Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/aa9d4e-1226-40e7-a9c1-469d3a51d47d/1/BchWUQYlasianl7it3pUaDsDp5s.roa
File:                     BchWUQYlasianl7it3pUaDsDp5s.roa (raw, json)
Hash identifier:          ojh1KBPpVGiiPefZ+3s7ecODRItv/NQ962XYYRgKrLo=
Subject key identifier:   05:C8:56:51:06:25:6A:C8:9A:9E:5E:E2:B7:7A:54:68:3B:03:A7:9B
Certificate issuer:       /CN=d47e62cbf5fef3377f9e7cd58558f44e2eea9bce
Certificate serial:       018D88FA1DD8EB2E77D2140513B2132EB2EA
Authority key identifier: D4:7E:62:CB:F5:FE:F3:37:7F:9E:7C:D5:85:58:F4:4E:2E:EA:9B:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1H5iy_X-8zd_nnzVhVj0Ti7qm84.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/aa9d4e-1226-40e7-a9c1-469d3a51d47d/1/BchWUQYlasianl7it3pUaDsDp5s.roa
Signing time:             Thu 08 Feb 2024 13:48:29 +0000
ROA not before:           Thu 08 Feb 2024 13:48:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49556
IP address blocks:        91.207.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/aa9d4e-1226-40e7-a9c1-469d3a51d47d/1/1H5iy_X-8zd_nnzVhVj0Ti7qm84.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/aa9d4e-1226-40e7-a9c1-469d3a51d47d/1/1H5iy_X-8zd_nnzVhVj0Ti7qm84.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1H5iy_X-8zd_nnzVhVj0Ti7qm84.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:88:fa:1d:d8:eb:2e:77:d2:14:05:13:b2:13:2e:b2:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d47e62cbf5fef3377f9e7cd58558f44e2eea9bce
        Validity
            Not Before: Feb  8 13:48:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05c8565106256ac89a9e5ee2b77a54683b03a79b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:89:09:13:a2:b7:f1:6c:47:55:b9:24:47:d2:
                    5c:97:e3:5b:eb:a0:ed:91:75:65:53:6c:bd:2a:19:
                    d2:b2:28:db:33:28:59:26:86:c8:42:a1:24:68:09:
                    22:86:de:48:2a:6b:bb:43:d7:64:6d:cf:52:93:8b:
                    28:05:30:99:d8:97:c3:d7:51:e6:cc:a6:0a:0a:4d:
                    ff:f1:62:27:b1:6b:4e:d8:12:93:80:bb:67:2c:c6:
                    4b:86:38:b0:15:a2:28:ef:8b:17:a5:61:fd:14:86:
                    3c:66:93:71:61:1b:fb:fe:bb:3c:70:1d:e7:ea:21:
                    63:fd:d6:a3:e4:15:0a:47:b6:f9:7f:9b:34:10:d9:
                    f8:99:94:3b:10:f2:d7:9e:5c:14:e2:da:8a:8f:eb:
                    f3:f1:0a:bc:75:b0:1e:69:69:4f:72:1b:60:98:fc:
                    01:b7:60:81:94:77:b0:2f:e6:dc:64:58:95:0c:2a:
                    31:4f:7d:41:1d:9d:37:34:1a:ed:35:f8:3f:51:5a:
                    6d:b6:68:dd:c7:95:02:96:1f:40:f2:6e:4e:ff:cf:
                    2d:fd:e2:fe:6d:fb:54:0c:11:26:e8:c1:59:70:58:
                    74:a0:ca:34:35:e5:28:19:88:cc:45:ec:1c:be:ba:
                    a1:3a:06:6d:1e:33:a2:6b:ff:de:cb:e0:4a:dd:17:
                    00:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:C8:56:51:06:25:6A:C8:9A:9E:5E:E2:B7:7A:54:68:3B:03:A7:9B
            X509v3 Authority Key Identifier:
