Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/8a6ae1-7148-4e57-aaa9-3b81aa26f7c6/1/7CAtnZN2kCaYk4TfY7S3R7RT6EM.roa
File:                     7CAtnZN2kCaYk4TfY7S3R7RT6EM.roa (raw, json)
Hash identifier:          4EboVZRmkpv6QEjrGYeLzLE8DF18L1ltC5dRQvA7YDc=
Subject key identifier:   EC:20:2D:9D:93:76:90:26:98:93:84:DF:63:B4:B7:47:B4:53:E8:43
Certificate issuer:       /CN=bd45aecb062d9b446e05421bc1faaf58bb0769ec
Certificate serial:       018CC49365FBB5A59DDE09758A0E08A150B2
Authority key identifier: BD:45:AE:CB:06:2D:9B:44:6E:05:42:1B:C1:FA:AF:58:BB:07:69:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vUWuywYtm0RuBUIbwfqvWLsHaew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/8a6ae1-7148-4e57-aaa9-3b81aa26f7c6/1/7CAtnZN2kCaYk4TfY7S3R7RT6EM.roa
Signing time:             Mon 01 Jan 2024 10:30:43 +0000
ROA not before:           Mon 01 Jan 2024 10:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24641
IP address blocks:        91.224.48.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/8a6ae1-7148-4e57-aaa9-3b81aa26f7c6/1/vUWuywYtm0RuBUIbwfqvWLsHaew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/8a6ae1-7148-4e57-aaa9-3b81aa26f7c6/1/vUWuywYtm0RuBUIbwfqvWLsHaew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vUWuywYtm0RuBUIbwfqvWLsHaew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:65:fb:b5:a5:9d:de:09:75:8a:0e:08:a1:50:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd45aecb062d9b446e05421bc1faaf58bb0769ec
        Validity
            Not Before: Jan  1 10:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec202d9d93769026989384df63b4b747b453e843
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:42:d5:b0:fc:a5:16:bf:36:ad:bd:d5:82:e4:
                    06:f2:22:f4:ac:f8:e3:fd:3e:24:58:b9:6f:4d:e3:
                    70:0b:27:d2:11:68:88:8f:fd:7d:af:a2:36:97:5c:
                    1e:df:2c:34:0f:df:dd:b5:f7:50:46:ac:b5:0e:04:
                    e0:de:ef:7e:f5:5f:a3:cc:a3:83:7b:ea:e0:ad:d1:
                    86:ce:a9:24:7e:f1:95:d7:a1:51:91:75:f6:69:63:
                    e4:94:41:00:6c:bb:88:ce:e0:be:5e:6c:e0:d9:b4:
                    95:99:29:d5:16:69:7f:40:99:72:c5:01:55:fd:3d:
                    0a:40:ad:27:fa:d1:38:f2:ba:82:b4:2b:a7:fe:71:
                    56:70:df:0c:e4:a8:3c:2e:df:53:70:fd:c4:29:11:
                    59:de:04:1a:d5:48:b7:e1:a5:23:f3:55:48:43:1d:
                    04:27:c9:28:5a:84:24:00:45:7d:61:07:97:e6:7d:
                    80:df:64:79:fa:33:5e:41:18:7b:84:4e:2a:27:56:
                    30:36:f4:1a:e4:1d:58:8c:46:6c:d2:21:0f:b9:ee:
                    d7:9e:f5:ef:28:c6:96:6f:90:1d:92:5e:fd:01:db:
                    2f:17:2c:3b:ed:96:e9:a2:81:f7:e4:3c:5c:68:4e:
                    70:ec:82:07:5e:85:3d:a7:75:db:5b:78:20:38:82:
                    43:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:20:2D:9D:93:76:90:26:98:93:84:DF:63:B4:B7:47:B4:53:E8:43
            X509v3 Authority Key Identifier:
