Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/896914-41b1-4b67-9db4-095dce0e019e/1/I-4-_L4tMpNE8WdVx5qCWtxbsA4.roa
File:                     I-4-_L4tMpNE8WdVx5qCWtxbsA4.roa (raw, json)
Hash identifier:          sSkPyR29TUA+vODgchTQYocvQRgBnhiNdnnDDtntd/Q=
Subject key identifier:   23:EE:3E:FC:BE:2D:32:93:44:F1:67:55:C7:9A:82:5A:DC:5B:B0:0E
Certificate issuer:       /CN=a9d6b171233f20b37e61a3a1ff59ea553bcf21d3
Certificate serial:       018CC2DB4E84247ED67A82122E4C4CE292C7
Authority key identifier: A9:D6:B1:71:23:3F:20:B3:7E:61:A3:A1:FF:59:EA:55:3B:CF:21:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qdaxcSM_ILN-YaOh_1nqVTvPIdM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/896914-41b1-4b67-9db4-095dce0e019e/1/I-4-_L4tMpNE8WdVx5qCWtxbsA4.roa
Signing time:             Mon 01 Jan 2024 02:30:01 +0000
ROA not before:           Mon 01 Jan 2024 02:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216286
IP address blocks:        91.199.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/896914-41b1-4b67-9db4-095dce0e019e/1/qdaxcSM_ILN-YaOh_1nqVTvPIdM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/896914-41b1-4b67-9db4-095dce0e019e/1/qdaxcSM_ILN-YaOh_1nqVTvPIdM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qdaxcSM_ILN-YaOh_1nqVTvPIdM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:4e:84:24:7e:d6:7a:82:12:2e:4c:4c:e2:92:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9d6b171233f20b37e61a3a1ff59ea553bcf21d3
        Validity
            Not Before: Jan  1 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23ee3efcbe2d329344f16755c79a825adc5bb00e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:32:d5:05:98:63:51:5e:85:ce:2a:e2:f7:94:
                    10:60:b6:55:12:6e:d2:64:78:3d:01:f5:a3:a6:87:
                    53:83:d8:2d:c7:1d:10:82:ab:09:84:19:6c:7d:85:
                    19:22:cd:3f:d8:1c:2f:65:ca:60:ec:a7:e6:b7:5b:
                    00:d4:84:c0:d6:5f:ee:65:7d:44:05:07:45:d2:14:
                    63:5b:74:d4:39:03:fd:a8:c0:5b:77:ae:fd:e7:46:
                    48:a9:71:b3:9d:76:eb:5a:26:94:89:a9:be:50:d1:
                    11:a0:ef:96:a6:99:58:2f:a5:37:ce:d0:fb:30:ee:
                    a8:12:96:ba:e2:de:d0:5f:6c:29:74:dd:33:26:61:
                    c3:8e:d5:60:11:7b:cb:3c:e3:a9:5a:a0:96:65:34:
                    2e:bc:e1:7a:e2:5e:c7:90:e4:a8:8e:0b:32:e4:1a:
                    59:c3:12:fb:d2:73:91:6d:2b:2d:e4:f3:98:7e:74:
                    b8:ae:93:1a:ca:53:e2:0b:f1:05:ef:2a:6a:8a:77:
                    05:7b:cb:c6:4b:d8:c1:8b:92:ab:ff:75:29:83:eb:
                    9c:d1:c5:4d:58:96:10:49:89:f7:88:e4:66:a2:d5:
                    cf:28:d5:ba:8f:1d:2b:31:be:54:bd:f3:2a:2d:a4:
                    6f:d0:f1:c5:3f:fb:74:91:03:82:5a:bd:6a:80:3e:
                    20:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:EE:3E:FC:BE:2D:32:93:44:F1:67:55:C7:9A:82:5A:DC:5B:B0:0E
            X509v3 Authority Key Identifier:
