Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/a41edb-9df5-40f9-9ece-b59198b9155d/1/IIH9OLfekzQZrvpQZHYHXgoX-o4.roa
File:                     IIH9OLfekzQZrvpQZHYHXgoX-o4.roa (raw, json)
Hash identifier:          FPRxTtflmNODUImpUheRLEGwOFjWRapvJziynLOAlSo=
Subject key identifier:   20:81:FD:38:B7:DE:93:34:19:AE:FA:50:64:76:07:5E:0A:17:FA:8E
Certificate issuer:       /CN=dd188ec2e49ac94585245b4b8745a1bb7a1cdc66
Certificate serial:       018CC348DD379BF11D56AD68C467FC7461EE
Authority key identifier: DD:18:8E:C2:E4:9A:C9:45:85:24:5B:4B:87:45:A1:BB:7A:1C:DC:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3RiOwuSayUWFJFtLh0Whu3oc3GY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/a41edb-9df5-40f9-9ece-b59198b9155d/1/IIH9OLfekzQZrvpQZHYHXgoX-o4.roa
Signing time:             Mon 01 Jan 2024 04:29:41 +0000
ROA not before:           Mon 01 Jan 2024 04:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205342
IP address blocks:        91.240.245.0/24 maxlen: 24
                          2a12:db40::/29 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/a41edb-9df5-40f9-9ece-b59198b9155d/1/3RiOwuSayUWFJFtLh0Whu3oc3GY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/a41edb-9df5-40f9-9ece-b59198b9155d/1/3RiOwuSayUWFJFtLh0Whu3oc3GY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3RiOwuSayUWFJFtLh0Whu3oc3GY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:dd:37:9b:f1:1d:56:ad:68:c4:67:fc:74:61:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd188ec2e49ac94585245b4b8745a1bb7a1cdc66
        Validity
            Not Before: Jan  1 04:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2081fd38b7de933419aefa506476075e0a17fa8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:c4:3b:56:23:c0:ba:57:0b:10:57:99:cf:13:
                    ab:95:8c:49:9c:67:a7:24:5a:d4:9b:06:ee:71:96:
                    79:4f:2c:b3:df:7a:aa:eb:cb:13:fa:4e:82:e0:2e:
                    f4:65:c3:88:51:2e:7d:96:01:04:df:ff:de:be:7f:
                    e1:ab:a9:a2:a0:d1:8e:18:99:b6:d4:26:17:bd:18:
                    09:22:37:32:bd:98:fa:14:99:8d:57:91:8c:61:3a:
                    4d:5e:fd:c0:ba:6a:05:18:6d:93:85:58:b0:3f:3a:
                    f3:b4:34:cc:a2:1b:de:ea:05:be:d0:e4:7e:31:17:
                    bb:e3:08:9c:1f:3d:9a:22:95:2e:49:26:e0:6e:c1:
                    89:01:0c:98:b9:97:81:4e:40:b1:88:4a:9c:f2:01:
                    d0:21:16:bf:11:4f:a3:d0:57:2b:8c:8d:fe:97:11:
                    82:8d:66:e5:7f:09:e4:bc:75:c7:65:3a:49:b8:93:
                    c9:64:b9:d1:0b:33:1b:32:d8:16:d0:f1:5c:98:cf:
                    2a:88:a0:bd:0a:11:f1:81:85:55:e7:6b:85:bb:85:
                    58:c7:32:79:f6:3e:7f:c7:b2:c2:0e:be:aa:96:27:
                    84:be:89:b8:c6:80:e8:26:e2:ef:b9:1d:8d:43:c9:
                    7d:85:bd:15:3f:69:35:13:a6:9d:78:d0:dc:43:be:
                    d1:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:81:FD:38:B7:DE:93:34:19:AE:FA:50:64:76:07:5E:0A:17:FA:8E
            X509v3 Authority Key Identifier:
