Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Toa9P9CTLP7xY8U8TWx5md8n30o.roa
File:                     Toa9P9CTLP7xY8U8TWx5md8n30o.roa (raw, json)
Hash identifier:          famDGZ4krBgY2cdvD2CSdQlTBMV3ghs54Akk9jyvqvg=
Subject key identifier:   4E:86:BD:3F:D0:93:2C:FE:F1:63:C5:3C:4D:6C:79:99:DF:27:DF:4A
Certificate issuer:       /CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
Certificate serial:       018CC42459D8F6C51C93DC01F612078E8444
Authority key identifier: 62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Toa9P9CTLP7xY8U8TWx5md8n30o.roa
Signing time:             Mon 01 Jan 2024 08:29:25 +0000
ROA not before:           Mon 01 Jan 2024 08:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202432
IP address blocks:        91.108.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 16:02:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:59:d8:f6:c5:1c:93:dc:01:f6:12:07:8e:84:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
        Validity
            Not Before: Jan  1 08:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e86bd3fd0932cfef163c53c4d6c7999df27df4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:57:db:88:c9:44:32:46:10:31:d3:53:ca:27:
                    5f:06:86:13:dd:b6:8d:03:93:4d:5e:bd:1a:c9:d3:
                    d0:4e:f4:af:c6:db:4b:d8:48:c0:84:36:e9:98:8a:
                    ad:33:08:61:76:af:b9:85:db:31:80:eb:7c:ac:7a:
                    5f:20:e7:29:c5:a6:a1:57:9b:14:e8:7f:f2:9b:c0:
                    89:44:7b:01:66:98:c4:06:62:2a:a5:d8:2c:79:9d:
                    d5:ed:8b:f9:8d:23:c6:f9:62:7b:11:f4:ee:28:c4:
                    60:7c:76:ea:f6:f9:e7:70:34:8a:92:a6:fc:9c:fe:
                    3f:76:be:cb:e8:d9:02:b8:a7:87:2b:0b:64:5a:a1:
                    d7:37:33:8d:9f:f5:26:fe:dd:a6:95:11:80:74:a9:
                    09:e6:e7:c6:72:4a:19:29:a7:0c:63:8c:be:8e:7c:
                    03:29:47:0b:b3:62:b9:c7:4b:52:18:5b:25:a1:01:
                    58:a3:26:e4:3c:24:67:6b:ab:f9:10:f7:04:dc:80:
                    7e:c8:8d:ac:45:f9:64:6a:1a:fc:fd:e9:cf:4a:be:
                    8e:a0:a9:03:f7:22:3b:cd:d5:bc:60:dc:19:cc:4b:
                    55:f0:95:2a:14:a1:c6:3d:d1:1d:f8:36:57:2f:c1:
                    c0:7b:99:2d:18:71:42:85:89:3b:9d:57:3f:3d:dd:
                    fb:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:86:BD:3F:D0:93:2C:FE:F1:63:C5:3C:4D:6C:79:99:DF:27:DF:4A
            X509v3 Authority Key Identifier:
                keyid:62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Toa9P9CTLP7xY8U8TWx5md8n30o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:bb:57:36:9e:e1:11:c2:59:db:dc:a9:02:5c:c8:aa:08:d3:
         61:6e:80:6d:25:ce:98:bc:2f:39:09:b9:5d:a3:5b:27:36:1d:
         c8:ad:af:33:57:1f:b3:86:36:10:ee:bc:51:8b:08:dc:fe:8e:
         fd:62:04:2e:ec:87:58:ec:7c:e8:ca:d4:7f:7c:6a:8e:b1:86:
         fa:d1:31:4c:c3:00:a1:43:eb:d9:69:6d:39:cd:ed:58:74:90:
         29:c7:88:af:13:b5:d1:1f:aa:50:18:a9:7e:ed:60:e8:dd:9b:
         4e:49:d5:c3:06:a1:a7:f4:41:ab:19:62:78:39:67:55:a4:6d:
         ba:dd:73:b3:1c:5f:f4:f3:41:3b:ab:32:9e:a0:bc:4b:36:81:
         6c:81:ec:5c:04:04:f6:ce:ee:ed:89:a7:53:1a:f5:aa:58:e9:
         e4:4b:51:22:d2:5c:01:39:38:a8:22:af:88:3a:13:09:9d:41:
         20:92:2a:53:bb:16:74:ff:9b:d2:f8:14:b9:a6:5b:90:34:b6:
         0f:1f:1f:86:33:8b:5c:52:7e:b1:b9:c7:cc:d0:16:51:a1:9e:
         ee:50:ce:8e:fa:70:46:4a:d3:4c:a8:c3:00:ab:13:7b:ff:77:
         db:b9:31:44:d9:2c:fe:07:e1:b9:d5:84:8f:ba:cc:4c:4e:5d:
         8f:45:ef:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFnY9sUck9wB9hIHjoREMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjhlN2UwMWZhZGE0OWMxYTUyZmExM2YzNjI2YzQxYjQx
YTUxYjgwHhcNMjQwMTAxMDgyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTg2YmQzZmQwOTMyY2ZlZjE2M2M1M2M0ZDZjNzk5OWRmMjdkZjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlfbiMlEMkYQMdNTyidfBoYT3baN
A5NNXr0aydPQTvSvxttL2EjAhDbpmIqtMwhhdq+5hdsxgOt8rHpfIOcpxaahV5sU
6H/ym8CJRHsBZpjEBmIqpdgseZ3V7Yv5jSPG+WJ7EfTuKMRgfHbq9vnncDSKkqb8
nP4/dr7L6NkCuKeHKwtkWqHXNzONn/Um/t2mlRGAdKkJ5ufGckoZKacMY4y+jnwD
KUcLs2K5x0tSGFsloQFYoybkPCRna6v5EPcE3IB+yI2sRflkahr8/enPSr6OoKkD
9yI7zdW8YNwZzEtV8JUqFKHGPdEd+DZXL8HAe5ktGHFChYk7nVc/Pd37yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE6GvT/Qkyz+8WPFPE1seZnfJ99KMB8GA1UdIwQY
MBaAFGIo5+AfraScGlL6E/NibEG0GlG4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUt
NzY3NDE2NTI1MTBkLzEvVG9hOVA5Q1RMUDd4WThVOFRXeDVtZDhuMzBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUtNzY3NDE2NTI1MTBk
LzEvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2wqMA0G
CSqGSIb3DQEBCwUAA4IBAQCMu1c2nuERwlnb3KkCXMiqCNNhboBtJc6YvC85Cbld
o1snNh3Ira8zVx+zhjYQ7rxRiwjc/o79YgQu7IdY7HzoytR/fGqOsYb60TFMwwCh
Q+vZaW05ze1YdJApx4ivE7XRH6pQGKl+7WDo3ZtOSdXDBqGn9EGrGWJ4OWdVpG26
3XOzHF/080E7qzKeoLxLNoFsgexcBAT2zu7tiadTGvWqWOnkS1Ei0lwBOTioIq+I
OhMJnUEgkipTuxZ0/5vS+BS5pluQNLYPHx+GM4tcUn6xucfM0BZRoZ7uUM6O+nBG
StNMqMMAqxN7/3fbuTFE2Sz+B+G51YSPusxMTl2PRe9A
-----END CERTIFICATE-----