Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/a6aeff-9b9a-4c18-9474-2272b4dbaa62/1/Kn7IdnJqodb8Rc8NeEQeCN4hPzM.roa
File:                     Kn7IdnJqodb8Rc8NeEQeCN4hPzM.roa (raw, json)
Hash identifier:          urR6YuVc3QUJIx0ybZOHv3/W5NbahK6U276JYeYVviA=
Subject key identifier:   2A:7E:C8:76:72:6A:A1:D6:FC:45:CF:0D:78:44:1E:08:DE:21:3F:33
Certificate issuer:       /CN=e12cfc7da8fa74a16dd38c17c20a0192cbb2d3fe
Certificate serial:       018CC2DB4455A3571D9A4E4CF6C8B33E34E1
Authority key identifier: E1:2C:FC:7D:A8:FA:74:A1:6D:D3:8C:17:C2:0A:01:92:CB:B2:D3:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Sz8faj6dKFt04wXwgoBksuy0_4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/a6aeff-9b9a-4c18-9474-2272b4dbaa62/1/Kn7IdnJqodb8Rc8NeEQeCN4hPzM.roa
Signing time:             Mon 01 Jan 2024 02:29:58 +0000
ROA not before:           Mon 01 Jan 2024 02:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56750
IP address blocks:        91.227.90.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/a6aeff-9b9a-4c18-9474-2272b4dbaa62/1/4Sz8faj6dKFt04wXwgoBksuy0_4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/a6aeff-9b9a-4c18-9474-2272b4dbaa62/1/4Sz8faj6dKFt04wXwgoBksuy0_4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4Sz8faj6dKFt04wXwgoBksuy0_4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 04:03:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:44:55:a3:57:1d:9a:4e:4c:f6:c8:b3:3e:34:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e12cfc7da8fa74a16dd38c17c20a0192cbb2d3fe
        Validity
            Not Before: Jan  1 02:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a7ec876726aa1d6fc45cf0d78441e08de213f33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:f8:22:7a:27:53:ab:05:45:4e:f5:fe:10:f7:
                    c1:46:59:f3:c1:c1:46:e8:06:a3:55:53:82:c1:27:
                    4f:21:d9:71:d4:c1:f5:23:b9:33:fd:d5:76:32:ac:
                    21:1c:f9:3e:c3:5b:50:f6:94:af:12:fa:3f:63:0b:
                    af:85:9e:1b:f9:29:5b:2d:85:40:a3:19:49:2b:97:
                    4d:e9:41:be:99:e1:28:53:b2:ed:4b:76:15:b6:7c:
                    03:38:56:19:61:cd:9b:06:7d:d2:e2:0d:b2:93:97:
                    96:dd:b7:c7:e1:68:a1:7d:0e:e9:24:db:87:61:09:
                    4c:6d:02:b8:eb:c6:78:4a:cc:3d:62:bc:98:92:d8:
                    3e:e3:65:b5:5e:1c:46:20:6a:5f:61:84:d7:cf:b7:
                    e0:a5:62:48:04:2e:da:df:36:71:e1:77:ee:5b:e1:
                    6b:b4:9a:80:a4:61:d3:c9:c0:dd:d9:fe:59:51:b9:
                    74:e6:16:e7:50:d8:6f:3b:61:24:af:f0:95:2a:4b:
                    d9:e1:bf:b8:44:cd:07:61:1e:d0:8a:14:81:14:8c:
                    40:a8:27:a5:ae:3d:b7:1d:ac:1b:e1:a8:ba:95:9a:
                    1d:50:9e:66:6b:70:fb:15:09:e3:c1:d9:29:63:58:
                    02:3f:ef:62:50:5b:8a:dc:09:79:8b:f0:f2:0d:75:
                    6e:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:7E:C8:76:72:6A:A1:D6:FC:45:CF:0D:78:44:1E:08:DE:21:3F:33
            X509v3 Authority Key Identifier:
