Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/IDxG78PQxIN0TCrkzyYuVdJHdBA.roa
File:                     IDxG78PQxIN0TCrkzyYuVdJHdBA.roa (raw, json)
Hash identifier:          fixTjWdDvSCdL00534lofwBIu75Xm36agFhZ9bnIBVk=
Subject key identifier:   20:3C:46:EF:C3:D0:C4:83:74:4C:2A:E4:CF:26:2E:55:D2:47:74:10
Certificate issuer:       /CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Certificate serial:       018CC2DAE304A0333D21886B33CD2940C4C2
Authority key identifier: 40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/IDxG78PQxIN0TCrkzyYuVdJHdBA.roa
Signing time:             Mon 01 Jan 2024 02:29:33 +0000
ROA not before:           Mon 01 Jan 2024 02:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20616
IP address blocks:        195.246.242.0/23 maxlen: 23
                          91.208.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e3:04:a0:33:3d:21:88:6b:33:cd:29:40:c4:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
        Validity
            Not Before: Jan  1 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=203c46efc3d0c483744c2ae4cf262e55d2477410
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f8:d0:9f:fc:ac:80:1f:70:01:ab:6c:88:f5:
                    30:f7:25:c7:ab:22:f5:47:73:f8:3d:1f:43:ec:3f:
                    e8:80:d5:37:a7:64:4f:60:48:80:6f:15:94:11:b5:
                    47:71:b1:74:62:ab:06:7f:b7:51:a9:69:e7:70:51:
                    0d:8d:96:be:99:7d:84:6c:ca:e2:7d:d8:ce:f5:05:
                    c1:f9:71:98:95:a7:fb:dc:f6:bd:82:68:d0:81:2d:
                    c6:00:08:a9:ae:51:ad:2c:89:8a:70:25:36:0a:f1:
                    bf:5a:cc:eb:35:0c:d7:8c:de:33:ed:67:42:23:86:
                    6f:e1:b8:59:4e:e7:a6:74:ca:1e:99:4b:b5:5e:81:
                    15:9c:48:4c:02:b6:06:1f:12:f2:29:2f:0f:40:20:
                    44:6b:fa:8d:e9:c4:e1:ef:19:9d:96:f1:64:0a:2b:
                    f0:50:5f:52:9b:43:51:90:2d:47:d6:92:62:b7:33:
                    31:76:cc:62:01:8a:5d:a0:90:8c:8c:f6:e5:42:fe:
                    f7:57:ff:76:55:61:8b:78:18:8c:1f:f4:e6:0b:48:
                    52:94:80:04:7a:b5:4f:54:af:42:69:01:c1:3c:5a:
                    9d:6e:ba:09:bf:4f:7b:4c:1d:69:7f:97:10:a8:8e:
                    06:7e:59:16:b2:45:86:2a:cb:cc:f6:2f:86:7b:94:
                    31:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:3C:46:EF:C3:D0:C4:83:74:4C:2A:E4:CF:26:2E:55:D2:47:74:10
            X509v3 Authority Key Identifier:
                keyid:40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/IDxG78PQxIN0TCrkzyYuVdJHdBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.142.0/24
                  195.246.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         71:11:35:e9:26:51:f3:d2:2f:32:75:1a:c6:e9:32:23:9d:9b:
         51:7a:68:e1:d5:16:2f:e5:a2:72:60:e1:95:a1:98:5f:c0:11:
         c1:e1:15:d2:eb:7c:3e:1a:37:15:2e:3d:93:29:21:ed:7f:74:
         32:46:d8:a8:f6:f3:23:18:3c:cc:0c:65:d5:ed:53:5a:32:8b:
         0a:03:e4:4e:64:cf:8b:69:5f:cc:d7:da:b4:6d:59:a0:1a:ae:
         84:af:aa:5a:a0:48:84:15:71:7e:0f:c1:a8:22:02:7a:96:bc:
         c8:30:8d:ed:24:42:73:40:b3:bb:be:47:fa:36:67:5a:45:9e:
         12:b1:87:06:ca:13:a9:8e:4a:1b:d1:ec:80:0e:45:b0:87:2b:
         ac:1e:4f:da:c1:f3:fc:8e:ec:23:95:cc:63:a1:16:e4:2a:e2:
         b8:2c:95:fb:4b:f6:de:86:43:cd:0c:97:33:7d:76:29:74:34:
         6e:16:de:43:00:81:9d:a8:82:43:cd:db:b2:52:7b:99:2f:f6:
         c3:9d:04:dd:19:e4:eb:8c:7a:18:35:3e:b7:7d:59:21:d3:28:
         14:f2:68:c5:b4:92:c9:d4:e2:92:e8:d9:cd:21:f6:a3:6a:f0:
         6f:e7:10:e3:86:95:e9:ef:95:30:c4:68:e9:cc:32:18:d2:84:
         2b:ca:90:ce
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2uMEoDM9IYhrM80pQMTCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwOGFmNDg1YjRmZDBmMDM3MTdjZDRhNzA5ZWYxMWM2MWQz
ZWY0NmUwHhcNMjQwMTAxMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDNjNDZlZmMzZDBjNDgzNzQ0YzJhZTRjZjI2MmU1NWQyNDc3NDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/jQn/ysgB9wAatsiPUw9yXHqyL1
R3P4PR9D7D/ogNU3p2RPYEiAbxWUEbVHcbF0YqsGf7dRqWnncFENjZa+mX2EbMri
fdjO9QXB+XGYlaf73Pa9gmjQgS3GAAiprlGtLImKcCU2CvG/WszrNQzXjN4z7WdC
I4Zv4bhZTuemdMoemUu1XoEVnEhMArYGHxLyKS8PQCBEa/qN6cTh7xmdlvFkCivw
UF9Sm0NRkC1H1pJitzMxdsxiAYpdoJCMjPblQv73V/92VWGLeBiMH/TmC0hSlIAE
erVPVK9CaQHBPFqdbroJv097TB1pf5cQqI4GflkWskWGKsvM9i+Ge5QxOwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCA8Ru/D0MSDdEwq5M8mLlXSR3QQMB8GA1UdIwQY
MBaAFECK9IW0/Q8DcXzUpwnvEcYdPvRuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzkt
Yjk1YjA4YTIzYWUxLzEvSUR4Rzc4UFF4SU4wVENya3p5WXVWZEpIZEJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzktYjk1YjA4YTIzYWUx
LzEvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9COAwQB
w/byMA0GCSqGSIb3DQEBCwUAA4IBAQBxETXpJlHz0i8ydRrG6TIjnZtRemjh1RYv
5aJyYOGVoZhfwBHB4RXS63w+GjcVLj2TKSHtf3QyRtio9vMjGDzMDGXV7VNaMosK
A+ROZM+LaV/M19q0bVmgGq6Er6paoEiEFXF+D8GoIgJ6lrzIMI3tJEJzQLO7vkf6
NmdaRZ4SsYcGyhOpjkob0eyADkWwhyusHk/awfP8juwjlcxjoRbkKuK4LJX7S/be
hkPNDJczfXYpdDRuFt5DAIGdqIJDzduyUnuZL/bDnQTdGeTrjHoYNT63fVkh0ygU
8mjFtJLJ1OKS6NnNIfajavBv5xDjhpXp75UwxGjpzDIY0oQrypDO
-----END CERTIFICATE-----