Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/a23348-62cf-4afa-94fc-9dd8561caede/1/AJItpC54ztzv2TwhTYvO8ZON-u4.roa
File:                     AJItpC54ztzv2TwhTYvO8ZON-u4.roa (raw, json)
Hash identifier:          2yyTrbseIWGdUJiO407tFpLWVCL4PVYBjPU6qTUywSE=
Subject key identifier:   00:92:2D:A4:2E:78:CE:DC:EF:D9:3C:21:4D:8B:CE:F1:93:8D:FA:EE
Certificate issuer:       /CN=000a6718d539155c27300401f2c4667513eec5b1
Certificate serial:       019058BED1768455955708BD1BD7CB41BE1B
Authority key identifier: 00:0A:67:18:D5:39:15:5C:27:30:04:01:F2:C4:66:75:13:EE:C5:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AApnGNU5FVwnMAQB8sRmdRPuxbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/a23348-62cf-4afa-94fc-9dd8561caede/1/AJItpC54ztzv2TwhTYvO8ZON-u4.roa
Signing time:             Thu 27 Jun 2024 08:10:18 +0000
ROA not before:           Thu 27 Jun 2024 08:10:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49478
IP address blocks:        91.234.164.0/22 maxlen: 32
                          194.150.254.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/a23348-62cf-4afa-94fc-9dd8561caede/1/AApnGNU5FVwnMAQB8sRmdRPuxbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/a23348-62cf-4afa-94fc-9dd8561caede/1/AApnGNU5FVwnMAQB8sRmdRPuxbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AApnGNU5FVwnMAQB8sRmdRPuxbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:58:be:d1:76:84:55:95:57:08:bd:1b:d7:cb:41:be:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=000a6718d539155c27300401f2c4667513eec5b1
        Validity
            Not Before: Jun 27 08:10:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00922da42e78cedcefd93c214d8bcef1938dfaee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:81:c2:f0:7b:d9:6c:af:32:28:1c:17:e0:c9:
                    87:65:bb:bc:f4:f3:de:90:c7:57:64:89:4a:33:8b:
                    b1:20:8f:90:be:51:50:f9:22:73:f2:9c:da:ec:9c:
                    15:31:a8:38:c0:68:0e:3d:bc:c9:30:01:50:6d:d5:
                    f7:8f:da:8e:d3:2f:26:9a:89:6f:80:42:d3:93:da:
                    cd:ec:54:d4:2a:0c:fc:ce:2f:0a:04:5f:58:a7:2e:
                    a3:79:48:61:5f:a0:98:66:e1:4f:d8:70:17:f4:7c:
                    d3:f1:57:55:22:e4:87:54:7d:6d:d7:97:68:5e:7f:
                    c7:21:22:9b:62:de:a3:d0:74:27:b7:f9:2e:87:8f:
                    43:d6:00:20:c2:05:d6:a7:14:3d:87:db:da:58:85:
                    ce:26:c2:c8:6b:39:0d:62:06:19:48:e2:b8:8c:98:
                    db:33:dc:51:ef:b6:0e:7e:87:3a:e3:b0:34:17:a5:
                    0f:fc:5e:a0:58:fd:ce:bf:cd:f8:7d:a2:cd:4c:f1:
                    6d:74:4e:e9:21:46:0a:b8:86:7d:08:a1:7d:b7:5e:
                    b2:57:3c:18:51:b7:21:40:82:8d:dc:34:36:fa:bf:
                    61:ef:4c:0e:19:01:76:7f:5f:08:a1:24:39:76:f1:
                    2d:79:0e:97:7e:09:44:40:4f:cd:c2:fe:6e:71:f3:
                    03:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:92:2D:A4:2E:78:CE:DC:EF:D9:3C:21:4D:8B:CE:F1:93:8D:FA:EE
            X509v3 Authority Key Identifier:
