Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/67ffe9-8d98-4c6d-be2a-3f6ec249717c/1/roRPtJRuXZkSD-0dr_pwI0X0yPU.roa
File:                     roRPtJRuXZkSD-0dr_pwI0X0yPU.roa (raw, json)
Hash identifier:          cvh5c7pelb1xV3Cj3ZwS2jTQ2SnuAJihjvA2x3UYIXw=
Subject key identifier:   AE:84:4F:B4:94:6E:5D:99:12:0F:ED:1D:AF:FA:70:23:45:F4:C8:F5
Certificate issuer:       /CN=ab2e5b67f25cbd882ca4d023d21ef98d483735db
Certificate serial:       01908DE90B5A30D83564D12E3376A27FBEC2
Authority key identifier: AB:2E:5B:67:F2:5C:BD:88:2C:A4:D0:23:D2:1E:F9:8D:48:37:35:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy5bZ_JcvYgspNAj0h75jUg3Nds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/67ffe9-8d98-4c6d-be2a-3f6ec249717c/1/roRPtJRuXZkSD-0dr_pwI0X0yPU.roa
Signing time:             Sun 07 Jul 2024 15:56:18 +0000
ROA not before:           Sun 07 Jul 2024 15:56:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44874
IP address blocks:        91.244.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/67ffe9-8d98-4c6d-be2a-3f6ec249717c/1/qy5bZ_JcvYgspNAj0h75jUg3Nds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/67ffe9-8d98-4c6d-be2a-3f6ec249717c/1/qy5bZ_JcvYgspNAj0h75jUg3Nds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy5bZ_JcvYgspNAj0h75jUg3Nds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:8d:e9:0b:5a:30:d8:35:64:d1:2e:33:76:a2:7f:be:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2e5b67f25cbd882ca4d023d21ef98d483735db
        Validity
            Not Before: Jul  7 15:56:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae844fb4946e5d99120fed1daffa702345f4c8f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:b6:4a:e8:b1:40:c1:df:6b:03:86:ea:17:58:
                    df:bf:ba:27:75:ff:57:9e:27:41:39:f3:25:67:25:
                    59:b5:bd:0b:84:85:06:0a:42:18:41:a9:60:13:76:
                    4d:8f:6c:79:25:9c:cc:7f:93:66:e2:8d:52:a7:99:
                    5d:eb:8e:a2:f1:4b:9d:5d:54:0f:20:85:3c:32:20:
                    54:0d:ce:c5:f6:11:45:22:fa:d8:e7:89:0f:9d:da:
                    41:9b:cf:6d:f9:0d:cc:fb:44:c3:d8:af:9e:ad:31:
                    2d:dc:2b:1c:c3:18:0b:3f:79:c6:d5:56:85:a6:37:
                    60:7c:1f:fa:65:b0:0c:b9:08:ce:c6:04:78:6c:62:
                    28:d9:c7:23:33:59:fc:9b:be:82:db:6b:14:cb:4a:
                    07:50:64:cb:5e:38:21:b2:c4:39:ce:be:45:2d:57:
                    60:84:c0:c7:67:53:d9:b6:76:2d:19:48:30:c5:37:
                    dd:d6:30:62:eb:c9:33:d5:14:3a:c2:a2:06:d0:a9:
                    06:96:26:f5:1e:c1:f1:b0:d3:4f:18:95:5e:94:29:
                    93:84:32:66:a9:c4:05:97:0a:25:8f:1c:23:67:4b:
                    93:9c:a5:a1:fa:22:e8:1b:07:df:22:ed:9b:fe:3f:
                    e9:94:1e:9c:56:7e:20:b3:17:5d:df:06:43:26:ea:
                    93:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:84:4F:B4:94:6E:5D:99:12:0F:ED:1D:AF:FA:70:23:45:F4:C8:F5
            X509v3 Authority Key Identifier:
