Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/e346e4-5831-40cf-a4dc-42fb3677df77/1/hPr-ey4ENirvfhFImPuWS6XJA2g.roa
File:                     hPr-ey4ENirvfhFImPuWS6XJA2g.roa (raw, json)
Hash identifier:          gwbP7yGWsCH5yjikmx+vFERPpUg/w+AMGMamIj3LUH0=
Subject key identifier:   84:FA:FE:7B:2E:04:36:2A:EF:7E:11:48:98:FB:96:4B:A5:C9:03:68
Certificate issuer:       /CN=391e994a95012d92fb51a28c8a650ed9f97737b8
Certificate serial:       018CC94C04F93DB63A07392EBEB5E072BC5C
Authority key identifier: 39:1E:99:4A:95:01:2D:92:FB:51:A2:8C:8A:65:0E:D9:F9:77:37:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OR6ZSpUBLZL7UaKMimUO2fl3N7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/e346e4-5831-40cf-a4dc-42fb3677df77/1/hPr-ey4ENirvfhFImPuWS6XJA2g.roa
Signing time:             Tue 02 Jan 2024 08:30:51 +0000
ROA not before:           Tue 02 Jan 2024 08:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56792
IP address blocks:        91.227.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/e346e4-5831-40cf-a4dc-42fb3677df77/1/OR6ZSpUBLZL7UaKMimUO2fl3N7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/e346e4-5831-40cf-a4dc-42fb3677df77/1/OR6ZSpUBLZL7UaKMimUO2fl3N7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OR6ZSpUBLZL7UaKMimUO2fl3N7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:04:f9:3d:b6:3a:07:39:2e:be:b5:e0:72:bc:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=391e994a95012d92fb51a28c8a650ed9f97737b8
        Validity
            Not Before: Jan  2 08:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84fafe7b2e04362aef7e114898fb964ba5c90368
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:49:fd:fb:85:83:49:ad:9f:67:f7:c0:ac:ce:
                    47:7a:03:2f:f8:7d:22:bc:2e:cf:4c:15:1d:25:3f:
                    8a:b9:6c:0a:fd:ac:28:71:61:3e:06:bf:85:e3:98:
                    1e:42:fb:9b:0c:87:4e:83:f4:7c:32:bb:23:23:f9:
                    8c:2e:ad:98:36:f4:25:4c:f6:18:86:ca:68:1b:39:
                    f5:4d:3c:cd:5e:e9:8a:d9:22:97:74:cc:fe:64:8f:
                    cf:a5:fb:bd:e0:8f:3c:92:93:e7:1a:46:25:9d:81:
                    f1:ae:18:9b:f7:6f:18:3b:8b:fe:e6:f2:a1:1c:36:
                    92:2b:c1:da:4a:f7:93:77:27:ce:61:d4:3e:dc:54:
                    05:10:5f:45:e6:d9:44:09:bd:78:28:7d:a4:8d:a6:
                    a5:a4:9d:54:51:2d:51:20:dc:64:f0:85:1c:9c:0d:
                    40:ef:38:96:b7:29:d0:b2:8e:bc:b8:46:5b:a7:b3:
                    cb:d0:94:25:e6:93:49:23:89:37:e7:6e:e9:ef:b6:
                    61:5e:35:80:0d:f1:52:ff:36:0b:ef:20:d6:03:c1:
                    d6:c3:27:db:98:b3:2b:a9:73:1d:52:25:b1:56:10:
                    33:ec:42:46:20:92:da:67:e1:94:3e:8a:50:1a:33:
                    e9:4b:30:3e:bc:d3:9c:22:cb:6d:6f:4e:53:83:2b:
                    4a:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:FA:FE:7B:2E:04:36:2A:EF:7E:11:48:98:FB:96:4B:A5:C9:03:68
            X509v3 Authority Key Identifier:
