Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/1bdda9-64ec-4fb6-8b40-f4b9da480ee2/1/5glbKL0fafn4t8KTq8LCMNWR_c4.roa
File:                     5glbKL0fafn4t8KTq8LCMNWR_c4.roa (raw, json)
Hash identifier:          8so5BeK4kI4hUqd1qi474mjtpCYgboO+KcMMx8rcb+M=
Subject key identifier:   E6:09:5B:28:BD:1F:69:F9:F8:B7:C2:93:AB:C2:C2:30:D5:91:FD:CE
Certificate issuer:       /CN=378aa6ed4b6cac6b3a52961bcfa229cfda00080e
Certificate serial:       018CC8DF04925CA248028F9197E2FFCFBC86
Authority key identifier: 37:8A:A6:ED:4B:6C:AC:6B:3A:52:96:1B:CF:A2:29:CF:DA:00:08:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N4qm7UtsrGs6UpYbz6Ipz9oACA4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/1bdda9-64ec-4fb6-8b40-f4b9da480ee2/1/5glbKL0fafn4t8KTq8LCMNWR_c4.roa
Signing time:             Tue 02 Jan 2024 06:31:48 +0000
ROA not before:           Tue 02 Jan 2024 06:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        91.227.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/1bdda9-64ec-4fb6-8b40-f4b9da480ee2/1/N4qm7UtsrGs6UpYbz6Ipz9oACA4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/1bdda9-64ec-4fb6-8b40-f4b9da480ee2/1/N4qm7UtsrGs6UpYbz6Ipz9oACA4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N4qm7UtsrGs6UpYbz6Ipz9oACA4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:04:92:5c:a2:48:02:8f:91:97:e2:ff:cf:bc:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=378aa6ed4b6cac6b3a52961bcfa229cfda00080e
        Validity
            Not Before: Jan  2 06:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6095b28bd1f69f9f8b7c293abc2c230d591fdce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:70:b2:5e:29:ec:b5:1a:4d:ac:5b:dc:db:80:
                    95:4b:cf:0b:a4:9c:0d:6b:51:34:05:79:3d:6b:3a:
                    25:62:cc:4e:e0:b3:af:93:9e:22:f7:e9:c4:cb:b7:
                    25:67:f9:cb:1b:92:e5:0f:a9:c1:80:e0:c6:9f:56:
                    bb:35:17:f3:40:16:1c:12:4e:47:3b:0a:1c:0d:89:
                    6d:ef:24:57:a4:a1:a2:b8:09:ed:0f:eb:f1:59:8b:
                    79:99:2c:bf:65:1c:2c:57:51:25:a4:5b:69:6d:d8:
                    ad:d7:12:76:d1:12:7d:13:2a:3c:03:e7:7f:31:07:
                    9c:54:4e:39:6f:b5:e1:b4:4a:37:18:ee:7a:68:af:
                    13:c3:2e:44:89:0e:e5:84:98:94:ea:ec:a2:e7:7f:
                    aa:c8:a4:0f:4e:b7:4a:4b:cc:ab:73:ec:61:21:19:
                    a0:1d:0c:52:ab:d7:4f:c0:9d:55:92:d4:3a:8a:41:
                    c4:cc:ab:9a:82:ba:66:dd:d6:35:1f:7d:77:ab:eb:
                    e5:44:be:04:40:42:6e:c6:13:9b:c3:51:d3:20:8b:
                    a6:f2:3a:dc:b7:c7:a5:14:c9:ca:b8:5f:51:44:87:
                    8a:c9:1e:43:20:b8:ef:d3:64:03:4b:1c:fd:27:cd:
                    50:7e:5f:e5:c8:d9:7d:1e:53:1b:36:5a:69:0c:6c:
                    cb:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:09:5B:28:BD:1F:69:F9:F8:B7:C2:93:AB:C2:C2:30:D5:91:FD:CE
            X509v3 Authority Key Identifier:
                keyid:37:8A:A6:ED:4B:6C:AC:6B:3A:52:96:1B:CF:A2:29:CF:DA:00:08:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N4qm7UtsrGs6UpYbz6Ipz9oACA4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/1bdda9-64ec-4fb6-8b40-f4b9da480ee2/1/5glbKL0fafn4t8KTq8LCMNWR_c4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/1bdda9-64ec-4fb6-8b40-f4b9da480ee2/1/N4qm7UtsrGs6UpYbz6Ipz9oACA4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:12:d1:85:f3:b7:78:0a:7c:63:a3:d4:47:12:fb:a7:e8:ca:
         3b:d8:88:66:51:a1:6b:b3:d3:29:0c:5e:00:ff:08:6f:76:c3:
         1c:0a:ec:d1:25:df:3b:97:d6:07:0d:90:07:d6:37:b8:b9:b4:
         00:14:5d:21:26:83:bb:56:e5:97:3e:7c:25:a5:55:69:f2:86:
         bb:8c:c8:19:7a:80:ae:0e:76:94:df:41:5f:a4:c5:51:50:7d:
         82:6e:5b:4e:21:c1:60:74:52:ae:42:0e:7f:34:70:74:4a:e1:
         a3:e5:43:36:c5:9c:81:55:fc:32:dd:10:c4:0b:f6:9e:7c:59:
         70:c3:c6:61:f2:fa:02:c9:de:d2:8e:92:04:04:4e:79:45:c5:
         da:46:97:bd:f0:23:95:f3:7d:b8:2c:27:7e:05:db:7d:83:cf:
         92:7e:43:a9:d0:64:80:47:85:1b:26:b9:f9:87:55:b9:59:25:
         73:34:ff:f8:e5:be:8b:c4:d1:6c:f7:42:b4:09:ac:87:d2:15:
         7d:2b:4f:e0:30:09:c2:3f:dd:bc:a3:06:f0:39:d1:e7:52:8a:
         7f:47:a1:d7:d7:a6:e1:f4:6a:f5:f0:01:6a:ac:a4:ac:ae:54:
         73:58:c4:6a:7d:51:6a:60:b6:20:9e:2d:fe:3c:fb:6f:35:38:
         b0:f8:bf:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3wSSXKJIAo+Rl+L/z7yGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3OGFhNmVkNGI2Y2FjNmIzYTUyOTYxYmNmYTIyOWNmZGEw
MDA4MGUwHhcNMjQwMTAyMDYzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjA5NWIyOGJkMWY2OWY5ZjhiN2MyOTNhYmMyYzIzMGQ1OTFmZGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHCyXinstRpNrFvc24CVS88LpJwN
a1E0BXk9azolYsxO4LOvk54i9+nEy7clZ/nLG5LlD6nBgODGn1a7NRfzQBYcEk5H
OwocDYlt7yRXpKGiuAntD+vxWYt5mSy/ZRwsV1ElpFtpbdit1xJ20RJ9Eyo8A+d/
MQecVE45b7XhtEo3GO56aK8Twy5EiQ7lhJiU6uyi53+qyKQPTrdKS8yrc+xhIRmg
HQxSq9dPwJ1VktQ6ikHEzKuagrpm3dY1H313q+vlRL4EQEJuxhObw1HTIIum8jrc
t8elFMnKuF9RRIeKyR5DILjv02QDSxz9J81Qfl/lyNl9HlMbNlppDGzLxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOYJWyi9H2n5+LfCk6vCwjDVkf3OMB8GA1UdIwQY
MBaAFDeKpu1LbKxrOlKWG8+iKc/aAAgOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjRxbTdVdHNyR3M2VXBZYno2SXB6OW9BQ0E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8xYmRkYTktNjRlYy00ZmI2LThiNDAt
ZjRiOWRhNDgwZWUyLzEvNWdsYktMMGZhZm40dDhLVHE4TENNTldSX2M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8xYmRkYTktNjRlYy00ZmI2LThiNDAtZjRiOWRhNDgwZWUy
LzEvTjRxbTdVdHNyR3M2VXBZYno2SXB6OW9BQ0E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+NLMA0G
CSqGSIb3DQEBCwUAA4IBAQB4EtGF87d4Cnxjo9RHEvun6Mo72IhmUaFrs9MpDF4A
/whvdsMcCuzRJd87l9YHDZAH1je4ubQAFF0hJoO7VuWXPnwlpVVp8oa7jMgZeoCu
DnaU30FfpMVRUH2CbltOIcFgdFKuQg5/NHB0SuGj5UM2xZyBVfwy3RDEC/aefFlw
w8Zh8voCyd7SjpIEBE55RcXaRpe98COV8324LCd+Bdt9g8+SfkOp0GSAR4UbJrn5
h1W5WSVzNP/45b6LxNFs90K0CayH0hV9K0/gMAnCP928owbwOdHnUop/R6HX16bh
9Gr18AFqrKSsrlRzWMRqfVFqYLYgni3+PPtvNTiw+L9x
-----END CERTIFICATE-----