Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/dd8878-2941-4c15-b204-8fc33737ceab/1/OIP-tO5GIAI-cW8CyLLl9bTbTBc.roa
File:                     OIP-tO5GIAI-cW8CyLLl9bTbTBc.roa (raw, json)
Hash identifier:          kH48iSJvy6nvjiochm6r0rw2Nb3n6dyDze+0sq8fVE4=
Subject key identifier:   38:83:FE:B4:EE:46:20:02:3E:71:6F:02:C8:B2:E5:F5:B4:DB:4C:17
Certificate issuer:       /CN=a20cc67154b403145d139469886127ab629eb928
Certificate serial:       018F907DA62AA77B744364CA2CE815867EBE
Authority key identifier: A2:0C:C6:71:54:B4:03:14:5D:13:94:69:88:61:27:AB:62:9E:B9:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ogzGcVS0AxRdE5RpiGEnq2KeuSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/dd8878-2941-4c15-b204-8fc33737ceab/1/OIP-tO5GIAI-cW8CyLLl9bTbTBc.roa
Signing time:             Sun 19 May 2024 10:55:04 +0000
ROA not before:           Sun 19 May 2024 10:55:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        91.208.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/dd8878-2941-4c15-b204-8fc33737ceab/1/ogzGcVS0AxRdE5RpiGEnq2KeuSg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/dd8878-2941-4c15-b204-8fc33737ceab/1/ogzGcVS0AxRdE5RpiGEnq2KeuSg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ogzGcVS0AxRdE5RpiGEnq2KeuSg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:90:7d:a6:2a:a7:7b:74:43:64:ca:2c:e8:15:86:7e:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a20cc67154b403145d139469886127ab629eb928
        Validity
            Not Before: May 19 10:55:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3883feb4ee4620023e716f02c8b2e5f5b4db4c17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:47:02:a8:50:6f:67:26:e4:35:fd:0e:1e:a2:
                    53:62:d2:82:2d:ca:87:ca:5d:65:ce:3c:2c:ea:13:
                    73:b6:79:17:c3:97:3c:ea:32:2d:d6:49:0d:fe:85:
                    43:8d:b8:e6:bc:1d:85:30:84:0e:83:83:b9:59:42:
                    42:25:67:6d:90:36:2c:18:74:d8:22:82:92:33:c8:
                    34:8a:98:63:d0:0e:20:2c:c5:da:64:df:ff:30:34:
                    ed:d4:62:e3:6b:cd:c2:0b:ef:98:6e:cd:72:cf:4f:
                    30:be:a7:2e:cf:c7:a8:55:4d:17:ef:d5:a4:bd:8c:
                    59:ab:01:03:a0:99:3c:09:b2:d4:af:b0:6d:23:9e:
                    87:95:ce:18:16:b5:8a:1d:5a:0c:ee:e9:dc:96:10:
                    db:df:2b:cd:85:fa:f7:15:da:45:72:07:f8:65:15:
                    54:94:1e:fe:37:06:54:47:0d:a6:a0:42:58:97:3e:
                    d6:b1:ce:27:a2:b7:c4:85:eb:d7:35:a3:ec:48:3e:
                    55:1c:01:fb:53:a7:ca:d4:5f:ee:9d:ca:3f:aa:16:
                    ad:77:a9:28:2d:37:c8:df:e3:23:25:13:49:04:bf:
                    bb:ea:38:40:aa:f2:26:dd:ea:ec:c2:2a:5b:51:3c:
                    e7:b0:0a:0b:61:aa:a6:d8:2f:01:82:71:15:9a:0b:
                    08:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:83:FE:B4:EE:46:20:02:3E:71:6F:02:C8:B2:E5:F5:B4:DB:4C:17
            X509v3 Authority Key Identifier:
