Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/47bc76-974e-4018-94fd-7f46c8c68e7e/1/q-XPVtlEE1fDh9tPBIsuCKJ7kms.roa
File:                     q-XPVtlEE1fDh9tPBIsuCKJ7kms.roa (raw, json)
Hash identifier:          srgYHjKFFM2GxfptZDqIY+Uj7WO/DvPRlCIfLg8PblU=
Subject key identifier:   AB:E5:CF:56:D9:44:13:57:C3:87:DB:4F:04:8B:2E:08:A2:7B:92:6B
Certificate issuer:       /CN=32545768f47c35785eebad7a3438a4b1c4f8dc30
Certificate serial:       018CC64B71B8A115096874FC9ACBCA271410
Authority key identifier: 32:54:57:68:F4:7C:35:78:5E:EB:AD:7A:34:38:A4:B1:C4:F8:DC:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MlRXaPR8NXhe6616NDikscT43DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/47bc76-974e-4018-94fd-7f46c8c68e7e/1/q-XPVtlEE1fDh9tPBIsuCKJ7kms.roa
Signing time:             Mon 01 Jan 2024 18:31:22 +0000
ROA not before:           Mon 01 Jan 2024 18:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47770
IP address blocks:        91.208.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/47bc76-974e-4018-94fd-7f46c8c68e7e/1/MlRXaPR8NXhe6616NDikscT43DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/47bc76-974e-4018-94fd-7f46c8c68e7e/1/MlRXaPR8NXhe6616NDikscT43DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MlRXaPR8NXhe6616NDikscT43DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:71:b8:a1:15:09:68:74:fc:9a:cb:ca:27:14:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32545768f47c35785eebad7a3438a4b1c4f8dc30
        Validity
            Not Before: Jan  1 18:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abe5cf56d9441357c387db4f048b2e08a27b926b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:91:c7:6d:af:02:af:6e:42:43:32:b0:1b:96:
                    e9:93:d0:1c:b2:be:fa:1a:1c:88:5b:89:ab:88:c4:
                    26:5c:8c:99:50:55:37:8f:b5:11:94:c0:a9:da:22:
                    bc:58:08:1d:f0:14:46:48:61:83:c0:f5:62:0f:eb:
                    77:29:58:5e:62:b8:cb:b2:06:af:ee:82:a7:3d:e0:
                    ac:43:ad:71:d5:61:ce:3a:82:f3:d1:36:68:ed:ea:
                    57:87:b1:c5:b8:30:85:30:d1:ad:da:78:07:12:35:
                    9c:4b:73:82:2b:6d:54:73:41:b4:3e:4f:6a:3e:4b:
                    e7:2e:df:1c:45:b3:04:26:89:1d:5a:2e:59:19:77:
                    53:5c:85:48:d6:f3:8c:f6:0c:d9:a6:89:c6:2f:e1:
                    70:05:20:6a:3b:d6:c3:f8:e2:30:d5:1d:97:70:05:
                    0b:9a:e5:09:2d:da:b8:f8:e0:a9:a4:19:5d:c8:98:
                    28:9e:30:99:70:82:d4:c6:cc:88:9d:54:97:44:f3:
                    f2:9a:e3:5a:40:62:3c:60:d1:ee:d9:cd:02:be:2a:
                    16:a7:ae:91:a0:11:0b:2c:4c:83:3d:25:a1:01:f3:
                    35:75:68:67:fc:20:0e:26:18:18:ed:39:14:6b:30:
                    79:2e:7d:b7:3a:1a:f7:8d:03:d0:a9:cc:49:22:20:
                    c1:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:E5:CF:56:D9:44:13:57:C3:87:DB:4F:04:8B:2E:08:A2:7B:92:6B
            X509v3 Authority Key Identifier:
                keyid:32:54:57:68:F4:7C:35:78:5E:EB:AD:7A:34:38:A4:B1:C4:F8:DC:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MlRXaPR8NXhe6616NDikscT43DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/47bc76-974e-4018-94fd-7f46c8c68e7e/1/q-XPVtlEE1fDh9tPBIsuCKJ7kms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/47bc76-974e-4018-94fd-7f46c8c68e7e/1/MlRXaPR8NXhe6616NDikscT43DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:bf:86:ce:ea:81:05:cc:2b:4d:91:62:36:c0:33:b1:e9:16:
         63:ea:c7:16:b5:9a:8a:82:8f:9c:da:7d:eb:d0:8e:8c:98:3d:
         bd:b0:c8:12:81:94:74:78:f9:6a:3f:e6:14:80:c5:17:2b:02:
         ac:b0:88:d4:0c:24:63:6b:1f:46:99:07:e0:58:47:97:77:e2:
         49:fc:71:9f:0f:d7:d9:83:13:90:5a:cc:7f:a4:f8:46:08:8e:
         c3:61:63:48:f8:c6:1a:15:a8:8c:40:9e:1b:bf:5b:f4:df:eb:
         28:42:41:67:01:f0:c9:2e:9e:fe:9d:ac:46:10:65:28:20:e7:
         fd:ed:e9:fa:e2:b4:a8:56:d4:f5:17:0f:8c:42:bd:ca:95:1a:
         04:cb:c6:bc:55:d4:81:a1:72:92:c3:d6:8e:55:61:b0:01:ad:
         07:9c:28:e5:b2:ee:1c:e6:81:38:f7:4b:b8:a7:56:af:0a:f0:
         54:d1:a4:ad:95:43:8d:7d:cc:f5:86:45:55:2d:7a:64:d9:e3:
         2c:10:6c:57:08:df:7c:e4:5a:a2:64:8b:1d:2c:db:ea:f3:a2:
         bb:c3:d9:85:e6:94:8a:4f:f6:6f:62:4a:f1:6c:03:dc:89:db:
         65:41:38:aa:4a:46:f3:81:67:c8:36:ae:b7:8e:40:29:01:dc:
         ea:06:9f:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS3G4oRUJaHT8msvKJxQQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNTQ1NzY4ZjQ3YzM1Nzg1ZWViYWQ3YTM0MzhhNGIxYzRm
OGRjMzAwHhcNMjQwMTAxMTgzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmU1Y2Y1NmQ5NDQxMzU3YzM4N2RiNGYwNDhiMmUwOGEyN2I5MjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZHHba8Cr25CQzKwG5bpk9Acsr76
GhyIW4mriMQmXIyZUFU3j7URlMCp2iK8WAgd8BRGSGGDwPViD+t3KVheYrjLsgav
7oKnPeCsQ61x1WHOOoLz0TZo7epXh7HFuDCFMNGt2ngHEjWcS3OCK21Uc0G0Pk9q
PkvnLt8cRbMEJokdWi5ZGXdTXIVI1vOM9gzZponGL+FwBSBqO9bD+OIw1R2XcAUL
muUJLdq4+OCppBldyJgonjCZcILUxsyInVSXRPPymuNaQGI8YNHu2c0CvioWp66R
oBELLEyDPSWhAfM1dWhn/CAOJhgY7TkUazB5Ln23Ohr3jQPQqcxJIiDBzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKvlz1bZRBNXw4fbTwSLLgiie5JrMB8GA1UdIwQY
MBaAFDJUV2j0fDV4XuutejQ4pLHE+NwwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWxSWGFQUjhOWGhlNjYxNk5EaWtzY1Q0M0RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi80N2JjNzYtOTc0ZS00MDE4LTk0ZmQt
N2Y0NmM4YzY4ZTdlLzEvcS1YUFZ0bEVFMWZEaDl0UEJJc3VDS0o3a21zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi80N2JjNzYtOTc0ZS00MDE4LTk0ZmQtN2Y0NmM4YzY4ZTdl
LzEvTWxSWGFQUjhOWGhlNjYxNk5EaWtzY1Q0M0RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9CBMA0G
CSqGSIb3DQEBCwUAA4IBAQAav4bO6oEFzCtNkWI2wDOx6RZj6scWtZqKgo+c2n3r
0I6MmD29sMgSgZR0ePlqP+YUgMUXKwKssIjUDCRjax9GmQfgWEeXd+JJ/HGfD9fZ
gxOQWsx/pPhGCI7DYWNI+MYaFaiMQJ4bv1v03+soQkFnAfDJLp7+naxGEGUoIOf9
7en64rSoVtT1Fw+MQr3KlRoEy8a8VdSBoXKSw9aOVWGwAa0HnCjlsu4c5oE490u4
p1avCvBU0aStlUONfcz1hkVVLXpk2eMsEGxXCN985FqiZIsdLNvq86K7w9mF5pSK
T/ZvYkrxbAPcidtlQTiqSkbzgWfINq63jkApAdzqBp9S
-----END CERTIFICATE-----