Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/5a4526-89fc-4640-901d-13a58eb9d8f5/1/h0xtwIsG7xYnfwgGCwV1uu0Etq0.roa
File:                     h0xtwIsG7xYnfwgGCwV1uu0Etq0.roa (raw, json)
Hash identifier:          kiYPE9yN0XZvu3iRNLwapLQyEIJ23v2VV02bqQuT4ow=
Subject key identifier:   87:4C:6D:C0:8B:06:EF:16:27:7F:08:06:0B:05:75:BA:ED:04:B6:AD
Certificate issuer:       /CN=6238410338e21e8eab94119d80e41a3958491de6
Certificate serial:       018CC94E0DE1A46E1BC9034487E77AA5BA3D
Authority key identifier: 62:38:41:03:38:E2:1E:8E:AB:94:11:9D:80:E4:1A:39:58:49:1D:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YjhBAzjiHo6rlBGdgOQaOVhJHeY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/5a4526-89fc-4640-901d-13a58eb9d8f5/1/h0xtwIsG7xYnfwgGCwV1uu0Etq0.roa
Signing time:             Tue 02 Jan 2024 08:33:04 +0000
ROA not before:           Tue 02 Jan 2024 08:33:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48419
IP address blocks:        91.209.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/5a4526-89fc-4640-901d-13a58eb9d8f5/1/YjhBAzjiHo6rlBGdgOQaOVhJHeY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/5a4526-89fc-4640-901d-13a58eb9d8f5/1/YjhBAzjiHo6rlBGdgOQaOVhJHeY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YjhBAzjiHo6rlBGdgOQaOVhJHeY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:0d:e1:a4:6e:1b:c9:03:44:87:e7:7a:a5:ba:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6238410338e21e8eab94119d80e41a3958491de6
        Validity
            Not Before: Jan  2 08:33:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=874c6dc08b06ef16277f08060b0575baed04b6ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:57:8c:af:00:8e:ce:7f:3f:50:a3:12:99:94:
                    d4:58:1f:20:69:ce:4b:74:a6:b9:15:ad:89:de:8a:
                    03:65:fa:5e:d3:9f:41:22:33:25:8b:03:19:92:30:
                    7d:9e:f8:5b:53:54:82:ec:b8:ce:c6:96:50:e6:d3:
                    c6:25:61:77:03:13:0e:cd:c5:48:5b:f0:aa:14:b3:
                    8e:be:a4:88:b3:b5:18:8e:21:91:4f:05:47:94:3d:
                    3f:97:c2:e6:4d:65:04:71:40:78:88:2e:51:b8:34:
                    b8:f9:01:f8:60:53:b7:11:03:e4:7f:43:2b:8d:bc:
                    96:74:f9:e1:1c:3e:8a:ee:aa:98:7f:92:e9:a4:bc:
                    9d:da:06:14:3c:36:11:4d:f4:29:bf:c2:a6:e8:48:
                    75:df:6e:88:0c:e3:54:71:4d:61:44:65:c9:7c:4c:
                    e2:bd:d7:8d:79:3e:cc:15:88:22:2c:01:4d:93:e1:
                    ac:a7:c3:ea:af:96:bd:06:23:b4:fe:92:6c:44:10:
                    4a:88:37:32:cd:ce:74:0a:18:37:67:0c:37:68:b7:
                    1a:a1:a1:9a:d8:a2:92:9d:d7:44:4f:71:00:68:a7:
                    d4:c0:2f:51:a2:85:9e:80:00:15:5e:b0:35:98:13:
                    c8:a5:46:0e:df:b3:0f:51:95:bf:66:45:14:bf:eb:
                    7c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:4C:6D:C0:8B:06:EF:16:27:7F:08:06:0B:05:75:BA:ED:04:B6:AD
            X509v3 Authority Key Identifier:
                keyid:62:38:41:03:38:E2:1E:8E:AB:94:11:9D:80:E4:1A:39:58:49:1D:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YjhBAzjiHo6rlBGdgOQaOVhJHeY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/5a4526-89fc-4640-901d-13a58eb9d8f5/1/h0xtwIsG7xYnfwgGCwV1uu0Etq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/5a4526-89fc-4640-901d-13a58eb9d8f5/1/YjhBAzjiHo6rlBGdgOQaOVhJHeY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:6c:9d:2f:1a:58:e0:34:2a:33:64:be:fe:68:48:2e:43:27:
         26:5a:18:5a:ce:49:98:30:1f:71:37:06:10:e1:d6:21:5d:b6:
         87:bf:c7:eb:24:7b:72:5f:37:65:98:ba:23:3f:14:cf:c6:b3:
         e5:f7:cf:4c:9a:a5:25:33:b2:c8:e4:3c:1b:27:fa:fa:74:3d:
         35:06:c0:a2:fa:3b:0d:42:27:92:22:d0:72:61:35:53:53:4a:
         9d:ab:48:08:ce:a7:4f:0a:d5:4a:59:13:ce:3d:dc:8c:3f:5c:
         21:4e:74:55:8b:ff:80:85:76:c8:f8:78:8a:95:5a:c4:cf:b4:
         50:62:c2:ba:0f:50:e9:10:5c:0c:ee:11:e4:35:0a:6f:4f:77:
         b9:d0:ba:80:f2:6f:ea:bf:d2:d6:3a:bf:37:34:1f:5c:d6:15:
         4e:b3:a9:8e:23:a5:c2:7d:7f:0b:7f:b8:cf:f2:97:78:80:0a:
         69:fc:e6:1b:3d:fe:3d:e5:d7:78:bb:da:5d:c5:b8:41:60:7c:
         ff:7f:1c:8b:34:68:b0:37:1c:aa:98:32:20:6e:79:1d:e1:b8:
         b3:6d:b1:96:ea:e8:ea:cb:ff:07:46:fc:9b:46:1f:13:ff:b2:
         68:2e:69:ae:54:8d:58:23:ca:e2:96:68:ff:56:b4:a5:b7:53:
         84:8d:a2:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTg3hpG4byQNEh+d6pbo9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMzg0MTAzMzhlMjFlOGVhYjk0MTE5ZDgwZTQxYTM5NTg0
OTFkZTYwHhcNMjQwMTAyMDgzMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzRjNmRjMDhiMDZlZjE2Mjc3ZjA4MDYwYjA1NzViYWVkMDRiNmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1eMrwCOzn8/UKMSmZTUWB8gac5L
dKa5Fa2J3ooDZfpe059BIjMliwMZkjB9nvhbU1SC7LjOxpZQ5tPGJWF3AxMOzcVI
W/CqFLOOvqSIs7UYjiGRTwVHlD0/l8LmTWUEcUB4iC5RuDS4+QH4YFO3EQPkf0Mr
jbyWdPnhHD6K7qqYf5LppLyd2gYUPDYRTfQpv8Km6Eh1326IDONUcU1hRGXJfEzi
vdeNeT7MFYgiLAFNk+Gsp8Pqr5a9BiO0/pJsRBBKiDcyzc50Chg3Zww3aLcaoaGa
2KKSnddET3EAaKfUwC9RooWegAAVXrA1mBPIpUYO37MPUZW/ZkUUv+t8NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIdMbcCLBu8WJ38IBgsFdbrtBLatMB8GA1UdIwQY
MBaAFGI4QQM44h6Oq5QRnYDkGjlYSR3mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWpoQkF6amlIbzZybEJHZGdPUWFPVmhKSGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS81YTQ1MjYtODlmYy00NjQwLTkwMWQt
MTNhNThlYjlkOGY1LzEvaDB4dHdJc0c3eFluZndnR0N3VjF1dTBFdHEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS81YTQ1MjYtODlmYy00NjQwLTkwMWQtMTNhNThlYjlkOGY1
LzEvWWpoQkF6amlIbzZybEJHZGdPUWFPVmhKSGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9GWMA0G
CSqGSIb3DQEBCwUAA4IBAQBrbJ0vGljgNCozZL7+aEguQycmWhhazkmYMB9xNwYQ
4dYhXbaHv8frJHtyXzdlmLojPxTPxrPl989MmqUlM7LI5DwbJ/r6dD01BsCi+jsN
QieSItByYTVTU0qdq0gIzqdPCtVKWRPOPdyMP1whTnRVi/+AhXbI+HiKlVrEz7RQ
YsK6D1DpEFwM7hHkNQpvT3e50LqA8m/qv9LWOr83NB9c1hVOs6mOI6XCfX8Lf7jP
8pd4gApp/OYbPf495dd4u9pdxbhBYHz/fxyLNGiwNxyqmDIgbnkd4bizbbGW6ujq
y/8HRvybRh8T/7JoLmmuVI1YI8rilmj/VrSlt1OEjaI+
-----END CERTIFICATE-----