                keyid:A2:0C:C6:71:54:B4:03:14:5D:13:94:69:88:61:27:AB:62:9E:B9:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ogzGcVS0AxRdE5RpiGEnq2KeuSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/dd8878-2941-4c15-b204-8fc33737ceab/1/OIP-tO5GIAI-cW8CyLLl9bTbTBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/dd8878-2941-4c15-b204-8fc33737ceab/1/ogzGcVS0AxRdE5RpiGEnq2KeuSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:80:a5:3a:c0:eb:c8:f1:e0:7f:6d:15:49:3c:73:e3:f0:3a:
         a9:58:9b:42:69:10:16:7e:0b:61:8f:60:aa:ca:45:4d:2b:5f:
         a4:a7:95:20:32:f6:e7:38:ea:3b:96:d1:4d:00:64:57:e1:4c:
         78:19:84:f8:d4:6f:87:f0:b6:22:e9:bf:b5:e1:4d:ce:6c:a6:
         ce:c8:ca:0b:8b:c9:4a:62:a0:24:04:b8:64:83:12:e7:b0:aa:
         bd:b6:bf:7a:6f:01:68:1b:42:74:2e:5d:ca:13:db:ce:ac:8a:
         2c:db:a3:18:1a:af:28:04:36:7d:9d:e4:f8:e5:84:73:3d:44:
         97:45:9d:c0:1f:db:d6:4d:1a:47:47:38:10:c8:f7:2a:ea:8a:
         96:f7:63:ba:95:66:e9:15:14:11:37:62:9d:31:0b:3a:2c:c1:
         1d:4d:78:95:b6:4c:4e:df:99:07:e4:ba:be:84:d9:84:e1:7e:
         b4:c5:9c:b6:df:c4:3f:c5:08:dd:82:3a:e3:f3:06:4c:ae:73:
         44:9b:93:60:f0:1e:72:d7:04:29:45:c1:b1:ea:c4:be:b9:06:
         db:60:10:c5:08:9c:c2:b1:7c:ea:66:aa:12:5a:27:9f:05:68:
         7d:7e:d5:b6:bf:4e:f6:ca:0b:e2:64:09:d4:f0:79:98:02:2f:
         8f:3f:d2:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+QfaYqp3t0Q2TKLOgVhn6+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMGNjNjcxNTRiNDAzMTQ1ZDEzOTQ2OTg4NjEyN2FiNjI5
ZWI5MjgwHhcNMjQwNTE5MTA1NTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODgzZmViNGVlNDYyMDAyM2U3MTZmMDJjOGIyZTVmNWI0ZGI0YzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0cCqFBvZybkNf0OHqJTYtKCLcqH
yl1lzjws6hNztnkXw5c86jIt1kkN/oVDjbjmvB2FMIQOg4O5WUJCJWdtkDYsGHTY
IoKSM8g0iphj0A4gLMXaZN//MDTt1GLja83CC++Ybs1yz08wvqcuz8eoVU0X79Wk
vYxZqwEDoJk8CbLUr7BtI56Hlc4YFrWKHVoM7unclhDb3yvNhfr3FdpFcgf4ZRVU
lB7+NwZURw2moEJYlz7Wsc4norfEhevXNaPsSD5VHAH7U6fK1F/unco/qhatd6ko
LTfI3+MjJRNJBL+76jhAqvIm3erswipbUTznsAoLYaqm2C8BgnEVmgsIIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDiD/rTuRiACPnFvAsiy5fW020wXMB8GA1UdIwQY
MBaAFKIMxnFUtAMUXROUaYhhJ6tinrkoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2d6R2NWUzBBeFJkRTVScGlHRW5xMktldVNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9kZDg4NzgtMjk0MS00YzE1LWIyMDQt
OGZjMzM3MzdjZWFiLzEvT0lQLXRPNUdJQUktY1c4Q3lMTGw5YlRiVEJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9kZDg4NzgtMjk0MS00YzE1LWIyMDQtOGZjMzM3MzdjZWFi
LzEvb2d6R2NWUzBBeFJkRTVScGlHRW5xMktldVNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9B2MA0G
CSqGSIb3DQEBCwUAA4IBAQCpgKU6wOvI8eB/bRVJPHPj8DqpWJtCaRAWfgthj2Cq
ykVNK1+kp5UgMvbnOOo7ltFNAGRX4Ux4GYT41G+H8LYi6b+14U3ObKbOyMoLi8lK
YqAkBLhkgxLnsKq9tr96bwFoG0J0Ll3KE9vOrIos26MYGq8oBDZ9neT45YRzPUSX
RZ3AH9vWTRpHRzgQyPcq6oqW92O6lWbpFRQRN2KdMQs6LMEdTXiVtkxO35kH5Lq+
hNmE4X60xZy238Q/xQjdgjrj8wZMrnNEm5Ng8B5y1wQpRcGx6sS+uQbbYBDFCJzC
sXzqZqoSWiefBWh9ftW2v072ygviZAnU8HmYAi+PP9Jh
-----END CERTIFICATE-----