Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/d1da6a-4919-499a-9a41-2bbb48efb0ed/1/8mE9LdYe_irQGST0900FNVt_dpk.roa
File:                     8mE9LdYe_irQGST0900FNVt_dpk.roa (raw, json)
Hash identifier:          9p4Xzsf1GfE1vumvzU0hTju4++h2E3gackvegSeTMgE=
Subject key identifier:   F2:61:3D:2D:D6:1E:FE:2A:D0:19:24:F4:F7:4D:05:35:5B:7F:76:99
Certificate issuer:       /CN=79a295c80b54c2dbe77ba47de7daec6b986021b4
Certificate serial:       018CC64B13A9F8243C2838431D8E480924AE
Authority key identifier: 79:A2:95:C8:0B:54:C2:DB:E7:7B:A4:7D:E7:DA:EC:6B:98:60:21:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eaKVyAtUwtvne6R959rsa5hgIbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/d1da6a-4919-499a-9a41-2bbb48efb0ed/1/8mE9LdYe_irQGST0900FNVt_dpk.roa
Signing time:             Mon 01 Jan 2024 18:30:58 +0000
ROA not before:           Mon 01 Jan 2024 18:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44407
IP address blocks:        91.234.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/d1da6a-4919-499a-9a41-2bbb48efb0ed/1/eaKVyAtUwtvne6R959rsa5hgIbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/d1da6a-4919-499a-9a41-2bbb48efb0ed/1/eaKVyAtUwtvne6R959rsa5hgIbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eaKVyAtUwtvne6R959rsa5hgIbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:13:a9:f8:24:3c:28:38:43:1d:8e:48:09:24:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79a295c80b54c2dbe77ba47de7daec6b986021b4
        Validity
            Not Before: Jan  1 18:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2613d2dd61efe2ad01924f4f74d05355b7f7699
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c7:86:e3:bd:42:92:d2:55:cc:21:9c:08:80:
                    f9:53:7d:e8:21:63:d8:b0:ea:4f:cc:77:b4:e3:b2:
                    81:aa:fb:3f:1f:49:b0:23:37:40:10:24:0e:74:46:
                    d1:b3:40:f7:d9:36:cf:c3:5c:72:89:14:07:24:30:
                    e3:a4:c6:cc:4a:0c:4c:f4:bf:a8:60:cf:f5:6d:e3:
                    90:df:44:4c:97:51:bb:90:c4:ba:04:94:34:cb:7b:
                    89:27:1e:d9:32:3b:f5:be:f2:43:1e:c7:94:7f:3e:
                    ce:3b:9e:49:f6:b6:ed:39:b5:6a:2f:3d:8f:5f:9c:
                    2a:0a:3a:ec:c2:2b:76:68:df:a2:a6:dc:29:cf:ab:
                    5b:37:bd:dd:b5:32:61:ec:ca:48:f2:08:93:00:72:
                    13:04:3e:e1:55:90:b2:58:b9:ac:9d:1d:14:43:56:
                    2a:fd:82:7f:ad:b8:b7:81:ae:64:17:c0:57:24:c2:
                    69:af:ba:93:42:95:9f:0d:d0:22:b8:9a:ab:87:5c:
                    9b:34:00:1c:47:27:1a:f7:78:ca:92:32:6e:eb:5d:
                    29:32:09:65:3d:d0:d9:ba:ea:8e:35:23:55:f8:20:
                    9f:e1:f8:dd:18:0f:56:4a:33:e9:26:f9:b8:0c:29:
                    90:bd:57:75:40:3f:29:1b:5d:3a:8c:14:04:da:de:
                    f3:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:61:3D:2D:D6:1E:FE:2A:D0:19:24:F4:F7:4D:05:35:5B:7F:76:99
            X509v3 Authority Key Identifier:
                keyid:79:A2:95:C8:0B:54:C2:DB:E7:7B:A4:7D:E7:DA:EC:6B:98:60:21:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eaKVyAtUwtvne6R959rsa5hgIbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d1da6a-4919-499a-9a41-2bbb48efb0ed/1/8mE9LdYe_irQGST0900FNVt_dpk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d1da6a-4919-499a-9a41-2bbb48efb0ed/1/eaKVyAtUwtvne6R959rsa5hgIbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:30:b1:f5:c0:c5:0c:15:fc:aa:37:8f:1d:4d:4b:11:e5:c5:
         82:f1:8c:e8:e4:0f:f1:bd:6b:1e:be:66:92:8d:48:63:98:32:
         5d:39:dd:68:16:77:2d:42:9e:64:2d:4e:56:f8:d6:94:c6:b8:
         6f:85:13:78:cd:5a:24:47:97:55:8a:f4:9d:c3:97:3d:30:5d:
         7a:db:72:f7:da:d0:c5:5b:85:b3:77:12:7a:c5:6f:a6:ec:52:
         54:4b:ce:64:98:2a:7e:c0:66:37:da:08:36:1c:d9:f7:7d:be:
         50:0f:1b:5a:10:41:a6:8f:fb:01:aa:1a:d8:55:b9:7d:d2:4f:
         53:8c:f9:50:2d:71:13:31:fe:79:fa:dc:59:f8:05:5e:9a:e6:
         07:f7:9d:f8:07:ee:60:63:cd:37:87:9a:cf:36:b0:df:19:16:
         17:4c:7e:73:6b:e1:bd:b1:28:e2:fc:4e:48:44:b9:b6:1b:7a:
         38:8d:7c:d0:27:83:b6:ce:64:75:e6:2f:c7:58:b1:2d:7a:e3:
         66:47:4f:2e:8b:65:94:27:36:c1:d0:05:a7:78:88:1f:6b:e3:
         af:8d:75:10:8c:0d:b6:a7:6c:a3:35:ad:18:8e:e8:e5:50:6a:
         a0:db:05:f0:c9:a0:55:f1:27:66:c1:f1:08:3b:70:94:39:7a:
         d5:f3:b7:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSxOp+CQ8KDhDHY5ICSSuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTI5NWM4MGI1NGMyZGJlNzdiYTQ3ZGU3ZGFlYzZiOTg2
MDIxYjQwHhcNMjQwMTAxMTgzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjYxM2QyZGQ2MWVmZTJhZDAxOTI0ZjRmNzRkMDUzNTViN2Y3Njk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8eG471CktJVzCGcCID5U33oIWPY
sOpPzHe047KBqvs/H0mwIzdAECQOdEbRs0D32TbPw1xyiRQHJDDjpMbMSgxM9L+o
YM/1beOQ30RMl1G7kMS6BJQ0y3uJJx7ZMjv1vvJDHseUfz7OO55J9rbtObVqLz2P
X5wqCjrswit2aN+iptwpz6tbN73dtTJh7MpI8giTAHITBD7hVZCyWLmsnR0UQ1Yq
/YJ/rbi3ga5kF8BXJMJpr7qTQpWfDdAiuJqrh1ybNAAcRyca93jKkjJu610pMgll
PdDZuuqONSNV+CCf4fjdGA9WSjPpJvm4DCmQvVd1QD8pG106jBQE2t7zVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJhPS3WHv4q0Bkk9PdNBTVbf3aZMB8GA1UdIwQY
MBaAFHmilcgLVMLb53ukfefa7GuYYCG0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFLVnlBdFV3dHZuZTZSOTU5cnNhNWhnSWJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kMWRhNmEtNDkxOS00OTlhLTlhNDEt
MmJiYjQ4ZWZiMGVkLzEvOG1FOUxkWWVfaXJRR1NUMDkwMEZOVnRfZHBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kMWRhNmEtNDkxOS00OTlhLTlhNDEtMmJiYjQ4ZWZiMGVk
LzEvZWFLVnlBdFV3dHZuZTZSOTU5cnNhNWhnSWJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+rsMA0G
CSqGSIb3DQEBCwUAA4IBAQAIMLH1wMUMFfyqN48dTUsR5cWC8Yzo5A/xvWsevmaS
jUhjmDJdOd1oFnctQp5kLU5W+NaUxrhvhRN4zVokR5dVivSdw5c9MF1623L32tDF
W4WzdxJ6xW+m7FJUS85kmCp+wGY32gg2HNn3fb5QDxtaEEGmj/sBqhrYVbl90k9T
jPlQLXETMf55+txZ+AVemuYH9534B+5gY803h5rPNrDfGRYXTH5za+G9sSji/E5I
RLm2G3o4jXzQJ4O2zmR15i/HWLEteuNmR08ui2WUJzbB0AWneIgfa+OvjXUQjA22
p2yjNa0YjujlUGqg2wXwyaBV8SdmwfEIO3CUOXrV87cs
-----END CERTIFICATE-----