Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/4daee0-84e2-41e9-9643-d54955643cd9/1/dh2m9udZplSYWI4ck9mh49rhFBQ.roa
File:                     dh2m9udZplSYWI4ck9mh49rhFBQ.roa (raw, json)
Hash identifier:          gU1r13OkA09j+8Ulc+4kYftdQmoTvIgrP9ZW5HfM3Fw=
Subject key identifier:   76:1D:A6:F6:E7:59:A6:54:98:58:8E:1C:93:D9:A1:E3:DA:E1:14:14
Certificate issuer:       /CN=1e7b2e243f8aa954597932bcdcd9af6560dce516
Certificate serial:       018CC2DB2B628B460AD00A8AC34347BE3281
Authority key identifier: 1E:7B:2E:24:3F:8A:A9:54:59:79:32:BC:DC:D9:AF:65:60:DC:E5:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HnsuJD-KqVRZeTK83NmvZWDc5RY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/4daee0-84e2-41e9-9643-d54955643cd9/1/dh2m9udZplSYWI4ck9mh49rhFBQ.roa
Signing time:             Mon 01 Jan 2024 02:29:52 +0000
ROA not before:           Mon 01 Jan 2024 02:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47817
IP address blocks:        91.208.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/4daee0-84e2-41e9-9643-d54955643cd9/1/HnsuJD-KqVRZeTK83NmvZWDc5RY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/4daee0-84e2-41e9-9643-d54955643cd9/1/HnsuJD-KqVRZeTK83NmvZWDc5RY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HnsuJD-KqVRZeTK83NmvZWDc5RY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 10:02:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:2b:62:8b:46:0a:d0:0a:8a:c3:43:47:be:32:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e7b2e243f8aa954597932bcdcd9af6560dce516
        Validity
            Not Before: Jan  1 02:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=761da6f6e759a65498588e1c93d9a1e3dae11414
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:7e:dd:7d:70:6c:67:2c:e5:44:de:a0:2d:ca:
                    47:2f:11:57:72:c4:05:14:9f:5a:16:7e:b6:48:65:
                    db:ef:fe:ec:5b:ce:3d:30:0f:db:98:06:5d:65:c0:
                    ae:ed:10:67:95:ce:52:7b:e8:85:20:ed:1a:49:79:
                    84:cf:d5:5d:9c:39:59:fc:65:86:5e:5f:68:95:a4:
                    ab:70:6a:9f:15:18:05:04:5c:0a:e4:44:d9:f7:40:
                    61:0a:8c:44:c4:a8:ae:a2:1a:eb:ea:6e:62:1a:67:
                    98:ab:37:35:dc:ae:78:f7:c1:ba:a2:9f:ae:b8:86:
                    54:c3:5f:49:f4:d6:7d:6e:2f:c0:5f:db:6f:e3:1a:
                    ed:5f:c4:7b:de:aa:95:57:8f:97:18:12:08:9a:f3:
                    f1:77:55:37:d0:a0:17:8d:ab:52:3d:48:2c:00:19:
                    b2:c7:62:6d:3f:06:14:a3:d7:89:13:49:b3:f1:14:
                    ed:f9:c1:ea:48:37:52:17:86:1c:a2:ae:f0:08:74:
                    94:64:e2:bf:e7:54:9a:b5:f3:3d:80:4c:ba:78:34:
                    d0:9d:a0:65:39:f6:ba:8d:2d:ac:a2:a1:96:4e:33:
                    ca:ed:e7:ad:5c:03:71:03:28:b4:0d:8c:fb:79:dc:
                    9d:0c:0a:1f:cf:2a:73:19:ac:dd:e6:b6:1d:c5:5a:
                    ec:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:1D:A6:F6:E7:59:A6:54:98:58:8E:1C:93:D9:A1:E3:DA:E1:14:14
            X509v3 Authority Key Identifier:
                keyid:1E:7B:2E:24:3F:8A:A9:54:59:79:32:BC:DC:D9:AF:65:60:DC:E5:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HnsuJD-KqVRZeTK83NmvZWDc5RY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/4daee0-84e2-41e9-9643-d54955643cd9/1/dh2m9udZplSYWI4ck9mh49rhFBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/4daee0-84e2-41e9-9643-d54955643cd9/1/HnsuJD-KqVRZeTK83NmvZWDc5RY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:11:8c:85:d2:76:51:b2:fd:43:38:7a:13:45:4d:4b:21:ef:
         59:9e:a8:87:8b:e9:6a:45:c0:08:b4:7c:5e:4b:42:a8:0a:b5:
         50:ee:4f:2e:28:06:96:3b:0d:05:72:8a:8d:61:74:c4:fe:1a:
         28:23:1b:3e:c3:a3:90:ea:0c:2a:56:61:f7:1f:1f:02:3a:97:
         07:f8:9c:ff:ee:13:e3:51:66:8f:c9:dd:af:22:cf:49:1e:55:
         40:03:90:84:58:4b:0c:7d:a3:67:41:7d:77:fa:02:b7:7d:b2:
         1e:e2:4f:a4:3e:f5:9e:75:52:97:76:c8:f6:41:d8:db:fb:72:
         1e:f4:c8:1a:d8:4c:63:be:87:e6:5b:d3:42:d3:e8:d4:50:de:
         34:97:76:fb:48:f7:33:bb:91:b8:2b:85:9e:3c:10:c8:d3:36:
         9a:e3:3b:20:3d:97:83:44:bb:82:2c:2e:0f:ee:30:f8:fe:f0:
         76:5a:c1:a6:29:d3:7b:35:2e:d6:4e:9c:98:af:b4:4a:52:b5:
         28:e2:9f:94:35:53:59:e6:84:88:5c:93:14:87:66:39:19:42:
         26:6b:03:fc:62:f2:b8:53:2d:c6:92:2c:87:bf:51:2b:bb:55:
         2f:76:f1:7a:05:c0:59:1a:3e:cb:17:c0:a3:83:a7:cf:85:a7:
         fb:fd:3d:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2ytii0YK0AqKw0NHvjKBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlN2IyZTI0M2Y4YWE5NTQ1OTc5MzJiY2RjZDlhZjY1NjBk
Y2U1MTYwHhcNMjQwMTAxMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjFkYTZmNmU3NTlhNjU0OTg1ODhlMWM5M2Q5YTFlM2RhZTExNDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArH7dfXBsZyzlRN6gLcpHLxFXcsQF
FJ9aFn62SGXb7/7sW849MA/bmAZdZcCu7RBnlc5Se+iFIO0aSXmEz9VdnDlZ/GWG
Xl9olaSrcGqfFRgFBFwK5ETZ90BhCoxExKiuohrr6m5iGmeYqzc13K5498G6op+u
uIZUw19J9NZ9bi/AX9tv4xrtX8R73qqVV4+XGBIImvPxd1U30KAXjatSPUgsABmy
x2JtPwYUo9eJE0mz8RTt+cHqSDdSF4Ycoq7wCHSUZOK/51SatfM9gEy6eDTQnaBl
Ofa6jS2soqGWTjPK7eetXANxAyi0DYz7edydDAofzypzGazd5rYdxVrsKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHYdpvbnWaZUmFiOHJPZoePa4RQUMB8GA1UdIwQY
MBaAFB57LiQ/iqlUWXkyvNzZr2Vg3OUWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSG5zdUpELUtxVlJaZVRLODNObXZaV0RjNVJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC80ZGFlZTAtODRlMi00MWU5LTk2NDMt
ZDU0OTU1NjQzY2Q5LzEvZGgybTl1ZFpwbFNZV0k0Y2s5bWg0OXJoRkJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC80ZGFlZTAtODRlMi00MWU5LTk2NDMtZDU0OTU1NjQzY2Q5
LzEvSG5zdUpELUtxVlJaZVRLODNObXZaV0RjNVJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9ClMA0G
CSqGSIb3DQEBCwUAA4IBAQBTEYyF0nZRsv1DOHoTRU1LIe9ZnqiHi+lqRcAItHxe
S0KoCrVQ7k8uKAaWOw0FcoqNYXTE/hooIxs+w6OQ6gwqVmH3Hx8COpcH+Jz/7hPj
UWaPyd2vIs9JHlVAA5CEWEsMfaNnQX13+gK3fbIe4k+kPvWedVKXdsj2Qdjb+3Ie
9Mga2ExjvofmW9NC0+jUUN40l3b7SPczu5G4K4WePBDI0zaa4zsgPZeDRLuCLC4P
7jD4/vB2WsGmKdN7NS7WTpyYr7RKUrUo4p+UNVNZ5oSIXJMUh2Y5GUImawP8YvK4
Uy3GkiyHv1Eru1UvdvF6BcBZGj7LF8Cjg6fPhaf7/T0J
-----END CERTIFICATE-----