                keyid:00:0A:67:18:D5:39:15:5C:27:30:04:01:F2:C4:66:75:13:EE:C5:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AApnGNU5FVwnMAQB8sRmdRPuxbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/a23348-62cf-4afa-94fc-9dd8561caede/1/AJItpC54ztzv2TwhTYvO8ZON-u4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/a23348-62cf-4afa-94fc-9dd8561caede/1/AApnGNU5FVwnMAQB8sRmdRPuxbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.164.0/22
                  194.150.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1e:91:ac:ab:c6:80:33:06:20:4f:84:61:69:dc:49:29:f5:76:
         c9:f4:49:d6:a5:21:7a:e0:22:20:35:50:ba:92:81:bb:73:45:
         6b:57:01:15:d4:02:4e:cf:a3:5a:62:51:69:0b:81:5d:b8:0a:
         52:81:18:81:ce:b8:52:f2:6e:5f:a8:cf:55:e1:cf:35:c4:61:
         fd:cb:29:d1:c7:ed:6f:20:b8:33:b8:bd:1a:a6:3a:33:b0:0c:
         d9:45:6e:94:d5:e8:50:dd:7a:c8:8a:37:41:c9:b2:ef:87:27:
         96:34:57:1a:21:43:3d:b3:68:0a:e7:36:e2:41:71:a0:e4:af:
         66:7f:61:ea:4f:f6:67:c4:4c:05:0c:10:cc:0c:cd:1e:e6:cd:
         a9:cd:87:a3:74:f9:a8:f5:5c:61:22:11:5a:60:38:34:31:a9:
         2f:27:ed:73:57:20:5d:4d:21:33:44:8a:71:32:e0:ad:a2:da:
         66:96:b8:80:c5:bb:59:2c:1d:e7:9c:28:b7:f6:0e:b4:1e:86:
         34:9c:12:52:f5:c1:20:55:e4:cb:25:88:2a:25:5f:0a:3f:94:
         95:09:fb:9b:06:d1:06:8c:84:9a:ad:1e:13:b9:94:b5:36:40:
         0a:19:a4:79:d6:35:63:01:4a:03:30:c5:11:af:a0:77:e1:3d:
         4e:f5:ec:f8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZBYvtF2hFWVVwi9G9fLQb4bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMGE2NzE4ZDUzOTE1NWMyNzMwMDQwMWYyYzQ2Njc1MTNl
ZWM1YjEwHhcNMjQwNjI3MDgxMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDkyMmRhNDJlNzhjZWRjZWZkOTNjMjE0ZDhiY2VmMTkzOGRmYWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2YHC8HvZbK8yKBwX4MmHZbu89PPe
kMdXZIlKM4uxII+QvlFQ+SJz8pza7JwVMag4wGgOPbzJMAFQbdX3j9qO0y8mmolv
gELTk9rN7FTUKgz8zi8KBF9Ypy6jeUhhX6CYZuFP2HAX9HzT8VdVIuSHVH1t15do
Xn/HISKbYt6j0HQnt/kuh49D1gAgwgXWpxQ9h9vaWIXOJsLIazkNYgYZSOK4jJjb
M9xR77YOfoc647A0F6UP/F6gWP3Ov834faLNTPFtdE7pIUYKuIZ9CKF9t16yVzwY
UbchQIKN3DQ2+r9h70wOGQF2f18IoSQ5dvEteQ6XfglEQE/Nwv5ucfMDdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFACSLaQueM7c79k8IU2LzvGTjfruMB8GA1UdIwQY
MBaAFAAKZxjVORVcJzAEAfLEZnUT7sWxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUFwbkdOVTVGVnduTUFRQjhzUm1kUlB1eGJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9hMjMzNDgtNjJjZi00YWZhLTk0ZmMt
OWRkODU2MWNhZWRlLzEvQUpJdHBDNTR6dHp2MlR3aFRZdk84Wk9OLXU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9hMjMzNDgtNjJjZi00YWZhLTk0ZmMtOWRkODU2MWNhZWRl
LzEvQUFwbkdOVTVGVnduTUFRQjhzUm1kUlB1eGJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW+qkAwQB
wpb+MA0GCSqGSIb3DQEBCwUAA4IBAQAekayrxoAzBiBPhGFp3Ekp9XbJ9EnWpSF6
4CIgNVC6koG7c0VrVwEV1AJOz6NaYlFpC4FduApSgRiBzrhS8m5fqM9V4c81xGH9
yynRx+1vILgzuL0apjozsAzZRW6U1ehQ3XrIijdBybLvhyeWNFcaIUM9s2gK5zbi
QXGg5K9mf2HqT/ZnxEwFDBDMDM0e5s2pzYejdPmo9VxhIhFaYDg0MakvJ+1zVyBd
TSEzRIpxMuCtotpmlriAxbtZLB3nnCi39g60HoY0nBJS9cEgVeTLJYgqJV8KP5SV
CfubBtEGjISarR4TuZS1NkAKGaR51jVjAUoDMMURr6B34T1O9ez4
-----END CERTIFICATE-----