Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/e7d974-e258-41fe-880a-4ec2d94e2ede/1/1-WxU2Fll4aOk0uPMD8YAoArLi_o.roa
File:                     1-WxU2Fll4aOk0uPMD8YAoArLi_o.roa (raw, json)
Hash identifier:          qhk6XibwjXQBl/En6C5zENgB3Mlos77+kupCzOjfO9c=
Subject key identifier:   F9:6C:54:D8:59:65:E1:A3:A4:D2:E3:CC:0F:C6:00:A0:0A:CB:8B:FA
Certificate issuer:       /CN=e7c3ab96b74c2ac4f04ae62ab7e82cdf1988ed40
Certificate serial:       018CC6B91C42104460489A8BB3F8F3AC3DD3
Authority key identifier: E7:C3:AB:96:B7:4C:2A:C4:F0:4A:E6:2A:B7:E8:2C:DF:19:88:ED:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/58OrlrdMKsTwSuYqt-gs3xmI7UA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/e7d974-e258-41fe-880a-4ec2d94e2ede/1/1-WxU2Fll4aOk0uPMD8YAoArLi_o.roa
Signing time:             Mon 01 Jan 2024 20:31:09 +0000
ROA not before:           Mon 01 Jan 2024 20:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212552
IP address blocks:        91.228.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/e7d974-e258-41fe-880a-4ec2d94e2ede/1/58OrlrdMKsTwSuYqt-gs3xmI7UA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/e7d974-e258-41fe-880a-4ec2d94e2ede/1/58OrlrdMKsTwSuYqt-gs3xmI7UA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/58OrlrdMKsTwSuYqt-gs3xmI7UA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 19:02:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:1c:42:10:44:60:48:9a:8b:b3:f8:f3:ac:3d:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7c3ab96b74c2ac4f04ae62ab7e82cdf1988ed40
        Validity
            Not Before: Jan  1 20:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f96c54d85965e1a3a4d2e3cc0fc600a00acb8bfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:10:cc:0a:f1:8b:a7:9d:27:4e:51:9e:71:e9:
                    29:0d:4c:4f:18:33:6c:52:2c:3d:d2:92:2e:da:db:
                    73:0f:d7:b7:60:50:25:1b:67:97:42:c6:77:f1:24:
                    07:5f:83:dd:cc:e3:22:36:95:cb:0d:3c:13:aa:12:
                    67:69:47:a3:5e:e5:b9:2d:a7:5a:04:17:0c:dc:46:
                    90:cd:05:18:75:d4:1d:e9:d1:8d:94:4b:58:65:1d:
                    c7:49:38:78:43:19:1b:c0:8d:2c:8c:fa:3e:46:eb:
                    d3:60:d6:99:16:b6:00:53:50:eb:49:13:46:75:d7:
                    76:3b:e6:fc:44:f7:10:45:0f:89:18:09:13:7a:b7:
                    66:5a:84:12:cb:7d:0c:c2:20:25:b1:67:d5:4e:db:
                    c6:4b:7a:ba:96:89:85:c6:40:e5:05:9f:ab:20:43:
                    78:15:b5:e3:84:a3:f3:04:19:a9:57:a0:af:b2:2c:
                    4b:dd:8b:f6:1c:91:16:de:76:66:7f:98:60:70:6e:
                    f7:08:cb:ee:15:63:9c:ba:d0:6a:63:ca:51:06:89:
                    71:46:45:dd:7c:8d:d3:e8:59:a1:05:b4:64:ec:d9:
                    5a:a7:db:12:2b:89:d4:d2:13:ce:e0:64:83:73:14:
                    60:cd:e5:7f:46:b5:1e:31:3a:13:1f:22:34:c9:da:
                    58:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:6C:54:D8:59:65:E1:A3:A4:D2:E3:CC:0F:C6:00:A0:0A:CB:8B:FA
            X509v3 Authority Key Identifier:
                keyid:E7:C3:AB:96:B7:4C:2A:C4:F0:4A:E6:2A:B7:E8:2C:DF:19:88:ED:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/58OrlrdMKsTwSuYqt-gs3xmI7UA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/e7d974-e258-41fe-880a-4ec2d94e2ede/1/1-WxU2Fll4aOk0uPMD8YAoArLi_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/e7d974-e258-41fe-880a-4ec2d94e2ede/1/58OrlrdMKsTwSuYqt-gs3xmI7UA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:e7:67:db:e0:81:d9:e9:a0:67:93:d0:79:ff:f5:73:bb:71:
         28:cc:68:78:bf:83:aa:67:9c:99:0b:cc:cb:33:a0:af:40:04:
         02:01:f1:a9:66:73:d2:59:75:59:aa:0a:03:a1:ca:ad:d9:75:
         84:0e:51:ad:e2:b9:d9:60:e1:1f:bc:9e:a7:4d:1c:8f:b8:f4:
         72:95:d9:3d:09:6b:49:b9:c2:94:91:e4:c0:ad:6d:d3:f7:f2:
         24:78:77:92:82:b0:a0:68:98:4d:47:10:11:4f:fa:89:5e:2f:
         77:b5:e6:2e:3d:65:c3:bf:d0:73:50:fc:fa:50:08:9d:00:c4:
         2f:f5:aa:1f:1c:06:b2:44:ab:64:45:37:d8:03:d1:6b:31:80:
         b7:2f:c4:7e:7f:5c:c0:99:44:7c:a3:70:c7:97:19:de:bd:ae:
         9d:fd:1d:6f:59:dd:a0:5a:6a:47:05:66:36:73:94:6c:0e:80:
         f1:dc:53:35:8f:ed:0e:88:e7:4f:17:f8:c8:c9:8d:1b:22:36:
         a4:81:ca:d9:dd:4a:de:84:b8:63:c2:a2:a5:ad:e0:f6:d6:75:
         5e:70:ea:26:f8:28:41:f7:f2:12:4c:a5:99:e8:0f:39:14:db:
         9f:a9:4d:37:57:6c:fc:bf:df:79:76:13:5b:7f:b5:be:41:4b:
         38:66:45:23
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGuRxCEERgSJqLs/jzrD3TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3YzNhYjk2Yjc0YzJhYzRmMDRhZTYyYWI3ZTgyY2RmMTk4
OGVkNDAwHhcNMjQwMTAxMjAzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTZjNTRkODU5NjVlMWEzYTRkMmUzY2MwZmM2MDBhMDBhY2I4YmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBDMCvGLp50nTlGecekpDUxPGDNs
Uiw90pIu2ttzD9e3YFAlG2eXQsZ38SQHX4PdzOMiNpXLDTwTqhJnaUejXuW5Lada
BBcM3EaQzQUYddQd6dGNlEtYZR3HSTh4QxkbwI0sjPo+RuvTYNaZFrYAU1DrSRNG
ddd2O+b8RPcQRQ+JGAkTerdmWoQSy30MwiAlsWfVTtvGS3q6lomFxkDlBZ+rIEN4
FbXjhKPzBBmpV6CvsixL3Yv2HJEW3nZmf5hgcG73CMvuFWOcutBqY8pRBolxRkXd
fI3T6FmhBbRk7Nlap9sSK4nU0hPO4GSDcxRgzeV/RrUeMToTHyI0ydpYjwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPlsVNhZZeGjpNLjzA/GAKAKy4v6MB8GA1UdIwQY
MBaAFOfDq5a3TCrE8ErmKrfoLN8ZiO1AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNThPcmxyZE1Lc1R3U3VZcXQtZ3MzeG1JN1VBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9lN2Q5NzQtZTI1OC00MWZlLTg4MGEt
NGVjMmQ5NGUyZWRlLzEvMS1XeFUyRmxsNGFPazB1UE1EOFlBb0FyTGlfby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWQvZTdkOTc0LWUyNTgtNDFmZS04ODBhLTRlYzJkOTRlMmVk
ZS8xLzU4T3JscmRNS3NUd1N1WXF0LWdzM3htSTdVQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvkujAN
BgkqhkiG9w0BAQsFAAOCAQEAW+dn2+CB2emgZ5PQef/1c7txKMxoeL+DqmecmQvM
yzOgr0AEAgHxqWZz0ll1WaoKA6HKrdl1hA5RreK52WDhH7yep00cj7j0cpXZPQlr
SbnClJHkwK1t0/fyJHh3koKwoGiYTUcQEU/6iV4vd7XmLj1lw7/Qc1D8+lAInQDE
L/WqHxwGskSrZEU32APRazGAty/Efn9cwJlEfKNwx5cZ3r2unf0db1ndoFpqRwVm
NnOUbA6A8dxTNY/tDojnTxf4yMmNGyI2pIHK2d1K3oS4Y8Kipa3g9tZ1XnDqJvgo
QffyEkylmegPORTbn6lNN1ds/L/feXYTW3+1vkFLOGZFIw==
-----END CERTIFICATE-----