                keyid:39:1E:99:4A:95:01:2D:92:FB:51:A2:8C:8A:65:0E:D9:F9:77:37:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OR6ZSpUBLZL7UaKMimUO2fl3N7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/e346e4-5831-40cf-a4dc-42fb3677df77/1/hPr-ey4ENirvfhFImPuWS6XJA2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/e346e4-5831-40cf-a4dc-42fb3677df77/1/OR6ZSpUBLZL7UaKMimUO2fl3N7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:7b:08:7d:65:ea:d7:ec:a1:1e:91:15:00:82:78:e2:06:a7:
         65:55:23:9f:ca:ba:65:76:ad:43:29:1c:29:a5:b0:23:dc:95:
         21:3d:d4:32:22:75:9a:4c:c3:62:5d:47:d2:2d:b1:c4:59:6a:
         76:8a:29:5c:d0:fb:bf:7c:86:13:00:58:6a:3d:c2:66:cc:c4:
         11:2c:87:9c:5b:8b:f1:8c:7a:6f:1e:7b:1c:4d:39:fb:9c:89:
         bf:19:c6:10:88:83:36:88:cc:dc:67:3a:af:f2:6c:35:e5:41:
         93:db:7e:42:c4:96:31:37:fd:2d:01:82:dd:4d:05:3d:fd:89:
         b4:43:53:4e:d4:4b:64:50:d4:1b:8d:4e:80:95:99:8c:ee:41:
         0b:7a:24:ab:49:eb:2b:88:61:2f:11:b0:da:34:d4:29:f5:3b:
         7f:da:99:6f:c5:f7:24:12:a1:5d:bf:11:6d:e7:ab:d4:3d:29:
         c3:a1:fc:7c:1f:13:65:e1:0c:78:ec:2b:cc:05:09:33:b2:01:
         b6:54:6f:9f:b3:dd:2c:71:d8:35:08:b9:8c:36:96:0b:5d:ac:
         e3:81:08:0d:a4:3a:c7:e3:3d:ba:6c:0e:9d:7a:84:cb:f0:b3:
         d2:fe:4d:19:ac:59:a1:fe:81:06:aa:b5:c4:ee:7a:37:97:ae:
         40:06:7e:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTAT5PbY6BzkuvrXgcrxcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MWU5OTRhOTUwMTJkOTJmYjUxYTI4YzhhNjUwZWQ5Zjk3
NzM3YjgwHhcNMjQwMTAyMDgzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGZhZmU3YjJlMDQzNjJhZWY3ZTExNDg5OGZiOTY0YmE1YzkwMzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3En9+4WDSa2fZ/fArM5HegMv+H0i
vC7PTBUdJT+KuWwK/awocWE+Br+F45geQvubDIdOg/R8MrsjI/mMLq2YNvQlTPYY
hspoGzn1TTzNXumK2SKXdMz+ZI/Ppfu94I88kpPnGkYlnYHxrhib928YO4v+5vKh
HDaSK8HaSveTdyfOYdQ+3FQFEF9F5tlECb14KH2kjaalpJ1UUS1RINxk8IUcnA1A
7ziWtynQso68uEZbp7PL0JQl5pNJI4k3527p77ZhXjWADfFS/zYL7yDWA8HWwyfb
mLMrqXMdUiWxVhAz7EJGIJLaZ+GUPopQGjPpSzA+vNOcIsttb05TgytKxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIT6/nsuBDYq734RSJj7lkulyQNoMB8GA1UdIwQY
MBaAFDkemUqVAS2S+1GijIplDtn5dze4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1I2WlNwVUJMWkw3VWFLTWltVU8yZmwzTjdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9lMzQ2ZTQtNTgzMS00MGNmLWE0ZGMt
NDJmYjM2NzdkZjc3LzEvaFByLWV5NEVOaXJ2ZmhGSW1QdVdTNlhKQTJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9lMzQ2ZTQtNTgzMS00MGNmLWE0ZGMtNDJmYjM2NzdkZjc3
LzEvT1I2WlNwVUJMWkw3VWFLTWltVU8yZmwzTjdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+O5MA0G
CSqGSIb3DQEBCwUAA4IBAQA8ewh9ZerX7KEekRUAgnjiBqdlVSOfyrpldq1DKRwp
pbAj3JUhPdQyInWaTMNiXUfSLbHEWWp2iilc0Pu/fIYTAFhqPcJmzMQRLIecW4vx
jHpvHnscTTn7nIm/GcYQiIM2iMzcZzqv8mw15UGT235CxJYxN/0tAYLdTQU9/Ym0
Q1NO1EtkUNQbjU6AlZmM7kELeiSrSesriGEvEbDaNNQp9Tt/2plvxfckEqFdvxFt
56vUPSnDofx8HxNl4Qx47CvMBQkzsgG2VG+fs90scdg1CLmMNpYLXazjgQgNpDrH
4z26bA6deoTL8LPS/k0ZrFmh/oEGqrXE7no3l65ABn4v
-----END CERTIFICATE-----