Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/1cd01e-e449-4520-906f-5c35dbaba24b/1/1-k1THjHtuz_3ldVxH1-K0ZD1hT8.roa
File:                     1-k1THjHtuz_3ldVxH1-K0ZD1hT8.roa (raw, json)
Hash identifier:          K5K5N7ZzaghdcmWi+eDzTXRkGzeKA7qDWNlxTow/g1Q=
Subject key identifier:   FA:4D:53:1E:31:ED:BB:3F:F7:95:D5:71:1F:5F:8A:D1:90:F5:85:3F
Certificate issuer:       /CN=9a18c790582e99bfb50ee758463dc5afdccbf4bd
Certificate serial:       018CCA2A09FDE991063CA90EF799A79AACEE
Authority key identifier: 9A:18:C7:90:58:2E:99:BF:B5:0E:E7:58:46:3D:C5:AF:DC:CB:F4:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mhjHkFgumb-1DudYRj3Fr9zL9L0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/1cd01e-e449-4520-906f-5c35dbaba24b/1/1-k1THjHtuz_3ldVxH1-K0ZD1hT8.roa
Signing time:             Tue 02 Jan 2024 12:33:21 +0000
ROA not before:           Tue 02 Jan 2024 12:33:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31244
IP address blocks:        91.216.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/1cd01e-e449-4520-906f-5c35dbaba24b/1/mhjHkFgumb-1DudYRj3Fr9zL9L0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/1cd01e-e449-4520-906f-5c35dbaba24b/1/mhjHkFgumb-1DudYRj3Fr9zL9L0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mhjHkFgumb-1DudYRj3Fr9zL9L0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:09:fd:e9:91:06:3c:a9:0e:f7:99:a7:9a:ac:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a18c790582e99bfb50ee758463dc5afdccbf4bd
        Validity
            Not Before: Jan  2 12:33:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa4d531e31edbb3ff795d5711f5f8ad190f5853f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:07:67:1c:6b:47:f3:69:c2:41:e8:ac:b4:75:
                    b2:2b:13:82:b0:6f:4a:65:c1:05:d9:33:ba:97:5f:
                    32:81:81:f0:b9:02:e0:15:3b:4a:d3:f3:1e:a1:cd:
                    64:83:a0:68:cc:1e:f9:70:aa:52:8c:73:42:f6:62:
                    0e:ce:dc:cc:a3:6f:2c:fa:bd:eb:3c:85:1b:df:c1:
                    1b:15:8e:f2:63:f0:ad:69:bd:86:65:16:60:41:09:
                    1b:05:34:ea:79:bf:d3:61:1d:b4:be:a4:6c:19:62:
                    bd:cc:db:19:26:4b:c2:aa:6c:bb:4a:43:32:31:6e:
                    64:8c:27:08:8e:22:f0:d7:6f:e0:74:f2:e2:ca:c5:
                    e1:9b:3f:70:4a:16:d4:25:ef:01:6b:e1:9b:ff:7c:
                    a1:a7:a9:2f:b6:72:fc:a3:c5:15:43:15:3b:f1:d5:
                    34:f7:a2:8b:1e:d9:89:6c:aa:20:e0:2e:90:5a:11:
                    1a:c6:fd:d1:d6:2b:56:83:45:05:cd:c7:e8:33:eb:
                    ec:7c:09:7c:92:e4:1b:26:c2:e1:c9:86:5d:96:50:
                    20:4b:c5:99:28:bf:2b:24:ca:a9:87:e3:e7:75:dd:
                    24:dc:d9:9b:5a:10:a7:d9:da:3a:a1:28:f1:c6:36:
                    48:21:6b:72:80:8f:4d:1f:1e:a5:39:7f:b1:0c:3f:
                    0e:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:4D:53:1E:31:ED:BB:3F:F7:95:D5:71:1F:5F:8A:D1:90:F5:85:3F
            X509v3 Authority Key Identifier:
