Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/70c19f-29ca-4b62-ac62-8ba768022763/1/L13LoPcaJtJA4nra9tpGRduHylc.roa
File:                     L13LoPcaJtJA4nra9tpGRduHylc.roa (raw, json)
Hash identifier:          waKHdCM6Ho8wdRyjFkbrzQ2CdKCwMSIHYWj/8TFgFXY=
Subject key identifier:   2F:5D:CB:A0:F7:1A:26:D2:40:E2:7A:DA:F6:DA:46:45:DB:87:CA:57
Certificate issuer:       /CN=837e177f76663166c75190e2d209335a6aae5ace
Certificate serial:       018CC94C0D8634642F6ACAE6C6D465FCD573
Authority key identifier: 83:7E:17:7F:76:66:31:66:C7:51:90:E2:D2:09:33:5A:6A:AE:5A:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g34Xf3ZmMWbHUZDi0gkzWmquWs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/70c19f-29ca-4b62-ac62-8ba768022763/1/L13LoPcaJtJA4nra9tpGRduHylc.roa
Signing time:             Tue 02 Jan 2024 08:30:53 +0000
ROA not before:           Tue 02 Jan 2024 08:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57069
IP address blocks:        91.226.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/70c19f-29ca-4b62-ac62-8ba768022763/1/g34Xf3ZmMWbHUZDi0gkzWmquWs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/70c19f-29ca-4b62-ac62-8ba768022763/1/g34Xf3ZmMWbHUZDi0gkzWmquWs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g34Xf3ZmMWbHUZDi0gkzWmquWs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:0d:86:34:64:2f:6a:ca:e6:c6:d4:65:fc:d5:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=837e177f76663166c75190e2d209335a6aae5ace
        Validity
            Not Before: Jan  2 08:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f5dcba0f71a26d240e27adaf6da4645db87ca57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:55:9f:38:5d:c7:bc:28:cb:ad:f4:1f:64:37:
                    1a:81:e3:f7:4f:b3:db:e8:21:cc:76:47:1c:f3:b6:
                    39:50:c4:83:c0:5c:d4:71:f3:b9:74:ae:13:9f:f0:
                    af:43:b3:e7:f4:4a:b2:3d:1f:eb:08:e4:49:a5:39:
                    05:2f:d3:65:6e:a5:6f:4f:51:ae:21:c7:03:a3:47:
                    f0:d8:bc:c0:30:4a:c9:27:d2:37:4c:94:59:49:21:
                    fb:0c:24:7f:f5:56:54:6b:65:a7:7b:cc:74:42:69:
                    af:71:71:53:f3:2b:64:bc:c6:bd:0f:2e:06:8c:4c:
                    66:36:f1:32:b6:50:37:73:60:04:cf:49:a3:c2:57:
                    0f:9b:ad:55:90:7b:2e:3f:f9:a8:4b:27:82:95:27:
                    01:85:85:db:a1:6b:67:e8:50:04:18:3c:23:4f:e6:
                    bf:46:6a:52:06:2f:80:23:9f:81:75:69:6e:e7:e9:
                    23:e7:8b:59:56:30:ae:86:08:6e:91:3b:58:43:19:
                    37:66:12:71:6b:4b:ed:ad:45:7a:58:5b:02:8f:0d:
                    59:22:c0:e5:a9:60:cc:a3:2a:12:ff:9e:12:40:89:
                    c3:18:a1:f1:88:c7:b4:e7:0e:40:bb:ab:09:db:c0:
                    ac:39:c2:8f:55:ea:5d:0b:66:e8:c4:d9:06:b2:b1:
                    43:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:5D:CB:A0:F7:1A:26:D2:40:E2:7A:DA:F6:DA:46:45:DB:87:CA:57
            X509v3 Authority Key Identifier:
                keyid:83:7E:17:7F:76:66:31:66:C7:51:90:E2:D2:09:33:5A:6A:AE:5A:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g34Xf3ZmMWbHUZDi0gkzWmquWs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/70c19f-29ca-4b62-ac62-8ba768022763/1/L13LoPcaJtJA4nra9tpGRduHylc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/70c19f-29ca-4b62-ac62-8ba768022763/1/g34Xf3ZmMWbHUZDi0gkzWmquWs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:96:4c:4a:64:51:c5:78:bc:0c:90:3e:fe:80:fd:1b:39:09:
         bf:c3:ef:a3:18:2f:eb:69:db:e1:b5:9e:0d:ef:43:94:52:68:
         8f:e9:1b:4f:b1:c5:82:99:27:9d:99:2c:5a:04:46:bf:47:df:
         2b:8a:5c:cb:a5:9f:ed:17:62:91:2f:44:4a:d4:4d:17:eb:f2:
         b4:af:8f:67:44:a8:30:49:37:5b:be:b6:ec:51:a6:3c:54:38:
         17:4a:0e:85:7a:58:07:1a:b3:5d:b5:27:94:e6:27:4d:73:35:
         3e:54:02:b7:9a:eb:c4:7b:98:8f:d3:6d:28:1c:f1:56:b3:bf:
         35:3f:0e:bc:2e:09:69:45:6c:db:e7:ed:1e:32:7c:05:ef:90:
         f1:96:ea:9b:12:02:8e:01:af:56:e5:08:47:fa:49:1b:81:ae:
         f4:34:37:df:48:a7:a1:71:13:41:ea:70:ec:ea:44:a6:cf:1d:
         a3:58:82:12:7c:5b:38:cd:3a:84:ba:f5:c5:da:19:4d:30:c7:
         a4:b8:f0:82:03:c0:73:5c:25:19:bd:a0:4f:23:78:f4:d6:0e:
         17:5d:2c:d7:5e:4e:19:7d:7f:b3:9a:94:c6:b4:32:b7:91:03:
         c0:84:5b:52:80:94:58:29:05:cc:42:2d:b1:a1:9c:25:54:c8:
         a1:c3:ae:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTA2GNGQvasrmxtRl/NVzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzN2UxNzdmNzY2NjMxNjZjNzUxOTBlMmQyMDkzMzVhNmFh
ZTVhY2UwHhcNMjQwMTAyMDgzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjVkY2JhMGY3MWEyNmQyNDBlMjdhZGFmNmRhNDY0NWRiODdjYTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFWfOF3HvCjLrfQfZDcageP3T7Pb
6CHMdkcc87Y5UMSDwFzUcfO5dK4Tn/CvQ7Pn9EqyPR/rCORJpTkFL9NlbqVvT1Gu
IccDo0fw2LzAMErJJ9I3TJRZSSH7DCR/9VZUa2Wne8x0QmmvcXFT8ytkvMa9Dy4G
jExmNvEytlA3c2AEz0mjwlcPm61VkHsuP/moSyeClScBhYXboWtn6FAEGDwjT+a/
RmpSBi+AI5+BdWlu5+kj54tZVjCuhghukTtYQxk3ZhJxa0vtrUV6WFsCjw1ZIsDl
qWDMoyoS/54SQInDGKHxiMe05w5Au6sJ28CsOcKPVepdC2boxNkGsrFDKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC9dy6D3GibSQOJ62vbaRkXbh8pXMB8GA1UdIwQY
MBaAFIN+F392ZjFmx1GQ4tIJM1pqrlrOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzM0WGYzWm1NV2JIVVpEaTBna3pXbXF1V3M0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My83MGMxOWYtMjljYS00YjYyLWFjNjIt
OGJhNzY4MDIyNzYzLzEvTDEzTG9QY2FKdEpBNG5yYTl0cEdSZHVIeWxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My83MGMxOWYtMjljYS00YjYyLWFjNjItOGJhNzY4MDIyNzYz
LzEvZzM0WGYzWm1NV2JIVVpEaTBna3pXbXF1V3M0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+LbMA0G
CSqGSIb3DQEBCwUAA4IBAQCQlkxKZFHFeLwMkD7+gP0bOQm/w++jGC/radvhtZ4N
70OUUmiP6RtPscWCmSedmSxaBEa/R98rilzLpZ/tF2KRL0RK1E0X6/K0r49nRKgw
STdbvrbsUaY8VDgXSg6FelgHGrNdtSeU5idNczU+VAK3muvEe5iP020oHPFWs781
Pw68LglpRWzb5+0eMnwF75DxluqbEgKOAa9W5QhH+kkbga70NDffSKehcRNB6nDs
6kSmzx2jWIISfFs4zTqEuvXF2hlNMMekuPCCA8BzXCUZvaBPI3j01g4XXSzXXk4Z
fX+zmpTGtDK3kQPAhFtSgJRYKQXMQi2xoZwlVMihw65a
-----END CERTIFICATE-----