Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/642eb2-3fb9-4f0e-baf4-8cd79527e530/1/jh2etG6Py_8bJ3cbraw4GHYOiic.roa
File:                     jh2etG6Py_8bJ3cbraw4GHYOiic.roa (raw, json)
Hash identifier:          S9Saw8dFVjXOjcCUQ1ioZXzZlYipv5GePVZZsuLnpKI=
Subject key identifier:   8E:1D:9E:B4:6E:8F:CB:FF:1B:27:77:1B:AD:AC:38:18:76:0E:8A:27
Certificate issuer:       /CN=b8951c8514b7dd21b333abb33caca3c4dae9d709
Certificate serial:       018E1808CDDBDD53885D5F476A31A5F71A9A
Authority key identifier: B8:95:1C:85:14:B7:DD:21:B3:33:AB:B3:3C:AC:A3:C4:DA:E9:D7:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uJUchRS33SGzM6uzPKyjxNrp1wk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/642eb2-3fb9-4f0e-baf4-8cd79527e530/1/jh2etG6Py_8bJ3cbraw4GHYOiic.roa
Signing time:             Thu 07 Mar 2024 08:30:13 +0000
ROA not before:           Thu 07 Mar 2024 08:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28685
IP address blocks:        91.221.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/642eb2-3fb9-4f0e-baf4-8cd79527e530/1/uJUchRS33SGzM6uzPKyjxNrp1wk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/642eb2-3fb9-4f0e-baf4-8cd79527e530/1/uJUchRS33SGzM6uzPKyjxNrp1wk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uJUchRS33SGzM6uzPKyjxNrp1wk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 05:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:18:08:cd:db:dd:53:88:5d:5f:47:6a:31:a5:f7:1a:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8951c8514b7dd21b333abb33caca3c4dae9d709
        Validity
            Not Before: Mar  7 08:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e1d9eb46e8fcbff1b27771badac3818760e8a27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:6c:5e:7a:5e:ca:fa:34:ba:1b:3b:a4:a9:21:
                    95:2c:7c:e7:98:06:3c:42:67:6f:17:04:d7:bb:5c:
                    1a:d3:05:4e:7d:7b:fe:57:fb:0c:1c:7d:c1:60:14:
                    8a:b9:52:b4:9e:26:52:c4:18:a3:ba:7a:63:e9:ac:
                    84:fb:bd:d1:6e:78:97:a4:ae:e8:4d:cb:f0:78:e9:
                    98:b9:c8:62:9f:b7:f3:97:a4:b2:5b:db:99:89:f5:
                    8a:5b:6e:e8:a9:7b:bf:c5:b1:5b:5c:1f:66:43:34:
                    91:47:6b:60:b0:8b:fd:05:be:63:d3:e3:fd:1c:e2:
                    b5:a4:6e:c7:40:19:a3:f5:fc:ce:cf:53:16:b2:d5:
                    81:1a:a5:74:b5:04:b4:cf:36:4f:3d:2d:b6:9f:ed:
                    cb:3f:2f:f4:36:7f:e7:dc:d6:db:bc:53:73:27:4c:
                    61:59:01:30:84:80:f8:4f:f9:a8:3a:65:74:46:d9:
                    bf:42:55:cd:59:5e:e3:25:54:4e:1e:88:36:10:80:
                    ed:76:a6:0f:82:44:3f:04:a7:68:2e:fd:d3:94:0a:
                    3e:f4:cf:d9:03:5f:22:11:ff:e7:ea:74:ac:92:57:
                    63:9b:91:f9:7a:2a:51:13:e5:8a:fe:fb:13:fb:b8:
                    1d:b2:68:ab:c4:9a:80:83:6f:5f:2b:e4:66:2a:c6:
                    f8:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:1D:9E:B4:6E:8F:CB:FF:1B:27:77:1B:AD:AC:38:18:76:0E:8A:27
            X509v3 Authority Key Identifier:
                keyid:B8:95:1C:85:14:B7:DD:21:B3:33:AB:B3:3C:AC:A3:C4:DA:E9:D7:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uJUchRS33SGzM6uzPKyjxNrp1wk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/642eb2-3fb9-4f0e-baf4-8cd79527e530/1/jh2etG6Py_8bJ3cbraw4GHYOiic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/642eb2-3fb9-4f0e-baf4-8cd79527e530/1/uJUchRS33SGzM6uzPKyjxNrp1wk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:03:46:f5:59:72:90:bb:e6:22:bf:61:ec:d4:c6:70:f4:f4:
         5e:1e:91:7d:cf:2e:b2:91:3e:3d:1f:0d:7c:10:e8:e4:82:27:
         7c:c7:89:f6:05:d6:df:ce:37:ed:0f:0f:e0:83:d0:cb:87:ed:
         7a:71:cd:ca:5b:bb:dd:27:0e:f7:c3:9d:da:1d:b8:2f:57:e5:
         e7:b0:da:ce:de:14:df:ac:7f:30:08:ca:5d:32:1f:b0:d1:1d:
         98:6e:95:56:e3:88:2b:96:da:26:db:a4:bf:5d:07:89:82:27:
         da:42:92:cc:8e:dc:f7:03:0d:79:59:b5:57:ba:f2:f7:16:61:
         2c:26:c9:b8:b1:41:03:4e:e1:f5:b0:6c:0f:3f:61:7c:86:48:
         09:79:fd:12:59:55:52:ce:68:4a:d7:a7:31:78:0f:03:d9:b7:
         b1:4f:9e:a8:d6:bc:51:f8:e4:a2:9b:03:d9:1f:a2:c8:12:88:
         9a:31:1c:7c:3d:bc:4b:36:5d:1c:62:8e:9c:98:be:86:5f:88:
         18:e9:00:1a:02:64:9d:12:ba:e1:9b:7b:fc:14:13:09:40:7d:
         5f:ce:be:2f:29:5d:45:27:bc:b3:63:1f:7b:dc:18:eb:ac:11:
         96:88:54:5e:46:a0:46:42:1a:89:95:b6:94:98:de:04:ef:5e:
         87:1d:af:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4YCM3b3VOIXV9HajGl9xqaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4OTUxYzg1MTRiN2RkMjFiMzMzYWJiMzNjYWNhM2M0ZGFl
OWQ3MDkwHhcNMjQwMzA3MDgzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTFkOWViNDZlOGZjYmZmMWIyNzc3MWJhZGFjMzgxODc2MGU4YTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2xeel7K+jS6GzukqSGVLHznmAY8
QmdvFwTXu1wa0wVOfXv+V/sMHH3BYBSKuVK0niZSxBijunpj6ayE+73RbniXpK7o
TcvweOmYuchin7fzl6SyW9uZifWKW27oqXu/xbFbXB9mQzSRR2tgsIv9Bb5j0+P9
HOK1pG7HQBmj9fzOz1MWstWBGqV0tQS0zzZPPS22n+3LPy/0Nn/n3NbbvFNzJ0xh
WQEwhID4T/moOmV0Rtm/QlXNWV7jJVROHog2EIDtdqYPgkQ/BKdoLv3TlAo+9M/Z
A18iEf/n6nSskldjm5H5eipRE+WK/vsT+7gdsmirxJqAg29fK+RmKsb4PwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI4dnrRuj8v/Gyd3G62sOBh2DoonMB8GA1UdIwQY
MBaAFLiVHIUUt90hszOrszyso8Ta6dcJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUpVY2hSUzMzU0d6TTZ1elBLeWp4TnJwMXdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS82NDJlYjItM2ZiOS00ZjBlLWJhZjQt
OGNkNzk1MjdlNTMwLzEvamgyZXRHNlB5XzhiSjNjYnJhdzRHSFlPaWljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS82NDJlYjItM2ZiOS00ZjBlLWJhZjQtOGNkNzk1MjdlNTMw
LzEvdUpVY2hSUzMzU0d6TTZ1elBLeWp4TnJwMXdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW92hMA0G
CSqGSIb3DQEBCwUAA4IBAQCBA0b1WXKQu+Yiv2Hs1MZw9PReHpF9zy6ykT49Hw18
EOjkgid8x4n2BdbfzjftDw/gg9DLh+16cc3KW7vdJw73w53aHbgvV+XnsNrO3hTf
rH8wCMpdMh+w0R2YbpVW44grltom26S/XQeJgifaQpLMjtz3Aw15WbVXuvL3FmEs
Jsm4sUEDTuH1sGwPP2F8hkgJef0SWVVSzmhK16cxeA8D2bexT56o1rxR+OSimwPZ
H6LIEoiaMRx8PbxLNl0cYo6cmL6GX4gY6QAaAmSdErrhm3v8FBMJQH1fzr4vKV1F
J7yzYx973BjrrBGWiFReRqBGQhqJlbaUmN4E716HHa+q
-----END CERTIFICATE-----