Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/8bdb68-7016-468b-9751-0f59527f34cb/1/lEyl1skeWL3RHdQAoRMWYWMhT1w.roa
File:                     lEyl1skeWL3RHdQAoRMWYWMhT1w.roa (raw, json)
Hash identifier:          ViAIbkQXKSQR6vXkXI0Zusjnv3veGyPBdE2Uoca9nN0=
Subject key identifier:   94:4C:A5:D6:C9:1E:58:BD:D1:1D:D4:00:A1:13:16:61:63:21:4F:5C
Certificate issuer:       /CN=36811c8affafb0ac1f5f7f6ff7b64bb70346457d
Certificate serial:       018CC8DEF7861CC2D9FE6BD59894DD25B454
Authority key identifier: 36:81:1C:8A:FF:AF:B0:AC:1F:5F:7F:6F:F7:B6:4B:B7:03:46:45:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NoEciv-vsKwfX39v97ZLtwNGRX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/8bdb68-7016-468b-9751-0f59527f34cb/1/lEyl1skeWL3RHdQAoRMWYWMhT1w.roa
Signing time:             Tue 02 Jan 2024 06:31:44 +0000
ROA not before:           Tue 02 Jan 2024 06:31:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205446
IP address blocks:        91.216.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/8bdb68-7016-468b-9751-0f59527f34cb/1/NoEciv-vsKwfX39v97ZLtwNGRX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/8bdb68-7016-468b-9751-0f59527f34cb/1/NoEciv-vsKwfX39v97ZLtwNGRX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NoEciv-vsKwfX39v97ZLtwNGRX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:f7:86:1c:c2:d9:fe:6b:d5:98:94:dd:25:b4:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36811c8affafb0ac1f5f7f6ff7b64bb70346457d
        Validity
            Not Before: Jan  2 06:31:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=944ca5d6c91e58bdd11dd400a113166163214f5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:5a:e0:19:55:c9:dc:70:23:6b:82:df:6d:39:
                    42:59:7d:05:67:fb:62:eb:1c:ba:fc:63:77:b4:b6:
                    55:25:12:6c:3f:71:8c:97:62:eb:06:b7:4b:26:47:
                    a6:7d:34:46:67:d5:00:3d:79:14:74:2d:10:3a:f2:
                    99:d4:41:ea:d1:18:fa:78:7c:7d:0b:76:63:44:52:
                    54:e6:a4:55:d4:93:46:08:0c:6d:6a:07:da:46:c7:
                    e6:bf:9e:46:2c:60:37:39:c1:7f:0a:37:46:60:93:
                    d4:ad:3c:6f:65:2c:b6:ed:5a:c4:a4:27:7f:d7:7b:
                    6b:6f:59:48:17:85:fc:30:db:1f:bc:dc:57:5c:c3:
                    58:43:b4:cc:7a:29:95:5f:c7:3c:e4:eb:7d:59:ea:
                    03:8b:7d:39:ac:d0:51:e8:99:4b:45:d1:b7:f9:e8:
                    bc:38:1f:3b:23:f1:3d:4b:ad:1b:1c:2b:64:f8:9e:
                    19:c5:0d:fe:6f:81:9a:94:16:e6:8b:c3:8f:b9:18:
                    28:e5:27:02:46:6f:d5:b0:1c:65:1c:d2:aa:56:9e:
                    cb:09:04:52:e4:46:04:aa:08:50:70:88:05:34:66:
                    32:ec:eb:19:a7:ed:b7:58:8f:cb:0c:ed:cd:d7:86:
                    f7:9d:8c:51:8c:54:21:60:cc:4a:0c:04:4e:21:f4:
                    3a:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:4C:A5:D6:C9:1E:58:BD:D1:1D:D4:00:A1:13:16:61:63:21:4F:5C
            X509v3 Authority Key Identifier:
                keyid:36:81:1C:8A:FF:AF:B0:AC:1F:5F:7F:6F:F7:B6:4B:B7:03:46:45:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NoEciv-vsKwfX39v97ZLtwNGRX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8bdb68-7016-468b-9751-0f59527f34cb/1/lEyl1skeWL3RHdQAoRMWYWMhT1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8bdb68-7016-468b-9751-0f59527f34cb/1/NoEciv-vsKwfX39v97ZLtwNGRX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:e3:54:0d:96:ac:26:ca:7d:26:64:12:5e:c7:3d:4c:2c:8c:
         1f:f3:52:f9:9e:07:cf:78:65:e4:95:63:7b:e4:a6:7d:13:69:
         ec:49:a9:4c:89:45:5a:44:64:46:85:ab:bf:a7:18:02:69:d1:
         b7:e6:47:93:59:73:bc:ca:05:b6:42:45:17:87:02:ea:95:d0:
         ce:0e:21:67:91:bd:75:1c:22:58:9b:60:08:63:e2:f5:72:1a:
         d0:2a:a3:3b:16:6d:e7:00:85:93:c3:09:3e:43:de:cd:64:e2:
         cc:f5:1b:78:b7:60:c7:fe:c5:45:5f:6e:8f:73:f6:f3:86:de:
         ba:a1:f1:7f:d6:b7:ef:2e:9d:1b:1b:32:2d:df:33:e4:61:0e:
         d9:79:23:4d:a3:8a:ca:89:1d:da:b8:8d:27:7f:db:80:2a:0e:
         8d:82:ab:85:f9:ac:a7:8f:25:1c:15:59:b3:55:be:fa:9c:48:
         5b:41:67:a3:51:4e:45:bf:45:70:43:9d:fe:7c:45:b3:88:c5:
         d0:83:f3:c0:6d:84:be:48:33:a6:45:53:09:81:d8:4e:cc:62:
         c1:81:8b:12:f5:20:e0:8f:e9:d7:93:10:08:81:2b:e6:c3:ca:
         77:c0:7b:82:85:83:46:e6:83:d7:5b:cb:70:d0:b1:9d:6d:08:
         ec:c9:73:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3veGHMLZ/mvVmJTdJbRUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2ODExYzhhZmZhZmIwYWMxZjVmN2Y2ZmY3YjY0YmI3MDM0
NjQ1N2QwHhcNMjQwMTAyMDYzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDRjYTVkNmM5MWU1OGJkZDExZGQ0MDBhMTEzMTY2MTYzMjE0ZjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVrgGVXJ3HAja4LfbTlCWX0FZ/ti
6xy6/GN3tLZVJRJsP3GMl2LrBrdLJkemfTRGZ9UAPXkUdC0QOvKZ1EHq0Rj6eHx9
C3ZjRFJU5qRV1JNGCAxtagfaRsfmv55GLGA3OcF/CjdGYJPUrTxvZSy27VrEpCd/
13trb1lIF4X8MNsfvNxXXMNYQ7TMeimVX8c85Ot9WeoDi305rNBR6JlLRdG3+ei8
OB87I/E9S60bHCtk+J4ZxQ3+b4GalBbmi8OPuRgo5ScCRm/VsBxlHNKqVp7LCQRS
5EYEqghQcIgFNGYy7OsZp+23WI/LDO3N14b3nYxRjFQhYMxKDAROIfQ6dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJRMpdbJHli90R3UAKETFmFjIU9cMB8GA1UdIwQY
MBaAFDaBHIr/r7CsH19/b/e2S7cDRkV9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm9FY2l2LXZzS3dmWDM5djk3Wkx0d05HUlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi84YmRiNjgtNzAxNi00NjhiLTk3NTEt
MGY1OTUyN2YzNGNiLzEvbEV5bDFza2VXTDNSSGRRQW9STVdZV01oVDF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi84YmRiNjgtNzAxNi00NjhiLTk3NTEtMGY1OTUyN2YzNGNi
LzEvTm9FY2l2LXZzS3dmWDM5djk3Wkx0d05HUlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9jSMA0G
CSqGSIb3DQEBCwUAA4IBAQCo41QNlqwmyn0mZBJexz1MLIwf81L5ngfPeGXklWN7
5KZ9E2nsSalMiUVaRGRGhau/pxgCadG35keTWXO8ygW2QkUXhwLqldDODiFnkb11
HCJYm2AIY+L1chrQKqM7Fm3nAIWTwwk+Q97NZOLM9Rt4t2DH/sVFX26Pc/bzht66
ofF/1rfvLp0bGzIt3zPkYQ7ZeSNNo4rKiR3auI0nf9uAKg6NgquF+aynjyUcFVmz
Vb76nEhbQWejUU5Fv0VwQ53+fEWziMXQg/PAbYS+SDOmRVMJgdhOzGLBgYsS9SDg
j+nXkxAIgSvmw8p3wHuChYNG5oPXW8tw0LGdbQjsyXOp
-----END CERTIFICATE-----