Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/0db42a-c787-4f21-b4f6-a17c50f0985d/1/47EyQr_Y-svXs5ZqoTVeCmBPEe0.roa
File:                     47EyQr_Y-svXs5ZqoTVeCmBPEe0.roa (raw, json)
Hash identifier:          eCHZtHyzNo9K9uS6XEPhlk0X3ae4+E1hrfbjoCtJCcQ=
Subject key identifier:   E3:B1:32:42:BF:D8:FA:CB:D7:B3:96:6A:A1:35:5E:0A:60:4F:11:ED
Certificate issuer:       /CN=b04d175653fbbde8d989d27e3827bc011e020a01
Certificate serial:       018CC493352DB596F91F827A544E56D9FAB8
Authority key identifier: B0:4D:17:56:53:FB:BD:E8:D9:89:D2:7E:38:27:BC:01:1E:02:0A:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sE0XVlP7vejZidJ-OCe8AR4CCgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/0db42a-c787-4f21-b4f6-a17c50f0985d/1/47EyQr_Y-svXs5ZqoTVeCmBPEe0.roa
Signing time:             Mon 01 Jan 2024 10:30:30 +0000
ROA not before:           Mon 01 Jan 2024 10:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211007
IP address blocks:        91.208.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/0db42a-c787-4f21-b4f6-a17c50f0985d/1/sE0XVlP7vejZidJ-OCe8AR4CCgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/0db42a-c787-4f21-b4f6-a17c50f0985d/1/sE0XVlP7vejZidJ-OCe8AR4CCgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sE0XVlP7vejZidJ-OCe8AR4CCgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:35:2d:b5:96:f9:1f:82:7a:54:4e:56:d9:fa:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b04d175653fbbde8d989d27e3827bc011e020a01
        Validity
            Not Before: Jan  1 10:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3b13242bfd8facbd7b3966aa1355e0a604f11ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:67:07:42:3f:d4:f9:97:c2:cc:b3:43:eb:e1:
                    8c:68:5b:77:58:81:e2:ab:8d:f4:47:02:0a:eb:14:
                    3c:bc:a3:55:34:c9:7f:cc:82:86:3d:46:a2:43:1b:
                    81:57:5e:61:a1:90:20:89:6f:15:30:7b:6f:3b:54:
                    96:23:4e:74:cd:2c:fd:60:0c:bd:74:21:3c:25:cf:
                    48:ed:16:2c:c7:fb:d9:e8:3f:0a:1b:ae:51:09:8e:
                    12:21:d9:db:70:70:55:a8:c9:de:72:99:b8:45:8e:
                    b1:90:2b:11:d3:53:0c:ce:f0:79:11:43:03:e6:81:
                    66:85:c0:e7:34:69:41:b0:57:af:86:cf:be:13:57:
                    74:81:5a:e2:81:08:a8:4b:ea:47:44:29:d6:5d:0d:
                    2e:95:9f:96:e2:8f:85:ed:29:c5:34:e1:dd:f4:f9:
                    d4:e5:e7:ad:25:2d:56:77:98:21:93:d8:70:d3:13:
                    ac:df:d7:c8:7b:dc:88:f6:09:43:63:21:a0:27:43:
                    30:67:0b:0b:e0:8c:1b:11:49:32:71:73:65:d5:69:
                    28:d5:ab:a2:3f:3e:b1:45:0b:e5:fe:1e:94:68:3c:
                    fe:4e:b8:3f:65:c0:b2:96:3f:60:62:34:11:65:b4:
                    a0:c1:e2:70:90:8d:33:29:5b:1e:29:91:50:2f:52:
                    ee:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:B1:32:42:BF:D8:FA:CB:D7:B3:96:6A:A1:35:5E:0A:60:4F:11:ED
            X509v3 Authority Key Identifier:
                keyid:B0:4D:17:56:53:FB:BD:E8:D9:89:D2:7E:38:27:BC:01:1E:02:0A:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sE0XVlP7vejZidJ-OCe8AR4CCgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/0db42a-c787-4f21-b4f6-a17c50f0985d/1/47EyQr_Y-svXs5ZqoTVeCmBPEe0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/0db42a-c787-4f21-b4f6-a17c50f0985d/1/sE0XVlP7vejZidJ-OCe8AR4CCgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:12:f6:6a:08:0a:bc:17:44:a9:46:d5:2a:0b:09:2b:63:4f:
         15:3e:fd:97:6c:1b:2b:ef:70:55:3e:81:a5:7d:9b:0b:3f:49:
         32:63:50:d2:93:8c:af:1d:0d:a6:83:85:6a:b3:1b:ef:e6:26:
         e4:0d:67:73:b0:52:21:d9:74:28:d7:d2:99:dc:bf:f4:62:2d:
         25:8a:5e:66:93:4c:98:c1:fb:7a:38:bd:65:f9:c1:fe:93:5d:
         a9:a5:b5:5e:86:6c:a4:67:4b:6e:b1:20:e1:cd:e0:c0:69:a5:
         14:21:b2:ef:03:92:e7:04:a6:9d:8c:fb:f0:bc:2a:0d:97:f6:
         57:e5:8b:69:04:4e:be:df:ed:8c:76:38:b0:7b:74:ea:a9:f4:
         f3:c1:ac:4b:0d:bc:0b:7d:01:c3:f0:13:4b:76:7e:ab:93:88:
         a7:e6:51:06:2e:00:a9:9e:b2:9c:0b:f7:be:05:6e:fc:1c:92:
         a0:1c:a7:a6:48:34:8f:1d:8b:72:0a:ea:53:82:39:2b:82:3e:
         bd:db:32:fb:1c:12:ad:6c:91:f2:ed:d5:11:30:e5:cf:82:3c:
         74:84:17:43:28:ef:94:e8:d6:53:74:e3:da:99:a4:32:6b:3e:
         0e:d1:57:2e:86:1b:4b:1f:48:f6:8b:26:b4:a2:3c:22:93:a3:
         0c:7f:c3:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkzUttZb5H4J6VE5W2fq4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNGQxNzU2NTNmYmJkZThkOTg5ZDI3ZTM4MjdiYzAxMWUw
MjBhMDEwHhcNMjQwMTAxMTAzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2IxMzI0MmJmZDhmYWNiZDdiMzk2NmFhMTM1NWUwYTYwNGYxMWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzmcHQj/U+ZfCzLND6+GMaFt3WIHi
q430RwIK6xQ8vKNVNMl/zIKGPUaiQxuBV15hoZAgiW8VMHtvO1SWI050zSz9YAy9
dCE8Jc9I7RYsx/vZ6D8KG65RCY4SIdnbcHBVqMnecpm4RY6xkCsR01MMzvB5EUMD
5oFmhcDnNGlBsFevhs++E1d0gVrigQioS+pHRCnWXQ0ulZ+W4o+F7SnFNOHd9PnU
5eetJS1Wd5ghk9hw0xOs39fIe9yI9glDYyGgJ0MwZwsL4IwbEUkycXNl1Wko1aui
Pz6xRQvl/h6UaDz+Trg/ZcCylj9gYjQRZbSgweJwkI0zKVseKZFQL1Lu1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOOxMkK/2PrL17OWaqE1XgpgTxHtMB8GA1UdIwQY
MBaAFLBNF1ZT+73o2YnSfjgnvAEeAgoBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0UwWFZsUDd2ZWpaaWRKLU9DZThBUjRDQ2dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8wZGI0MmEtYzc4Ny00ZjIxLWI0ZjYt
YTE3YzUwZjA5ODVkLzEvNDdFeVFyX1ktc3ZYczVacW9UVmVDbUJQRWUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8wZGI0MmEtYzc4Ny00ZjIxLWI0ZjYtYTE3YzUwZjA5ODVk
LzEvc0UwWFZsUDd2ZWpaaWRKLU9DZThBUjRDQ2dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9DAMA0G
CSqGSIb3DQEBCwUAA4IBAQCpEvZqCAq8F0SpRtUqCwkrY08VPv2XbBsr73BVPoGl
fZsLP0kyY1DSk4yvHQ2mg4Vqsxvv5ibkDWdzsFIh2XQo19KZ3L/0Yi0lil5mk0yY
wft6OL1l+cH+k12ppbVehmykZ0tusSDhzeDAaaUUIbLvA5LnBKadjPvwvCoNl/ZX
5YtpBE6+3+2Mdjiwe3TqqfTzwaxLDbwLfQHD8BNLdn6rk4in5lEGLgCpnrKcC/e+
BW78HJKgHKemSDSPHYtyCupTgjkrgj692zL7HBKtbJHy7dURMOXPgjx0hBdDKO+U
6NZTdOPamaQyaz4O0VcuhhtLH0j2iya0ojwik6MMf8OM
-----END CERTIFICATE-----