Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/ReaBTiSvzL5VXTbFLUI6wWNgzmU.roa
File:                     ReaBTiSvzL5VXTbFLUI6wWNgzmU.roa (raw, json)
Hash identifier:          4TTGPhxBq3EweeiXL3zgANn+AKdDVVczfdCOhTN94uo=
Subject key identifier:   45:E6:81:4E:24:AF:CC:BE:55:5D:36:C5:2D:42:3A:C1:63:60:CE:65
Certificate issuer:       /CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Certificate serial:       018CC3489BD806C350E1EA043B933CCE8453
Authority key identifier: 3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/ReaBTiSvzL5VXTbFLUI6wWNgzmU.roa
Signing time:             Mon 01 Jan 2024 04:29:24 +0000
ROA not before:           Mon 01 Jan 2024 04:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211440
IP address blocks:        91.147.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:9b:d8:06:c3:50:e1:ea:04:3b:93:3c:ce:84:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
        Validity
            Not Before: Jan  1 04:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45e6814e24afccbe555d36c52d423ac16360ce65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:71:c6:d2:38:c9:64:7a:c4:89:08:a1:ab:ec:
                    80:bb:ba:84:0b:a7:2e:54:2e:04:8e:8f:c7:31:d4:
                    f7:38:b2:6e:4f:50:a0:0e:ae:ad:f5:41:86:7d:cd:
                    58:06:c3:7c:7c:ae:23:c2:df:09:73:cb:e1:66:f5:
                    b2:12:75:73:d5:a3:3e:7a:81:2b:5f:47:90:a1:07:
                    81:d5:2e:4d:ad:3f:3a:2c:54:48:9a:05:70:22:a7:
                    3b:78:89:0c:7e:67:74:a8:87:9a:c3:22:d7:51:fd:
                    98:b6:fd:03:cf:41:12:61:ca:07:16:8c:94:46:8f:
                    7f:d9:d8:c3:f5:01:05:5f:2e:13:b4:ca:24:09:54:
                    71:e6:69:11:78:48:9c:8d:34:95:1d:dc:58:94:3c:
                    27:ea:0f:7b:27:f7:e0:f6:14:f4:45:20:ea:9d:aa:
                    c1:24:f5:26:c1:36:74:78:5b:94:d1:24:2e:3b:02:
                    33:4b:f9:c2:cc:ef:45:04:cb:b4:44:09:5b:d3:a6:
                    6f:86:9a:0c:96:36:e0:77:bc:9f:d6:9a:84:d0:2e:
                    ed:0c:84:11:d5:c7:67:3e:d4:a4:8c:8f:f9:c0:20:
                    62:2f:0a:94:74:61:62:97:a1:91:de:fa:0f:49:e3:
                    e5:c4:0b:0e:c8:92:63:08:cd:93:c7:ca:c4:3e:b0:
                    5c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:E6:81:4E:24:AF:CC:BE:55:5D:36:C5:2D:42:3A:C1:63:60:CE:65
            X509v3 Authority Key Identifier:
                keyid:3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/ReaBTiSvzL5VXTbFLUI6wWNgzmU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.147.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:99:17:53:ff:97:92:63:19:91:4d:4a:6c:1d:44:e1:c3:2a:
         cd:ff:02:d1:00:a7:60:4d:f2:de:60:05:6d:63:94:b0:4c:3a:
         e1:15:f2:61:53:4e:2e:bc:f2:4b:1e:b5:ba:f4:0f:db:94:d1:
         9d:09:f0:7a:6a:4c:2f:43:04:74:4c:c0:35:48:01:1b:7f:44:
         f4:ca:7b:9a:68:be:47:70:88:36:55:94:d8:16:a2:91:4a:b7:
         9c:b4:f7:ca:3a:06:9e:30:c7:f7:90:bf:8c:15:f9:82:db:74:
         4c:09:07:24:f9:3d:37:a9:d3:b8:60:ae:1e:ba:52:3d:02:2e:
         7c:5b:b3:64:11:42:05:03:c2:e7:e3:8b:cd:17:1a:d5:e8:c8:
         27:e1:41:fc:bc:fb:56:07:c9:5a:1a:42:56:cf:93:3e:c4:87:
         a5:11:11:c1:4c:10:ed:4d:d9:ae:58:4e:ca:f1:91:8c:5c:5f:
         1b:b8:f9:99:da:f2:ff:a3:09:9e:7c:a8:bc:e1:fb:7d:3c:b9:
         c6:83:e4:40:43:5b:c6:0f:75:16:b7:bf:f6:96:08:30:05:dd:
         91:c2:61:5a:5a:df:b0:c5:32:e2:d6:54:2f:1f:01:93:f5:29:
         b1:f5:65:5e:55:c2:a9:ed:d3:37:b4:52:b7:da:a9:b9:d1:18:
         5a:b9:67:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSJvYBsNQ4eoEO5M8zoRTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDk4ZTQ1ZWY0YmI1ZDE4ZGJjODZjNWExMzVmNTdlYmNi
ZTAwNWQwHhcNMjQwMTAxMDQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWU2ODE0ZTI0YWZjY2JlNTU1ZDM2YzUyZDQyM2FjMTYzNjBjZTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHHG0jjJZHrEiQihq+yAu7qEC6cu
VC4Ejo/HMdT3OLJuT1CgDq6t9UGGfc1YBsN8fK4jwt8Jc8vhZvWyEnVz1aM+eoEr
X0eQoQeB1S5NrT86LFRImgVwIqc7eIkMfmd0qIeawyLXUf2Ytv0Dz0ESYcoHFoyU
Ro9/2djD9QEFXy4TtMokCVRx5mkReEicjTSVHdxYlDwn6g97J/fg9hT0RSDqnarB
JPUmwTZ0eFuU0SQuOwIzS/nCzO9FBMu0RAlb06ZvhpoMljbgd7yf1pqE0C7tDIQR
1cdnPtSkjI/5wCBiLwqUdGFil6GR3voPSePlxAsOyJJjCM2Tx8rEPrBcJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEXmgU4kr8y+VV02xS1COsFjYM5lMB8GA1UdIwQY
MBaAFDsJjkXvS7XRjbyGxaE19X68vgBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMt
ZTEyYjE2NDIxNWI5LzEvUmVhQlRpU3Z6TDVWWFRiRkxVSTZ3V05nem1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMtZTEyYjE2NDIxNWI5
LzEvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW5N4MA0G
CSqGSIb3DQEBCwUAA4IBAQAzmRdT/5eSYxmRTUpsHUThwyrN/wLRAKdgTfLeYAVt
Y5SwTDrhFfJhU04uvPJLHrW69A/blNGdCfB6akwvQwR0TMA1SAEbf0T0ynuaaL5H
cIg2VZTYFqKRSrectPfKOgaeMMf3kL+MFfmC23RMCQck+T03qdO4YK4eulI9Ai58
W7NkEUIFA8Ln44vNFxrV6Mgn4UH8vPtWB8laGkJWz5M+xIelERHBTBDtTdmuWE7K
8ZGMXF8buPmZ2vL/owmefKi84ft9PLnGg+RAQ1vGD3UWt7/2lggwBd2RwmFaWt+w
xTLi1lQvHwGT9Smx9WVeVcKp7dM3tFK32qm50RhauWcx
-----END CERTIFICATE-----