Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/kE5ghqAZInIs1dKHe2MmFsVVFt4.roa
File:                     kE5ghqAZInIs1dKHe2MmFsVVFt4.roa (raw, json)
Hash identifier:          HPCpqaH2sUGvgpMdGlRLYcgql2EEuD3MRLr6Swb3L4c=
Subject key identifier:   90:4E:60:86:A0:19:22:72:2C:D5:D2:87:7B:63:26:16:C5:55:16:DE
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0191786F8EE85932B28B9FAE880F3C7179FF
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/kE5ghqAZInIs1dKHe2MmFsVVFt4.roa
Signing time:             Thu 22 Aug 2024 04:54:22 +0000
ROA not before:           Thu 22 Aug 2024 04:54:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400529
IP address blocks:        194.69.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:78:6f:8e:e8:59:32:b2:8b:9f:ae:88:0f:3c:71:79:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Aug 22 04:54:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=904e6086a01922722cd5d2877b632616c55516de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:c0:c7:47:4a:a0:0c:cb:87:a4:dd:57:c7:a0:
                    69:f1:3d:35:fd:ad:e3:64:91:c7:b1:ec:51:0e:cb:
                    1c:b3:dc:43:17:8e:a5:91:ec:db:c7:ab:d2:23:a1:
                    71:f3:05:81:e6:4f:b5:5e:f1:b8:86:2e:f8:75:05:
                    c8:75:0a:62:20:c2:19:57:e3:bd:2b:6c:7d:bf:5a:
                    74:28:f1:e3:cb:b4:97:62:40:a7:46:98:cb:4a:60:
                    53:44:cf:d5:01:df:99:58:a9:40:6a:f5:be:86:2b:
                    07:c0:83:5a:3f:31:11:06:f8:03:27:3a:c1:91:d8:
                    b9:fc:d7:26:3f:3e:f5:a5:4e:94:00:2b:b4:e5:92:
                    bb:53:3a:49:f0:e3:c8:d3:98:91:75:aa:ea:db:e1:
                    02:c4:46:dd:c9:91:7a:5d:30:2a:cb:dd:65:4d:bd:
                    74:95:ca:e3:8b:59:55:f6:6d:d9:6d:48:8b:5e:40:
                    7a:75:e7:b0:a6:e0:90:af:ef:b1:b4:01:71:ad:24:
                    36:d2:86:13:00:28:dc:24:3d:a4:03:99:b7:d3:ad:
                    33:ab:16:74:16:20:08:c2:fa:df:d9:40:95:33:ff:
                    92:88:95:34:1d:25:3f:64:3e:5e:5f:a9:7e:72:45:
                    65:ea:ba:71:04:7c:7e:36:ea:64:c1:8d:c0:2e:04:
                    c6:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:4E:60:86:A0:19:22:72:2C:D5:D2:87:7B:63:26:16:C5:55:16:DE
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/kE5ghqAZInIs1dKHe2MmFsVVFt4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.69.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:48:48:df:2f:4f:5e:05:bb:cc:41:cc:eb:ba:f6:8f:ce:c0:
         12:bb:73:7c:8e:85:b4:9c:e7:ed:4c:2b:fc:22:57:10:cd:fc:
         cd:87:79:2e:3d:45:6e:d7:c4:c5:ae:be:44:ca:7b:2e:1e:75:
         69:70:b7:4e:49:3d:7d:3f:1d:6c:64:af:46:4d:ab:cf:7a:da:
         ad:3a:ae:bb:8c:85:2b:87:1c:3e:33:da:5d:58:1d:39:31:5e:
         90:31:04:3d:6e:a1:ae:f4:dc:7d:2d:ec:8d:b3:c6:73:62:e1:
         cc:06:1d:c2:51:86:78:e1:59:f8:81:86:f5:b8:a4:8f:3e:67:
         ad:1e:71:b9:86:5b:d8:d1:67:19:d5:11:9d:ba:c1:c6:66:ac:
         d8:f0:18:5f:4e:be:27:c5:95:90:3f:62:72:04:33:db:58:e7:
         27:fe:7f:71:97:99:a1:78:be:be:2a:b7:0c:c6:e7:a6:6a:60:
         fc:1e:16:eb:8f:7f:be:07:09:cd:bc:c8:ca:19:6d:13:67:54:
         23:f8:0b:5c:0d:ba:b4:56:f7:be:ae:77:30:21:ef:cc:7e:97:
         8a:79:ae:f6:1a:d3:3d:c3:0e:43:38:4b:b2:15:a3:97:22:ee:
         a6:a7:af:2d:23:be:41:a5:95:62:b8:57:64:55:67:55:3c:96:
         ac:e1:00:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF4b47oWTKyi5+uiA88cXn/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwODIyMDQ1NDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDRlNjA4NmEwMTkyMjcyMmNkNWQyODc3YjYzMjYxNmM1NTUxNmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3MDHR0qgDMuHpN1Xx6Bp8T01/a3j
ZJHHsexRDsscs9xDF46lkezbx6vSI6Fx8wWB5k+1XvG4hi74dQXIdQpiIMIZV+O9
K2x9v1p0KPHjy7SXYkCnRpjLSmBTRM/VAd+ZWKlAavW+hisHwINaPzERBvgDJzrB
kdi5/NcmPz71pU6UACu05ZK7UzpJ8OPI05iRdarq2+ECxEbdyZF6XTAqy91lTb10
lcrji1lV9m3ZbUiLXkB6deewpuCQr++xtAFxrSQ20oYTACjcJD2kA5m3060zqxZ0
FiAIwvrf2UCVM/+SiJU0HSU/ZD5eX6l+ckVl6rpxBHx+NupkwY3ALgTGHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJBOYIagGSJyLNXSh3tjJhbFVRbeMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEva0U1Z2hxQVpJbklzMWRLSGUyTW1Gc1ZWRnQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkWgMA0G
CSqGSIb3DQEBCwUAA4IBAQBISEjfL09eBbvMQczruvaPzsASu3N8joW0nOftTCv8
IlcQzfzNh3kuPUVu18TFrr5EynsuHnVpcLdOST19Px1sZK9GTavPetqtOq67jIUr
hxw+M9pdWB05MV6QMQQ9bqGu9Nx9LeyNs8ZzYuHMBh3CUYZ44Vn4gYb1uKSPPmet
HnG5hlvY0WcZ1RGdusHGZqzY8BhfTr4nxZWQP2JyBDPbWOcn/n9xl5mheL6+KrcM
xuemamD8Hhbrj3++BwnNvMjKGW0TZ1Qj+AtcDbq0Vve+rncwIe/MfpeKea72GtM9
ww5DOEuyFaOXIu6mp68tI75BpZViuFdkVWdVPJas4QDI
-----END CERTIFICATE-----