Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/1ca469-2086-4c4c-a0b8-8d0857a1a4d7/1/OG17T-GsfzKdc-WINHJhwumz_QE.roa
File:                     OG17T-GsfzKdc-WINHJhwumz_QE.roa (raw, json)
Hash identifier:          G0PrQnOUavAQxDS08j7iCNY2F4ZZxTPSE8YkWoGk1Zk=
Subject key identifier:   38:6D:7B:4F:E1:AC:7F:32:9D:73:E5:88:34:72:61:C2:E9:B3:FD:01
Certificate issuer:       /CN=e41798a3ee49d523e88e1ad103e63e121d84d1b5
Certificate serial:       018CC56DFB3EC4BE0BED8EF5D62283E28A17
Authority key identifier: E4:17:98:A3:EE:49:D5:23:E8:8E:1A:D1:03:E6:3E:12:1D:84:D1:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5BeYo-5J1SPojhrRA-Y-Eh2E0bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/1ca469-2086-4c4c-a0b8-8d0857a1a4d7/1/OG17T-GsfzKdc-WINHJhwumz_QE.roa
Signing time:             Mon 01 Jan 2024 14:29:28 +0000
ROA not before:           Mon 01 Jan 2024 14:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48314
IP address blocks:        91.214.8.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/1ca469-2086-4c4c-a0b8-8d0857a1a4d7/1/5BeYo-5J1SPojhrRA-Y-Eh2E0bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/1ca469-2086-4c4c-a0b8-8d0857a1a4d7/1/5BeYo-5J1SPojhrRA-Y-Eh2E0bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5BeYo-5J1SPojhrRA-Y-Eh2E0bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 19:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:fb:3e:c4:be:0b:ed:8e:f5:d6:22:83:e2:8a:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e41798a3ee49d523e88e1ad103e63e121d84d1b5
        Validity
            Not Before: Jan  1 14:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=386d7b4fe1ac7f329d73e588347261c2e9b3fd01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:11:7c:5d:e7:88:dd:72:12:6b:38:68:a1:9d:
                    12:a9:fe:53:d1:08:f1:79:12:d7:91:10:77:0e:78:
                    81:09:e1:8c:79:f9:1d:1b:96:05:80:f1:dd:03:d8:
                    ce:c8:ab:1e:59:51:da:e1:00:65:2b:d5:84:4c:06:
                    40:ca:34:fb:ce:2b:e9:67:a6:0a:c2:6b:0d:6c:36:
                    2d:55:1f:5a:69:35:1d:02:90:dc:77:e6:9c:c1:1e:
                    68:9d:f7:c1:63:1b:30:66:e3:46:7a:2a:0d:ac:f4:
                    56:07:ab:77:8b:dd:8c:56:55:0c:23:26:04:75:f0:
                    9f:02:c8:bc:d5:49:3f:58:62:e1:41:25:e8:f6:57:
                    9e:6f:40:94:42:d4:73:29:31:9f:7c:8b:96:c3:d3:
                    3f:2b:2c:89:f7:f4:44:68:b0:56:55:03:91:75:82:
                    ef:26:b9:d3:a1:70:ca:91:b9:6c:cf:8d:33:28:72:
                    f9:99:53:e6:49:e6:e7:6f:e5:2e:ef:38:09:93:01:
                    8f:b8:59:36:d3:e3:7e:6a:59:47:2b:34:42:dd:3b:
                    81:bf:e5:a4:19:0b:36:42:68:8f:14:4c:0a:75:47:
                    e0:bc:d8:76:1d:e4:b3:0e:1a:8f:ba:a1:58:90:ce:
                    85:3f:ca:07:50:bb:60:7c:d7:91:69:00:28:01:33:
                    6a:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:6D:7B:4F:E1:AC:7F:32:9D:73:E5:88:34:72:61:C2:E9:B3:FD:01
            X509v3 Authority Key Identifier:
