Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/91K4KRildVIwc3CbmpvZABvqm1g.roa
File:                     91K4KRildVIwc3CbmpvZABvqm1g.roa (raw, json)
Hash identifier:          fUpP5u3GW8zpCUd6YH9luLFslE9PvTKZon8U7HIZnPs=
Subject key identifier:   F7:52:B8:29:18:A5:75:52:30:73:70:9B:9A:9B:D9:00:1B:EA:9B:58
Certificate issuer:       /CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
Certificate serial:       018CC56EFEDC714A6659BA22738DB6A3EC81
Authority key identifier: D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/91K4KRildVIwc3CbmpvZABvqm1g.roa
Signing time:             Mon 01 Jan 2024 14:30:34 +0000
ROA not before:           Mon 01 Jan 2024 14:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204079
IP address blocks:        46.36.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:fe:dc:71:4a:66:59:ba:22:73:8d:b6:a3:ec:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
        Validity
            Not Before: Jan  1 14:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f752b82918a575523073709b9a9bd9001bea9b58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:98:92:4a:b3:38:db:b9:e2:8d:ca:48:01:fc:
                    03:a3:0d:20:66:95:fa:8b:a5:06:6a:a3:fa:5c:7e:
                    e2:65:6a:5d:5d:95:b7:1d:39:19:d7:55:73:d3:0a:
                    ff:a2:89:d0:6b:2f:5d:b0:11:9d:f4:3f:44:fb:06:
                    f3:52:a9:bc:d1:6f:f7:45:60:0c:d7:90:95:a0:d7:
                    fb:b3:0d:4e:05:38:08:61:c7:6d:1d:7d:f2:15:32:
                    53:0e:69:81:2c:2a:f0:f8:91:79:ea:f6:9f:74:3c:
                    e1:f1:fd:35:b6:9b:c5:da:82:d6:4b:18:ca:c2:74:
                    80:a5:bc:57:68:04:b2:43:e5:5c:ea:0b:34:0a:d1:
                    e6:14:f9:51:a8:6f:6c:0e:fd:f8:7b:4c:63:45:1c:
                    3f:84:a5:8b:b3:6e:b3:65:0c:86:17:82:69:8f:29:
                    db:31:e8:20:1e:ab:41:cc:01:ab:72:14:85:86:09:
                    3f:74:0e:6e:1b:9c:35:35:b1:1d:84:40:7b:39:2d:
                    1f:0a:f1:b7:be:e1:9e:68:4d:fd:0c:a0:06:e0:b8:
                    69:02:43:10:21:ab:06:07:99:fb:b2:cb:69:1b:58:
                    b9:9b:8d:71:0f:f3:cb:8b:3b:33:d5:92:6a:7c:df:
                    e1:91:2b:fc:b1:4c:b2:29:51:83:97:e6:d9:3f:48:
                    24:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:52:B8:29:18:A5:75:52:30:73:70:9B:9A:9B:D9:00:1B:EA:9B:58
            X509v3 Authority Key Identifier:
                keyid:D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/91K4KRildVIwc3CbmpvZABvqm1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.36.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:63:75:a3:69:51:8c:c0:85:8e:d5:11:66:e4:df:0f:f0:da:
         af:78:40:f5:bc:60:a0:06:83:d1:c6:a0:37:70:75:ce:0f:df:
         39:64:f7:7f:ce:fa:68:17:96:ad:20:8b:fe:96:ab:ec:eb:bb:
         90:5e:f7:a1:22:8b:f7:5a:1c:c5:41:8a:09:e6:ee:5c:a6:db:
         e8:3d:0b:41:df:25:aa:ee:73:c5:39:4c:f5:64:55:93:85:c4:
         7b:a8:61:a1:a7:6e:c8:75:b3:82:69:2c:86:14:69:45:97:f7:
         ac:ae:9f:44:9e:90:2f:d0:85:01:e2:af:13:93:4b:a8:ca:8c:
         09:95:34:83:b2:6c:fb:74:f5:bf:26:01:c5:ad:97:9a:8c:47:
         70:47:37:16:2a:09:b5:03:d3:6d:e4:9d:26:9d:49:d9:b4:ee:
         83:6f:31:34:c3:28:7f:0d:da:3a:d6:2f:5e:81:65:6a:5d:4f:
         02:54:0a:0e:58:93:8d:1d:5c:db:d7:32:b3:af:45:ec:85:af:
         3d:10:f5:b5:92:a5:e8:1b:27:3a:b3:8e:c3:54:35:cf:24:0a:
         34:2f:65:b4:07:c8:17:63:72:54:15:26:01:fd:e9:46:13:f9:
         88:32:6c:81:1a:92:10:5a:83:cc:c3:38:32:78:e0:18:9b:70:
         3a:d4:a2:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbv7ccUpmWboic422o+yBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDY2MmRjYzZmZTNiODFlZjNkZTJmY2EzY2ZjZWRjMTFl
YmFhNDMwHhcNMjQwMTAxMTQzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzUyYjgyOTE4YTU3NTUyMzA3MzcwOWI5YTliZDkwMDFiZWE5YjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAipiSSrM427nijcpIAfwDow0gZpX6
i6UGaqP6XH7iZWpdXZW3HTkZ11Vz0wr/oonQay9dsBGd9D9E+wbzUqm80W/3RWAM
15CVoNf7sw1OBTgIYcdtHX3yFTJTDmmBLCrw+JF56vafdDzh8f01tpvF2oLWSxjK
wnSApbxXaASyQ+Vc6gs0CtHmFPlRqG9sDv34e0xjRRw/hKWLs26zZQyGF4Jpjynb
MeggHqtBzAGrchSFhgk/dA5uG5w1NbEdhEB7OS0fCvG3vuGeaE39DKAG4LhpAkMQ
IasGB5n7sstpG1i5m41xD/PLizsz1ZJqfN/hkSv8sUyyKVGDl+bZP0gkMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPdSuCkYpXVSMHNwm5qb2QAb6ptYMB8GA1UdIwQY
MBaAFNjWYtzG/juB7z3i/KPPztwR66pDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1Yjct
Nzg1ZTU4ODM2NDRkLzEvOTFLNEtSaWxkVkl3YzNDYm1wdlpBQnZxbTFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1YjctNzg1ZTU4ODM2NDRk
LzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiRiMA0G
CSqGSIb3DQEBCwUAA4IBAQCAY3WjaVGMwIWO1RFm5N8P8NqveED1vGCgBoPRxqA3
cHXOD985ZPd/zvpoF5atIIv+lqvs67uQXvehIov3WhzFQYoJ5u5cptvoPQtB3yWq
7nPFOUz1ZFWThcR7qGGhp27IdbOCaSyGFGlFl/esrp9EnpAv0IUB4q8Tk0uoyowJ
lTSDsmz7dPW/JgHFrZeajEdwRzcWKgm1A9Nt5J0mnUnZtO6DbzE0wyh/Ddo61i9e
gWVqXU8CVAoOWJONHVzb1zKzr0Xsha89EPW1kqXoGyc6s47DVDXPJAo0L2W0B8gX
Y3JUFSYB/elGE/mIMmyBGpIQWoPMwzgyeOAYm3A61KK7
-----END CERTIFICATE-----