Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/cb5f21-b9df-40db-b566-3e3cd95a5c2e/1/DQKahXhBWBP4wD6iDJdBuXPQga4.roa
File:                     DQKahXhBWBP4wD6iDJdBuXPQga4.roa (raw, json)
Hash identifier:          5dyvtuB3FaA6hmNZYqHneniDnDPL8ZpAVVP0sjoGVPQ=
Subject key identifier:   0D:02:9A:85:78:41:58:13:F8:C0:3E:A2:0C:97:41:B9:73:D0:81:AE
Certificate issuer:       /CN=49ba079b7f0216a6f6673c971c2afadd5ae942ea
Certificate serial:       018CC26D6B842B96DF78CF0B285B1B5C7984
Authority key identifier: 49:BA:07:9B:7F:02:16:A6:F6:67:3C:97:1C:2A:FA:DD:5A:E9:42:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SboHm38CFqb2ZzyXHCr63VrpQuo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/cb5f21-b9df-40db-b566-3e3cd95a5c2e/1/DQKahXhBWBP4wD6iDJdBuXPQga4.roa
Signing time:             Mon 01 Jan 2024 00:29:59 +0000
ROA not before:           Mon 01 Jan 2024 00:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213139
IP address blocks:        91.218.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/cb5f21-b9df-40db-b566-3e3cd95a5c2e/1/SboHm38CFqb2ZzyXHCr63VrpQuo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/cb5f21-b9df-40db-b566-3e3cd95a5c2e/1/SboHm38CFqb2ZzyXHCr63VrpQuo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SboHm38CFqb2ZzyXHCr63VrpQuo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 14:36:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:6b:84:2b:96:df:78:cf:0b:28:5b:1b:5c:79:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49ba079b7f0216a6f6673c971c2afadd5ae942ea
        Validity
            Not Before: Jan  1 00:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d029a8578415813f8c03ea20c9741b973d081ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:3e:54:32:07:72:b1:f7:ad:9f:2e:db:46:b1:
                    5e:c7:83:e0:da:1e:e2:fd:c0:75:ff:49:14:a9:97:
                    94:8e:83:19:1c:0e:6c:b4:5a:c0:17:b9:f1:30:c9:
                    a4:9c:88:e3:fe:a2:86:d8:ae:3e:22:d5:a4:ff:d6:
                    53:45:e5:67:9c:b9:5a:a1:e5:5f:e3:71:7e:d2:bc:
                    58:39:59:01:10:9f:60:d7:e2:f1:66:ba:43:ea:ef:
                    ec:81:3e:2c:2a:94:cf:8d:d3:0a:f2:10:a3:24:ba:
                    be:76:e7:e0:a0:14:1d:db:8e:b2:4a:47:ff:12:a5:
                    0d:a1:4b:f6:4d:50:9e:b3:75:82:d1:c7:ba:11:f0:
                    7f:8c:b3:d7:bc:f0:b3:46:7c:21:d4:af:b0:19:3f:
                    b3:f4:5f:38:65:e1:a2:52:ed:67:9a:e8:ab:54:dd:
                    fc:ab:5a:da:68:45:73:bf:7a:42:10:61:94:12:4f:
                    96:99:6c:36:8e:88:fe:cc:32:b8:28:8f:c1:cf:5c:
                    4a:50:01:e2:9d:52:c6:6f:f7:a8:29:c1:d6:ad:1f:
                    6a:8f:8c:15:1c:ca:9a:af:c2:d7:21:b2:c0:14:c4:
                    53:e2:fe:6d:80:3d:65:a3:68:d2:0d:25:0c:17:19:
                    f1:bc:82:fb:c0:99:a2:6d:e9:10:2a:1c:d6:c7:db:
                    5e:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:02:9A:85:78:41:58:13:F8:C0:3E:A2:0C:97:41:B9:73:D0:81:AE
            X509v3 Authority Key Identifier:
