Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/f7ec70-0ded-42ca-9d00-9d9e1b6beee9/1/clItUqdoXFKPCQyY9fx0oAUKGpI.roa
File:                     clItUqdoXFKPCQyY9fx0oAUKGpI.roa (raw, json)
Hash identifier:          louGrZEHNq3k3En8k8npSVHkPDa1hojbHf/52qkHo/0=
Subject key identifier:   72:52:2D:52:A7:68:5C:52:8F:09:0C:98:F5:FC:74:A0:05:0A:1A:92
Certificate issuer:       /CN=a7ca9ada44524fc536fa3ecabf758df26407c8b1
Certificate serial:       018F056DAC99CA603F61C2CD1376D9931E68
Authority key identifier: A7:CA:9A:DA:44:52:4F:C5:36:FA:3E:CA:BF:75:8D:F2:64:07:C8:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p8qa2kRST8U2-j7Kv3WN8mQHyLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/f7ec70-0ded-42ca-9d00-9d9e1b6beee9/1/clItUqdoXFKPCQyY9fx0oAUKGpI.roa
Signing time:             Mon 22 Apr 2024 10:50:24 +0000
ROA not before:           Mon 22 Apr 2024 10:50:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51766
IP address blocks:        91.220.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/f7ec70-0ded-42ca-9d00-9d9e1b6beee9/1/p8qa2kRST8U2-j7Kv3WN8mQHyLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/f7ec70-0ded-42ca-9d00-9d9e1b6beee9/1/p8qa2kRST8U2-j7Kv3WN8mQHyLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p8qa2kRST8U2-j7Kv3WN8mQHyLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:05:6d:ac:99:ca:60:3f:61:c2:cd:13:76:d9:93:1e:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7ca9ada44524fc536fa3ecabf758df26407c8b1
        Validity
            Not Before: Apr 22 10:50:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72522d52a7685c528f090c98f5fc74a0050a1a92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:fe:2f:90:91:66:f6:0b:58:84:c0:73:d6:12:
                    4f:63:d3:bd:b0:91:d5:b3:c1:67:a0:07:01:8a:a9:
                    d0:14:6f:70:a0:59:24:a8:4a:17:12:91:a2:8c:c9:
                    34:59:1f:48:ad:4a:b2:da:ef:73:c9:28:c5:60:1e:
                    98:d8:7d:f9:96:72:07:d4:03:fc:cb:44:69:b2:2b:
                    e8:14:ee:31:76:43:55:31:85:ac:0e:3b:8d:d6:8d:
                    f1:44:19:1c:12:70:e2:10:63:5a:50:dd:4b:5e:c8:
                    af:ab:f8:71:bb:4f:3a:88:62:81:76:81:a8:fc:4a:
                    a6:19:8a:e3:b2:2f:e0:25:d6:f8:7d:fa:31:63:41:
                    14:57:8b:ff:9e:0e:72:9f:3f:84:5b:3a:6f:0b:28:
                    e4:f1:6b:f0:56:5d:be:b8:44:3c:ab:aa:33:8b:a4:
                    21:2a:78:8b:d4:34:94:c6:eb:3c:89:2d:10:c6:13:
                    da:2e:b7:76:c1:80:10:77:64:11:1c:2f:f8:21:e4:
                    65:4f:83:86:05:94:05:ca:7b:65:93:5d:6c:a4:c6:
                    75:43:9b:bc:cc:1f:7f:89:92:0a:5c:a2:79:6d:ff:
                    2d:06:19:bd:74:97:5c:80:56:e5:4e:de:e4:57:83:
                    43:47:eb:c1:d6:4a:4f:58:a8:99:ae:6e:92:53:7d:
                    ba:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:52:2D:52:A7:68:5C:52:8F:09:0C:98:F5:FC:74:A0:05:0A:1A:92
            X509v3 Authority Key Identifier:
                keyid:A7:CA:9A:DA:44:52:4F:C5:36:FA:3E:CA:BF:75:8D:F2:64:07:C8:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p8qa2kRST8U2-j7Kv3WN8mQHyLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/f7ec70-0ded-42ca-9d00-9d9e1b6beee9/1/clItUqdoXFKPCQyY9fx0oAUKGpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/f7ec70-0ded-42ca-9d00-9d9e1b6beee9/1/p8qa2kRST8U2-j7Kv3WN8mQHyLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:6f:8b:62:8a:87:03:cc:17:5b:4f:40:e4:0b:97:ec:11:b1:
         e8:1b:23:9d:0f:1d:85:96:4f:ce:19:47:d6:98:d8:3a:21:25:
         d8:a9:12:79:08:cb:b3:d8:db:d9:d8:3a:b7:31:c7:3c:2c:1a:
         ed:bc:8d:9d:5e:70:53:be:5f:cc:d1:da:b0:71:24:1f:11:a9:
         8d:4b:76:1a:57:05:60:bc:be:60:bf:57:f8:ab:97:0d:a7:74:
         a9:5c:2b:cd:04:a7:65:b4:14:a6:3c:dd:ae:90:f7:cf:e5:f9:
         97:3c:1c:ff:4b:47:9d:9b:a9:33:06:a5:b5:98:ab:a0:70:79:
         08:80:93:74:43:d0:4a:1f:a9:b7:4c:3b:21:b7:d6:9e:11:25:
         b9:36:33:46:a2:de:72:62:2a:4d:46:d4:4a:f9:7c:45:9f:37:
         f0:9d:d3:88:2f:77:61:67:78:3d:95:ce:dc:a4:63:37:f8:ee:
         ec:a4:0f:1c:47:1f:dd:7e:de:d0:7f:cf:3b:9b:2c:c1:e9:00:
         1c:aa:36:c2:d5:7a:65:4a:89:dc:bf:92:42:34:a1:f3:64:11:
         11:ad:70:cb:d1:74:a2:d6:72:01:b9:17:f8:d8:a9:62:63:2c:
         df:2e:9e:2f:d8:bc:44:b3:92:49:0f:40:2f:e5:eb:e5:39:1e:
         b3:4e:30:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8FbayZymA/YcLNE3bZkx5oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3Y2E5YWRhNDQ1MjRmYzUzNmZhM2VjYWJmNzU4ZGYyNjQw
N2M4YjEwHhcNMjQwNDIyMTA1MDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjUyMmQ1MmE3Njg1YzUyOGYwOTBjOThmNWZjNzRhMDA1MGExYTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkf4vkJFm9gtYhMBz1hJPY9O9sJHV
s8FnoAcBiqnQFG9woFkkqEoXEpGijMk0WR9IrUqy2u9zySjFYB6Y2H35lnIH1AP8
y0RpsivoFO4xdkNVMYWsDjuN1o3xRBkcEnDiEGNaUN1LXsivq/hxu086iGKBdoGo
/EqmGYrjsi/gJdb4ffoxY0EUV4v/ng5ynz+EWzpvCyjk8WvwVl2+uEQ8q6ozi6Qh
KniL1DSUxus8iS0QxhPaLrd2wYAQd2QRHC/4IeRlT4OGBZQFyntlk11spMZ1Q5u8
zB9/iZIKXKJ5bf8tBhm9dJdcgFblTt7kV4NDR+vB1kpPWKiZrm6SU326OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHJSLVKnaFxSjwkMmPX8dKAFChqSMB8GA1UdIwQY
MBaAFKfKmtpEUk/FNvo+yr91jfJkB8ixMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDhxYTJrUlNUOFUyLWo3S3YzV044bVFIeUxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9mN2VjNzAtMGRlZC00MmNhLTlkMDAt
OWQ5ZTFiNmJlZWU5LzEvY2xJdFVxZG9YRktQQ1F5WTlmeDBvQVVLR3BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9mN2VjNzAtMGRlZC00MmNhLTlkMDAtOWQ5ZTFiNmJlZWU5
LzEvcDhxYTJrUlNUOFUyLWo3S3YzV044bVFIeUxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9w0MA0G
CSqGSIb3DQEBCwUAA4IBAQCgb4tiiocDzBdbT0DkC5fsEbHoGyOdDx2Flk/OGUfW
mNg6ISXYqRJ5CMuz2NvZ2Dq3Mcc8LBrtvI2dXnBTvl/M0dqwcSQfEamNS3YaVwVg
vL5gv1f4q5cNp3SpXCvNBKdltBSmPN2ukPfP5fmXPBz/S0edm6kzBqW1mKugcHkI
gJN0Q9BKH6m3TDsht9aeESW5NjNGot5yYipNRtRK+XxFnzfwndOIL3dhZ3g9lc7c
pGM3+O7spA8cRx/dft7Qf887myzB6QAcqjbC1XplSoncv5JCNKHzZBERrXDL0XSi
1nIBuRf42KliYyzfLp4v2LxEs5JJD0Av5evlOR6zTjA+
-----END CERTIFICATE-----