Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/d0a0a0-d25a-4746-9139-a71456df9997/1/1ge24mR_TVb7zcIxHzdx-BIhFag.roa
File:                     1ge24mR_TVb7zcIxHzdx-BIhFag.roa (raw, json)
Hash identifier:          /BfMNv7RiNI+LL5/3PlRpg9duDlKUF1+UFFYdpiqBCk=
Subject key identifier:   D6:07:B6:E2:64:7F:4D:56:FB:CD:C2:31:1F:37:71:F8:12:21:15:A8
Certificate issuer:       /CN=35135b81b6c1edd2f6f5bc1c608a5fc9fe926474
Certificate serial:       018CC5DC3CA1534694D746ADD34283A51AC6
Authority key identifier: 35:13:5B:81:B6:C1:ED:D2:F6:F5:BC:1C:60:8A:5F:C9:FE:92:64:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRNbgbbB7dL29bwcYIpfyf6SZHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/d0a0a0-d25a-4746-9139-a71456df9997/1/1ge24mR_TVb7zcIxHzdx-BIhFag.roa
Signing time:             Mon 01 Jan 2024 16:29:54 +0000
ROA not before:           Mon 01 Jan 2024 16:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51241
IP address blocks:        91.207.139.0/24 maxlen: 24
                          91.207.138.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/d0a0a0-d25a-4746-9139-a71456df9997/1/NRNbgbbB7dL29bwcYIpfyf6SZHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/d0a0a0-d25a-4746-9139-a71456df9997/1/NRNbgbbB7dL29bwcYIpfyf6SZHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRNbgbbB7dL29bwcYIpfyf6SZHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:3c:a1:53:46:94:d7:46:ad:d3:42:83:a5:1a:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35135b81b6c1edd2f6f5bc1c608a5fc9fe926474
        Validity
            Not Before: Jan  1 16:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d607b6e2647f4d56fbcdc2311f3771f8122115a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:a1:b2:78:e9:28:30:cf:79:ca:40:f9:fc:98:
                    84:01:f6:28:b6:d0:d9:2a:be:ac:fc:96:91:55:00:
                    20:90:6f:69:0c:ce:b7:fc:75:e2:48:24:54:77:94:
                    c0:b8:54:db:be:3f:2f:db:70:51:45:ad:24:d2:3b:
                    fc:4c:5a:86:72:0a:f8:81:8e:b1:1e:6e:09:71:c9:
                    2c:81:dc:9e:4d:9e:42:7d:8e:d8:99:c1:3b:9e:f2:
                    72:45:5b:47:4e:fc:fc:23:f7:e6:f8:d7:01:34:fb:
                    b2:ef:04:93:50:65:37:0d:b9:87:ff:cd:78:e0:34:
                    1a:d1:16:ba:0c:ec:08:91:0e:c3:fe:ce:f7:f0:bf:
                    d7:10:e6:c5:7d:3f:01:e4:b0:dd:76:5b:a6:9d:62:
                    05:7f:f9:ea:f4:87:4f:df:02:8a:4b:23:7a:77:2f:
                    2a:a2:37:a1:b1:5e:1f:df:56:5a:90:57:06:c8:a1:
                    93:21:da:33:90:82:fe:ec:ca:2b:d3:1c:ca:cd:f9:
                    1b:ac:d3:08:b9:b3:63:36:39:08:e1:18:ad:5e:d7:
                    e9:fc:bc:71:b4:ff:36:08:ab:7f:cb:d8:1a:c3:ca:
                    1e:ac:99:50:19:61:ca:a7:57:23:bb:07:00:28:b6:
                    9b:4c:be:55:04:20:61:38:b5:00:00:d0:99:51:5f:
                    89:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:07:B6:E2:64:7F:4D:56:FB:CD:C2:31:1F:37:71:F8:12:21:15:A8
            X509v3 Authority Key Identifier:
                keyid:35:13:5B:81:B6:C1:ED:D2:F6:F5:BC:1C:60:8A:5F:C9:FE:92:64:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRNbgbbB7dL29bwcYIpfyf6SZHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/d0a0a0-d25a-4746-9139-a71456df9997/1/1ge24mR_TVb7zcIxHzdx-BIhFag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/d0a0a0-d25a-4746-9139-a71456df9997/1/NRNbgbbB7dL29bwcYIpfyf6SZHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         e3:78:29:54:12:38:8b:47:84:30:7a:36:e8:9a:93:50:86:6d:
         c5:60:a1:d0:09:68:6c:e1:31:1a:c6:fa:6c:bd:06:3c:29:b9:
         f1:25:61:c4:eb:d4:6f:12:45:20:57:a6:9e:fd:d0:0d:d5:ac:
         ee:2a:0a:00:97:c9:65:7b:1c:af:c7:c3:d1:52:f7:35:bd:9c:
         e2:e8:4c:19:c6:7d:3a:67:3a:da:0c:66:fe:0b:17:01:4e:32:
         61:63:84:a6:0a:be:9e:88:40:b0:b6:22:cd:46:2f:18:7b:98:
         48:7a:38:a7:95:68:2f:74:8f:6c:b8:6a:a8:d9:18:6c:71:92:
         dc:ce:36:58:e0:9c:0e:00:5c:77:a4:95:37:a1:03:a9:9d:74:
         c0:06:45:b7:a1:56:9c:5e:4d:78:08:55:e6:94:44:ce:a2:78:
         09:4c:7c:47:27:f1:c1:7d:90:b3:61:81:4b:e9:0f:12:e8:2d:
         ab:e5:81:fd:b7:2c:53:5c:dc:40:46:79:4c:8a:b4:27:97:6f:
         09:85:e3:c3:90:8c:e2:84:0b:f8:ec:80:23:57:96:3b:8a:64:
         80:23:36:e9:72:f5:ff:68:ce:26:0b:0d:4f:0b:7b:ed:78:f0:
         20:00:d4:6d:fb:99:f6:b0:ce:2b:23:3b:fa:90:07:48:32:9c:
         99:3e:ba:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3DyhU0aU10at00KDpRrGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MTM1YjgxYjZjMWVkZDJmNmY1YmMxYzYwOGE1ZmM5ZmU5
MjY0NzQwHhcNMjQwMTAxMTYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjA3YjZlMjY0N2Y0ZDU2ZmJjZGMyMzExZjM3NzFmODEyMjExNWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjaGyeOkoMM95ykD5/JiEAfYottDZ
Kr6s/JaRVQAgkG9pDM63/HXiSCRUd5TAuFTbvj8v23BRRa0k0jv8TFqGcgr4gY6x
Hm4JccksgdyeTZ5CfY7YmcE7nvJyRVtHTvz8I/fm+NcBNPuy7wSTUGU3DbmH/814
4DQa0Ra6DOwIkQ7D/s738L/XEObFfT8B5LDddlumnWIFf/nq9IdP3wKKSyN6dy8q
ojehsV4f31ZakFcGyKGTIdozkIL+7Mor0xzKzfkbrNMIubNjNjkI4RitXtfp/Lxx
tP82CKt/y9gaw8oerJlQGWHKp1cjuwcAKLabTL5VBCBhOLUAANCZUV+JOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNYHtuJkf01W+83CMR83cfgSIRWoMB8GA1UdIwQY
MBaAFDUTW4G2we3S9vW8HGCKX8n+kmR0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJOYmdiYkI3ZEwyOWJ3Y1lJcGZ5ZjZTWkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9kMGEwYTAtZDI1YS00NzQ2LTkxMzkt
YTcxNDU2ZGY5OTk3LzEvMWdlMjRtUl9UVmI3emNJeEh6ZHgtQkloRmFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9kMGEwYTAtZDI1YS00NzQ2LTkxMzktYTcxNDU2ZGY5OTk3
LzEvTlJOYmdiYkI3ZEwyOWJ3Y1lJcGZ5ZjZTWkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8+KMA0G
CSqGSIb3DQEBCwUAA4IBAQDjeClUEjiLR4QwejbompNQhm3FYKHQCWhs4TEaxvps
vQY8KbnxJWHE69RvEkUgV6ae/dAN1azuKgoAl8llexyvx8PRUvc1vZzi6EwZxn06
ZzraDGb+CxcBTjJhY4SmCr6eiECwtiLNRi8Ye5hIejinlWgvdI9suGqo2RhscZLc
zjZY4JwOAFx3pJU3oQOpnXTABkW3oVacXk14CFXmlETOongJTHxHJ/HBfZCzYYFL
6Q8S6C2r5YH9tyxTXNxARnlMirQnl28JhePDkIzihAv47IAjV5Y7imSAIzbpcvX/
aM4mCw1PC3vtePAgANRt+5n2sM4rIzv6kAdIMpyZProQ
-----END CERTIFICATE-----