Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/de9401-56bb-4813-8f88-fd11bb1cc82d/1/1ZhmspxQ0hCYHC-2RehzS7MzsqU.roa
File:                     1ZhmspxQ0hCYHC-2RehzS7MzsqU.roa (raw, json)
Hash identifier:          G+YHEZuj9RASSJqo4txIOYmHL/REh7P0wux/XyKrVQg=
Subject key identifier:   D5:98:66:B2:9C:50:D2:10:98:1C:2F:B6:45:E8:73:4B:B3:33:B2:A5
Certificate issuer:       /CN=40aa949d31c66888cb4758f23dd5f312141dec4a
Certificate serial:       018CC56E089CB9B495115A7C0BDD512DE4E7
Authority key identifier: 40:AA:94:9D:31:C6:68:88:CB:47:58:F2:3D:D5:F3:12:14:1D:EC:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QKqUnTHGaIjLR1jyPdXzEhQd7Eo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/de9401-56bb-4813-8f88-fd11bb1cc82d/1/1ZhmspxQ0hCYHC-2RehzS7MzsqU.roa
Signing time:             Mon 01 Jan 2024 14:29:31 +0000
ROA not before:           Mon 01 Jan 2024 14:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47811
IP address blocks:        91.208.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/de9401-56bb-4813-8f88-fd11bb1cc82d/1/QKqUnTHGaIjLR1jyPdXzEhQd7Eo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/de9401-56bb-4813-8f88-fd11bb1cc82d/1/QKqUnTHGaIjLR1jyPdXzEhQd7Eo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QKqUnTHGaIjLR1jyPdXzEhQd7Eo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:08:9c:b9:b4:95:11:5a:7c:0b:dd:51:2d:e4:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40aa949d31c66888cb4758f23dd5f312141dec4a
        Validity
            Not Before: Jan  1 14:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d59866b29c50d210981c2fb645e8734bb333b2a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b8:cf:92:f2:34:b3:43:81:5c:8f:36:7f:fe:
                    4f:bd:f9:5a:7a:35:a9:96:4d:49:92:3e:78:70:aa:
                    c0:fd:62:bc:a8:06:8a:db:ba:f6:d7:0b:d8:d6:9d:
                    20:e2:1d:b1:9a:51:94:f3:d3:00:57:fd:e0:13:61:
                    fa:c5:1f:4b:a5:55:b8:71:1e:18:3c:8f:8c:75:1f:
                    f6:d8:29:08:b6:c3:c2:48:47:73:45:f6:32:26:98:
                    3a:ff:72:38:67:ba:24:9a:4f:3e:0a:d4:23:6c:f2:
                    c2:b1:12:74:fc:b2:38:ef:40:a1:e9:84:49:a9:aa:
                    20:65:15:cd:18:c1:4e:31:c2:f3:58:67:84:7c:31:
                    a5:a0:23:55:67:88:4c:2d:81:96:8a:54:20:63:95:
                    4d:96:81:b8:6b:b6:06:44:f7:89:29:8f:a5:fa:03:
                    f3:cb:f9:15:83:39:80:46:9c:b9:06:85:d5:6a:73:
                    b2:47:a9:fd:ef:71:92:5c:90:32:0c:31:ff:09:f8:
                    d6:fe:dc:26:7a:f5:ad:9a:d4:47:95:9b:ea:75:ce:
                    a2:7c:d7:cb:a8:a1:2d:fc:a0:f9:7e:d2:28:10:63:
                    fc:9b:aa:3f:5d:22:71:87:61:6a:cc:25:d2:38:fe:
                    5d:71:44:8a:88:a3:30:a3:27:cb:cf:4f:b1:ed:94:
                    38:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:98:66:B2:9C:50:D2:10:98:1C:2F:B6:45:E8:73:4B:B3:33:B2:A5
            X509v3 Authority Key Identifier:
                keyid:40:AA:94:9D:31:C6:68:88:CB:47:58:F2:3D:D5:F3:12:14:1D:EC:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QKqUnTHGaIjLR1jyPdXzEhQd7Eo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/de9401-56bb-4813-8f88-fd11bb1cc82d/1/1ZhmspxQ0hCYHC-2RehzS7MzsqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/de9401-56bb-4813-8f88-fd11bb1cc82d/1/QKqUnTHGaIjLR1jyPdXzEhQd7Eo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:95:80:0b:e6:d2:8f:91:d4:0d:af:7c:68:4d:f4:2a:7c:5e:
         10:bc:3d:44:a0:d2:be:c8:f1:bb:cf:48:b3:5c:ba:ab:e3:bb:
         4e:ca:a1:f1:06:ea:bf:c4:71:d7:96:18:94:63:ab:62:42:59:
         fa:68:ca:0a:bc:b8:a6:fb:39:b5:77:48:a5:bc:11:f3:ed:3b:
         a1:83:1d:52:3e:07:b0:f9:a0:16:c4:5f:29:6f:f1:56:50:cf:
         9d:3f:48:5a:65:9c:88:00:f7:28:68:7b:56:b8:1e:86:bc:62:
         35:8c:c0:19:ab:06:b8:d1:6b:0b:31:51:00:19:9c:7f:c9:2a:
         3b:d0:cc:04:d0:1b:e4:49:75:6e:42:30:21:4f:1c:0c:bd:6c:
         cb:8d:88:22:e7:3f:4d:a8:ce:42:06:1d:c8:bd:04:74:8f:43:
         80:f2:f7:03:e2:03:92:b2:52:cf:4d:0f:9b:1e:d7:24:ef:5c:
         aa:36:60:1a:7e:92:ab:78:ee:c6:4a:fa:fc:0a:84:d3:00:df:
         89:72:6c:01:86:1e:ee:a0:e7:47:d5:dc:a7:68:4a:c5:31:fd:
         cd:2c:2c:d3:a5:a2:86:92:ea:1e:bf:ce:cd:84:5d:5e:f5:c5:
         b1:1c:aa:8e:14:8e:e7:8f:4a:d2:be:02:b1:2d:a1:ed:89:23:
         73:3f:46:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbgicubSVEVp8C91RLeTnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwYWE5NDlkMzFjNjY4ODhjYjQ3NThmMjNkZDVmMzEyMTQx
ZGVjNGEwHhcNMjQwMTAxMTQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTk4NjZiMjljNTBkMjEwOTgxYzJmYjY0NWU4NzM0YmIzMzNiMmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLjPkvI0s0OBXI82f/5PvflaejWp
lk1Jkj54cKrA/WK8qAaK27r21wvY1p0g4h2xmlGU89MAV/3gE2H6xR9LpVW4cR4Y
PI+MdR/22CkItsPCSEdzRfYyJpg6/3I4Z7okmk8+CtQjbPLCsRJ0/LI470Ch6YRJ
qaogZRXNGMFOMcLzWGeEfDGloCNVZ4hMLYGWilQgY5VNloG4a7YGRPeJKY+l+gPz
y/kVgzmARpy5BoXVanOyR6n973GSXJAyDDH/CfjW/twmevWtmtRHlZvqdc6ifNfL
qKEt/KD5ftIoEGP8m6o/XSJxh2FqzCXSOP5dcUSKiKMwoyfLz0+x7ZQ44wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNWYZrKcUNIQmBwvtkXoc0uzM7KlMB8GA1UdIwQY
MBaAFECqlJ0xxmiIy0dY8j3V8xIUHexKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUtxVW5USEdhSWpMUjFqeVBkWHpFaFFkN0VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9kZTk0MDEtNTZiYi00ODEzLThmODgt
ZmQxMWJiMWNjODJkLzEvMVpobXNweFEwaENZSEMtMlJlaHpTN016c3FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9kZTk0MDEtNTZiYi00ODEzLThmODgtZmQxMWJiMWNjODJk
LzEvUUtxVW5USEdhSWpMUjFqeVBkWHpFaFFkN0VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9CaMA0G
CSqGSIb3DQEBCwUAA4IBAQBJlYAL5tKPkdQNr3xoTfQqfF4QvD1EoNK+yPG7z0iz
XLqr47tOyqHxBuq/xHHXlhiUY6tiQln6aMoKvLim+zm1d0ilvBHz7Tuhgx1SPgew
+aAWxF8pb/FWUM+dP0haZZyIAPcoaHtWuB6GvGI1jMAZqwa40WsLMVEAGZx/ySo7
0MwE0BvkSXVuQjAhTxwMvWzLjYgi5z9NqM5CBh3IvQR0j0OA8vcD4gOSslLPTQ+b
Htck71yqNmAafpKreO7GSvr8CoTTAN+JcmwBhh7uoOdH1dynaErFMf3NLCzTpaKG
kuoev87NhF1e9cWxHKqOFI7nj0rSvgKxLaHtiSNzP0ZN
-----END CERTIFICATE-----