Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/77f532-398f-4ad8-b348-bdad7ef776c4/1/XnwBPF6v1-qMOmH6FW7LX4lIySs.roa
File:                     XnwBPF6v1-qMOmH6FW7LX4lIySs.roa (raw, json)
Hash identifier:          cPNcpcRrU5rBA2C7r3m3l+bjAUAeoQhRmOGZFJPgPhc=
Subject key identifier:   5E:7C:01:3C:5E:AF:D7:EA:8C:3A:61:FA:15:6E:CB:5F:89:48:C9:2B
Certificate issuer:       /CN=e847e88749704294552fef54886111ed0586ec24
Certificate serial:       019171E16550B0D1A07E33186CC3C1106698
Authority key identifier: E8:47:E8:87:49:70:42:94:55:2F:EF:54:88:61:11:ED:05:86:EC:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6Efoh0lwQpRVL-9UiGER7QWG7CQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/77f532-398f-4ad8-b348-bdad7ef776c4/1/XnwBPF6v1-qMOmH6FW7LX4lIySs.roa
Signing time:             Tue 20 Aug 2024 22:21:22 +0000
ROA not before:           Tue 20 Aug 2024 22:21:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203394
IP address blocks:        91.231.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/77f532-398f-4ad8-b348-bdad7ef776c4/1/6Efoh0lwQpRVL-9UiGER7QWG7CQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/77f532-398f-4ad8-b348-bdad7ef776c4/1/6Efoh0lwQpRVL-9UiGER7QWG7CQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6Efoh0lwQpRVL-9UiGER7QWG7CQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:71:e1:65:50:b0:d1:a0:7e:33:18:6c:c3:c1:10:66:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e847e88749704294552fef54886111ed0586ec24
        Validity
            Not Before: Aug 20 22:21:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e7c013c5eafd7ea8c3a61fa156ecb5f8948c92b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:46:4a:25:fc:36:13:90:15:ab:da:46:a3:30:
                    c7:0f:6d:d8:f5:93:6d:3b:c7:8e:9b:7b:82:64:af:
                    b5:63:29:2e:bf:f8:3f:c1:3c:ac:58:46:ec:e4:ab:
                    dd:8c:ac:28:e0:5d:60:47:e4:16:03:b9:71:42:c1:
                    ae:bf:7e:2c:fc:6e:28:2d:65:7d:ba:40:40:9a:fd:
                    8d:52:0e:16:fe:0f:41:83:87:f2:b2:f2:0a:1b:af:
                    6f:93:88:7c:e8:e9:bb:44:df:0f:ee:f6:7d:0c:3a:
                    81:00:7f:11:26:42:59:83:96:cc:96:2b:5f:08:0e:
                    7e:b7:3d:f9:b4:3c:16:79:60:5a:1c:b5:64:60:5b:
                    21:60:79:78:55:fe:85:fa:4c:23:b4:95:f8:ab:a1:
                    29:ae:f5:60:13:56:08:a7:f6:f8:bc:0b:86:18:81:
                    92:54:bb:7f:cc:f6:66:73:1b:c0:ef:93:85:5a:36:
                    fb:03:a2:58:67:6e:17:9b:12:e6:62:14:85:83:77:
                    6e:f1:88:26:36:ed:5f:49:a8:d8:2a:44:76:05:1e:
                    d8:af:d0:27:88:2c:72:37:dd:41:dc:78:ed:27:ae:
                    24:d6:63:07:4a:eb:f8:46:52:ec:42:8c:0a:d7:ae:
                    b7:ed:66:b4:70:21:7d:7f:18:08:90:d1:7d:e5:99:
                    41:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:7C:01:3C:5E:AF:D7:EA:8C:3A:61:FA:15:6E:CB:5F:89:48:C9:2B
            X509v3 Authority Key Identifier:
                keyid:E8:47:E8:87:49:70:42:94:55:2F:EF:54:88:61:11:ED:05:86:EC:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6Efoh0lwQpRVL-9UiGER7QWG7CQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/77f532-398f-4ad8-b348-bdad7ef776c4/1/XnwBPF6v1-qMOmH6FW7LX4lIySs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/77f532-398f-4ad8-b348-bdad7ef776c4/1/6Efoh0lwQpRVL-9UiGER7QWG7CQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:26:72:bd:ae:9b:81:0a:5f:63:f6:cd:7e:fd:f2:07:c0:4a:
         e9:3c:c1:8b:bc:01:80:a0:f9:8c:e2:35:cf:38:ba:0c:01:0f:
         15:ed:56:52:83:2a:ff:9f:ef:6e:8d:a3:c8:26:27:c2:53:cc:
         f6:3e:b1:46:32:65:b4:b4:be:e3:f6:08:17:bb:e2:cf:04:f9:
         7e:87:cf:b3:16:43:8e:72:85:a4:b4:00:ce:29:51:eb:18:ae:
         99:ea:43:3e:3a:22:d0:a6:cd:ef:34:83:e8:8f:31:89:7c:21:
         84:e1:23:6c:65:d1:94:5f:f2:a3:4e:c0:02:3d:78:63:25:3b:
         29:ee:e3:3b:c5:cd:36:60:ed:7d:c5:b7:82:a9:a7:68:b9:36:
         90:66:c6:37:4c:4c:ec:ba:6f:61:28:ca:08:1a:94:ab:09:dd:
         0b:ee:0b:c9:7e:45:1d:f3:6a:c2:b6:7e:f4:8e:8b:a0:06:b4:
         7f:35:6c:dd:26:93:81:45:45:26:f8:ec:df:bd:20:5c:2f:db:
         0a:dd:28:c5:2b:08:b9:a9:5c:7a:3a:74:ec:68:09:df:5c:0a:
         60:8a:0a:e2:32:d4:d3:d8:84:90:bc:1f:05:6b:55:83:7d:d3:
         34:30:2f:2c:c4:17:41:14:80:33:32:99:c1:a5:9b:a4:c9:27:
         d1:c6:0f:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFx4WVQsNGgfjMYbMPBEGaYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NDdlODg3NDk3MDQyOTQ1NTJmZWY1NDg4NjExMWVkMDU4
NmVjMjQwHhcNMjQwODIwMjIyMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTdjMDEzYzVlYWZkN2VhOGMzYTYxZmExNTZlY2I1Zjg5NDhjOTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEZKJfw2E5AVq9pGozDHD23Y9ZNt
O8eOm3uCZK+1Yykuv/g/wTysWEbs5KvdjKwo4F1gR+QWA7lxQsGuv34s/G4oLWV9
ukBAmv2NUg4W/g9Bg4fysvIKG69vk4h86Om7RN8P7vZ9DDqBAH8RJkJZg5bMlitf
CA5+tz35tDwWeWBaHLVkYFshYHl4Vf6F+kwjtJX4q6EprvVgE1YIp/b4vAuGGIGS
VLt/zPZmcxvA75OFWjb7A6JYZ24XmxLmYhSFg3du8YgmNu1fSajYKkR2BR7Yr9An
iCxyN91B3HjtJ64k1mMHSuv4RlLsQowK16637Wa0cCF9fxgIkNF95ZlB1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF58ATxer9fqjDph+hVuy1+JSMkrMB8GA1UdIwQY
MBaAFOhH6IdJcEKUVS/vVIhhEe0FhuwkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkVmb2gwbHdRcFJWTC05VWlHRVI3UVdHN0NRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS83N2Y1MzItMzk4Zi00YWQ4LWIzNDgt
YmRhZDdlZjc3NmM0LzEvWG53QlBGNnYxLXFNT21INkZXN0xYNGxJeVNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS83N2Y1MzItMzk4Zi00YWQ4LWIzNDgtYmRhZDdlZjc3NmM0
LzEvNkVmb2gwbHdRcFJWTC05VWlHRVI3UVdHN0NRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+e2MA0G
CSqGSIb3DQEBCwUAA4IBAQAfJnK9rpuBCl9j9s1+/fIHwErpPMGLvAGAoPmM4jXP
OLoMAQ8V7VZSgyr/n+9ujaPIJifCU8z2PrFGMmW0tL7j9ggXu+LPBPl+h8+zFkOO
coWktADOKVHrGK6Z6kM+OiLQps3vNIPojzGJfCGE4SNsZdGUX/KjTsACPXhjJTsp
7uM7xc02YO19xbeCqadouTaQZsY3TEzsum9hKMoIGpSrCd0L7gvJfkUd82rCtn70
jougBrR/NWzdJpOBRUUm+OzfvSBcL9sK3SjFKwi5qVx6OnTsaAnfXApgigriMtTT
2ISQvB8Fa1WDfdM0MC8sxBdBFIAzMpnBpZukySfRxg8A
-----END CERTIFICATE-----