Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/67ffe9-8d98-4c6d-be2a-3f6ec249717c/1/1RR2PIOhWjDyDCJRVL1m7Qz-xPU.roa
File:                     1RR2PIOhWjDyDCJRVL1m7Qz-xPU.roa (raw, json)
Hash identifier:          k11vLjo6UmskuYKT/dLjvIgDQUt9Or+HemMm/QZjqU8=
Subject key identifier:   D5:14:76:3C:83:A1:5A:30:F2:0C:22:51:54:BD:66:ED:0C:FE:C4:F5
Certificate issuer:       /CN=ab2e5b67f25cbd882ca4d023d21ef98d483735db
Certificate serial:       0190BDDD98C16CC66730AAE5E401DD4E56FA
Authority key identifier: AB:2E:5B:67:F2:5C:BD:88:2C:A4:D0:23:D2:1E:F9:8D:48:37:35:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy5bZ_JcvYgspNAj0h75jUg3Nds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/67ffe9-8d98-4c6d-be2a-3f6ec249717c/1/1RR2PIOhWjDyDCJRVL1m7Qz-xPU.roa
Signing time:             Tue 16 Jul 2024 23:25:34 +0000
ROA not before:           Tue 16 Jul 2024 23:25:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25160
IP address blocks:        91.244.236.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/67ffe9-8d98-4c6d-be2a-3f6ec249717c/1/qy5bZ_JcvYgspNAj0h75jUg3Nds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/67ffe9-8d98-4c6d-be2a-3f6ec249717c/1/qy5bZ_JcvYgspNAj0h75jUg3Nds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy5bZ_JcvYgspNAj0h75jUg3Nds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bd:dd:98:c1:6c:c6:67:30:aa:e5:e4:01:dd:4e:56:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2e5b67f25cbd882ca4d023d21ef98d483735db
        Validity
            Not Before: Jul 16 23:25:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d514763c83a15a30f20c225154bd66ed0cfec4f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:82:32:d2:eb:98:c6:41:45:67:49:8a:c4:e4:
                    00:66:0d:bc:bb:37:90:d3:94:a0:73:b1:74:2c:3c:
                    b6:27:af:50:71:90:fa:c0:be:96:bc:8b:8e:c0:16:
                    d2:fa:90:8a:01:46:c9:84:1f:3f:89:65:f0:7e:00:
                    1d:65:91:6e:6e:6b:7b:32:de:e3:77:44:95:51:ca:
                    13:59:40:ee:99:cf:8c:e5:25:95:d6:e0:15:85:94:
                    86:2f:e7:e7:61:70:b4:0c:33:f9:4c:f8:b7:85:b1:
                    43:c3:c1:82:55:fa:f3:54:20:d2:27:c4:22:c7:35:
                    6b:af:bf:d4:a9:e5:ed:b0:37:fb:7b:2a:95:ab:db:
                    b8:8a:0b:e2:3e:7b:d9:fb:c1:c3:4c:2e:34:68:35:
                    e4:af:f6:86:51:f8:e2:08:6a:24:1a:cd:6c:63:fa:
                    50:f1:53:d8:d5:49:a2:2d:01:27:82:85:fa:a0:c7:
                    63:89:0a:91:c7:50:34:67:ee:7e:da:20:56:3b:06:
                    0b:b0:9c:b3:bc:00:0a:96:e0:40:a5:bb:95:aa:77:
                    ec:af:4e:cc:a6:65:5c:b6:60:2b:7e:61:d0:dc:37:
                    ab:06:52:1b:cb:78:0d:d9:ee:54:ba:a4:77:43:3f:
                    66:8c:3a:99:ba:60:f8:22:74:7d:df:ac:1b:a3:f5:
                    7b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:14:76:3C:83:A1:5A:30:F2:0C:22:51:54:BD:66:ED:0C:FE:C4:F5
            X509v3 Authority Key Identifier:
                keyid:AB:2E:5B:67:F2:5C:BD:88:2C:A4:D0:23:D2:1E:F9:8D:48:37:35:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy5bZ_JcvYgspNAj0h75jUg3Nds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/67ffe9-8d98-4c6d-be2a-3f6ec249717c/1/1RR2PIOhWjDyDCJRVL1m7Qz-xPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/67ffe9-8d98-4c6d-be2a-3f6ec249717c/1/qy5bZ_JcvYgspNAj0h75jUg3Nds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.244.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2f:dd:bd:5c:ee:4c:87:5b:cc:82:2b:60:2d:28:8e:83:5f:21:
         91:5f:eb:69:b8:5f:c1:7e:43:80:ca:04:ca:f9:da:b9:6d:37:
         a1:c7:64:cf:ba:c9:4c:bf:61:71:91:37:c6:22:e4:a7:f9:ad:
         7d:0e:2b:9b:13:ec:fa:e9:1a:03:f5:e4:e9:be:c5:c9:56:af:
         e0:37:8e:63:5d:ec:f8:1b:ed:fa:06:d7:db:c7:1d:6c:e7:bb:
         88:32:6b:a4:e9:95:90:69:c0:1f:2b:15:47:76:03:72:f7:fe:
         41:3c:61:d3:89:9b:1d:b4:f5:01:40:4d:ca:d3:9c:2f:d8:60:
         b9:1d:fa:d8:74:57:6d:7b:50:bf:e8:97:c6:c8:82:e5:08:03:
         70:29:90:8a:bb:57:ae:15:93:7d:5e:33:60:76:55:cc:4b:a5:
         c1:b0:32:9c:17:ad:43:05:34:24:36:22:3b:86:3d:c3:cd:3e:
         1b:6d:2a:2b:cd:bf:53:69:81:da:a2:3d:e1:04:3d:78:1d:bc:
         6c:4f:21:80:31:43:5d:42:5f:3c:e3:40:fe:8b:35:33:18:e1:
         f6:c3:c1:d8:37:98:60:05:59:f9:93:73:b4:ff:e8:12:e8:31:
         66:c5:a8:e2:fe:2b:3e:15:59:7d:6f:47:7c:8e:59:14:3e:e7:
         b1:d1:0f:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZC93ZjBbMZnMKrl5AHdTlb6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMmU1YjY3ZjI1Y2JkODgyY2E0ZDAyM2QyMWVmOThkNDgz
NzM1ZGIwHhcNMjQwNzE2MjMyNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTE0NzYzYzgzYTE1YTMwZjIwYzIyNTE1NGJkNjZlZDBjZmVjNGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYIy0uuYxkFFZ0mKxOQAZg28uzeQ
05Sgc7F0LDy2J69QcZD6wL6WvIuOwBbS+pCKAUbJhB8/iWXwfgAdZZFubmt7Mt7j
d0SVUcoTWUDumc+M5SWV1uAVhZSGL+fnYXC0DDP5TPi3hbFDw8GCVfrzVCDSJ8Qi
xzVrr7/UqeXtsDf7eyqVq9u4igviPnvZ+8HDTC40aDXkr/aGUfjiCGokGs1sY/pQ
8VPY1UmiLQEngoX6oMdjiQqRx1A0Z+5+2iBWOwYLsJyzvAAKluBApbuVqnfsr07M
pmVctmArfmHQ3DerBlIby3gN2e5UuqR3Qz9mjDqZumD4InR936wbo/V7oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNUUdjyDoVow8gwiUVS9Zu0M/sT1MB8GA1UdIwQY
MBaAFKsuW2fyXL2ILKTQI9Ie+Y1INzXbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXk1YlpfSmN2WWdzcE5BajBoNzVqVWczTmRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC82N2ZmZTktOGQ5OC00YzZkLWJlMmEt
M2Y2ZWMyNDk3MTdjLzEvMVJSMlBJT2hXakR5RENKUlZMMW03UXoteFBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC82N2ZmZTktOGQ5OC00YzZkLWJlMmEtM2Y2ZWMyNDk3MTdj
LzEvcXk1YlpfSmN2WWdzcE5BajBoNzVqVWczTmRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW/TsMA0G
CSqGSIb3DQEBCwUAA4IBAQAv3b1c7kyHW8yCK2AtKI6DXyGRX+tpuF/BfkOAygTK
+dq5bTehx2TPuslMv2FxkTfGIuSn+a19DiubE+z66RoD9eTpvsXJVq/gN45jXez4
G+36Btfbxx1s57uIMmuk6ZWQacAfKxVHdgNy9/5BPGHTiZsdtPUBQE3K05wv2GC5
HfrYdFdte1C/6JfGyILlCANwKZCKu1euFZN9XjNgdlXMS6XBsDKcF61DBTQkNiI7
hj3DzT4bbSorzb9TaYHaoj3hBD14HbxsTyGAMUNdQl8840D+izUzGOH2w8HYN5hg
BVn5k3O0/+gS6DFmxaji/is+FVl9b0d8jlkUPuex0Q/F
-----END CERTIFICATE-----