Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/51KQkCaUPs-I-X30INoIC6uT1Uw.roa
File:                     51KQkCaUPs-I-X30INoIC6uT1Uw.roa (raw, json)
Hash identifier:          WT/IcnC3YSzCt69cFFFhMJNh5YPCr+HbBLq3szk/8ak=
Subject key identifier:   E7:52:90:90:26:94:3E:CF:88:F9:7D:F4:20:DA:08:0B:AB:93:D5:4C
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       01909FE5788FDF75F19D91C969EA16BD441F
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/51KQkCaUPs-I-X30INoIC6uT1Uw.roa
Signing time:             Thu 11 Jul 2024 03:45:34 +0000
ROA not before:           Thu 11 Jul 2024 03:45:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        188.191.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9f:e5:78:8f:df:75:f1:9d:91:c9:69:ea:16:bd:44:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Jul 11 03:45:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e752909026943ecf88f97df420da080bab93d54c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:da:ab:7d:52:35:37:91:9b:e3:c4:37:6f:b3:
                    9a:9f:e6:08:32:bc:09:5d:76:1c:60:6a:4e:5e:b2:
                    e5:08:c1:fa:47:c6:8a:24:07:cd:3f:66:35:c9:64:
                    54:64:51:3e:35:17:69:71:be:2c:e9:7b:63:3b:a9:
                    92:5f:9f:f4:fd:24:84:ad:c4:f8:4f:92:d4:b0:60:
                    89:4c:80:ae:76:c9:4a:96:b9:b3:03:76:92:22:80:
                    cc:d4:ac:70:ed:90:b3:c7:b2:83:02:cb:f9:aa:cc:
                    70:3a:8c:4b:2e:19:91:60:0a:59:3e:c8:6c:87:42:
                    b4:eb:f1:b6:e8:32:3c:7e:32:ab:d4:70:fe:84:76:
                    87:7d:27:6f:4d:08:aa:5e:0b:97:3c:9a:c4:f1:d4:
                    37:27:6f:e4:cb:af:1c:29:77:80:87:5d:0a:22:3a:
                    80:9e:bd:33:10:5a:74:9f:76:36:45:75:9b:c1:23:
                    7e:16:c6:5b:52:81:c7:ac:27:e4:bc:b9:19:36:ab:
                    31:0b:2f:b1:a4:32:fd:8b:25:28:81:23:a0:9f:77:
                    d5:0a:3f:b8:b8:e4:2d:b1:98:16:5e:96:64:4d:c6:
                    11:d0:3e:b2:dd:3a:2a:c9:66:f5:a0:5b:cd:46:da:
                    4d:9b:2d:ae:45:10:f8:e1:11:d0:c0:cd:72:38:3f:
                    f2:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:52:90:90:26:94:3E:CF:88:F9:7D:F4:20:DA:08:0B:AB:93:D5:4C
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/51KQkCaUPs-I-X30INoIC6uT1Uw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.191.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:09:8a:b8:07:93:2a:53:38:fd:94:50:f7:16:8b:5c:91:09:
         f5:8c:77:ad:5d:93:0c:68:e4:e7:e7:3f:b6:7d:05:59:5b:bb:
         6b:45:cb:9a:7b:f7:fe:6e:66:e2:20:aa:41:da:69:5d:a9:5f:
         63:84:39:5e:02:20:a8:ef:8e:e1:d5:4a:29:82:ee:c7:7f:97:
         1d:60:a0:4e:94:2d:fd:82:f2:af:fd:2c:e2:42:53:78:bb:e3:
         24:85:72:92:ad:d1:f2:4e:80:3b:f7:a0:3f:68:24:3d:3b:1f:
         c3:e1:b0:2b:b4:8b:c2:97:7e:f9:46:a8:f7:f8:44:4b:80:29:
         a3:25:e4:d0:e4:1d:f0:60:48:41:37:79:36:03:97:72:5a:bf:
         01:b8:f2:c8:7c:09:79:da:55:61:97:6c:ad:08:81:c2:1b:b0:
         a4:98:0f:c5:5e:e4:ad:ae:9e:65:ef:71:fe:ce:89:ed:b7:72:
         ec:36:87:15:fa:8a:df:3c:97:75:20:a2:1c:4f:ef:1c:3c:6e:
         c6:2e:d2:53:79:5a:6e:bf:90:8c:9f:51:1a:da:3d:e3:ee:1a:
         d8:e1:4e:00:d3:60:50:1d:45:81:22:70:db:aa:a8:56:01:ee:
         80:75:5b:94:8f:be:87:5a:5e:65:67:85:c8:26:48:b2:74:77:
         eb:0f:fc:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCf5XiP33XxnZHJaeoWvUQfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjQwNzExMDM0NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzUyOTA5MDI2OTQzZWNmODhmOTdkZjQyMGRhMDgwYmFiOTNkNTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtqrfVI1N5Gb48Q3b7Oan+YIMrwJ
XXYcYGpOXrLlCMH6R8aKJAfNP2Y1yWRUZFE+NRdpcb4s6XtjO6mSX5/0/SSErcT4
T5LUsGCJTICudslKlrmzA3aSIoDM1Kxw7ZCzx7KDAsv5qsxwOoxLLhmRYApZPshs
h0K06/G26DI8fjKr1HD+hHaHfSdvTQiqXguXPJrE8dQ3J2/ky68cKXeAh10KIjqA
nr0zEFp0n3Y2RXWbwSN+FsZbUoHHrCfkvLkZNqsxCy+xpDL9iyUogSOgn3fVCj+4
uOQtsZgWXpZkTcYR0D6y3ToqyWb1oFvNRtpNmy2uRRD44RHQwM1yOD/ynQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOdSkJAmlD7PiPl99CDaCAurk9VMMB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvNTFLUWtDYVVQcy1JLVgzMElOb0lDNnVUMVV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvL9hMA0G
CSqGSIb3DQEBCwUAA4IBAQCMCYq4B5MqUzj9lFD3FotckQn1jHetXZMMaOTn5z+2
fQVZW7trRcuae/f+bmbiIKpB2mldqV9jhDleAiCo747h1Uopgu7Hf5cdYKBOlC39
gvKv/SziQlN4u+MkhXKSrdHyToA796A/aCQ9Ox/D4bArtIvCl375Rqj3+ERLgCmj
JeTQ5B3wYEhBN3k2A5dyWr8BuPLIfAl52lVhl2ytCIHCG7CkmA/FXuStrp5l73H+
zontt3LsNocV+orfPJd1IKIcT+8cPG7GLtJTeVpuv5CMn1Ea2j3j7hrY4U4A02BQ
HUWBInDbqqhWAe6AdVuUj76HWl5lZ4XIJkiydHfrD/xV
-----END CERTIFICATE-----