Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/a70a84-d223-4dfd-9feb-18e64441d01e/1/yE4ZMAPDd6ZFSB7ftGW5skBXSys.roa
File:                     yE4ZMAPDd6ZFSB7ftGW5skBXSys.roa (raw, json)
Hash identifier:          KwCEQf/jK80io8HP5Y/OMmJNNsQbhjELIxTykDbmkDQ=
Subject key identifier:   C8:4E:19:30:03:C3:77:A6:45:48:1E:DF:B4:65:B9:B2:40:57:4B:2B
Certificate issuer:       /CN=845beedf438a9aa961c34326437c29c4dd0cc4bc
Certificate serial:       018CC26D29EBF4A5D2CFE149A64A0D5572DE
Authority key identifier: 84:5B:EE:DF:43:8A:9A:A9:61:C3:43:26:43:7C:29:C4:DD:0C:C4:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hFvu30OKmqlhw0MmQ3wpxN0MxLw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/a70a84-d223-4dfd-9feb-18e64441d01e/1/yE4ZMAPDd6ZFSB7ftGW5skBXSys.roa
Signing time:             Mon 01 Jan 2024 00:29:43 +0000
ROA not before:           Mon 01 Jan 2024 00:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42926
IP address blocks:        91.198.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/a70a84-d223-4dfd-9feb-18e64441d01e/1/hFvu30OKmqlhw0MmQ3wpxN0MxLw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/a70a84-d223-4dfd-9feb-18e64441d01e/1/hFvu30OKmqlhw0MmQ3wpxN0MxLw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hFvu30OKmqlhw0MmQ3wpxN0MxLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 01:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:29:eb:f4:a5:d2:cf:e1:49:a6:4a:0d:55:72:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=845beedf438a9aa961c34326437c29c4dd0cc4bc
        Validity
            Not Before: Jan  1 00:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c84e193003c377a645481edfb465b9b240574b2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:37:97:9d:36:ba:28:12:78:58:48:c9:d8:27:
                    e9:80:d6:cc:58:33:42:78:d1:8c:82:c4:ed:67:80:
                    54:11:47:86:e2:51:c0:6a:6a:91:03:c8:1a:6c:1a:
                    c1:a4:98:57:ee:53:f1:71:fc:3e:1d:65:4b:9d:74:
                    44:b8:c0:4e:a3:69:f5:5c:62:dd:f5:d2:73:2d:16:
                    35:8d:c7:68:ed:b3:80:e2:d9:e6:ec:05:ae:66:3a:
                    3a:3e:d3:56:75:c3:9b:73:87:24:6e:c8:b3:2a:ff:
                    69:67:fd:b1:34:4a:e4:bb:66:50:b4:7a:6f:45:2a:
                    8c:39:37:fb:6a:96:09:1f:25:1d:ad:ff:12:73:5f:
                    26:0c:10:94:a3:92:da:38:49:24:95:c4:50:ca:aa:
                    34:81:09:1c:d7:95:c0:2d:f2:d1:70:b7:79:e5:6e:
                    08:59:65:cd:58:93:d2:8f:96:71:82:f6:7b:67:11:
                    d5:5f:4f:00:93:90:19:75:13:bf:0a:ea:fc:45:50:
                    7e:c1:8e:fd:36:28:b2:16:4f:49:f9:ed:52:fb:5c:
                    62:d7:4c:19:60:1b:19:c0:87:99:1e:ce:c5:d1:15:
                    22:80:6e:d3:bd:95:70:49:b3:b7:8a:f6:a6:d7:3a:
                    b1:c0:57:85:c0:65:3e:6a:fc:5b:30:e6:78:78:8c:
                    73:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:4E:19:30:03:C3:77:A6:45:48:1E:DF:B4:65:B9:B2:40:57:4B:2B
            X509v3 Authority Key Identifier:
                keyid:84:5B:EE:DF:43:8A:9A:A9:61:C3:43:26:43:7C:29:C4:DD:0C:C4:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hFvu30OKmqlhw0MmQ3wpxN0MxLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/a70a84-d223-4dfd-9feb-18e64441d01e/1/yE4ZMAPDd6ZFSB7ftGW5skBXSys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/a70a84-d223-4dfd-9feb-18e64441d01e/1/hFvu30OKmqlhw0MmQ3wpxN0MxLw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:80:15:21:54:a1:51:3b:92:73:8d:3e:f0:e0:1e:16:19:13:
         c8:9f:00:41:0f:22:ca:ed:29:06:88:d2:df:b6:ea:f0:e5:8a:
         44:09:03:fc:68:d4:a5:08:16:5b:6d:14:b5:af:3e:72:e9:22:
         46:39:86:ec:13:31:82:b1:48:24:d8:5b:ea:38:7d:a9:d6:f0:
         1f:90:f7:45:9b:d5:2d:ff:a2:5d:9f:f9:6c:7d:51:a1:f9:0f:
         83:95:8d:57:69:3e:71:f8:02:dd:53:00:ad:f1:e6:9d:63:76:
         42:d2:5e:50:e5:c3:fb:7d:a1:6b:02:8a:cb:8a:ab:88:88:2d:
         4b:2d:55:18:9a:cf:cd:27:a9:31:73:d2:0f:ea:94:8b:22:92:
         06:7e:b2:54:39:3f:52:dd:64:43:01:db:49:09:c7:ab:3a:4f:
         fd:bf:e8:0d:8a:10:36:8c:3e:65:b3:6b:f8:17:1c:e5:0b:ff:
         02:6d:64:f6:22:7d:04:7c:5f:59:d9:c1:be:fb:6a:b6:34:4a:
         92:d6:6b:6b:45:4b:d4:2a:e0:d2:c5:8d:fa:30:9b:ea:6e:9f:
         02:96:9e:ad:dc:69:50:d0:9a:18:89:3e:df:81:15:0e:12:9e:
         48:58:33:20:50:54:22:50:73:4e:eb:89:6a:a8:47:73:d0:e0:
         d5:a0:c6:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbSnr9KXSz+FJpkoNVXLeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NWJlZWRmNDM4YTlhYTk2MWMzNDMyNjQzN2MyOWM0ZGQw
Y2M0YmMwHhcNMjQwMTAxMDAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODRlMTkzMDAzYzM3N2E2NDU0ODFlZGZiNDY1YjliMjQwNTc0YjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzeXnTa6KBJ4WEjJ2CfpgNbMWDNC
eNGMgsTtZ4BUEUeG4lHAamqRA8gabBrBpJhX7lPxcfw+HWVLnXREuMBOo2n1XGLd
9dJzLRY1jcdo7bOA4tnm7AWuZjo6PtNWdcObc4ckbsizKv9pZ/2xNErku2ZQtHpv
RSqMOTf7apYJHyUdrf8Sc18mDBCUo5LaOEkklcRQyqo0gQkc15XALfLRcLd55W4I
WWXNWJPSj5ZxgvZ7ZxHVX08Ak5AZdRO/Cur8RVB+wY79NiiyFk9J+e1S+1xi10wZ
YBsZwIeZHs7F0RUigG7TvZVwSbO3ivam1zqxwFeFwGU+avxbMOZ4eIxzmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMhOGTADw3emRUge37RlubJAV0srMB8GA1UdIwQY
MBaAFIRb7t9DipqpYcNDJkN8KcTdDMS8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEZ2dTMwT0ttcWxodzBNbVEzd3B4TjBNeEx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9hNzBhODQtZDIyMy00ZGZkLTlmZWIt
MThlNjQ0NDFkMDFlLzEveUU0Wk1BUERkNlpGU0I3ZnRHVzVza0JYU3lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9hNzBhODQtZDIyMy00ZGZkLTlmZWItMThlNjQ0NDFkMDFl
LzEvaEZ2dTMwT0ttcWxodzBNbVEzd3B4TjBNeEx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8Z8MA0G
CSqGSIb3DQEBCwUAA4IBAQAdgBUhVKFRO5JzjT7w4B4WGRPInwBBDyLK7SkGiNLf
turw5YpECQP8aNSlCBZbbRS1rz5y6SJGOYbsEzGCsUgk2FvqOH2p1vAfkPdFm9Ut
/6Jdn/lsfVGh+Q+DlY1XaT5x+ALdUwCt8eadY3ZC0l5Q5cP7faFrAorLiquIiC1L
LVUYms/NJ6kxc9IP6pSLIpIGfrJUOT9S3WRDAdtJCcerOk/9v+gNihA2jD5ls2v4
FxzlC/8CbWT2In0EfF9Z2cG++2q2NEqS1mtrRUvUKuDSxY36MJvqbp8Clp6t3GlQ
0JoYiT7fgRUOEp5IWDMgUFQiUHNO64lqqEdz0ODVoMY3
-----END CERTIFICATE-----