Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/ecd7fc-3ef7-4326-a4ef-5bc302b4b5fc/1/rheyx7UAVxjLvnZCrSg3QQHLRBA.roa
File:                     rheyx7UAVxjLvnZCrSg3QQHLRBA.roa (raw, json)
Hash identifier:          VUkDh2g+fpU2NA8fssYa68Z1JVDxcZVGaMWsH4ITdN0=
Subject key identifier:   AE:17:B2:C7:B5:00:57:18:CB:BE:76:42:AD:28:37:41:01:CB:44:10
Certificate issuer:       /CN=dcff85bb8a3759523e0cc9f8a91dbdaf474d6b7c
Certificate serial:       018CC4937960CAEDC7E06405413B8A53634E
Authority key identifier: DC:FF:85:BB:8A:37:59:52:3E:0C:C9:F8:A9:1D:BD:AF:47:4D:6B:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3P-Fu4o3WVI-DMn4qR29r0dNa3w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/ecd7fc-3ef7-4326-a4ef-5bc302b4b5fc/1/rheyx7UAVxjLvnZCrSg3QQHLRBA.roa
Signing time:             Mon 01 Jan 2024 10:30:48 +0000
ROA not before:           Mon 01 Jan 2024 10:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34714
IP address blocks:        91.209.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/ecd7fc-3ef7-4326-a4ef-5bc302b4b5fc/1/3P-Fu4o3WVI-DMn4qR29r0dNa3w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/ecd7fc-3ef7-4326-a4ef-5bc302b4b5fc/1/3P-Fu4o3WVI-DMn4qR29r0dNa3w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3P-Fu4o3WVI-DMn4qR29r0dNa3w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:79:60:ca:ed:c7:e0:64:05:41:3b:8a:53:63:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcff85bb8a3759523e0cc9f8a91dbdaf474d6b7c
        Validity
            Not Before: Jan  1 10:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae17b2c7b5005718cbbe7642ad28374101cb4410
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:91:3c:d0:7c:46:e7:11:ff:e1:d6:fa:f7:3f:
                    1e:ee:50:58:bf:94:de:23:b2:dc:6a:e5:10:5b:ec:
                    05:43:de:88:be:a0:37:a9:fe:79:9b:e9:dc:b6:1d:
                    a9:0d:cb:f6:06:50:0d:56:ee:ea:62:b4:67:ef:74:
                    14:f1:d0:8f:12:a9:c6:bf:9c:b3:04:68:ed:90:47:
                    f2:b5:11:b5:e8:cb:bf:e5:b8:42:b9:fe:2f:cc:76:
                    8a:2d:45:2a:fd:0f:a3:99:70:ec:de:23:99:44:f5:
                    9b:9f:12:c1:74:35:12:e6:39:7b:ab:6f:a6:90:4b:
                    b0:32:7e:55:7a:75:06:81:48:40:66:23:d4:cb:a2:
                    83:1c:1d:11:9d:dc:8c:f1:58:43:be:cd:a0:8c:13:
                    2b:77:05:65:b9:23:f4:bd:0b:00:9f:02:be:57:62:
                    d1:d4:51:42:43:d0:4a:25:6d:61:50:c7:c8:36:85:
                    48:48:27:a7:12:d7:8c:93:5b:8a:5c:07:88:37:39:
                    d6:de:55:66:75:83:09:be:9f:56:1f:d0:bc:e4:d7:
                    8d:67:1a:d5:b1:a7:90:97:21:ac:4a:92:ac:b3:fb:
                    0b:86:1b:2c:05:ef:da:73:da:53:82:6a:75:cf:bc:
                    2c:9d:1b:13:ee:3b:b4:58:9a:dc:83:5d:28:4b:59:
                    7c:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:17:B2:C7:B5:00:57:18:CB:BE:76:42:AD:28:37:41:01:CB:44:10
            X509v3 Authority Key Identifier:
                keyid:DC:FF:85:BB:8A:37:59:52:3E:0C:C9:F8:A9:1D:BD:AF:47:4D:6B:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3P-Fu4o3WVI-DMn4qR29r0dNa3w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/ecd7fc-3ef7-4326-a4ef-5bc302b4b5fc/1/rheyx7UAVxjLvnZCrSg3QQHLRBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/ecd7fc-3ef7-4326-a4ef-5bc302b4b5fc/1/3P-Fu4o3WVI-DMn4qR29r0dNa3w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:87:2f:ca:73:93:76:98:d4:9f:fe:d6:ed:0f:7d:92:66:b3:
         af:79:99:0a:d9:e9:35:9d:12:b7:c4:9a:85:29:df:27:b1:de:
         d2:38:e0:13:e0:77:89:8f:07:08:7e:8a:03:49:d3:9e:d0:ec:
         94:5f:c5:c4:ea:22:78:83:35:40:29:ec:ab:90:af:1f:2d:2a:
         af:e6:f2:e3:84:0f:4c:a4:34:34:6a:be:a0:d5:e9:05:02:84:
         f4:7c:fb:f1:cb:41:4d:0e:2d:cc:3b:f1:d2:61:bc:4f:a7:ad:
         99:73:c4:87:fc:51:8f:7a:4c:c8:e0:8f:3e:44:7d:0c:bc:5e:
         79:67:6b:99:de:34:27:9a:de:77:76:bb:9f:43:28:58:74:17:
         55:3c:82:09:4f:e9:13:78:10:a7:51:b3:a4:da:75:23:77:32:
         00:44:9d:07:3a:f7:a0:f4:36:c2:c7:04:57:b6:61:23:79:fe:
         98:8d:fc:5b:50:f5:f0:a3:cd:6c:16:1e:6a:5d:e3:39:aa:ec:
         96:59:e5:99:a3:54:f1:b9:20:ed:7d:bd:81:86:05:cb:ac:e2:
         47:66:3c:96:97:56:ab:1b:0f:29:b8:8b:c7:b2:93:13:e5:dc:
         a6:f1:26:2e:8f:32:79:88:15:b6:c1:0a:98:74:f5:91:58:54:
         68:c8:d1:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk3lgyu3H4GQFQTuKU2NOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZmY4NWJiOGEzNzU5NTIzZTBjYzlmOGE5MWRiZGFmNDc0
ZDZiN2MwHhcNMjQwMTAxMTAzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTE3YjJjN2I1MDA1NzE4Y2JiZTc2NDJhZDI4Mzc0MTAxY2I0NDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5E80HxG5xH/4db69z8e7lBYv5Te
I7LcauUQW+wFQ96IvqA3qf55m+ncth2pDcv2BlANVu7qYrRn73QU8dCPEqnGv5yz
BGjtkEfytRG16Mu/5bhCuf4vzHaKLUUq/Q+jmXDs3iOZRPWbnxLBdDUS5jl7q2+m
kEuwMn5VenUGgUhAZiPUy6KDHB0RndyM8VhDvs2gjBMrdwVluSP0vQsAnwK+V2LR
1FFCQ9BKJW1hUMfINoVISCenEteMk1uKXAeINznW3lVmdYMJvp9WH9C85NeNZxrV
saeQlyGsSpKss/sLhhssBe/ac9pTgmp1z7wsnRsT7ju0WJrcg10oS1l8fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK4Xsse1AFcYy752Qq0oN0EBy0QQMB8GA1UdIwQY
MBaAFNz/hbuKN1lSPgzJ+Kkdva9HTWt8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1AtRnU0bzNXVkktRE1uNHFSMjlyMGROYTN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9lY2Q3ZmMtM2VmNy00MzI2LWE0ZWYt
NWJjMzAyYjRiNWZjLzEvcmhleXg3VUFWeGpMdm5aQ3JTZzNRUUhMUkJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9lY2Q3ZmMtM2VmNy00MzI2LWE0ZWYtNWJjMzAyYjRiNWZj
LzEvM1AtRnU0bzNXVkktRE1uNHFSMjlyMGROYTN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9GrMA0G
CSqGSIb3DQEBCwUAA4IBAQAThy/Kc5N2mNSf/tbtD32SZrOveZkK2ek1nRK3xJqF
Kd8nsd7SOOAT4HeJjwcIfooDSdOe0OyUX8XE6iJ4gzVAKeyrkK8fLSqv5vLjhA9M
pDQ0ar6g1ekFAoT0fPvxy0FNDi3MO/HSYbxPp62Zc8SH/FGPekzI4I8+RH0MvF55
Z2uZ3jQnmt53drufQyhYdBdVPIIJT+kTeBCnUbOk2nUjdzIARJ0HOveg9DbCxwRX
tmEjef6YjfxbUPXwo81sFh5qXeM5quyWWeWZo1TxuSDtfb2BhgXLrOJHZjyWl1ar
Gw8puIvHspMT5dym8SYujzJ5iBW2wQqYdPWRWFRoyNEU
-----END CERTIFICATE-----