Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/fe22c5-d8e3-41f1-9094-f6e8bbdbd33b/1/QB4EUHWmJ0kDo-kkgSAhl8W9O4I.roa
File:                     QB4EUHWmJ0kDo-kkgSAhl8W9O4I.roa (raw, json)
Hash identifier:          KZnD0Z7g/wAmc9uFCdoSLQtL1rj4iU3ehwugpeCfTDQ=
Subject key identifier:   40:1E:04:50:75:A6:27:49:03:A3:E9:24:81:20:21:97:C5:BD:3B:82
Certificate issuer:       /CN=78ac31635d091be6155743311fe1db7c7af3477b
Certificate serial:       018CC34923457452DF7BF98256E6A706DABE
Authority key identifier: 78:AC:31:63:5D:09:1B:E6:15:57:43:31:1F:E1:DB:7C:7A:F3:47:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eKwxY10JG-YVV0MxH-HbfHrzR3s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/fe22c5-d8e3-41f1-9094-f6e8bbdbd33b/1/QB4EUHWmJ0kDo-kkgSAhl8W9O4I.roa
Signing time:             Mon 01 Jan 2024 04:29:59 +0000
ROA not before:           Mon 01 Jan 2024 04:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208901
IP address blocks:        91.198.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/fe22c5-d8e3-41f1-9094-f6e8bbdbd33b/1/eKwxY10JG-YVV0MxH-HbfHrzR3s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/fe22c5-d8e3-41f1-9094-f6e8bbdbd33b/1/eKwxY10JG-YVV0MxH-HbfHrzR3s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eKwxY10JG-YVV0MxH-HbfHrzR3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:23:45:74:52:df:7b:f9:82:56:e6:a7:06:da:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78ac31635d091be6155743311fe1db7c7af3477b
        Validity
            Not Before: Jan  1 04:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=401e045075a6274903a3e92481202197c5bd3b82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:fc:24:ed:b1:4c:63:75:24:e0:c1:a4:4a:31:
                    51:49:19:12:7e:92:a6:40:d2:02:ff:2b:53:c8:4c:
                    3a:5d:9f:a3:49:77:0a:ca:ec:02:8e:43:03:0b:40:
                    8e:a0:e9:44:16:46:cc:d6:de:e5:db:d5:d4:14:54:
                    50:f7:3d:a1:9f:61:2d:2d:72:0d:37:a4:f9:10:b1:
                    03:10:ad:5d:e8:59:9d:9b:57:36:ff:03:5a:c3:43:
                    dd:0e:4f:01:87:68:49:26:8c:7e:50:b3:23:4f:90:
                    7e:5e:86:d6:25:fb:57:f0:3d:63:fb:30:63:75:77:
                    db:74:21:fb:49:b7:21:8c:81:cf:55:e2:29:b8:f9:
                    5a:27:1d:44:83:c3:8a:ff:79:2e:ff:9a:3e:04:0e:
                    10:8d:c5:b2:9e:44:91:f1:0e:eb:ce:33:39:d8:2c:
                    0f:91:cf:56:b5:e7:62:7b:1c:d9:97:4a:a0:1f:1f:
                    d8:ef:ba:a9:a7:da:10:24:a8:0a:da:80:8c:0a:44:
                    d9:cd:8a:9c:70:ed:f2:0d:54:2d:88:fe:05:54:d4:
                    d7:8c:33:c6:0d:56:26:1d:f5:4a:25:56:8c:98:38:
                    e3:4f:10:41:b1:57:ae:ee:6a:b7:72:9b:d7:31:fc:
                    1b:2c:01:20:ad:14:96:1d:8d:ea:92:7a:19:d5:8e:
                    ed:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:1E:04:50:75:A6:27:49:03:A3:E9:24:81:20:21:97:C5:BD:3B:82
            X509v3 Authority Key Identifier:
                keyid:78:AC:31:63:5D:09:1B:E6:15:57:43:31:1F:E1:DB:7C:7A:F3:47:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eKwxY10JG-YVV0MxH-HbfHrzR3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/fe22c5-d8e3-41f1-9094-f6e8bbdbd33b/1/QB4EUHWmJ0kDo-kkgSAhl8W9O4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/fe22c5-d8e3-41f1-9094-f6e8bbdbd33b/1/eKwxY10JG-YVV0MxH-HbfHrzR3s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:cc:c7:35:59:21:6d:e5:dc:81:f5:69:45:cf:0e:97:90:48:
         6a:42:b2:64:30:28:10:07:df:42:b4:ad:72:d2:8e:0c:73:ac:
         f8:32:66:c5:98:06:57:c3:97:6d:21:b3:15:c3:9e:8b:f0:23:
         9f:45:6d:2d:5e:fc:7c:b2:a4:5b:33:91:33:75:c9:c1:56:58:
         63:2d:ff:d4:0e:6c:45:8a:ca:05:ed:ad:04:4e:5c:25:8e:c4:
         18:73:9d:9c:32:63:00:42:81:05:f4:47:73:9f:f4:cd:a9:09:
         58:cb:cb:88:44:17:bd:ab:6e:07:05:56:1d:98:a6:40:c1:78:
         46:5d:46:96:53:e8:ef:38:9a:1f:59:88:a8:84:83:b0:84:1a:
         95:ec:30:21:75:7f:b1:cd:3c:93:95:c0:64:d2:a7:d5:51:41:
         cd:a1:a9:f8:fc:5e:7e:29:ca:c5:16:cf:6c:28:6c:c5:8a:e3:
         23:36:d6:6f:79:8c:5f:56:fe:2b:96:94:ce:0f:3d:87:0c:d9:
         3b:25:cf:63:0f:53:78:da:10:b3:fa:0c:d4:4e:64:25:d1:2a:
         90:18:bc:07:49:47:e7:d0:7c:d8:bd:50:67:24:76:e4:42:7f:
         3c:d8:15:c1:fd:7f:9f:af:9f:17:83:98:70:c8:d0:9e:45:e0:
         05:39:a4:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSSNFdFLfe/mCVuanBtq+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4YWMzMTYzNWQwOTFiZTYxNTU3NDMzMTFmZTFkYjdjN2Fm
MzQ3N2IwHhcNMjQwMTAxMDQyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDFlMDQ1MDc1YTYyNzQ5MDNhM2U5MjQ4MTIwMjE5N2M1YmQzYjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm/wk7bFMY3Uk4MGkSjFRSRkSfpKm
QNIC/ytTyEw6XZ+jSXcKyuwCjkMDC0COoOlEFkbM1t7l29XUFFRQ9z2hn2EtLXIN
N6T5ELEDEK1d6Fmdm1c2/wNaw0PdDk8Bh2hJJox+ULMjT5B+XobWJftX8D1j+zBj
dXfbdCH7SbchjIHPVeIpuPlaJx1Eg8OK/3ku/5o+BA4QjcWynkSR8Q7rzjM52CwP
kc9WtediexzZl0qgHx/Y77qpp9oQJKgK2oCMCkTZzYqccO3yDVQtiP4FVNTXjDPG
DVYmHfVKJVaMmDjjTxBBsVeu7mq3cpvXMfwbLAEgrRSWHY3qknoZ1Y7t7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEAeBFB1pidJA6PpJIEgIZfFvTuCMB8GA1UdIwQY
MBaAFHisMWNdCRvmFVdDMR/h23x680d7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUt3eFkxMEpHLVlWVjBNeEgtSGJmSHJ6UjNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9mZTIyYzUtZDhlMy00MWYxLTkwOTQt
ZjZlOGJiZGJkMzNiLzEvUUI0RVVIV21KMGtEby1ra2dTQWhsOFc5TzRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9mZTIyYzUtZDhlMy00MWYxLTkwOTQtZjZlOGJiZGJkMzNi
LzEvZUt3eFkxMEpHLVlWVjBNeEgtSGJmSHJ6UjNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8ZAMA0G
CSqGSIb3DQEBCwUAA4IBAQAtzMc1WSFt5dyB9WlFzw6XkEhqQrJkMCgQB99CtK1y
0o4Mc6z4MmbFmAZXw5dtIbMVw56L8COfRW0tXvx8sqRbM5EzdcnBVlhjLf/UDmxF
isoF7a0ETlwljsQYc52cMmMAQoEF9Edzn/TNqQlYy8uIRBe9q24HBVYdmKZAwXhG
XUaWU+jvOJofWYiohIOwhBqV7DAhdX+xzTyTlcBk0qfVUUHNoan4/F5+KcrFFs9s
KGzFiuMjNtZveYxfVv4rlpTODz2HDNk7Jc9jD1N42hCz+gzUTmQl0SqQGLwHSUfn
0HzYvVBnJHbkQn882BXB/X+fr58Xg5hwyNCeReAFOaTe
-----END CERTIFICATE-----