Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/17a7af-9853-4ee8-a778-15185f4dd955/1/keApGoX20Fi5wT691V2viEmsicg.roa
File:                     keApGoX20Fi5wT691V2viEmsicg.roa (raw, json)
Hash identifier:          xrM5+BP/GhlptQq/JHKSnVxaEn/uhlYwm+DGu3cE998=
Subject key identifier:   91:E0:29:1A:85:F6:D0:58:B9:C1:3E:BD:D5:5D:AF:88:49:AC:89:C8
Certificate issuer:       /CN=8d243abb7c571aaa9ce223cf61c47e54f9e1ca3b
Certificate serial:       018CC5DBF2F3792CCD8E2B36CFB33E1FC7B0
Authority key identifier: 8D:24:3A:BB:7C:57:1A:AA:9C:E2:23:CF:61:C4:7E:54:F9:E1:CA:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jSQ6u3xXGqqc4iPPYcR-VPnhyjs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/17a7af-9853-4ee8-a778-15185f4dd955/1/keApGoX20Fi5wT691V2viEmsicg.roa
Signing time:             Mon 01 Jan 2024 16:29:35 +0000
ROA not before:           Mon 01 Jan 2024 16:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211451
IP address blocks:        91.234.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/17a7af-9853-4ee8-a778-15185f4dd955/1/jSQ6u3xXGqqc4iPPYcR-VPnhyjs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/17a7af-9853-4ee8-a778-15185f4dd955/1/jSQ6u3xXGqqc4iPPYcR-VPnhyjs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jSQ6u3xXGqqc4iPPYcR-VPnhyjs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 07:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:f2:f3:79:2c:cd:8e:2b:36:cf:b3:3e:1f:c7:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d243abb7c571aaa9ce223cf61c47e54f9e1ca3b
        Validity
            Not Before: Jan  1 16:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91e0291a85f6d058b9c13ebdd55daf8849ac89c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e6:30:18:ee:ae:21:65:e4:2d:62:76:53:b2:
                    2d:11:e4:d8:d5:97:74:30:89:4d:97:51:bd:b2:cb:
                    81:41:3b:fa:e4:78:61:be:73:ec:47:ad:bb:1b:50:
                    91:a3:74:c3:cc:26:73:ff:e2:9e:ae:1c:ac:22:21:
                    c0:03:9d:6d:07:c8:a9:5c:3e:4d:15:82:e8:3d:b8:
                    21:4d:b7:9d:1d:88:a8:6d:9c:f5:c9:d5:d8:53:40:
                    db:48:f9:0c:bd:63:b5:23:c9:dc:bc:2a:02:df:a5:
                    ff:bc:6d:ff:e9:6a:15:50:8d:dc:2a:3d:89:74:39:
                    bd:30:28:1e:db:9c:c1:1c:32:1d:62:e8:12:e3:88:
                    1a:75:e5:16:76:ed:b7:cd:b5:d0:ab:f4:e1:42:b6:
                    00:18:3a:d3:db:65:91:af:78:3b:e3:72:de:89:ab:
                    cc:72:ba:9d:d7:22:b7:13:4a:3e:e4:cf:e6:b2:69:
                    f4:4a:16:0d:f6:a9:1f:9b:5a:53:8b:b2:51:5a:9e:
                    6a:20:8d:2f:2e:7d:ce:bd:91:97:94:9d:62:a5:a8:
                    fb:0a:4d:a5:4f:3e:eb:ed:dc:8d:df:88:bd:96:2a:
                    71:96:e8:d4:c2:4c:19:c8:b4:e8:fc:9a:f5:1c:68:
                    a2:84:77:0b:6c:07:52:05:55:49:44:2a:c3:e1:8b:
                    04:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:E0:29:1A:85:F6:D0:58:B9:C1:3E:BD:D5:5D:AF:88:49:AC:89:C8
            X509v3 Authority Key Identifier:
                keyid:8D:24:3A:BB:7C:57:1A:AA:9C:E2:23:CF:61:C4:7E:54:F9:E1:CA:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jSQ6u3xXGqqc4iPPYcR-VPnhyjs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/17a7af-9853-4ee8-a778-15185f4dd955/1/keApGoX20Fi5wT691V2viEmsicg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/17a7af-9853-4ee8-a778-15185f4dd955/1/jSQ6u3xXGqqc4iPPYcR-VPnhyjs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:49:de:20:e9:95:cb:45:cd:6a:ae:fd:a3:3b:b0:e1:d9:41:
         fd:7e:b5:5c:f7:1d:1b:9f:41:a8:f2:3d:69:fa:b4:7f:4a:2e:
         fa:6c:67:6a:cc:d9:3b:45:fd:4d:cc:f5:97:50:46:85:9d:a7:
         07:ce:66:b9:76:9f:e4:cc:03:4c:26:c4:d9:be:db:04:e1:a8:
         38:e7:16:0e:46:79:a6:87:83:ec:ca:e2:b5:11:71:9c:df:27:
         2e:36:f4:35:5c:f1:62:28:23:a7:f6:a6:49:99:59:1a:48:2f:
         c8:3f:14:a2:5b:a9:61:9b:e0:b9:c7:db:d3:9e:6f:9c:60:ff:
         1b:17:5f:ab:73:b7:76:05:e9:ae:80:e5:97:bd:43:68:6e:9f:
         12:0f:7b:b5:9c:82:fe:cd:e6:e9:dd:b2:a6:1c:e8:5d:7e:ef:
         8d:ea:bf:3d:c6:11:a2:c6:e1:35:06:da:51:a6:06:cf:a7:2c:
         da:08:31:cf:83:83:b3:4d:38:fc:9c:b8:fc:d4:de:14:40:bd:
         28:60:1a:fa:25:a0:54:56:93:b2:49:69:ba:40:84:ad:59:17:
         ae:22:39:fd:2e:a6:55:b2:b2:52:89:62:00:c8:41:76:2b:e5:
         42:97:8f:29:a7:0b:35:5c:eb:e2:b0:ad:fe:e4:ea:0c:a3:a7:
         fd:62:d5:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/LzeSzNjis2z7M+H8ewMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMjQzYWJiN2M1NzFhYWE5Y2UyMjNjZjYxYzQ3ZTU0Zjll
MWNhM2IwHhcNMjQwMTAxMTYyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWUwMjkxYTg1ZjZkMDU4YjljMTNlYmRkNTVkYWY4ODQ5YWM4OWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+YwGO6uIWXkLWJ2U7ItEeTY1Zd0
MIlNl1G9ssuBQTv65HhhvnPsR627G1CRo3TDzCZz/+KerhysIiHAA51tB8ipXD5N
FYLoPbghTbedHYiobZz1ydXYU0DbSPkMvWO1I8ncvCoC36X/vG3/6WoVUI3cKj2J
dDm9MCge25zBHDIdYugS44gadeUWdu23zbXQq/ThQrYAGDrT22WRr3g743LeiavM
crqd1yK3E0o+5M/msmn0ShYN9qkfm1pTi7JRWp5qII0vLn3OvZGXlJ1ipaj7Ck2l
Tz7r7dyN34i9lipxlujUwkwZyLTo/Jr1HGiihHcLbAdSBVVJRCrD4YsEowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJHgKRqF9tBYucE+vdVdr4hJrInIMB8GA1UdIwQY
MBaAFI0kOrt8VxqqnOIjz2HEflT54co7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalNRNnUzeFhHcXFjNGlQUFljUi1WUG5oeWpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8xN2E3YWYtOTg1My00ZWU4LWE3Nzgt
MTUxODVmNGRkOTU1LzEva2VBcEdvWDIwRmk1d1Q2OTFWMnZpRW1zaWNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8xN2E3YWYtOTg1My00ZWU4LWE3NzgtMTUxODVmNGRkOTU1
LzEvalNRNnUzeFhHcXFjNGlQUFljUi1WUG5oeWpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+rpMA0G
CSqGSIb3DQEBCwUAA4IBAQABSd4g6ZXLRc1qrv2jO7Dh2UH9frVc9x0bn0Go8j1p
+rR/Si76bGdqzNk7Rf1NzPWXUEaFnacHzma5dp/kzANMJsTZvtsE4ag45xYORnmm
h4PsyuK1EXGc3ycuNvQ1XPFiKCOn9qZJmVkaSC/IPxSiW6lhm+C5x9vTnm+cYP8b
F1+rc7d2BemugOWXvUNobp8SD3u1nIL+zebp3bKmHOhdfu+N6r89xhGixuE1BtpR
pgbPpyzaCDHPg4OzTTj8nLj81N4UQL0oYBr6JaBUVpOySWm6QIStWReuIjn9LqZV
srJSiWIAyEF2K+VCl48ppws1XOvisK3+5OoMo6f9YtWU
-----END CERTIFICATE-----