                keyid:A9:D6:B1:71:23:3F:20:B3:7E:61:A3:A1:FF:59:EA:55:3B:CF:21:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qdaxcSM_ILN-YaOh_1nqVTvPIdM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/896914-41b1-4b67-9db4-095dce0e019e/1/I-4-_L4tMpNE8WdVx5qCWtxbsA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/896914-41b1-4b67-9db4-095dce0e019e/1/qdaxcSM_ILN-YaOh_1nqVTvPIdM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:42:be:10:de:ff:e6:48:54:c1:f4:03:a3:11:a9:d2:93:25:
         f1:29:9f:c7:17:c7:73:0b:03:44:a6:98:a4:dd:94:3b:79:55:
         e4:aa:8a:c7:fc:bc:0f:fe:d8:91:76:d1:dc:ba:73:99:ff:6b:
         7d:20:30:48:45:de:70:38:39:56:60:8e:29:ae:a8:57:a9:a8:
         c8:9f:ca:02:08:c7:7e:0d:d5:e1:71:b4:31:5d:8d:69:0d:5f:
         69:20:f5:10:22:3d:f1:0e:74:6d:84:6b:02:c7:78:1c:6c:d0:
         02:b0:32:4e:6d:81:7a:48:ff:41:b1:98:6d:16:a1:f4:38:0c:
         f8:e0:87:41:da:47:2f:46:f9:53:2a:c8:92:fb:7c:d8:d6:57:
         15:c1:d3:41:40:63:ea:c2:49:06:12:63:9d:15:38:aa:36:d1:
         35:d6:61:55:7e:b0:13:6d:b5:33:d0:c5:7e:0d:7a:c3:de:a5:
         cf:2c:2b:cf:e6:72:da:4f:ab:5a:42:33:ca:2d:f4:a8:ba:0e:
         10:48:a1:be:6e:7b:c3:10:80:41:18:62:e8:8b:0e:8d:63:4d:
         67:df:dc:fe:cb:50:13:63:07:02:18:be:49:3e:42:f8:fa:47:
         52:97:b2:4b:87:5a:6d:4c:78:60:94:7b:fb:6f:a9:70:3c:7d:
         3b:b6:88:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC206EJH7WeoISLkxM4pLHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ZDZiMTcxMjMzZjIwYjM3ZTYxYTNhMWZmNTllYTU1M2Jj
ZjIxZDMwHhcNMjQwMTAxMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2VlM2VmY2JlMmQzMjkzNDRmMTY3NTVjNzlhODI1YWRjNWJiMDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTLVBZhjUV6Fziri95QQYLZVEm7S
ZHg9AfWjpodTg9gtxx0QgqsJhBlsfYUZIs0/2BwvZcpg7Kfmt1sA1ITA1l/uZX1E
BQdF0hRjW3TUOQP9qMBbd67950ZIqXGznXbrWiaUiam+UNERoO+WpplYL6U3ztD7
MO6oEpa64t7QX2wpdN0zJmHDjtVgEXvLPOOpWqCWZTQuvOF64l7HkOSojgsy5BpZ
wxL70nORbSst5POYfnS4rpMaylPiC/EF7ypqincFe8vGS9jBi5Kr/3Upg+uc0cVN
WJYQSYn3iORmotXPKNW6jx0rMb5UvfMqLaRv0PHFP/t0kQOCWr1qgD4gVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCPuPvy+LTKTRPFnVceaglrcW7AOMB8GA1UdIwQY
MBaAFKnWsXEjPyCzfmGjof9Z6lU7zyHTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWRheGNTTV9JTE4tWWFPaF8xbnFWVHZQSWRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84OTY5MTQtNDFiMS00YjY3LTlkYjQt
MDk1ZGNlMGUwMTllLzEvSS00LV9MNHRNcE5FOFdkVng1cUNXdHhic0E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84OTY5MTQtNDFiMS00YjY3LTlkYjQtMDk1ZGNlMGUwMTll
LzEvcWRheGNTTV9JTE4tWWFPaF8xbnFWVHZQSWRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8cCMA0G
CSqGSIb3DQEBCwUAA4IBAQBkQr4Q3v/mSFTB9AOjEanSkyXxKZ/HF8dzCwNEppik
3ZQ7eVXkqorH/LwP/tiRdtHcunOZ/2t9IDBIRd5wODlWYI4prqhXqajIn8oCCMd+
DdXhcbQxXY1pDV9pIPUQIj3xDnRthGsCx3gcbNACsDJObYF6SP9BsZhtFqH0OAz4
4IdB2kcvRvlTKsiS+3zY1lcVwdNBQGPqwkkGEmOdFTiqNtE11mFVfrATbbUz0MV+
DXrD3qXPLCvP5nLaT6taQjPKLfSoug4QSKG+bnvDEIBBGGLoiw6NY01n39z+y1AT
YwcCGL5JPkL4+kdSl7JLh1ptTHhglHv7b6lwPH07tohd
-----END CERTIFICATE-----