                keyid:49:BA:07:9B:7F:02:16:A6:F6:67:3C:97:1C:2A:FA:DD:5A:E9:42:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SboHm38CFqb2ZzyXHCr63VrpQuo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/cb5f21-b9df-40db-b566-3e3cd95a5c2e/1/DQKahXhBWBP4wD6iDJdBuXPQga4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/cb5f21-b9df-40db-b566-3e3cd95a5c2e/1/SboHm38CFqb2ZzyXHCr63VrpQuo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.218.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:4a:63:c9:e9:4e:aa:e3:4b:3d:79:70:24:52:dc:81:04:c0:
         04:14:78:3a:f5:2a:80:3f:87:ab:09:9d:5d:b5:f2:51:ee:cf:
         c3:b5:e5:51:58:b4:43:f5:88:0f:da:e6:29:09:dc:b7:e5:85:
         25:01:b9:17:f1:d9:5f:45:4e:b9:a6:6c:bf:4a:f0:cb:37:1e:
         6e:2f:e0:b9:04:cc:73:f4:fc:4f:7d:eb:79:01:9c:33:91:b3:
         62:32:9c:be:35:0b:08:12:a7:ae:4e:fb:8f:20:f3:7b:ea:4e:
         08:5e:67:ba:bf:b6:24:c6:6a:18:99:b6:f1:12:25:aa:d5:a4:
         ab:a9:a4:06:41:1c:1d:ca:ce:62:62:9d:1e:59:2a:8f:b3:2d:
         d0:3c:d7:5f:0d:00:3b:25:7c:aa:98:18:2a:c3:f1:37:c1:f0:
         d5:9b:bc:4d:47:ae:5b:f8:60:93:c0:f2:76:11:98:56:2b:4f:
         e2:93:ef:41:e7:01:da:f0:ef:f7:4f:7d:d7:80:cc:3f:40:29:
         87:37:f0:b8:4b:16:26:61:fb:0a:a3:a5:3d:77:35:a9:46:38:
         c9:d5:c2:a3:8d:17:aa:6a:4d:b2:7e:6c:46:40:74:d1:00:04:
         b1:9b:86:7a:c8:71:df:58:03:e3:7f:26:eb:1c:8d:fb:8e:fa:
         81:bf:27:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWuEK5bfeM8LKFsbXHmEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5YmEwNzliN2YwMjE2YTZmNjY3M2M5NzFjMmFmYWRkNWFl
OTQyZWEwHhcNMjQwMTAxMDAyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDAyOWE4NTc4NDE1ODEzZjhjMDNlYTIwYzk3NDFiOTczZDA4MWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjj5UMgdysfetny7bRrFex4Pg2h7i
/cB1/0kUqZeUjoMZHA5stFrAF7nxMMmknIjj/qKG2K4+ItWk/9ZTReVnnLlaoeVf
43F+0rxYOVkBEJ9g1+LxZrpD6u/sgT4sKpTPjdMK8hCjJLq+dufgoBQd246ySkf/
EqUNoUv2TVCes3WC0ce6EfB/jLPXvPCzRnwh1K+wGT+z9F84ZeGiUu1nmuirVN38
q1raaEVzv3pCEGGUEk+WmWw2joj+zDK4KI/Bz1xKUAHinVLGb/eoKcHWrR9qj4wV
HMqar8LXIbLAFMRT4v5tgD1lo2jSDSUMFxnxvIL7wJmibekQKhzWx9teUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA0CmoV4QVgT+MA+ogyXQblz0IGuMB8GA1UdIwQY
MBaAFEm6B5t/Aham9mc8lxwq+t1a6ULqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2JvSG0zOENGcWIyWnp5WEhDcjYzVnJwUXVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9jYjVmMjEtYjlkZi00MGRiLWI1NjYt
M2UzY2Q5NWE1YzJlLzEvRFFLYWhYaEJXQlA0d0Q2aURKZEJ1WFBRZ2E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9jYjVmMjEtYjlkZi00MGRiLWI1NjYtM2UzY2Q5NWE1YzJl
LzEvU2JvSG0zOENGcWIyWnp5WEhDcjYzVnJwUXVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9o4MA0G
CSqGSIb3DQEBCwUAA4IBAQDCSmPJ6U6q40s9eXAkUtyBBMAEFHg69SqAP4erCZ1d
tfJR7s/DteVRWLRD9YgP2uYpCdy35YUlAbkX8dlfRU65pmy/SvDLNx5uL+C5BMxz
9PxPfet5AZwzkbNiMpy+NQsIEqeuTvuPIPN76k4IXme6v7YkxmoYmbbxEiWq1aSr
qaQGQRwdys5iYp0eWSqPsy3QPNdfDQA7JXyqmBgqw/E3wfDVm7xNR65b+GCTwPJ2
EZhWK0/ik+9B5wHa8O/3T33XgMw/QCmHN/C4SxYmYfsKo6U9dzWpRjjJ1cKjjReq
ak2yfmxGQHTRAASxm4Z6yHHfWAPjfybrHI37jvqBvydS
-----END CERTIFICATE-----