Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/ff0036-8313-4b3d-ad7f-8d81fdc6f170/1/RHPieLPLsbfnI2-17xqEj1rdVIE.roa
File:                     RHPieLPLsbfnI2-17xqEj1rdVIE.roa (raw, json)
Hash identifier:          zl1U1U48g0E+WfktXEjppDL/CK772nNuNVUS2snau/s=
Subject key identifier:   44:73:E2:78:B3:CB:B1:B7:E7:23:6F:B5:EF:1A:84:8F:5A:DD:54:81
Certificate issuer:       /CN=e1ac0322b3eab6572ece2a0ac5abf164a5bbff20
Certificate serial:       018E5C84B69E8EFCAA9371B63BC5162108DE
Authority key identifier: E1:AC:03:22:B3:EA:B6:57:2E:CE:2A:0A:C5:AB:F1:64:A5:BB:FF:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4awDIrPqtlcuzioKxavxZKW7_yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/ff0036-8313-4b3d-ad7f-8d81fdc6f170/1/RHPieLPLsbfnI2-17xqEj1rdVIE.roa
Signing time:             Wed 20 Mar 2024 15:39:45 +0000
ROA not before:           Wed 20 Mar 2024 15:39:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59869
IP address blocks:        185.91.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/ff0036-8313-4b3d-ad7f-8d81fdc6f170/1/4awDIrPqtlcuzioKxavxZKW7_yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/ff0036-8313-4b3d-ad7f-8d81fdc6f170/1/4awDIrPqtlcuzioKxavxZKW7_yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4awDIrPqtlcuzioKxavxZKW7_yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 12:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5c:84:b6:9e:8e:fc:aa:93:71:b6:3b:c5:16:21:08:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1ac0322b3eab6572ece2a0ac5abf164a5bbff20
        Validity
            Not Before: Mar 20 15:39:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4473e278b3cbb1b7e7236fb5ef1a848f5add5481
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:0e:9f:22:1b:fc:27:61:5e:f1:dd:40:42:cd:
                    c2:da:eb:59:53:2d:5a:3c:8a:30:f4:76:78:a6:65:
                    05:35:4e:78:df:5e:f8:87:7f:f6:c0:c6:8b:07:c3:
                    f7:43:8d:3b:d7:a5:11:37:79:29:65:03:fd:04:9e:
                    10:48:1a:2c:5b:d3:81:6f:76:6d:ff:e8:d0:12:a7:
                    09:b1:f9:d3:0c:cb:5e:6e:ba:38:3c:8c:25:3b:45:
                    18:b4:f7:8d:44:97:29:b9:23:10:49:2a:f2:7f:ac:
                    10:fb:e6:60:84:71:86:8c:76:fd:6e:a4:37:02:36:
                    38:8b:76:a3:af:31:6c:10:4a:24:a4:f8:4b:e4:39:
                    6f:23:66:2d:f5:82:0c:1a:9f:39:df:af:16:ac:fd:
                    eb:d2:3f:93:22:a4:6c:90:19:57:11:4b:2c:30:5b:
                    73:40:06:4e:89:82:3d:81:c4:bd:c4:b6:3e:0c:6e:
                    84:85:68:91:da:a9:39:9e:f4:34:e2:e7:6d:77:01:
                    9b:6a:b8:06:c5:02:34:e5:52:19:75:bd:b2:4e:89:
                    56:5f:91:47:c3:fa:0e:39:a5:82:b5:2f:ad:bb:cc:
                    6d:aa:09:bc:b0:47:7f:93:83:c3:64:8e:42:c0:4b:
                    03:cd:a6:e0:64:ef:c1:69:c3:32:dd:30:ab:79:96:
                    9d:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:73:E2:78:B3:CB:B1:B7:E7:23:6F:B5:EF:1A:84:8F:5A:DD:54:81
            X509v3 Authority Key Identifier:
                keyid:E1:AC:03:22:B3:EA:B6:57:2E:CE:2A:0A:C5:AB:F1:64:A5:BB:FF:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4awDIrPqtlcuzioKxavxZKW7_yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/ff0036-8313-4b3d-ad7f-8d81fdc6f170/1/RHPieLPLsbfnI2-17xqEj1rdVIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/ff0036-8313-4b3d-ad7f-8d81fdc6f170/1/4awDIrPqtlcuzioKxavxZKW7_yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:77:24:df:1d:0e:d9:99:fe:e7:42:83:4f:46:5c:c9:1f:01:
         c7:a8:4a:45:f3:07:bf:81:41:85:1b:61:7d:6f:42:dc:19:08:
         bc:62:d4:52:a2:23:98:96:24:f6:60:ea:b3:99:cf:d0:f4:84:
         be:09:81:fb:7a:7d:96:47:50:0f:05:8b:a2:59:6a:e2:8b:1f:
         5d:4a:14:92:8f:46:ed:c1:53:11:36:b6:00:0d:e3:b8:16:a6:
         78:10:32:c9:69:fe:56:e4:b3:bf:10:8a:55:5f:ec:38:7a:86:
         35:7b:17:39:31:0a:f5:03:91:5e:61:8a:51:af:dc:5c:e7:3d:
         c9:ec:17:03:42:f5:52:f4:1c:e2:23:6e:cd:e1:90:74:cf:65:
         9e:41:05:e0:9b:38:cf:80:b6:bf:ea:c9:9b:d0:10:2e:04:d1:
         88:a5:d8:e9:bb:4e:10:a2:bf:71:c1:c2:37:3f:17:5c:17:6c:
         ee:94:de:a9:57:11:26:08:2b:02:4f:f6:dd:1a:89:3a:75:4b:
         6a:1c:08:6e:4c:d1:6a:29:73:0d:e5:1b:ac:09:7f:1b:f1:f6:
         bb:ee:2f:53:66:d4:62:2e:ea:04:ce:2d:0b:90:50:f4:5f:b1:
         2a:d2:cd:cb:11:ad:0f:9c:27:50:e7:90:98:2c:da:f3:5d:68:
         3c:64:e7:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5chLaejvyqk3G2O8UWIQjeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxYWMwMzIyYjNlYWI2NTcyZWNlMmEwYWM1YWJmMTY0YTVi
YmZmMjAwHhcNMjQwMzIwMTUzOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDczZTI3OGIzY2JiMWI3ZTcyMzZmYjVlZjFhODQ4ZjVhZGQ1NDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhg6fIhv8J2Fe8d1AQs3C2utZUy1a
PIow9HZ4pmUFNU543174h3/2wMaLB8P3Q40716URN3kpZQP9BJ4QSBosW9OBb3Zt
/+jQEqcJsfnTDMtebro4PIwlO0UYtPeNRJcpuSMQSSryf6wQ++ZghHGGjHb9bqQ3
AjY4i3ajrzFsEEokpPhL5DlvI2Yt9YIMGp85368WrP3r0j+TIqRskBlXEUssMFtz
QAZOiYI9gcS9xLY+DG6EhWiR2qk5nvQ04udtdwGbargGxQI05VIZdb2yTolWX5FH
w/oOOaWCtS+tu8xtqgm8sEd/k4PDZI5CwEsDzabgZO/BacMy3TCreZadvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFERz4nizy7G35yNvte8ahI9a3VSBMB8GA1UdIwQY
MBaAFOGsAyKz6rZXLs4qCsWr8WSlu/8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGF3RElyUHF0bGN1emlvS3hhdnhaS1c3X3lBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9mZjAwMzYtODMxMy00YjNkLWFkN2Yt
OGQ4MWZkYzZmMTcwLzEvUkhQaWVMUExzYmZuSTItMTd4cUVqMXJkVklFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9mZjAwMzYtODMxMy00YjNkLWFkN2YtOGQ4MWZkYzZmMTcw
LzEvNGF3RElyUHF0bGN1emlvS3hhdnhaS1c3X3lBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVuOMA0G
CSqGSIb3DQEBCwUAA4IBAQAedyTfHQ7Zmf7nQoNPRlzJHwHHqEpF8we/gUGFG2F9
b0LcGQi8YtRSoiOYliT2YOqzmc/Q9IS+CYH7en2WR1APBYuiWWriix9dShSSj0bt
wVMRNrYADeO4FqZ4EDLJaf5W5LO/EIpVX+w4eoY1exc5MQr1A5FeYYpRr9xc5z3J
7BcDQvVS9BziI27N4ZB0z2WeQQXgmzjPgLa/6smb0BAuBNGIpdjpu04Qor9xwcI3
PxdcF2zulN6pVxEmCCsCT/bdGok6dUtqHAhuTNFqKXMN5RusCX8b8fa77i9TZtRi
LuoEzi0LkFD0X7Eq0s3LEa0PnCdQ55CYLNrzXWg8ZOdJ
-----END CERTIFICATE-----