Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/4UiPWNujawkpa-mggPLUDntkXX0.roa
File:                     4UiPWNujawkpa-mggPLUDntkXX0.roa (raw, json)
Hash identifier:          RJlxNgr9E9K/9ant3oPvIelITMoNFS0PqNcjsHY5K7A=
Subject key identifier:   E1:48:8F:58:DB:A3:6B:09:29:6B:E9:A0:80:F2:D4:0E:7B:64:5D:7D
Certificate issuer:       /CN=b03c302c2f52277e3d0ab6842f68aa5f8d0d7787
Certificate serial:       018CC87137E3A1618A051235706CB76AFF87
Authority key identifier: B0:3C:30:2C:2F:52:27:7E:3D:0A:B6:84:2F:68:AA:5F:8D:0D:77:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sDwwLC9SJ349CraEL2iqX40Nd4c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/4UiPWNujawkpa-mggPLUDntkXX0.roa
Signing time:             Tue 02 Jan 2024 04:31:52 +0000
ROA not before:           Tue 02 Jan 2024 04:31:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62232
IP address blocks:        91.250.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/sDwwLC9SJ349CraEL2iqX40Nd4c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/sDwwLC9SJ349CraEL2iqX40Nd4c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sDwwLC9SJ349CraEL2iqX40Nd4c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:37:e3:a1:61:8a:05:12:35:70:6c:b7:6a:ff:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b03c302c2f52277e3d0ab6842f68aa5f8d0d7787
        Validity
            Not Before: Jan  2 04:31:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1488f58dba36b09296be9a080f2d40e7b645d7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:3a:6c:f7:72:25:96:b1:d3:d3:df:2a:6e:c2:
                    f6:3b:3d:bb:9e:e2:29:e5:3c:f3:13:93:7c:af:a6:
                    58:37:fd:51:67:6f:4a:5b:42:f4:27:26:da:f6:84:
                    9d:4e:18:8d:28:5f:fb:3c:be:07:e3:d3:7d:9d:8b:
                    6e:96:4f:ac:9f:ae:03:b0:aa:fb:d4:ae:fd:f6:e7:
                    64:c1:1c:cb:d4:91:70:d7:b8:29:8a:be:d1:93:51:
                    20:67:2d:35:ef:0e:67:1f:e8:93:4e:b9:09:46:1d:
                    fa:a2:4a:19:57:2c:77:99:56:51:2f:32:4a:fb:80:
                    e7:29:3f:0d:db:44:9c:bc:ba:31:81:4a:1d:e4:86:
                    81:ef:ec:80:9c:b9:78:e7:1f:b0:b5:9d:c4:a5:ed:
                    ff:b3:4e:48:9e:50:95:70:01:15:cd:68:1b:69:41:
                    30:5c:8d:e4:61:e2:fb:08:30:a5:46:7f:bd:41:93:
                    3e:b3:ad:f7:48:8d:a7:0f:61:83:58:6b:c9:9e:ad:
                    71:67:42:46:5d:8b:13:11:56:41:bc:5b:a9:81:83:
                    22:bd:80:75:8b:f0:d6:08:8b:61:eb:d7:02:e7:81:
                    e8:b9:f9:be:f7:bb:99:b6:8b:f0:61:3b:cb:14:bb:
                    39:26:29:8a:78:32:63:22:b2:34:50:5d:84:36:54:
                    f1:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:48:8F:58:DB:A3:6B:09:29:6B:E9:A0:80:F2:D4:0E:7B:64:5D:7D
            X509v3 Authority Key Identifier:
                keyid:B0:3C:30:2C:2F:52:27:7E:3D:0A:B6:84:2F:68:AA:5F:8D:0D:77:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sDwwLC9SJ349CraEL2iqX40Nd4c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/4UiPWNujawkpa-mggPLUDntkXX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/sDwwLC9SJ349CraEL2iqX40Nd4c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.250.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:3e:f8:cd:7a:02:23:e5:3b:f7:18:5e:26:92:72:92:3a:47:
         d8:cb:e6:ca:1a:0d:0e:37:db:d7:36:4e:71:86:d3:03:3a:d1:
         33:2f:c8:7e:7c:da:9b:aa:02:5e:dd:1b:60:11:0b:5b:76:39:
         63:3b:10:c0:4f:c5:d0:ca:f1:f5:87:b5:66:a8:f4:8a:17:a7:
         35:7b:f8:bd:2f:58:2d:16:98:a9:98:05:0b:ae:1a:c2:9d:92:
         66:c4:b8:a9:0b:4f:92:ef:90:c7:0d:85:b6:c9:ed:9d:83:50:
         61:10:e1:7b:3d:7d:ba:24:cb:56:81:4a:8d:6f:87:67:03:c5:
         03:4a:1f:a5:d7:41:74:86:47:0a:84:00:ae:2f:1c:ea:9a:67:
         22:9f:70:5a:d6:0f:be:f7:8b:30:15:38:62:57:77:5a:39:f3:
         80:7a:ba:9e:16:2f:f7:64:18:4b:91:2a:e3:d9:b6:24:10:b7:
         30:d0:2d:5f:0e:9c:ad:fc:3c:3c:25:a6:82:c6:2f:7a:b7:50:
         8e:7c:3f:2d:77:8a:41:b6:b0:8c:1f:7c:ac:c0:01:11:e3:a2:
         bd:d8:c1:ed:08:85:ce:13:4a:eb:0f:07:39:16:6a:c1:dc:2c:
         fe:49:1b:7c:2e:55:2e:29:6d:22:85:32:dc:f5:59:dc:30:ae:
         dc:7c:78:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcTfjoWGKBRI1cGy3av+HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwM2MzMDJjMmY1MjI3N2UzZDBhYjY4NDJmNjhhYTVmOGQw
ZDc3ODcwHhcNMjQwMTAyMDQzMTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTQ4OGY1OGRiYTM2YjA5Mjk2YmU5YTA4MGYyZDQwZTdiNjQ1ZDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAijps93IllrHT098qbsL2Oz27nuIp
5TzzE5N8r6ZYN/1RZ29KW0L0Jyba9oSdThiNKF/7PL4H49N9nYtulk+sn64DsKr7
1K799udkwRzL1JFw17gpir7Rk1EgZy017w5nH+iTTrkJRh36okoZVyx3mVZRLzJK
+4DnKT8N20ScvLoxgUod5IaB7+yAnLl45x+wtZ3Epe3/s05InlCVcAEVzWgbaUEw
XI3kYeL7CDClRn+9QZM+s633SI2nD2GDWGvJnq1xZ0JGXYsTEVZBvFupgYMivYB1
i/DWCIth69cC54Houfm+97uZtovwYTvLFLs5JimKeDJjIrI0UF2ENlTxCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFIj1jbo2sJKWvpoIDy1A57ZF19MB8GA1UdIwQY
MBaAFLA8MCwvUid+PQq2hC9oql+NDXeHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0R3d0xDOVNKMzQ5Q3JhRUwyaXFYNDBOZDRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9hMmVjOWMtOWQ3Ni00ZTk0LTllM2Et
NmY3MDI0YzNhYWQ3LzEvNFVpUFdOdWphd2twYS1tZ2dQTFVEbnRrWFgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9hMmVjOWMtOWQ3Ni00ZTk0LTllM2EtNmY3MDI0YzNhYWQ3
LzEvc0R3d0xDOVNKMzQ5Q3JhRUwyaXFYNDBOZDRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/r1MA0G
CSqGSIb3DQEBCwUAA4IBAQBzPvjNegIj5Tv3GF4mknKSOkfYy+bKGg0ON9vXNk5x
htMDOtEzL8h+fNqbqgJe3RtgEQtbdjljOxDAT8XQyvH1h7VmqPSKF6c1e/i9L1gt
FpipmAULrhrCnZJmxLipC0+S75DHDYW2ye2dg1BhEOF7PX26JMtWgUqNb4dnA8UD
Sh+l10F0hkcKhACuLxzqmmcin3Ba1g++94swFThiV3daOfOAerqeFi/3ZBhLkSrj
2bYkELcw0C1fDpyt/Dw8JaaCxi96t1COfD8td4pBtrCMH3yswAER46K92MHtCIXO
E0rrDwc5FmrB3Cz+SRt8LlUuKW0ihTLc9VncMK7cfHh2
-----END CERTIFICATE-----