d:43:1f:a4:d9:7e:2a:a4:42:d1:22:28:
         de:7f:0e:45:21:ba:4c:de:e5:b1:27:e6:13:dc:3c:17:eb:55:
         0f:27:5f:a1:9b:57:79:74:ca:fe:34:e0:5a:3c:09:99:bd:92:
         7b:cf:75:b6:c3:03:ad:fd:ec:c0:85:0a:80:0d:c9:d3:4e:ad:
         95:60:c2:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGiEwuXoh3Bqk2K5FD+zmdZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwODMwMDY1NzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzhlMjI0ZmU3NTk5OGY4ZjQ5N2U4ZWMzN2JiZDU1NzAzNDJhNTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmoU/BrjIbguPuUZBOy37QRlIbbcr
4KZbC7+21USJ1UDG4YJvl4XdP1nGgksgW/ikByeRbM1P1S12yJLO1P10kvsMZTMW
8ZR4V7m1MRXjD2QOco4dSMOqbBwv3cbfJEWERzHWbhOxHjyzRS7ChCLiGYFy207H
dpO9tRrPBXbYPZD0HA1+2oUOwZUPtwRrfP9Sm7M+XS9rR34o3CLjcyUeNO+QWnhb
61vwTmebjkcbGd67UB0NcRJzA+hxeujkaKVHCnBjNXI/afBOpJxN/Nfc9aju5VWs
oL/yFR7I+3mRMFb/lSoMV+IOSQMY2hjbly5mGYV0A1A/wx597Erkph71gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDyOIk/nWZj49Jfo7De71VcDQqWdMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvUEk0aVQtZFptUGowbC1qc043dlZWd05DcFowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2RasMA0G
CSqGSIb3DQEBCwUAA4IBAQCA6Xy1Vd8SWZGVgLiX76qCtxJrogpFBs5BDa6tEeME
7A2HGaOViB0lMBfnciMBp7f//AdaLw/e1bb57LENZYWRioU9H/LaZJRS1I3DKqLa
WKIj2ncxL6PUWy0sCW8nArOzu+YW3xBsM59GO/0ey8FYtAaFDKJri46Fvbscq5Kt
0uHcBn/ygTM4TAXWrEfVIQWp7XHsYLlWW2QEzt025mEGFUV56ESykHPzCQixQYSf
/V/3QDEp3xGARAKNQx+k2X4qpELRIijefw5FIbpM3uWxJ+YT3DwX61UPJ1+hm1d5
dMr+NOBaPAmZvZJ7z3W2wwOt/ezAhQqADcnTTq2VYMJE
-----END CERTIFICATE-----