                keyid:AB:2E:5B:67:F2:5C:BD:88:2C:A4:D0:23:D2:1E:F9:8D:48:37:35:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy5bZ_JcvYgspNAj0h75jUg3Nds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/67ffe9-8d98-4c6d-be2a-3f6ec249717c/1/roRPtJRuXZkSD-0dr_pwI0X0yPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/67ffe9-8d98-4c6d-be2a-3f6ec249717c/1/qy5bZ_JcvYgspNAj0h75jUg3Nds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.244.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:d8:32:55:0c:d4:53:bf:24:34:e4:ee:81:c2:11:5c:79:27:
         8a:e3:66:f8:ef:00:56:d6:41:08:f6:46:4d:71:95:3c:9a:76:
         e7:6f:61:e5:4c:fc:4e:eb:e9:f0:a5:26:2d:41:b6:7f:d7:af:
         f7:ec:11:69:f2:f0:b9:5b:bf:08:26:cf:ae:85:7c:97:17:8c:
         c5:e1:01:50:59:c8:aa:ed:6e:30:5d:bf:56:85:8e:1a:fd:72:
         ef:57:64:8b:9b:c2:e2:8a:38:01:e2:5b:a1:91:eb:80:05:4f:
         96:84:1f:6f:b0:c2:86:1e:36:d7:15:c8:0f:b0:8a:92:12:b6:
         d1:13:74:9e:d7:42:d4:59:5c:b5:85:54:6b:c9:d3:44:f2:cc:
         d7:f6:79:df:40:8a:4a:aa:a0:d3:65:bf:70:bd:6a:6a:a5:ab:
         71:2b:95:29:e4:c7:7b:27:ab:f6:ad:73:d8:4c:44:ee:3c:2c:
         05:0c:6d:a9:04:82:cd:2e:08:78:6d:35:7a:0d:a2:88:61:18:
         10:fb:e0:53:d7:f9:06:4e:4d:a7:9d:95:55:1e:57:6d:be:c4:
         b9:4c:78:df:33:ae:d8:db:87:2f:75:e8:43:66:c3:77:15:03:
         a3:5b:61:08:79:51:61:e9:4e:cf:e0:a6:d8:85:c4:5f:91:c5:
         ac:36:d2:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCN6QtaMNg1ZNEuM3aif77CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMmU1YjY3ZjI1Y2JkODgyY2E0ZDAyM2QyMWVmOThkNDgz
NzM1ZGIwHhcNMjQwNzA3MTU1NjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTg0NGZiNDk0NmU1ZDk5MTIwZmVkMWRhZmZhNzAyMzQ1ZjRjOGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbZK6LFAwd9rA4bqF1jfv7ondf9X
nidBOfMlZyVZtb0LhIUGCkIYQalgE3ZNj2x5JZzMf5Nm4o1Sp5ld646i8UudXVQP
IIU8MiBUDc7F9hFFIvrY54kPndpBm89t+Q3M+0TD2K+erTEt3CscwxgLP3nG1VaF
pjdgfB/6ZbAMuQjOxgR4bGIo2ccjM1n8m76C22sUy0oHUGTLXjghssQ5zr5FLVdg
hMDHZ1PZtnYtGUgwxTfd1jBi68kz1RQ6wqIG0KkGlib1HsHxsNNPGJVelCmThDJm
qcQFlwoljxwjZ0uTnKWh+iLoGwffIu2b/j/plB6cVn4gsxdd3wZDJuqTlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK6ET7SUbl2ZEg/tHa/6cCNF9Mj1MB8GA1UdIwQY
MBaAFKsuW2fyXL2ILKTQI9Ie+Y1INzXbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXk1YlpfSmN2WWdzcE5BajBoNzVqVWczTmRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC82N2ZmZTktOGQ5OC00YzZkLWJlMmEt
M2Y2ZWMyNDk3MTdjLzEvcm9SUHRKUnVYWmtTRC0wZHJfcHdJMFgweVBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC82N2ZmZTktOGQ5OC00YzZkLWJlMmEtM2Y2ZWMyNDk3MTdj
LzEvcXk1YlpfSmN2WWdzcE5BajBoNzVqVWczTmRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/TtMA0G
CSqGSIb3DQEBCwUAA4IBAQCj2DJVDNRTvyQ05O6BwhFceSeK42b47wBW1kEI9kZN
cZU8mnbnb2HlTPxO6+nwpSYtQbZ/16/37BFp8vC5W78IJs+uhXyXF4zF4QFQWciq
7W4wXb9WhY4a/XLvV2SLm8LiijgB4luhkeuABU+WhB9vsMKGHjbXFcgPsIqSErbR
E3Se10LUWVy1hVRrydNE8szX9nnfQIpKqqDTZb9wvWpqpatxK5Up5Md7J6v2rXPY
TETuPCwFDG2pBILNLgh4bTV6DaKIYRgQ++BT1/kGTk2nnZVVHldtvsS5THjfM67Y
24cvdehDZsN3FQOjW2EIeVFh6U7P4KbYhcRfkcWsNtLH
-----END CERTIFICATE-----