Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/09db8c-6df0-4cee-ae07-a1e24aaf610f/1/jeFMsmbEDsx_uYT4WogeS2CYUUU.roa
File:                     jeFMsmbEDsx_uYT4WogeS2CYUUU.roa (raw, json)
Hash identifier:          LrH0yPNc7m/11fb3F+h6UL8IhNqFjZiQ1WcWLDLcL+8=
Subject key identifier:   8D:E1:4C:B2:66:C4:0E:CC:7F:B9:84:F8:5A:88:1E:4B:60:98:51:45
Certificate issuer:       /CN=887fa37371d7d4593ba290ef45669ea0de293782
Certificate serial:       018CC64A936BA592DC578735553F4820C62A
Authority key identifier: 88:7F:A3:73:71:D7:D4:59:3B:A2:90:EF:45:66:9E:A0:DE:29:37:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iH-jc3HX1Fk7opDvRWaeoN4pN4I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/09db8c-6df0-4cee-ae07-a1e24aaf610f/1/jeFMsmbEDsx_uYT4WogeS2CYUUU.roa
Signing time:             Mon 01 Jan 2024 18:30:25 +0000
ROA not before:           Mon 01 Jan 2024 18:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31027
IP address blocks:        91.231.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/09db8c-6df0-4cee-ae07-a1e24aaf610f/1/iH-jc3HX1Fk7opDvRWaeoN4pN4I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/09db8c-6df0-4cee-ae07-a1e24aaf610f/1/iH-jc3HX1Fk7opDvRWaeoN4pN4I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iH-jc3HX1Fk7opDvRWaeoN4pN4I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:93:6b:a5:92:dc:57:87:35:55:3f:48:20:c6:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=887fa37371d7d4593ba290ef45669ea0de293782
        Validity
            Not Before: Jan  1 18:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8de14cb266c40ecc7fb984f85a881e4b60985145
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:be:e0:9d:be:3b:e0:ba:99:1b:89:8b:8c:e5:
                    fa:c8:6f:b8:08:67:02:71:64:a3:45:93:b5:0e:40:
                    40:93:06:75:c8:75:65:d4:fa:8d:ab:d5:36:f1:90:
                    83:d9:d2:f3:44:6e:d2:0f:ba:13:f1:9c:11:03:6b:
                    ba:80:e8:04:ad:bb:c4:cf:12:27:8c:f9:c6:71:02:
                    a3:17:44:42:a3:f4:eb:e4:2b:ec:cc:45:af:d6:99:
                    e4:59:f8:9f:29:53:8e:9a:78:2f:10:91:48:a1:c1:
                    7a:7b:fc:8a:41:3c:54:cb:51:42:86:11:eb:f1:c1:
                    15:4a:ff:8b:52:b6:28:a1:32:3e:8a:43:3f:31:94:
                    49:0c:d3:64:33:82:42:56:9d:99:74:ba:4a:50:9d:
                    56:a1:46:42:f8:cf:48:72:16:a3:44:85:05:58:4e:
                    cb:93:a1:f5:b9:04:54:a0:13:14:95:20:8f:15:bb:
                    93:bf:64:71:0c:cf:cb:8e:d1:f1:5b:ee:d6:52:c8:
                    6f:06:c9:cf:77:19:1f:3c:65:e3:8c:ec:d2:d7:2a:
                    5e:a3:49:17:3e:6f:f3:ae:8e:f8:14:a7:d0:b0:92:
                    56:eb:1c:21:6f:3f:0f:1b:9a:23:1e:1c:fc:a5:5f:
                    e2:00:21:72:e6:aa:3c:ce:c2:85:3e:18:69:4b:19:
                    ab:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:E1:4C:B2:66:C4:0E:CC:7F:B9:84:F8:5A:88:1E:4B:60:98:51:45
            X509v3 Authority Key Identifier:
                keyid:88:7F:A3:73:71:D7:D4:59:3B:A2:90:EF:45:66:9E:A0:DE:29:37:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iH-jc3HX1Fk7opDvRWaeoN4pN4I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/09db8c-6df0-4cee-ae07-a1e24aaf610f/1/jeFMsmbEDsx_uYT4WogeS2CYUUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/09db8c-6df0-4cee-ae07-a1e24aaf610f/1/iH-jc3HX1Fk7opDvRWaeoN4pN4I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:9e:b5:9c:11:9f:33:5b:43:d0:81:d2:16:ae:5f:c6:e1:8d:
         8f:29:aa:f4:d0:b4:61:75:77:91:a3:63:45:2f:f7:54:72:7a:
         c0:ae:f7:52:0a:dd:b7:1e:99:32:40:e7:1f:11:c3:0b:70:fa:
         b1:db:fb:8d:07:aa:9e:71:63:a8:8f:3a:88:7f:48:c2:33:b5:
         ff:f8:4e:14:cf:83:66:03:c9:05:da:3c:6f:d8:79:a9:56:7e:
         41:9d:06:a4:bc:f9:60:3a:1b:51:66:a7:82:75:c5:2e:af:c3:
         c2:fd:d9:34:87:1f:ad:dd:69:a6:c6:68:23:d6:a5:85:7c:51:
         b7:11:63:9a:7e:d6:46:65:74:4c:e1:33:ee:50:9d:2d:d2:1b:
         f9:fc:b2:8f:2d:2c:a9:c8:1b:db:31:f0:5d:c9:d3:3d:97:e8:
         eb:8b:ce:7a:89:49:ec:da:37:66:7a:c2:e3:13:54:0f:81:24:
         13:f1:34:1b:e5:14:52:43:6a:12:4d:a0:4b:ee:53:8a:7c:05:
         dd:39:08:50:44:4a:60:11:3b:a5:4c:d2:23:13:9c:93:0e:d4:
         9e:20:4d:0e:31:b2:0e:2c:6d:95:dc:23:0b:31:29:10:49:03:
         05:8b:42:13:eb:f1:f1:36:bf:99:30:3e:f2:a7:6a:f8:fb:7b:
         65:68:12:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSpNrpZLcV4c1VT9IIMYqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4N2ZhMzczNzFkN2Q0NTkzYmEyOTBlZjQ1NjY5ZWEwZGUy
OTM3ODIwHhcNMjQwMTAxMTgzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGUxNGNiMjY2YzQwZWNjN2ZiOTg0Zjg1YTg4MWU0YjYwOTg1MTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0L7gnb474LqZG4mLjOX6yG+4CGcC
cWSjRZO1DkBAkwZ1yHVl1PqNq9U28ZCD2dLzRG7SD7oT8ZwRA2u6gOgErbvEzxIn
jPnGcQKjF0RCo/Tr5CvszEWv1pnkWfifKVOOmngvEJFIocF6e/yKQTxUy1FChhHr
8cEVSv+LUrYooTI+ikM/MZRJDNNkM4JCVp2ZdLpKUJ1WoUZC+M9IchajRIUFWE7L
k6H1uQRUoBMUlSCPFbuTv2RxDM/LjtHxW+7WUshvBsnPdxkfPGXjjOzS1ypeo0kX
Pm/zro74FKfQsJJW6xwhbz8PG5ojHhz8pV/iACFy5qo8zsKFPhhpSxmrSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI3hTLJmxA7Mf7mE+FqIHktgmFFFMB8GA1UdIwQY
MBaAFIh/o3Nx19RZO6KQ70VmnqDeKTeCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUgtamMzSFgxRms3b3BEdlJXYWVvTjRwTjRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi8wOWRiOGMtNmRmMC00Y2VlLWFlMDct
YTFlMjRhYWY2MTBmLzEvamVGTXNtYkVEc3hfdVlUNFdvZ2VTMkNZVVVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi8wOWRiOGMtNmRmMC00Y2VlLWFlMDctYTFlMjRhYWY2MTBm
LzEvaUgtamMzSFgxRms3b3BEdlJXYWVvTjRwTjRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+eTMA0G
CSqGSIb3DQEBCwUAA4IBAQCLnrWcEZ8zW0PQgdIWrl/G4Y2PKar00LRhdXeRo2NF
L/dUcnrArvdSCt23HpkyQOcfEcMLcPqx2/uNB6qecWOojzqIf0jCM7X/+E4Uz4Nm
A8kF2jxv2HmpVn5BnQakvPlgOhtRZqeCdcUur8PC/dk0hx+t3Wmmxmgj1qWFfFG3
EWOaftZGZXRM4TPuUJ0t0hv5/LKPLSypyBvbMfBdydM9l+jri856iUns2jdmesLj
E1QPgSQT8TQb5RRSQ2oSTaBL7lOKfAXdOQhQREpgETulTNIjE5yTDtSeIE0OMbIO
LG2V3CMLMSkQSQMFi0IT6/HxNr+ZMD7yp2r4+3tlaBLy
-----END CERTIFICATE-----