                keyid:E4:17:98:A3:EE:49:D5:23:E8:8E:1A:D1:03:E6:3E:12:1D:84:D1:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5BeYo-5J1SPojhrRA-Y-Eh2E0bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/1ca469-2086-4c4c-a0b8-8d0857a1a4d7/1/OG17T-GsfzKdc-WINHJhwumz_QE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/1ca469-2086-4c4c-a0b8-8d0857a1a4d7/1/5BeYo-5J1SPojhrRA-Y-Eh2E0bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.214.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         71:8f:8d:f1:79:e5:9c:93:6a:02:53:39:59:0e:6d:0b:ca:65:
         36:d4:82:1d:44:8a:3b:02:f4:73:94:dc:72:bc:42:4a:55:4a:
         f5:c5:aa:fc:71:69:e5:35:50:19:fa:a1:00:ab:07:94:0d:f2:
         87:6a:eb:e8:e1:83:6f:a7:76:3d:8e:ee:24:06:a5:b0:9a:8c:
         5d:c4:5d:c9:0d:8b:20:27:85:1a:94:a4:5f:e3:5a:f4:14:f2:
         70:5a:0f:95:8f:36:d3:b4:e7:2e:b6:23:ff:97:7c:c9:58:03:
         91:fc:c5:eb:c5:d4:06:ea:10:6a:3d:33:2f:ce:d9:ed:8d:5c:
         86:20:96:f9:45:55:8e:7e:04:2e:b5:81:3e:1a:bf:31:81:4c:
         d3:0f:3f:4f:0c:fe:c3:97:ad:a7:b7:40:ec:c3:1a:aa:d1:b1:
         73:22:cd:5d:a2:88:29:0b:0f:15:74:c6:c2:48:34:9e:27:a4:
         d0:5d:b9:5d:4e:7b:78:28:fa:ff:c3:47:78:a7:1a:a2:dc:b9:
         4c:10:3a:26:29:8f:dc:ba:b7:34:bb:cb:e1:0b:ca:a9:66:3e:
         02:e8:b1:69:ff:01:3b:f5:75:41:fd:42:6c:ab:b6:66:c7:8a:
         60:27:c3:18:63:75:b6:71:ae:3d:34:62:af:b0:d6:9f:b5:a3:
         1a:72:cb:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbfs+xL4L7Y711iKD4ooXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0MTc5OGEzZWU0OWQ1MjNlODhlMWFkMTAzZTYzZTEyMWQ4
NGQxYjUwHhcNMjQwMTAxMTQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODZkN2I0ZmUxYWM3ZjMyOWQ3M2U1ODgzNDcyNjFjMmU5YjNmZDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1BF8XeeI3XISazhooZ0Sqf5T0Qjx
eRLXkRB3DniBCeGMefkdG5YFgPHdA9jOyKseWVHa4QBlK9WETAZAyjT7zivpZ6YK
wmsNbDYtVR9aaTUdApDcd+acwR5onffBYxswZuNGeioNrPRWB6t3i92MVlUMIyYE
dfCfAsi81Uk/WGLhQSXo9leeb0CUQtRzKTGffIuWw9M/KyyJ9/REaLBWVQORdYLv
JrnToXDKkblsz40zKHL5mVPmSebnb+Uu7zgJkwGPuFk20+N+allHKzRC3TuBv+Wk
GQs2QmiPFEwKdUfgvNh2HeSzDhqPuqFYkM6FP8oHULtgfNeRaQAoATNqfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDhte0/hrH8ynXPliDRyYcLps/0BMB8GA1UdIwQY
MBaAFOQXmKPuSdUj6I4a0QPmPhIdhNG1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUJlWW8tNUoxU1BvamhyUkEtWS1FaDJFMGJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC8xY2E0NjktMjA4Ni00YzRjLWEwYjgt
OGQwODU3YTFhNGQ3LzEvT0cxN1QtR3NmektkYy1XSU5ISmh3dW16X1FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC8xY2E0NjktMjA4Ni00YzRjLWEwYjgtOGQwODU3YTFhNGQ3
LzEvNUJlWW8tNUoxU1BvamhyUkEtWS1FaDJFMGJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW9YIMA0G
CSqGSIb3DQEBCwUAA4IBAQBxj43xeeWck2oCUzlZDm0LymU21IIdRIo7AvRzlNxy
vEJKVUr1xar8cWnlNVAZ+qEAqweUDfKHauvo4YNvp3Y9ju4kBqWwmoxdxF3JDYsg
J4UalKRf41r0FPJwWg+VjzbTtOcutiP/l3zJWAOR/MXrxdQG6hBqPTMvztntjVyG
IJb5RVWOfgQutYE+Gr8xgUzTDz9PDP7Dl62nt0Dswxqq0bFzIs1doogpCw8VdMbC
SDSeJ6TQXbldTnt4KPr/w0d4pxqi3LlMEDomKY/curc0u8vhC8qpZj4C6LFp/wE7
9XVB/UJsq7Zmx4pgJ8MYY3W2ca49NGKvsNaftaMacsvI
-----END CERTIFICATE-----