                keyid:BD:45:AE:CB:06:2D:9B:44:6E:05:42:1B:C1:FA:AF:58:BB:07:69:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vUWuywYtm0RuBUIbwfqvWLsHaew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/8a6ae1-7148-4e57-aaa9-3b81aa26f7c6/1/7CAtnZN2kCaYk4TfY7S3R7RT6EM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/8a6ae1-7148-4e57-aaa9-3b81aa26f7c6/1/vUWuywYtm0RuBUIbwfqvWLsHaew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         cf:34:f6:04:7d:aa:c1:7b:3e:71:84:05:c9:77:34:97:aa:93:
         65:64:20:0f:16:71:12:82:6e:82:c9:3e:7e:4a:44:7a:aa:54:
         ba:f7:a4:2f:85:83:40:98:47:9e:36:2f:ce:36:9c:13:04:93:
         b7:47:38:ef:59:81:87:c9:07:1e:56:44:06:34:f0:89:dc:af:
         c3:37:33:5c:d0:09:14:47:ae:db:72:af:db:c7:10:d1:c4:27:
         b6:e6:99:aa:51:cb:fb:e8:57:18:93:7d:82:33:5b:55:2c:33:
         ec:26:41:0c:bd:df:80:1e:5f:13:9c:93:02:0b:d9:10:c0:fd:
         23:97:18:05:28:f0:3b:7b:53:21:b5:84:96:31:5e:c8:b1:88:
         24:08:7c:0a:66:95:53:3f:ae:f3:c3:31:47:c6:33:3b:87:c0:
         fa:15:47:68:31:0d:17:69:85:43:35:02:78:76:7c:e9:5a:1c:
         a9:e6:79:4d:84:f4:02:38:2b:2d:16:53:e0:9b:4c:47:14:1d:
         47:ea:24:24:b9:9a:93:f8:e9:8c:14:11:90:c0:69:4c:62:d8:
         93:55:95:c8:82:8b:6d:56:16:73:70:90:a6:4e:04:58:04:22:
         8c:fe:69:2a:e1:32:e1:9a:6f:ab:f4:65:ba:a2:da:bc:0c:b0:
         87:26:05:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk2X7taWd3gl1ig4IoVCyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkNDVhZWNiMDYyZDliNDQ2ZTA1NDIxYmMxZmFhZjU4YmIw
NzY5ZWMwHhcNMjQwMTAxMTAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzIwMmQ5ZDkzNzY5MDI2OTg5Mzg0ZGY2M2I0Yjc0N2I0NTNlODQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAikLVsPylFr82rb3VguQG8iL0rPjj
/T4kWLlvTeNwCyfSEWiIj/19r6I2l1we3yw0D9/dtfdQRqy1DgTg3u9+9V+jzKOD
e+rgrdGGzqkkfvGV16FRkXX2aWPklEEAbLuIzuC+Xmzg2bSVmSnVFml/QJlyxQFV
/T0KQK0n+tE48rqCtCun/nFWcN8M5Kg8Lt9TcP3EKRFZ3gQa1Ui34aUj81VIQx0E
J8koWoQkAEV9YQeX5n2A32R5+jNeQRh7hE4qJ1YwNvQa5B1YjEZs0iEPue7XnvXv
KMaWb5Adkl79AdsvFyw77ZbpooH35DxcaE5w7IIHXoU9p3XbW3ggOIJDBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOwgLZ2TdpAmmJOE32O0t0e0U+hDMB8GA1UdIwQY
MBaAFL1FrssGLZtEbgVCG8H6r1i7B2nsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlVXdXl3WXRtMFJ1QlVJYndmcXZXTHNIYWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS84YTZhZTEtNzE0OC00ZTU3LWFhYTkt
M2I4MWFhMjZmN2M2LzEvN0NBdG5aTjJrQ2FZazRUZlk3UzNSN1JUNkVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS84YTZhZTEtNzE0OC00ZTU3LWFhYTktM2I4MWFhMjZmN2M2
LzEvdlVXdXl3WXRtMFJ1QlVJYndmcXZXTHNIYWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+AwMA0G
CSqGSIb3DQEBCwUAA4IBAQDPNPYEfarBez5xhAXJdzSXqpNlZCAPFnESgm6CyT5+
SkR6qlS696QvhYNAmEeeNi/ONpwTBJO3RzjvWYGHyQceVkQGNPCJ3K/DNzNc0AkU
R67bcq/bxxDRxCe25pmqUcv76FcYk32CM1tVLDPsJkEMvd+AHl8TnJMCC9kQwP0j
lxgFKPA7e1MhtYSWMV7IsYgkCHwKZpVTP67zwzFHxjM7h8D6FUdoMQ0XaYVDNQJ4
dnzpWhyp5nlNhPQCOCstFlPgm0xHFB1H6iQkuZqT+OmMFBGQwGlMYtiTVZXIgott
VhZzcJCmTgRYBCKM/mkq4TLhmm+r9GW6otq8DLCHJgWc
-----END CERTIFICATE-----