Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/51JbXQE8W7Kc47U0WOX_IuQffRA.roa
File:                     51JbXQE8W7Kc47U0WOX_IuQffRA.roa (raw, json)
Hash identifier:          YEn7ouoq+063hf5uiarH1PLgrnU6RmYjcQKnw3EWkfI=
Subject key identifier:   E7:52:5B:5D:01:3C:5B:B2:9C:E3:B5:34:58:E5:FF:22:E4:1F:7D:10
Certificate issuer:       /CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
Certificate serial:       018D46F1F9BBAA68390D487BF92252A1F630
Authority key identifier: 88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/51JbXQE8W7Kc47U0WOX_IuQffRA.roa
Signing time:             Fri 26 Jan 2024 18:04:39 +0000
ROA not before:           Fri 26 Jan 2024 18:04:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398465
IP address blocks:        91.247.178.0/24 maxlen: 24
                          178.23.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:02:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:46:f1:f9:bb:aa:68:39:0d:48:7b:f9:22:52:a1:f6:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
        Validity
            Not Before: Jan 26 18:04:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7525b5d013c5bb29ce3b53458e5ff22e41f7d10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:a4:6c:38:60:37:4a:73:4e:01:99:5f:00:e8:
                    82:be:e2:03:83:ed:4c:7a:c1:58:e9:c4:9c:e8:93:
                    d5:c6:bc:6c:8a:b4:74:28:29:b9:db:f9:81:dc:e6:
                    71:74:2a:b3:ad:22:c1:b8:f8:34:ad:da:a7:07:63:
                    a1:b6:35:2f:1c:08:a8:30:46:69:cf:0d:a0:56:9f:
                    bf:67:e4:28:9f:53:c5:92:ae:7d:d2:ac:81:ca:e4:
                    c6:02:cb:8f:ac:40:6d:8f:a9:15:96:54:5d:f5:c7:
                    42:2c:89:93:eb:77:2e:df:65:63:88:9a:e3:f5:96:
                    40:40:51:1f:bf:f8:d5:04:eb:5b:2e:4a:ec:fa:6c:
                    e8:99:39:32:49:cc:d5:6a:cf:6c:c3:6a:37:8f:54:
                    9d:88:bd:9d:3d:7b:67:58:e1:b2:91:82:a0:42:e1:
                    84:cd:93:c4:35:59:9f:e6:6d:a2:43:e7:87:b1:ea:
                    ce:b5:06:48:4a:33:cb:85:9a:2a:cd:a6:b6:38:24:
                    37:9d:13:f3:a4:82:08:15:db:58:7c:0a:42:8e:6d:
                    21:cd:62:5b:97:d2:50:d3:62:8f:ba:26:e5:5f:19:
                    09:4e:9c:ed:97:73:9c:5a:b7:b8:78:a0:7c:6b:2d:
                    66:73:02:48:64:e0:2d:ae:47:dd:de:10:b2:a0:75:
                    fc:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:52:5B:5D:01:3C:5B:B2:9C:E3:B5:34:58:E5:FF:22:E4:1F:7D:10
            X509v3 Authority Key Identifier:
                keyid:88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/51JbXQE8W7Kc47U0WOX_IuQffRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.247.178.0/24
                  178.23.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:5f:49:5d:d2:4a:c4:d6:4f:44:5b:ad:93:00:4a:53:67:64:
         10:ce:05:e2:11:77:46:9f:28:79:94:50:81:72:9b:c2:40:44:
         fa:b4:32:98:59:98:cf:f3:fa:ad:a6:ee:88:de:75:64:2e:60:
         97:ae:42:87:cd:fb:2a:70:01:a3:ca:e7:77:02:01:c6:e2:c5:
         54:ed:a2:28:18:f4:55:31:ad:02:5f:aa:e1:bd:fc:aa:94:74:
         75:8a:b4:bd:bb:16:13:1b:81:c4:7f:fb:29:92:13:d9:39:71:
         ef:32:3d:db:47:d2:12:43:f9:a8:3e:db:54:ec:71:1c:7d:08:
         5a:f3:ca:9a:48:e1:f8:50:9e:2d:fb:3a:ae:de:27:34:c6:21:
         82:3a:3a:2a:70:0d:cb:ea:5b:c6:a8:9c:7f:9c:05:0e:3a:11:
         de:b8:c0:ec:67:02:94:6e:d9:a6:28:6c:33:30:99:98:bd:e4:
         df:87:a5:30:60:27:ed:ab:68:75:ad:b0:1f:c0:30:e6:23:cc:
         86:af:7c:a7:38:28:1a:ac:ad:5d:da:e8:94:20:2e:1b:31:c4:
         63:7c:32:3b:13:36:d8:b4:61:92:b7:a8:6b:3e:e3:fb:5d:2a:
         e9:93:a2:c7:58:46:de:39:31:d7:e9:ab:99:68:4a:9c:c7:1f:
         1d:d3:0c:b9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1G8fm7qmg5DUh7+SJSofYwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YjIxM2JmMTYyNzU0OGVmZGZiMWIyZTI2NDViYWFmMWQ5
ODNhYTAwHhcNMjQwMTI2MTgwNDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzUyNWI1ZDAxM2M1YmIyOWNlM2I1MzQ1OGU1ZmYyMmU0MWY3ZDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4KRsOGA3SnNOAZlfAOiCvuIDg+1M
esFY6cSc6JPVxrxsirR0KCm52/mB3OZxdCqzrSLBuPg0rdqnB2OhtjUvHAioMEZp
zw2gVp+/Z+Qon1PFkq590qyByuTGAsuPrEBtj6kVllRd9cdCLImT63cu32VjiJrj
9ZZAQFEfv/jVBOtbLkrs+mzomTkySczVas9sw2o3j1SdiL2dPXtnWOGykYKgQuGE
zZPENVmf5m2iQ+eHserOtQZISjPLhZoqzaa2OCQ3nRPzpIIIFdtYfApCjm0hzWJb
l9JQ02KPuiblXxkJTpztl3OcWre4eKB8ay1mcwJIZOAtrkfd3hCyoHX86wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOdSW10BPFuynOO1NFjl/yLkH30QMB8GA1UdIwQY
MBaAFIiyE78WJ1SO/fsbLiZFuq8dmDqgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2Ut
NzI3MzVlMTE4ZDUxLzEvNTFKYlhRRThXN0tjNDdVMFdPWF9JdVFmZlJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2UtNzI3MzVlMTE4ZDUx
LzEvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW/eyAwQA
she8MA0GCSqGSIb3DQEBCwUAA4IBAQCfX0ld0krE1k9EW62TAEpTZ2QQzgXiEXdG
nyh5lFCBcpvCQET6tDKYWZjP8/qtpu6I3nVkLmCXrkKHzfsqcAGjyud3AgHG4sVU
7aIoGPRVMa0CX6rhvfyqlHR1irS9uxYTG4HEf/spkhPZOXHvMj3bR9ISQ/moPttU
7HEcfQha88qaSOH4UJ4t+zqu3ic0xiGCOjoqcA3L6lvGqJx/nAUOOhHeuMDsZwKU
btmmKGwzMJmYveTfh6UwYCftq2h1rbAfwDDmI8yGr3ynOCgarK1d2uiUIC4bMcRj
fDI7EzbYtGGSt6hrPuP7XSrpk6LHWEbeOTHX6auZaEqcxx8d0wy5
-----END CERTIFICATE-----