Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/f9f773-121e-450d-b606-98bf4289df3b/1/Kki9qJHQ9q5OWoRgkA3-q98D8UE.roa
File:                     Kki9qJHQ9q5OWoRgkA3-q98D8UE.roa (raw, json)
Hash identifier:          2cmYtuo455+gROHTVLibOz4hdpYiENu73Hr3YC3GC4M=
Subject key identifier:   2A:48:BD:A8:91:D0:F6:AE:4E:5A:84:60:90:0D:FE:AB:DF:03:F1:41
Certificate issuer:       /CN=e6a4cb74cf524c18121d53b532c03c06f4ad6be6
Certificate serial:       018CC94D4F610A75C3D197690A7F132B928F
Authority key identifier: E6:A4:CB:74:CF:52:4C:18:12:1D:53:B5:32:C0:3C:06:F4:AD:6B:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5qTLdM9STBgSHVO1MsA8BvSta-Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/f9f773-121e-450d-b606-98bf4289df3b/1/Kki9qJHQ9q5OWoRgkA3-q98D8UE.roa
Signing time:             Tue 02 Jan 2024 08:32:16 +0000
ROA not before:           Tue 02 Jan 2024 08:32:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48388
IP address blocks:        91.209.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/f9f773-121e-450d-b606-98bf4289df3b/1/5qTLdM9STBgSHVO1MsA8BvSta-Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/f9f773-121e-450d-b606-98bf4289df3b/1/5qTLdM9STBgSHVO1MsA8BvSta-Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5qTLdM9STBgSHVO1MsA8BvSta-Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 20:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:4f:61:0a:75:c3:d1:97:69:0a:7f:13:2b:92:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6a4cb74cf524c18121d53b532c03c06f4ad6be6
        Validity
            Not Before: Jan  2 08:32:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a48bda891d0f6ae4e5a8460900dfeabdf03f141
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:75:1c:d9:ad:f0:ed:62:cd:7b:25:26:e4:c6:
                    06:f9:38:5a:09:63:31:d5:ab:a8:e5:45:e2:ce:96:
                    23:a4:4a:d6:1c:1b:73:e4:88:4e:44:c0:5e:42:9f:
                    21:c7:ee:a9:2b:84:81:04:5e:e4:43:b3:74:fb:b1:
                    c8:96:3a:1b:51:c4:50:0b:65:d0:64:bd:1a:49:ff:
                    3d:60:b6:57:77:ac:6b:a0:51:04:c7:e4:c7:49:63:
                    64:52:7a:7d:ae:00:01:17:da:20:6b:7e:2d:25:fb:
                    66:49:c8:63:11:ba:1b:47:d0:79:1c:55:00:b9:46:
                    a2:51:e3:05:73:cf:f6:0c:10:ed:80:87:f3:fb:ef:
                    e6:ea:46:37:e7:08:3d:00:0a:11:db:e4:9f:19:4d:
                    e7:ee:be:29:86:12:39:6d:d0:1a:b5:d1:ec:a2:b0:
                    6e:55:4d:0c:56:0b:47:1a:b7:50:b5:53:e7:cd:d1:
                    13:fc:97:d7:ea:7d:8c:6a:50:59:1b:37:0f:aa:1b:
                    1d:81:80:04:4c:50:a0:ef:dd:23:e2:bf:8f:a2:37:
                    1e:c3:a6:cd:59:57:1f:fb:f2:29:a1:b4:2d:c4:d1:
                    57:30:b2:2b:63:b8:02:2c:3f:b3:ad:cc:45:a6:2f:
                    37:50:d2:e0:31:4e:db:33:48:3d:bd:1a:b5:4b:12:
                    b3:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:48:BD:A8:91:D0:F6:AE:4E:5A:84:60:90:0D:FE:AB:DF:03:F1:41
            X509v3 Authority Key Identifier:
                keyid:E6:A4:CB:74:CF:52:4C:18:12:1D:53:B5:32:C0:3C:06:F4:AD:6B:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5qTLdM9STBgSHVO1MsA8BvSta-Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/f9f773-121e-450d-b606-98bf4289df3b/1/Kki9qJHQ9q5OWoRgkA3-q98D8UE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/f9f773-121e-450d-b606-98bf4289df3b/1/5qTLdM9STBgSHVO1MsA8BvSta-Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:db:7c:08:e3:d4:17:79:d6:75:91:2b:34:1e:dd:5f:fb:f0:
         c8:2a:37:b9:22:d3:e7:c9:72:e6:46:1b:dc:33:a0:5a:7e:fb:
         9e:e9:fe:71:56:a6:d7:eb:a6:92:fa:d1:c6:85:c4:a1:dc:aa:
         23:63:15:5c:fc:9c:d6:0d:58:d6:d5:7c:53:aa:8d:9a:37:98:
         e7:97:f9:fa:95:7e:0e:a5:14:23:89:88:cf:65:d9:13:59:77:
         4f:a3:74:89:a9:21:93:63:18:a9:d5:94:dc:d4:3d:21:1f:59:
         40:14:35:84:2f:28:f5:c5:4d:83:4e:11:ff:b0:6c:7b:03:c0:
         0d:5e:31:f6:d5:73:fb:f1:66:5c:72:79:e0:f4:b3:eb:00:33:
         02:52:6f:ac:49:62:6a:f3:86:ec:47:77:66:6c:9a:7d:99:cb:
         0e:98:42:14:bd:cc:6a:55:7f:1e:95:35:b2:3c:ea:24:a0:5a:
         a0:95:c3:cc:74:3a:1b:6d:f4:a0:63:fd:cb:ed:01:c3:cd:ed:
         fd:0b:54:e8:36:18:cd:f8:0b:dc:82:e9:6c:d4:78:84:15:b9:
         ae:b9:7e:b7:40:9e:3d:a6:b9:4e:b2:a0:e1:c8:9c:66:ef:8f:
         30:85:b3:2c:ad:2b:57:6b:5b:96:27:f8:5f:bc:d1:52:1c:ca:
         49:cd:00:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTU9hCnXD0ZdpCn8TK5KPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2YTRjYjc0Y2Y1MjRjMTgxMjFkNTNiNTMyYzAzYzA2ZjRh
ZDZiZTYwHhcNMjQwMTAyMDgzMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTQ4YmRhODkxZDBmNmFlNGU1YTg0NjA5MDBkZmVhYmRmMDNmMTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjnUc2a3w7WLNeyUm5MYG+ThaCWMx
1auo5UXizpYjpErWHBtz5IhORMBeQp8hx+6pK4SBBF7kQ7N0+7HIljobUcRQC2XQ
ZL0aSf89YLZXd6xroFEEx+THSWNkUnp9rgABF9oga34tJftmSchjEbobR9B5HFUA
uUaiUeMFc8/2DBDtgIfz++/m6kY35wg9AAoR2+SfGU3n7r4phhI5bdAatdHsorBu
VU0MVgtHGrdQtVPnzdET/JfX6n2MalBZGzcPqhsdgYAETFCg790j4r+Pojcew6bN
WVcf+/IpobQtxNFXMLIrY7gCLD+zrcxFpi83UNLgMU7bM0g9vRq1SxKz0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCpIvaiR0PauTlqEYJAN/qvfA/FBMB8GA1UdIwQY
MBaAFOaky3TPUkwYEh1TtTLAPAb0rWvmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXFUTGRNOVNUQmdTSFZPMU1zQThCdlN0YS1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mOWY3NzMtMTIxZS00NTBkLWI2MDYt
OThiZjQyODlkZjNiLzEvS2tpOXFKSFE5cTVPV29SZ2tBMy1xOThEOFVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mOWY3NzMtMTIxZS00NTBkLWI2MDYtOThiZjQyODlkZjNi
LzEvNXFUTGRNOVNUQmdTSFZPMU1zQThCdlN0YS1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9GEMA0G
CSqGSIb3DQEBCwUAA4IBAQCi23wI49QXedZ1kSs0Ht1f+/DIKje5ItPnyXLmRhvc
M6Bafvue6f5xVqbX66aS+tHGhcSh3KojYxVc/JzWDVjW1XxTqo2aN5jnl/n6lX4O
pRQjiYjPZdkTWXdPo3SJqSGTYxip1ZTc1D0hH1lAFDWELyj1xU2DThH/sGx7A8AN
XjH21XP78WZccnng9LPrADMCUm+sSWJq84bsR3dmbJp9mcsOmEIUvcxqVX8elTWy
POokoFqglcPMdDobbfSgY/3L7QHDze39C1ToNhjN+Avcguls1HiEFbmuuX63QJ49
prlOsqDhyJxm748whbMsrStXa1uWJ/hfvNFSHMpJzQD/
-----END CERTIFICATE-----