Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/1_AkT0bvVx9UiB4y3dlKK090pOs.roa
File:                     1_AkT0bvVx9UiB4y3dlKK090pOs.roa (raw, json)
Hash identifier:          /daT1S++9NKgfPddHHsT9eRe5VcAYewZrFL9QaJfUK8=
Subject key identifier:   D7:F0:24:4F:46:EF:57:1F:54:88:1E:32:DD:D9:4A:2B:4F:74:A4:EB
Certificate issuer:       /CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
Certificate serial:       018CC4933C13E6CA3A67E7BC0A6A41057FFF
Authority key identifier: AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/1_AkT0bvVx9UiB4y3dlKK090pOs.roa
Signing time:             Mon 01 Jan 2024 10:30:32 +0000
ROA not before:           Mon 01 Jan 2024 10:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202613
IP address blocks:        91.230.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 07:03:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:3c:13:e6:ca:3a:67:e7:bc:0a:6a:41:05:7f:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
        Validity
            Not Before: Jan  1 10:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7f0244f46ef571f54881e32ddd94a2b4f74a4eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:06:58:8e:75:0f:74:48:a3:ed:ad:d0:d1:06:
                    55:25:71:51:1d:e5:85:32:d1:0e:47:55:46:d7:f8:
                    ad:04:84:61:5f:c6:7f:0a:f9:a9:79:b9:c7:9b:ad:
                    74:19:eb:61:0e:cb:26:a5:65:98:75:91:28:0b:7b:
                    e4:18:b9:7a:c2:01:54:a0:73:62:f3:ed:02:0f:eb:
                    64:67:8a:25:d2:6d:35:f8:0a:b2:bc:37:c8:86:3d:
                    c2:26:e7:f7:cd:d0:13:ff:47:11:c2:d0:a4:a2:55:
                    01:c0:e5:51:d6:78:8e:7c:b7:68:d4:e1:97:7d:87:
                    d8:39:4f:19:c3:59:13:74:e6:bf:0a:04:43:33:78:
                    18:f7:7e:c5:01:80:d8:35:d3:70:9a:b9:ab:95:db:
                    51:5c:cf:3e:90:54:da:f8:0d:18:d8:b7:8e:4d:71:
                    2e:86:9a:98:f1:fd:07:a8:7f:ec:a4:26:b2:53:7f:
                    fc:96:75:8d:a2:bb:27:ff:b1:4c:27:ec:ff:1a:07:
                    ca:b8:e9:40:9d:40:df:82:c2:31:2a:75:40:bb:cd:
                    cc:f5:95:77:66:55:4a:08:a4:c4:0a:c0:a0:9c:7b:
                    13:a8:28:ae:c5:c3:53:b6:e6:1c:6d:21:15:47:1c:
                    f9:c7:b8:bd:21:8f:d7:cb:5f:04:a8:b9:e9:73:91:
                    70:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:F0:24:4F:46:EF:57:1F:54:88:1E:32:DD:D9:4A:2B:4F:74:A4:EB
            X509v3 Authority Key Identifier:
                keyid:AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/1_AkT0bvVx9UiB4y3dlKK090pOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:e6:81:2f:82:2e:c0:e5:a5:b6:cf:50:93:14:fb:a0:cf:5f:
         ce:62:45:47:72:8e:d3:56:7a:89:a0:ca:bc:9b:3a:8e:fa:9b:
         97:ce:88:90:c1:32:11:85:b3:f2:f7:86:8c:32:50:a7:dd:f6:
         b4:92:84:bf:64:1d:ca:7a:60:49:29:c5:f0:39:0f:1b:f6:bb:
         27:63:e9:8c:32:ae:7c:a3:f8:d1:91:4c:55:ad:0a:b3:68:e8:
         43:fc:3d:2a:67:97:de:f7:22:a8:3c:1c:bb:a3:01:ee:b0:db:
         47:97:a9:6a:f6:62:c5:ba:af:b9:4f:72:9c:f9:26:b9:a6:f6:
         83:cc:31:db:4e:d2:14:d5:78:c4:52:e0:cf:f3:15:a1:ea:fb:
         db:20:7a:3f:1b:b0:49:60:d2:61:d4:e5:45:3a:23:f6:cc:20:
         c6:c6:9b:9b:52:b8:eb:f1:14:f0:50:cf:84:41:47:51:cd:09:
         18:eb:f2:bc:d7:59:19:a0:b6:b5:7a:29:21:32:dd:42:a8:09:
         f0:21:bc:bf:34:d6:63:fa:6d:60:c1:a9:7e:47:5d:b7:b1:de:
         6c:5a:4c:97:aa:ba:6b:4f:af:7f:e0:c7:81:a3:4e:9b:d2:4f:
         2e:95:3e:90:5d:58:8b:13:9b:d9:1f:e8:5f:cb:88:bf:5a:09:
         ab:d5:d5:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkzwT5so6Z+e8CmpBBX//MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNWU5M2Y5MDIzNTRjZTQ4MDRiNGNiMDQ5Y2Y2OGIyMGY3
NmFlYjIwHhcNMjQwMTAxMTAzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2YwMjQ0ZjQ2ZWY1NzFmNTQ4ODFlMzJkZGQ5NGEyYjRmNzRhNGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6AZYjnUPdEij7a3Q0QZVJXFRHeWF
MtEOR1VG1/itBIRhX8Z/CvmpebnHm610GethDssmpWWYdZEoC3vkGLl6wgFUoHNi
8+0CD+tkZ4ol0m01+AqyvDfIhj3CJuf3zdAT/0cRwtCkolUBwOVR1niOfLdo1OGX
fYfYOU8Zw1kTdOa/CgRDM3gY937FAYDYNdNwmrmrldtRXM8+kFTa+A0Y2LeOTXEu
hpqY8f0HqH/spCayU3/8lnWNorsn/7FMJ+z/GgfKuOlAnUDfgsIxKnVAu83M9ZV3
ZlVKCKTECsCgnHsTqCiuxcNTtuYcbSEVRxz5x7i9IY/Xy18EqLnpc5FwPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNfwJE9G71cfVIgeMt3ZSitPdKTrMB8GA1UdIwQY
MBaAFK9ek/kCNUzkgEtMsEnPaLIPdq6yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWIt
N2UwNWFkMDE5MGNlLzEvMV9Ba1QwYnZWeDlVaUI0eTNkbEtLMDkwcE9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWItN2UwNWFkMDE5MGNl
LzEvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+b3MA0G
CSqGSIb3DQEBCwUAA4IBAQAc5oEvgi7A5aW2z1CTFPugz1/OYkVHco7TVnqJoMq8
mzqO+puXzoiQwTIRhbPy94aMMlCn3fa0koS/ZB3KemBJKcXwOQ8b9rsnY+mMMq58
o/jRkUxVrQqzaOhD/D0qZ5fe9yKoPBy7owHusNtHl6lq9mLFuq+5T3Kc+Sa5pvaD
zDHbTtIU1XjEUuDP8xWh6vvbIHo/G7BJYNJh1OVFOiP2zCDGxpubUrjr8RTwUM+E
QUdRzQkY6/K811kZoLa1eikhMt1CqAnwIby/NNZj+m1gwal+R123sd5sWkyXqrpr
T69/4MeBo06b0k8ulT6QXViLE5vZH+hfy4i/Wgmr1dX9
-----END CERTIFICATE-----