                keyid:9A:18:C7:90:58:2E:99:BF:B5:0E:E7:58:46:3D:C5:AF:DC:CB:F4:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mhjHkFgumb-1DudYRj3Fr9zL9L0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/1cd01e-e449-4520-906f-5c35dbaba24b/1/1-k1THjHtuz_3ldVxH1-K0ZD1hT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/1cd01e-e449-4520-906f-5c35dbaba24b/1/mhjHkFgumb-1DudYRj3Fr9zL9L0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:33:02:ac:fb:72:5c:c9:04:22:57:5e:36:0f:16:ff:a6:96:
         7e:2b:e5:a7:fc:77:99:b4:d4:31:25:84:75:fd:11:12:e5:8b:
         4b:85:a9:fb:c8:b4:6a:6e:80:b8:aa:48:70:1a:f3:4c:6c:75:
         f3:55:80:e2:d1:1d:41:54:a3:12:49:b7:98:eb:5c:eb:03:14:
         7d:54:70:78:04:8e:a6:fc:eb:88:9b:b9:ae:81:38:2b:04:6e:
         37:5e:ca:b7:61:cf:05:0d:67:5d:26:6c:a1:a9:c1:a0:c4:8b:
         f1:97:3e:62:59:3c:2d:9f:6f:e4:e6:0e:3d:7e:27:70:ac:b3:
         90:9d:0a:eb:1e:4d:29:58:c8:9c:25:22:e0:2b:0e:a3:00:d8:
         fe:88:5e:a4:8f:32:8f:ef:57:7c:a5:39:f1:0b:70:af:9e:14:
         55:67:aa:0c:f6:9f:4d:4a:b7:bb:fd:60:4e:8a:66:81:c5:55:
         69:79:8d:67:fd:29:69:6a:66:e6:74:80:74:50:28:44:d1:9a:
         c1:7b:b2:10:6a:84:ac:4a:3b:c4:e4:fb:d5:c0:57:2c:fa:0d:
         0d:89:eb:cf:98:74:63:34:17:8f:fe:c3:40:7f:d3:48:0e:18:
         6b:d9:4a:89:8f:c0:fa:4e:2a:91:0b:b2:a8:82:51:43:fd:52:
         bc:12:41:76
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKKgn96ZEGPKkO95mnmqzuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMThjNzkwNTgyZTk5YmZiNTBlZTc1ODQ2M2RjNWFmZGNj
YmY0YmQwHhcNMjQwMTAyMTIzMzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTRkNTMxZTMxZWRiYjNmZjc5NWQ1NzExZjVmOGFkMTkwZjU4NTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogdnHGtH82nCQeistHWyKxOCsG9K
ZcEF2TO6l18ygYHwuQLgFTtK0/Meoc1kg6BozB75cKpSjHNC9mIOztzMo28s+r3r
PIUb38EbFY7yY/Ctab2GZRZgQQkbBTTqeb/TYR20vqRsGWK9zNsZJkvCqmy7SkMy
MW5kjCcIjiLw12/gdPLiysXhmz9wShbUJe8Ba+Gb/3yhp6kvtnL8o8UVQxU78dU0
96KLHtmJbKog4C6QWhEaxv3R1itWg0UFzcfoM+vsfAl8kuQbJsLhyYZdllAgS8WZ
KL8rJMqph+Pndd0k3NmbWhCn2do6oSjxxjZIIWtygI9NHx6lOX+xDD8OJwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPpNUx4x7bs/95XVcR9fitGQ9YU/MB8GA1UdIwQY
MBaAFJoYx5BYLpm/tQ7nWEY9xa/cy/S9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWhqSGtGZ3VtYi0xRHVkWVJqM0ZyOXpMOUwwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8xY2QwMWUtZTQ0OS00NTIwLTkwNmYt
NWMzNWRiYWJhMjRiLzEvMS1rMVRIakh0dXpfM2xkVnhIMS1LMFpEMWhUOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDQvMWNkMDFlLWU0NDktNDUyMC05MDZmLTVjMzVkYmFiYTI0
Yi8xL21oakhrRmd1bWItMUR1ZFlSajNGcjl6TDlMMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvYnDAN
BgkqhkiG9w0BAQsFAAOCAQEAhDMCrPtyXMkEIldeNg8W/6aWfivlp/x3mbTUMSWE
df0REuWLS4Wp+8i0am6AuKpIcBrzTGx181WA4tEdQVSjEkm3mOtc6wMUfVRweASO
pvzriJu5roE4KwRuN17Kt2HPBQ1nXSZsoanBoMSL8Zc+Ylk8LZ9v5OYOPX4ncKyz
kJ0K6x5NKVjInCUi4CsOowDY/ohepI8yj+9XfKU58Qtwr54UVWeqDPafTUq3u/1g
TopmgcVVaXmNZ/0paWpm5nSAdFAoRNGawXuyEGqErEo7xOT71cBXLPoNDYnrz5h0
YzQXj/7DQH/TSA4Ya9lKiY/A+k4qkQuyqIJRQ/1SvBJBdg==
-----END CERTIFICATE-----