Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/943426-a5ee-47e9-ad82-78f92eb1b62f/1/RHqeusVkQcL8n2W8ixy7iL7flsk.roa
File:                     RHqeusVkQcL8n2W8ixy7iL7flsk.roa (raw, json)
Hash identifier:          Zfl+eOKzATcfqBYX7tvkxtlnfkYkpyTt3/PJViN2G/E=
Subject key identifier:   44:7A:9E:BA:C5:64:41:C2:FC:9F:65:BC:8B:1C:BB:88:BE:DF:96:C9
Certificate issuer:       /CN=9a5fd366fe76e99986f7680dfccf3dcb94d6de14
Certificate serial:       018F81ADCAED15712100E0C4C21120295DC3
Authority key identifier: 9A:5F:D3:66:FE:76:E9:99:86:F7:68:0D:FC:CF:3D:CB:94:D6:DE:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ml_TZv526ZmG92gN_M89y5TW3hQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/943426-a5ee-47e9-ad82-78f92eb1b62f/1/RHqeusVkQcL8n2W8ixy7iL7flsk.roa
Signing time:             Thu 16 May 2024 13:53:21 +0000
ROA not before:           Thu 16 May 2024 13:53:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     394540
IP address blocks:        91.205.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/943426-a5ee-47e9-ad82-78f92eb1b62f/1/ml_TZv526ZmG92gN_M89y5TW3hQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/943426-a5ee-47e9-ad82-78f92eb1b62f/1/ml_TZv526ZmG92gN_M89y5TW3hQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ml_TZv526ZmG92gN_M89y5TW3hQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:81:ad:ca:ed:15:71:21:00:e0:c4:c2:11:20:29:5d:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a5fd366fe76e99986f7680dfccf3dcb94d6de14
        Validity
            Not Before: May 16 13:53:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=447a9ebac56441c2fc9f65bc8b1cbb88bedf96c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:cc:ea:cf:b7:51:8d:06:a8:64:4c:31:00:02:
                    50:4f:f3:86:18:de:e8:24:63:ce:d0:1b:d8:29:c7:
                    27:66:d8:78:7e:c8:8a:00:e1:ee:1d:99:65:f3:52:
                    9a:82:b1:c7:21:e7:6c:9c:63:1e:73:22:e1:34:a3:
                    e8:c5:8e:85:b8:19:3a:c1:3d:67:4b:b3:cd:1a:e1:
                    be:d5:ac:82:71:71:d2:28:3d:1b:a3:1b:c3:50:74:
                    a5:a7:7a:27:2d:a1:d7:7d:13:b3:7f:69:06:e8:c7:
                    cf:6e:86:d5:ed:22:3f:d4:e5:a9:f7:6c:c7:41:bc:
                    c0:74:1a:c1:97:ff:69:ac:d2:a8:fc:e2:10:a9:c1:
                    ec:42:76:0a:cd:8a:cb:e8:2f:50:24:a5:83:af:06:
                    4b:51:48:ad:4c:26:47:bf:95:df:fc:ca:7d:7f:08:
                    08:c4:b8:64:d5:fb:1f:3a:52:91:54:16:d0:b7:7b:
                    87:ed:c4:33:be:34:f4:8a:a9:cc:09:ea:b1:35:b3:
                    a6:c3:5f:c7:c6:9b:ae:cd:de:7b:fd:c4:b8:21:5d:
                    19:a0:2a:79:78:dd:8b:f6:e2:d7:3e:5e:1c:99:8b:
                    2b:4c:57:84:7e:04:9b:e1:9c:ba:fa:d3:c4:29:36:
                    5f:8b:4a:92:10:c8:af:50:fd:27:78:3b:06:25:65:
                    b5:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:7A:9E:BA:C5:64:41:C2:FC:9F:65:BC:8B:1C:BB:88:BE:DF:96:C9
            X509v3 Authority Key Identifier:
                keyid:9A:5F:D3:66:FE:76:E9:99:86:F7:68:0D:FC:CF:3D:CB:94:D6:DE:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ml_TZv526ZmG92gN_M89y5TW3hQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/943426-a5ee-47e9-ad82-78f92eb1b62f/1/RHqeusVkQcL8n2W8ixy7iL7flsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/943426-a5ee-47e9-ad82-78f92eb1b62f/1/ml_TZv526ZmG92gN_M89y5TW3hQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:fd:96:b2:4b:bf:5e:36:0d:26:42:c8:6f:e7:03:65:ca:14:
         29:01:bd:c6:0c:d5:10:e2:2f:41:db:05:20:ad:89:47:d4:25:
         37:2a:fa:42:dc:fe:f9:ed:87:64:fb:24:2b:8e:98:c0:97:31:
         45:01:58:8d:69:f7:44:0f:cc:84:56:0c:9a:07:13:db:f3:9f:
         0a:96:24:be:e2:4d:ae:68:4e:74:d4:1d:2e:fd:12:8f:ff:8f:
         b5:41:85:ff:7d:7f:c3:27:9e:52:81:4f:17:93:7c:66:ba:ff:
         e8:e9:4c:a6:e4:d3:f2:4e:aa:7f:c0:b2:5f:0e:3c:85:32:ce:
         6f:29:2d:d3:ff:d1:27:7b:2f:fe:a9:77:cc:62:ad:db:c7:26:
         c4:aa:c8:5c:d8:e0:a0:b5:89:88:7c:68:11:61:b4:52:02:00:
         2f:3a:ee:7c:24:e7:69:cd:3c:14:db:e1:36:d8:76:3a:24:af:
         36:4b:fe:f8:7f:2b:60:92:fc:70:05:60:12:5d:f3:b8:25:7f:
         48:8b:ba:1d:8e:a5:f3:02:82:b2:67:63:b9:81:db:1d:82:fe:
         7c:53:7f:11:9c:36:02:db:fe:e4:49:7c:6f:55:73:5a:de:ec:
         a3:c8:9c:e3:dc:61:a2:76:d0:41:ff:68:59:b9:fe:77:07:7d:
         ae:a8:a3:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+BrcrtFXEhAODEwhEgKV3DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNWZkMzY2ZmU3NmU5OTk4NmY3NjgwZGZjY2YzZGNiOTRk
NmRlMTQwHhcNMjQwNTE2MTM1MzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDdhOWViYWM1NjQ0MWMyZmM5ZjY1YmM4YjFjYmI4OGJlZGY5NmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8zqz7dRjQaoZEwxAAJQT/OGGN7o
JGPO0BvYKccnZth4fsiKAOHuHZll81KagrHHIedsnGMecyLhNKPoxY6FuBk6wT1n
S7PNGuG+1ayCcXHSKD0boxvDUHSlp3onLaHXfROzf2kG6MfPbobV7SI/1OWp92zH
QbzAdBrBl/9prNKo/OIQqcHsQnYKzYrL6C9QJKWDrwZLUUitTCZHv5Xf/Mp9fwgI
xLhk1fsfOlKRVBbQt3uH7cQzvjT0iqnMCeqxNbOmw1/Hxpuuzd57/cS4IV0ZoCp5
eN2L9uLXPl4cmYsrTFeEfgSb4Zy6+tPEKTZfi0qSEMivUP0neDsGJWW1EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFER6nrrFZEHC/J9lvIscu4i+35bJMB8GA1UdIwQY
MBaAFJpf02b+dumZhvdoDfzPPcuU1t4UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWxfVFp2NTI2Wm1HOTJnTl9NODl5NVRXM2hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy85NDM0MjYtYTVlZS00N2U5LWFkODIt
NzhmOTJlYjFiNjJmLzEvUkhxZXVzVmtRY0w4bjJXOGl4eTdpTDdmbHNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy85NDM0MjYtYTVlZS00N2U5LWFkODItNzhmOTJlYjFiNjJm
LzEvbWxfVFp2NTI2Wm1HOTJnTl9NODl5NVRXM2hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW81wMA0G
CSqGSIb3DQEBCwUAA4IBAQAR/ZayS79eNg0mQshv5wNlyhQpAb3GDNUQ4i9B2wUg
rYlH1CU3KvpC3P757Ydk+yQrjpjAlzFFAViNafdED8yEVgyaBxPb858KliS+4k2u
aE501B0u/RKP/4+1QYX/fX/DJ55SgU8Xk3xmuv/o6Uym5NPyTqp/wLJfDjyFMs5v
KS3T/9Eney/+qXfMYq3bxybEqshc2OCgtYmIfGgRYbRSAgAvOu58JOdpzTwU2+E2
2HY6JK82S/74fytgkvxwBWASXfO4JX9Ii7odjqXzAoKyZ2O5gdsdgv58U38RnDYC
2/7kSXxvVXNa3uyjyJzj3GGidtBB/2hZuf53B32uqKMW
-----END CERTIFICATE-----