                keyid:DD:18:8E:C2:E4:9A:C9:45:85:24:5B:4B:87:45:A1:BB:7A:1C:DC:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3RiOwuSayUWFJFtLh0Whu3oc3GY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/a41edb-9df5-40f9-9ece-b59198b9155d/1/IIH9OLfekzQZrvpQZHYHXgoX-o4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/a41edb-9df5-40f9-9ece-b59198b9155d/1/3RiOwuSayUWFJFtLh0Whu3oc3GY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.245.0/24
                IPv6:
                  2a12:db40::/29

    Signature Algorithm: sha256WithRSAEncryption
         12:9a:7d:6f:81:fd:76:ff:5b:ad:a4:cb:40:97:39:71:41:ab:
         7e:fa:f5:de:d4:bb:a8:05:fb:19:b5:73:b3:ec:ba:14:eb:28:
         bf:48:cd:ec:cb:77:78:a9:11:78:3c:04:a3:f8:ad:da:70:d6:
         46:5b:a4:7d:f7:26:97:1c:61:e8:5e:25:c1:47:e0:f7:55:ea:
         48:be:29:f9:6f:51:0d:88:29:92:6a:e4:0c:23:e1:a2:f5:e4:
         34:e8:89:25:c9:1b:64:3f:c4:7c:2d:ae:55:7f:da:c6:08:88:
         d5:f7:d8:4f:db:b7:ae:bb:c7:c0:8a:69:83:71:37:5b:8a:16:
         8e:86:58:a0:97:f9:7b:74:d2:84:97:9d:2a:f4:13:6d:06:52:
         48:7a:5e:c6:15:64:79:b8:cc:c2:ba:28:5c:d2:31:74:ac:9b:
         4b:e0:1f:2e:ef:92:ca:89:b2:3f:c5:72:df:bd:b0:e3:8d:31:
         aa:52:53:2c:2c:56:f8:a3:5c:16:ff:2c:82:9f:41:a9:a1:f8:
         21:c1:d0:6a:61:40:6a:d8:4c:4e:41:46:5b:84:d4:e8:32:dc:
         98:25:7d:45:8a:85:0e:f6:ce:dc:d4:7d:df:39:c9:a2:2b:2f:
         a0:69:b6:61:0d:58:1d:60:6f:01:62:2c:58:14:c0:0e:f6:6c:
         88:fd:b0:5e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSN03m/EdVq1oxGf8dGHuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMTg4ZWMyZTQ5YWM5NDU4NTI0NWI0Yjg3NDVhMWJiN2Ex
Y2RjNjYwHhcNMjQwMTAxMDQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDgxZmQzOGI3ZGU5MzM0MTlhZWZhNTA2NDc2MDc1ZTBhMTdmYThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0cQ7ViPAulcLEFeZzxOrlYxJnGen
JFrUmwbucZZ5Tyyz33qq68sT+k6C4C70ZcOIUS59lgEE3//evn/hq6mioNGOGJm2
1CYXvRgJIjcyvZj6FJmNV5GMYTpNXv3AumoFGG2ThViwPzrztDTMohve6gW+0OR+
MRe74wicHz2aIpUuSSbgbsGJAQyYuZeBTkCxiEqc8gHQIRa/EU+j0FcrjI3+lxGC
jWblfwnkvHXHZTpJuJPJZLnRCzMbMtgW0PFcmM8qiKC9ChHxgYVV52uFu4VYxzJ5
9j5/x7LCDr6qlieEvom4xoDoJuLvuR2NQ8l9hb0VP2k1E6adeNDcQ77RPwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCCB/Ti33pM0Ga76UGR2B14KF/qOMB8GA1UdIwQY
MBaAFN0YjsLkmslFhSRbS4dFobt6HNxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1JpT3d1U2F5VVdGSkZ0TGgwV2h1M29jM0dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9hNDFlZGItOWRmNS00MGY5LTllY2Ut
YjU5MTk4YjkxNTVkLzEvSUlIOU9MZmVrelFacnZwUVpIWUhYZ29YLW80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9hNDFlZGItOWRmNS00MGY5LTllY2UtYjU5MTk4YjkxNTVk
LzEvM1JpT3d1U2F5VVdGSkZ0TGgwV2h1M29jM0dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW/D1MA0E
AgACMAcDBQMqEttAMA0GCSqGSIb3DQEBCwUAA4IBAQASmn1vgf12/1utpMtAlzlx
Qat++vXe1LuoBfsZtXOz7LoU6yi/SM3sy3d4qRF4PASj+K3acNZGW6R99yaXHGHo
XiXBR+D3VepIvin5b1ENiCmSauQMI+Gi9eQ06IklyRtkP8R8La5Vf9rGCIjV99hP
27euu8fAimmDcTdbihaOhligl/l7dNKEl50q9BNtBlJIel7GFWR5uMzCuihc0jF0
rJtL4B8u75LKibI/xXLfvbDjjTGqUlMsLFb4o1wW/yyCn0GpofghwdBqYUBq2ExO
QUZbhNToMtyYJX1FioUO9s7c1H3fOcmiKy+gabZhDVgdYG8BYixYFMAO9myI/bBe
-----END CERTIFICATE-----