Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/02f9bb-6e6a-478a-bac8-5911fe63af79/1/AKERlgInC3XwY2cWyudXMewgdRc.roa
File:                     AKERlgInC3XwY2cWyudXMewgdRc.roa (raw, json)
Hash identifier:          lACuj9VNEgdF9ASFMxXPB3OBBuMlNh0U/k6Ud8+/r3Q=
Subject key identifier:   00:A1:11:96:02:27:0B:75:F0:63:67:16:CA:E7:57:31:EC:20:75:17
Certificate issuer:       /CN=4de4f96771d91f87c21be9f00d120327f5bbf2ea
Certificate serial:       018CC5DCFE68AD5A6CCCC7BAA802F3879233
Authority key identifier: 4D:E4:F9:67:71:D9:1F:87:C2:1B:E9:F0:0D:12:03:27:F5:BB:F2:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TeT5Z3HZH4fCG-nwDRIDJ_W78uo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/02f9bb-6e6a-478a-bac8-5911fe63af79/1/AKERlgInC3XwY2cWyudXMewgdRc.roa
Signing time:             Mon 01 Jan 2024 16:30:43 +0000
ROA not before:           Mon 01 Jan 2024 16:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28907
IP address blocks:        91.228.146.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/02f9bb-6e6a-478a-bac8-5911fe63af79/1/TeT5Z3HZH4fCG-nwDRIDJ_W78uo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/02f9bb-6e6a-478a-bac8-5911fe63af79/1/TeT5Z3HZH4fCG-nwDRIDJ_W78uo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TeT5Z3HZH4fCG-nwDRIDJ_W78uo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 07:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:fe:68:ad:5a:6c:cc:c7:ba:a8:02:f3:87:92:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4de4f96771d91f87c21be9f00d120327f5bbf2ea
        Validity
            Not Before: Jan  1 16:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00a1119602270b75f0636716cae75731ec207517
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:f7:85:89:24:4a:14:45:ea:8e:35:4a:b0:06:
                    e6:7e:f0:cb:46:be:46:f9:ba:84:15:95:f9:25:cd:
                    e0:09:42:8e:20:5f:fe:b1:bd:35:7c:1b:e4:11:d5:
                    c0:2e:24:28:8a:08:1d:4d:75:eb:94:8e:13:9d:44:
                    32:d7:bd:00:89:bb:59:36:f2:ff:86:fc:a6:46:47:
                    c1:ed:26:2f:c8:d6:f5:6f:58:1f:60:f9:76:cc:d5:
                    ca:85:f0:f3:8f:d7:7d:c3:24:9e:11:be:b0:9f:0b:
                    27:ad:99:e6:59:10:ff:a4:fb:e4:34:13:1e:f2:fa:
                    e7:c3:33:85:62:eb:ea:61:b0:98:52:59:7a:1a:9a:
                    eb:22:6d:2f:54:a1:b0:36:48:91:0d:b8:97:2f:e2:
                    42:f6:b6:ef:8b:5f:34:5a:d7:69:94:d3:cc:08:50:
                    9f:88:f6:77:7e:bc:a0:4c:95:cb:ec:fd:c8:2b:19:
                    09:55:b8:b8:38:df:b0:f1:50:22:e2:46:4b:07:a8:
                    5c:56:c3:79:27:f9:b3:74:02:e0:01:c5:a1:f7:95:
                    bd:e2:26:3c:37:4f:88:a5:a3:b7:50:c4:61:35:fe:
                    22:a2:78:80:65:d3:02:2c:e4:6c:da:a7:56:c8:ca:
                    41:f7:0b:e2:d8:2d:8f:62:35:f4:a0:fe:f1:4d:d3:
                    7b:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:A1:11:96:02:27:0B:75:F0:63:67:16:CA:E7:57:31:EC:20:75:17
            X509v3 Authority Key Identifier:
                keyid:4D:E4:F9:67:71:D9:1F:87:C2:1B:E9:F0:0D:12:03:27:F5:BB:F2:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TeT5Z3HZH4fCG-nwDRIDJ_W78uo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/02f9bb-6e6a-478a-bac8-5911fe63af79/1/AKERlgInC3XwY2cWyudXMewgdRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/02f9bb-6e6a-478a-bac8-5911fe63af79/1/TeT5Z3HZH4fCG-nwDRIDJ_W78uo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:6d:db:70:16:ab:f8:14:d4:94:7b:d9:72:85:be:68:f4:cc:
         04:8c:1b:d2:c8:36:a7:31:ab:aa:af:90:c6:e1:b5:d0:2b:39:
         b4:dc:f4:10:a7:ea:6b:51:31:38:1b:ef:9b:ee:b4:dc:f3:3b:
         ea:0e:97:2d:3e:29:59:8a:5f:ab:2a:7d:ad:c3:da:fb:c4:f8:
         63:2e:e4:ea:01:ca:e7:a7:c8:4e:d2:ad:5a:18:eb:a3:58:4c:
         9a:f7:04:6a:1a:75:6a:40:30:95:4c:09:6a:7c:db:a8:17:f4:
         a4:31:18:27:1d:92:29:ed:3e:4d:99:36:c5:b5:6e:2b:7c:ec:
         35:33:ca:ac:97:9c:50:2e:22:03:98:4b:ea:63:a7:f0:27:8a:
         2d:95:d4:5e:fc:38:b8:9b:e8:55:f3:24:7e:6d:bc:9a:1d:a0:
         87:3f:31:a8:9a:ac:32:23:1a:86:8e:b9:04:42:e1:62:03:07:
         65:03:d5:e6:93:d7:89:be:55:b7:20:90:ae:da:e8:9e:1d:ba:
         8a:c1:4a:fc:6e:3a:e8:ac:cb:2a:19:d6:93:1d:1f:1b:c7:e3:
         36:1e:24:16:c6:aa:cc:0c:53:98:e5:ca:8d:55:d0:f2:a2:72:
         e9:12:00:23:66:c6:11:fa:3c:31:1d:26:e9:47:c8:a3:64:ed:
         1b:79:15:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3P5orVpszMe6qALzh5IzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZTRmOTY3NzFkOTFmODdjMjFiZTlmMDBkMTIwMzI3ZjVi
YmYyZWEwHhcNMjQwMTAxMTYzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGExMTE5NjAyMjcwYjc1ZjA2MzY3MTZjYWU3NTczMWVjMjA3NTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPeFiSRKFEXqjjVKsAbmfvDLRr5G
+bqEFZX5Jc3gCUKOIF/+sb01fBvkEdXALiQoiggdTXXrlI4TnUQy170AibtZNvL/
hvymRkfB7SYvyNb1b1gfYPl2zNXKhfDzj9d9wySeEb6wnwsnrZnmWRD/pPvkNBMe
8vrnwzOFYuvqYbCYUll6GprrIm0vVKGwNkiRDbiXL+JC9rbvi180WtdplNPMCFCf
iPZ3frygTJXL7P3IKxkJVbi4ON+w8VAi4kZLB6hcVsN5J/mzdALgAcWh95W94iY8
N0+IpaO3UMRhNf4ioniAZdMCLORs2qdWyMpB9wvi2C2PYjX0oP7xTdN7uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAChEZYCJwt18GNnFsrnVzHsIHUXMB8GA1UdIwQY
MBaAFE3k+Wdx2R+Hwhvp8A0SAyf1u/LqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGVUNVozSFpINGZDRy1ud0RSSURKX1c3OHVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8wMmY5YmItNmU2YS00NzhhLWJhYzgt
NTkxMWZlNjNhZjc5LzEvQUtFUmxnSW5DM1h3WTJjV3l1ZFhNZXdnZFJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8wMmY5YmItNmU2YS00NzhhLWJhYzgtNTkxMWZlNjNhZjc5
LzEvVGVUNVozSFpINGZDRy1ud0RSSURKX1c3OHVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+SSMA0G
CSqGSIb3DQEBCwUAA4IBAQA4bdtwFqv4FNSUe9lyhb5o9MwEjBvSyDanMauqr5DG
4bXQKzm03PQQp+prUTE4G++b7rTc8zvqDpctPilZil+rKn2tw9r7xPhjLuTqAcrn
p8hO0q1aGOujWEya9wRqGnVqQDCVTAlqfNuoF/SkMRgnHZIp7T5NmTbFtW4rfOw1
M8qsl5xQLiIDmEvqY6fwJ4otldRe/Di4m+hV8yR+bbyaHaCHPzGomqwyIxqGjrkE
QuFiAwdlA9Xmk9eJvlW3IJCu2uieHbqKwUr8bjrorMsqGdaTHR8bx+M2HiQWxqrM
DFOY5cqNVdDyonLpEgAjZsYR+jwxHSbpR8ijZO0beRXi
-----END CERTIFICATE-----