Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/5e80b4-cb16-4a35-b429-229ae9f728d6/1/zL1IH-u68ACrrN4m8NZgwwASLRM.roa
File:                     zL1IH-u68ACrrN4m8NZgwwASLRM.roa (raw, json)
Hash identifier:          Q68ZLq1odG4cu8s3ZH/DmUFBDW6e+7iIJHqAm0IUY6w=
Subject key identifier:   CC:BD:48:1F:EB:BA:F0:00:AB:AC:DE:26:F0:D6:60:C3:00:12:2D:13
Certificate issuer:       /CN=e8ecf8e4ec9b442a95374c2a3c7e784b076187cc
Certificate serial:       018CC8DCE234C51407D0EBE65C4611EA32A2
Authority key identifier: E8:EC:F8:E4:EC:9B:44:2A:95:37:4C:2A:3C:7E:78:4B:07:61:87:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6Oz45OybRCqVN0wqPH54Swdhh8w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/5e80b4-cb16-4a35-b429-229ae9f728d6/1/zL1IH-u68ACrrN4m8NZgwwASLRM.roa
Signing time:             Tue 02 Jan 2024 06:29:28 +0000
ROA not before:           Tue 02 Jan 2024 06:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5610
IP address blocks:        91.232.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/5e80b4-cb16-4a35-b429-229ae9f728d6/1/6Oz45OybRCqVN0wqPH54Swdhh8w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/5e80b4-cb16-4a35-b429-229ae9f728d6/1/6Oz45OybRCqVN0wqPH54Swdhh8w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6Oz45OybRCqVN0wqPH54Swdhh8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:e2:34:c5:14:07:d0:eb:e6:5c:46:11:ea:32:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8ecf8e4ec9b442a95374c2a3c7e784b076187cc
        Validity
            Not Before: Jan  2 06:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ccbd481febbaf000abacde26f0d660c300122d13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e2:a1:4c:75:e8:76:6f:dc:67:78:24:d6:cf:
                    d7:7c:0b:fe:81:d0:37:61:36:b3:c5:41:03:8a:31:
                    8e:7d:ed:a0:a4:d0:3b:ff:d6:5b:9d:98:2a:56:a5:
                    ec:67:cc:12:dd:48:23:ff:46:40:cb:90:7e:76:e2:
                    19:28:e4:14:fc:eb:b1:11:f3:b9:a0:1d:96:c3:9b:
                    ae:f8:10:b5:12:9c:16:18:bc:f0:03:6a:2b:cb:6d:
                    ef:1f:ff:82:3a:80:8b:d7:40:f4:60:0a:9a:71:52:
                    9a:9e:c9:7b:18:02:db:98:3f:bb:fa:d9:ee:73:d8:
                    0e:93:d7:ca:16:7e:59:10:39:fe:d0:46:4b:36:b2:
                    1d:2b:46:c4:51:ab:8c:ce:3e:1f:e3:d2:3a:46:0f:
                    87:01:b3:f2:26:93:06:11:96:fa:71:3b:c0:26:73:
                    4a:22:b5:e6:8a:f7:42:66:8f:5e:3d:5b:56:c5:08:
                    a5:e4:ac:d1:02:8f:67:a1:70:b3:29:46:38:59:5e:
                    2b:d3:9a:fb:98:16:08:ac:ca:49:0f:dd:84:39:d2:
                    54:c4:ba:f2:3a:cc:0e:fd:2e:31:16:94:f2:ce:5b:
                    0a:3d:cb:4d:f4:b7:36:d3:1a:e2:63:1c:39:c6:d9:
                    e1:f1:1d:d4:85:06:e2:55:2e:82:91:58:bb:92:e4:
                    6f:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:BD:48:1F:EB:BA:F0:00:AB:AC:DE:26:F0:D6:60:C3:00:12:2D:13
            X509v3 Authority Key Identifier:
                keyid:E8:EC:F8:E4:EC:9B:44:2A:95:37:4C:2A:3C:7E:78:4B:07:61:87:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6Oz45OybRCqVN0wqPH54Swdhh8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/5e80b4-cb16-4a35-b429-229ae9f728d6/1/zL1IH-u68ACrrN4m8NZgwwASLRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/5e80b4-cb16-4a35-b429-229ae9f728d6/1/6Oz45OybRCqVN0wqPH54Swdhh8w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:d9:9c:b5:4b:fc:44:c1:67:2e:6a:90:31:bd:45:91:8e:7f:
         15:9b:bb:72:e2:11:fc:0d:81:f1:01:1b:83:9f:1c:57:49:59:
         34:45:04:f9:ff:2f:a3:c8:6f:3b:dd:a5:51:ae:49:94:22:41:
         68:9b:33:de:e9:5b:d6:e5:52:3d:ed:77:f8:4b:31:4a:76:e8:
         09:da:9a:f0:d9:2b:54:67:63:a9:6f:c1:df:aa:e6:15:6f:16:
         37:90:b1:84:5c:bb:75:c1:1c:95:cb:1c:71:da:18:83:91:70:
         aa:24:0f:75:29:47:fc:b7:ca:cc:a4:f0:34:07:07:ad:1e:75:
         8b:17:7b:48:8a:d9:f9:d8:85:3f:87:49:c3:18:32:ae:ee:38:
         af:16:1c:04:9b:2e:19:ee:95:08:54:39:e9:21:4e:8c:8e:53:
         92:35:2d:c7:0b:1d:18:89:53:5f:be:c2:68:8e:e2:d5:b2:96:
         47:14:61:60:63:13:97:35:08:55:4c:30:39:79:d2:b4:06:fa:
         8b:dc:36:80:03:26:27:31:54:31:29:38:7e:76:85:c9:04:ae:
         a2:58:b6:48:72:3d:f9:90:5b:78:a9:c7:70:1d:14:6e:87:cb:
         5a:f5:7c:3c:0c:d2:5e:1f:c5:f0:86:36:47:06:ea:63:7c:be:
         1f:bb:27:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3OI0xRQH0OvmXEYR6jKiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4ZWNmOGU0ZWM5YjQ0MmE5NTM3NGMyYTNjN2U3ODRiMDc2
MTg3Y2MwHhcNMjQwMTAyMDYyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2JkNDgxZmViYmFmMDAwYWJhY2RlMjZmMGQ2NjBjMzAwMTIyZDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+KhTHXodm/cZ3gk1s/XfAv+gdA3
YTazxUEDijGOfe2gpNA7/9ZbnZgqVqXsZ8wS3Ugj/0ZAy5B+duIZKOQU/OuxEfO5
oB2Ww5uu+BC1EpwWGLzwA2ory23vH/+COoCL10D0YAqacVKansl7GALbmD+7+tnu
c9gOk9fKFn5ZEDn+0EZLNrIdK0bEUauMzj4f49I6Rg+HAbPyJpMGEZb6cTvAJnNK
IrXmivdCZo9ePVtWxQil5KzRAo9noXCzKUY4WV4r05r7mBYIrMpJD92EOdJUxLry
OswO/S4xFpTyzlsKPctN9Lc20xriYxw5xtnh8R3UhQbiVS6CkVi7kuRvRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMy9SB/ruvAAq6zeJvDWYMMAEi0TMB8GA1UdIwQY
MBaAFOjs+OTsm0QqlTdMKjx+eEsHYYfMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNk96NDVPeWJSQ3FWTjB3cVBINTRTd2RoaDh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS81ZTgwYjQtY2IxNi00YTM1LWI0Mjkt
MjI5YWU5ZjcyOGQ2LzEvekwxSUgtdTY4QUNyck40bThOWmd3d0FTTFJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS81ZTgwYjQtY2IxNi00YTM1LWI0MjktMjI5YWU5ZjcyOGQ2
LzEvNk96NDVPeWJSQ3FWTjB3cVBINTRTd2RoaDh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+hSMA0G
CSqGSIb3DQEBCwUAA4IBAQAv2Zy1S/xEwWcuapAxvUWRjn8Vm7ty4hH8DYHxARuD
nxxXSVk0RQT5/y+jyG873aVRrkmUIkFomzPe6VvW5VI97Xf4SzFKdugJ2prw2StU
Z2Opb8HfquYVbxY3kLGEXLt1wRyVyxxx2hiDkXCqJA91KUf8t8rMpPA0BwetHnWL
F3tIitn52IU/h0nDGDKu7jivFhwEmy4Z7pUIVDnpIU6MjlOSNS3HCx0YiVNfvsJo
juLVspZHFGFgYxOXNQhVTDA5edK0BvqL3DaAAyYnMVQxKTh+doXJBK6iWLZIcj35
kFt4qcdwHRRuh8ta9Xw8DNJeH8XwhjZHBupjfL4fuyea
-----END CERTIFICATE-----