                keyid:E1:2C:FC:7D:A8:FA:74:A1:6D:D3:8C:17:C2:0A:01:92:CB:B2:D3:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Sz8faj6dKFt04wXwgoBksuy0_4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/a6aeff-9b9a-4c18-9474-2272b4dbaa62/1/Kn7IdnJqodb8Rc8NeEQeCN4hPzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/a6aeff-9b9a-4c18-9474-2272b4dbaa62/1/4Sz8faj6dKFt04wXwgoBksuy0_4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:5e:3f:9e:68:8f:84:d0:00:d0:1d:96:8b:a2:9d:82:ae:6e:
         0f:f7:03:f7:25:de:88:3d:a9:25:de:96:54:ea:9e:1c:75:0c:
         59:37:2b:ef:37:38:d4:5a:9c:77:3a:12:ea:06:f9:3f:6b:47:
         95:03:38:f0:c7:84:a2:8d:c9:83:f4:78:66:2d:79:57:9f:7e:
         0c:8c:1d:be:59:99:e4:50:ab:6a:ef:de:86:d8:34:a3:95:a7:
         24:ac:b2:f0:00:10:df:92:7a:cb:5f:ee:f7:65:9f:33:cf:3e:
         c5:1a:e2:c8:c4:18:a2:45:69:31:32:e3:7c:23:24:9f:af:aa:
         d4:6d:9d:44:ba:43:91:81:1c:1f:39:8c:fd:e5:6f:10:2b:77:
         a8:f8:94:b2:85:33:b8:a7:1a:4e:fa:d1:3b:f3:97:31:ba:8d:
         18:81:37:9b:6d:d2:e7:6b:a1:5d:85:28:56:06:30:61:80:ec:
         51:42:57:6b:9a:15:c1:8b:32:72:9a:5e:e8:a9:59:ae:c3:8b:
         d1:fb:09:ab:3d:15:fc:fe:3d:b2:98:b3:30:d1:dd:50:04:c9:
         14:d0:dd:66:4e:6e:5b:58:f1:84:bc:6a:7a:d4:47:bd:51:81:
         17:97:93:77:b8:bd:e0:89:c5:a8:c2:4a:1b:ea:7d:e3:11:06:
         02:78:30:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC20RVo1cdmk5M9sizPjThMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMmNmYzdkYThmYTc0YTE2ZGQzOGMxN2MyMGEwMTkyY2Ji
MmQzZmUwHhcNMjQwMTAxMDIyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTdlYzg3NjcyNmFhMWQ2ZmM0NWNmMGQ3ODQ0MWUwOGRlMjEzZjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPgieidTqwVFTvX+EPfBRlnzwcFG
6AajVVOCwSdPIdlx1MH1I7kz/dV2MqwhHPk+w1tQ9pSvEvo/YwuvhZ4b+SlbLYVA
oxlJK5dN6UG+meEoU7LtS3YVtnwDOFYZYc2bBn3S4g2yk5eW3bfH4WihfQ7pJNuH
YQlMbQK468Z4Ssw9YryYktg+42W1XhxGIGpfYYTXz7fgpWJIBC7a3zZx4XfuW+Fr
tJqApGHTycDd2f5ZUbl05hbnUNhvO2Ekr/CVKkvZ4b+4RM0HYR7QihSBFIxAqCel
rj23Hawb4ai6lZodUJ5ma3D7FQnjwdkpY1gCP+9iUFuK3Al5i/DyDXVucwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCp+yHZyaqHW/EXPDXhEHgjeIT8zMB8GA1UdIwQY
MBaAFOEs/H2o+nShbdOMF8IKAZLLstP+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFN6OGZhajZkS0Z0MDR3WHdnb0Jrc3V5MF80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC9hNmFlZmYtOWI5YS00YzE4LTk0NzQt
MjI3MmI0ZGJhYTYyLzEvS243SWRuSnFvZGI4UmM4TmVFUWVDTjRoUHpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC9hNmFlZmYtOWI5YS00YzE4LTk0NzQtMjI3MmI0ZGJhYTYy
LzEvNFN6OGZhajZkS0Z0MDR3WHdnb0Jrc3V5MF80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+NaMA0G
CSqGSIb3DQEBCwUAA4IBAQAJXj+eaI+E0ADQHZaLop2Crm4P9wP3Jd6IPakl3pZU
6p4cdQxZNyvvNzjUWpx3OhLqBvk/a0eVAzjwx4SijcmD9HhmLXlXn34MjB2+WZnk
UKtq796G2DSjlackrLLwABDfknrLX+73ZZ8zzz7FGuLIxBiiRWkxMuN8IySfr6rU
bZ1EukORgRwfOYz95W8QK3eo+JSyhTO4pxpO+tE785cxuo0YgTebbdLna6FdhShW
BjBhgOxRQldrmhXBizJyml7oqVmuw4vR+wmrPRX8/j2ymLMw0d1QBMkU0N1mTm5b
WPGEvGp61Ee9UYEXl5N3uL3gicWowkob6n3jEQYCeDCz
-----END CERTIFICATE-----