Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/ef7bd3-24b2-4284-97fe-c71db718970e/1/uOEyephpBWhjCJFhXPW41OUjzw8.roa
File:                     uOEyephpBWhjCJFhXPW41OUjzw8.roa (raw, json)
Hash identifier:          lWxoiYao6lXvmtLHd79z+UcBgbho/xVaqOlYxuyQ1wI=
Subject key identifier:   B8:E1:32:7A:98:69:05:68:63:08:91:61:5C:F5:B8:D4:E5:23:CF:0F
Certificate issuer:       /CN=14dc11ed1a9d9ed56bf19da7f217830a8099c429
Certificate serial:       018CC348F8C110D6242340C25880D1EF647A
Authority key identifier: 14:DC:11:ED:1A:9D:9E:D5:6B:F1:9D:A7:F2:17:83:0A:80:99:C4:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FNwR7RqdntVr8Z2n8heDCoCZxCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/ef7bd3-24b2-4284-97fe-c71db718970e/1/uOEyephpBWhjCJFhXPW41OUjzw8.roa
Signing time:             Mon 01 Jan 2024 04:29:48 +0000
ROA not before:           Mon 01 Jan 2024 04:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213202
IP address blocks:        91.196.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/ef7bd3-24b2-4284-97fe-c71db718970e/1/FNwR7RqdntVr8Z2n8heDCoCZxCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/ef7bd3-24b2-4284-97fe-c71db718970e/1/FNwR7RqdntVr8Z2n8heDCoCZxCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FNwR7RqdntVr8Z2n8heDCoCZxCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f8:c1:10:d6:24:23:40:c2:58:80:d1:ef:64:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14dc11ed1a9d9ed56bf19da7f217830a8099c429
        Validity
            Not Before: Jan  1 04:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8e1327a98690568630891615cf5b8d4e523cf0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:72:23:41:dd:1c:e9:71:3d:67:e0:09:1f:3e:
                    07:89:33:3a:40:cd:53:c6:59:39:71:58:0f:bc:0f:
                    60:1a:18:b9:31:23:cb:6d:78:2e:90:cd:e4:6f:78:
                    98:da:f3:ed:dd:87:a3:89:93:c8:66:9c:05:82:0b:
                    c3:30:75:5a:ec:ea:dd:50:fb:21:1d:9a:ca:64:6d:
                    3f:b5:ef:f4:86:5e:6a:4d:c2:46:57:79:9e:b4:08:
                    76:89:d9:18:cb:9c:5f:c8:54:a1:92:42:ea:b8:95:
                    8f:de:cc:f0:ad:17:eb:68:b7:92:28:3c:ba:1c:ab:
                    04:52:37:56:8c:07:df:56:67:cd:54:ed:78:83:bb:
                    4c:9c:e4:ad:2d:9d:54:03:af:b1:63:27:5c:93:3c:
                    6d:23:44:4e:3d:84:cf:0b:25:4d:70:5d:2f:b9:40:
                    66:a4:d9:2d:96:cd:dd:5d:98:de:a3:4b:31:53:97:
                    85:8e:f6:1f:f8:7a:a8:bb:35:be:47:1f:1c:ee:d8:
                    17:f7:d6:3a:d5:39:12:bd:c3:e4:09:bf:d5:4d:bc:
                    2f:3c:bc:33:84:47:91:55:e8:ff:db:3a:d3:7f:75:
                    3c:37:08:e7:70:b4:82:dc:dc:b8:6b:5e:3a:26:e3:
                    c0:09:f0:4d:20:21:42:60:d2:6e:33:5f:9b:34:62:
                    59:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:E1:32:7A:98:69:05:68:63:08:91:61:5C:F5:B8:D4:E5:23:CF:0F
            X509v3 Authority Key Identifier:
                keyid:14:DC:11:ED:1A:9D:9E:D5:6B:F1:9D:A7:F2:17:83:0A:80:99:C4:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FNwR7RqdntVr8Z2n8heDCoCZxCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/ef7bd3-24b2-4284-97fe-c71db718970e/1/uOEyephpBWhjCJFhXPW41OUjzw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/ef7bd3-24b2-4284-97fe-c71db718970e/1/FNwR7RqdntVr8Z2n8heDCoCZxCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:76:a0:3f:04:67:d2:4f:05:dd:0f:76:8f:30:4a:2e:4b:e4:
         71:49:87:80:15:70:02:f4:18:57:81:c2:d9:c2:df:f1:98:f8:
         61:39:df:b1:f8:07:2e:98:5a:07:4e:2f:e3:b9:21:62:ae:73:
         ab:8f:ed:5d:2b:40:50:6a:dc:03:82:38:4d:0d:13:fc:fa:1b:
         16:3e:8d:fb:d8:f7:c7:9d:08:cd:9f:2b:d3:54:31:52:ac:97:
         66:ed:0e:3a:90:41:6f:aa:13:85:70:33:a9:22:ca:5b:c8:2c:
         97:67:7e:5e:89:b1:ea:03:55:0e:88:34:86:1e:0c:ca:4c:5a:
         a4:b4:8b:10:80:ff:97:68:3f:b1:af:88:58:55:0a:61:ce:e0:
         41:15:5a:dc:5b:ff:ce:e1:12:a0:d6:50:e5:08:d8:b4:f4:60:
         1a:d0:47:be:54:07:7b:fe:c6:e8:74:07:5f:a1:17:85:5b:5c:
         18:6f:76:96:74:3e:ae:ba:d6:fb:a4:eb:e5:f0:b5:b3:f0:9b:
         72:e0:72:59:e6:0f:2f:36:e8:06:ff:de:f8:8a:15:cd:03:e0:
         cc:a9:5e:f3:32:d9:53:5f:1e:b5:94:da:71:f6:75:1a:60:de:
         1f:fa:8e:6c:e7:3c:5d:36:7b:46:36:c8:81:99:2c:8d:e1:72:
         c8:4b:60:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSPjBENYkI0DCWIDR72R6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0ZGMxMWVkMWE5ZDllZDU2YmYxOWRhN2YyMTc4MzBhODA5
OWM0MjkwHhcNMjQwMTAxMDQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGUxMzI3YTk4NjkwNTY4NjMwODkxNjE1Y2Y1YjhkNGU1MjNjZjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXIjQd0c6XE9Z+AJHz4HiTM6QM1T
xlk5cVgPvA9gGhi5MSPLbXgukM3kb3iY2vPt3YejiZPIZpwFggvDMHVa7OrdUPsh
HZrKZG0/te/0hl5qTcJGV3metAh2idkYy5xfyFShkkLquJWP3szwrRfraLeSKDy6
HKsEUjdWjAffVmfNVO14g7tMnOStLZ1UA6+xYydckzxtI0ROPYTPCyVNcF0vuUBm
pNktls3dXZjeo0sxU5eFjvYf+HqouzW+Rx8c7tgX99Y61TkSvcPkCb/VTbwvPLwz
hEeRVej/2zrTf3U8NwjncLSC3Ny4a146JuPACfBNICFCYNJuM1+bNGJZCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLjhMnqYaQVoYwiRYVz1uNTlI88PMB8GA1UdIwQY
MBaAFBTcEe0anZ7Va/Gdp/IXgwqAmcQpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRk53UjdScWRudFZyOFoybjhoZURDb0NaeENrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9lZjdiZDMtMjRiMi00Mjg0LTk3ZmUt
YzcxZGI3MTg5NzBlLzEvdU9FeWVwaHBCV2hqQ0pGaFhQVzQxT1Vqenc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9lZjdiZDMtMjRiMi00Mjg0LTk3ZmUtYzcxZGI3MTg5NzBl
LzEvRk53UjdScWRudFZyOFoybjhoZURDb0NaeENrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8S/MA0G
CSqGSIb3DQEBCwUAA4IBAQCBdqA/BGfSTwXdD3aPMEouS+RxSYeAFXAC9BhXgcLZ
wt/xmPhhOd+x+AcumFoHTi/juSFirnOrj+1dK0BQatwDgjhNDRP8+hsWPo372PfH
nQjNnyvTVDFSrJdm7Q46kEFvqhOFcDOpIspbyCyXZ35eibHqA1UOiDSGHgzKTFqk
tIsQgP+XaD+xr4hYVQphzuBBFVrcW//O4RKg1lDlCNi09GAa0Ee+VAd7/sbodAdf
oReFW1wYb3aWdD6uutb7pOvl8LWz8Jty4HJZ5g8vNugG/974ihXNA+DMqV7zMtlT
Xx61lNpx9nUaYN4f+o5s5zxdNntGNsiBmSyN4XLIS2Dl
-----END CERTIFICATE-----