                keyid:D4:7E:62:CB:F5:FE:F3:37:7F:9E:7C:D5:85:58:F4:4E:2E:EA:9B:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1H5iy_X-8zd_nnzVhVj0Ti7qm84.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/aa9d4e-1226-40e7-a9c1-469d3a51d47d/1/BchWUQYlasianl7it3pUaDsDp5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/aa9d4e-1226-40e7-a9c1-469d3a51d47d/1/1H5iy_X-8zd_nnzVhVj0Ti7qm84.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:c3:5a:68:5c:50:7a:d9:db:22:e1:93:07:21:04:44:3e:a2:
         8c:23:5a:94:1f:ff:5d:ee:1b:fe:9d:cb:2b:c0:f2:90:90:a8:
         72:54:27:4d:2e:dc:af:53:32:74:cf:10:79:7b:03:f4:98:31:
         a2:c3:64:98:04:5f:1f:35:c7:5f:05:c8:54:dc:0f:2e:15:3f:
         cf:65:b9:02:a9:55:ea:5c:0c:80:e5:0e:67:b1:97:3e:07:9a:
         b0:20:1b:cb:ea:36:f0:44:24:f6:e9:e0:55:84:d9:8b:8b:61:
         16:08:d9:1c:e1:f3:c3:0b:02:8f:fa:d6:dd:5e:cb:cf:90:be:
         4a:1f:e5:e6:28:47:cc:49:37:02:96:1b:20:e3:6f:2e:76:ca:
         5d:eb:2d:fa:d1:12:7e:4f:02:0c:d0:9f:2c:88:83:06:9b:a3:
         ce:a9:49:ab:f4:3e:ee:6c:89:8c:19:ae:9d:19:e3:1a:c2:b0:
         29:19:ac:06:b2:33:ac:f1:82:34:12:c9:84:93:7f:98:27:23:
         13:be:ae:77:f6:8f:75:98:d2:5e:54:e6:cf:d1:a0:58:67:1d:
         b1:9f:60:f2:eb:c4:8e:14:70:bd:c9:3c:0c:7a:68:f8:5a:36:
         5e:05:89:2d:89:0d:91:f3:cc:be:04:a6:ed:de:8e:ba:22:d2:
         c0:dc:07:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2I+h3Y6y530hQFE7ITLrLqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0N2U2MmNiZjVmZWYzMzc3ZjllN2NkNTg1NThmNDRlMmVl
YTliY2UwHhcNMjQwMjA4MTM0ODI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWM4NTY1MTA2MjU2YWM4OWE5ZTVlZTJiNzdhNTQ2ODNiMDNhNzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj4kJE6K38WxHVbkkR9Jcl+Nb66Dt
kXVlU2y9KhnSsijbMyhZJobIQqEkaAkiht5IKmu7Q9dkbc9Sk4soBTCZ2JfD11Hm
zKYKCk3/8WInsWtO2BKTgLtnLMZLhjiwFaIo74sXpWH9FIY8ZpNxYRv7/rs8cB3n
6iFj/daj5BUKR7b5f5s0ENn4mZQ7EPLXnlwU4tqKj+vz8Qq8dbAeaWlPchtgmPwB
t2CBlHewL+bcZFiVDCoxT31BHZ03NBrtNfg/UVpttmjdx5UClh9A8m5O/88t/eL+
bftUDBEm6MFZcFh0oMo0NeUoGYjMRewcvrqhOgZtHjOia//ey+BK3RcARwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAXIVlEGJWrImp5e4rd6VGg7A6ebMB8GA1UdIwQY
MBaAFNR+Ysv1/vM3f5581YVY9E4u6pvOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUg1aXlfWC04emRfbm56VmhWajBUaTdxbTg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9hYTlkNGUtMTIyNi00MGU3LWE5YzEt
NDY5ZDNhNTFkNDdkLzEvQmNoV1VRWWxhc2lhbmw3aXQzcFVhRHNEcDVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9hYTlkNGUtMTIyNi00MGU3LWE5YzEtNDY5ZDNhNTFkNDdk
LzEvMUg1aXlfWC04emRfbm56VmhWajBUaTdxbTg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW88SMA0G
CSqGSIb3DQEBCwUAA4IBAQCsw1poXFB62dsi4ZMHIQREPqKMI1qUH/9d7hv+ncsr
wPKQkKhyVCdNLtyvUzJ0zxB5ewP0mDGiw2SYBF8fNcdfBchU3A8uFT/PZbkCqVXq
XAyA5Q5nsZc+B5qwIBvL6jbwRCT26eBVhNmLi2EWCNkc4fPDCwKP+tbdXsvPkL5K
H+XmKEfMSTcClhsg428udspd6y360RJ+TwIM0J8siIMGm6POqUmr9D7ubImMGa6d
GeMawrApGawGsjOs8YI0EsmEk3+YJyMTvq539o91mNJeVObP0aBYZx2xn2Dy68SO
FHC9yTwMemj4WjZeBYktiQ2R88y+BKbt3o66ItLA3Ad9
-----END CERTIFICATE-----