Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/9UrruotFS7qOEkYxt1B0lLUOzK0.roa
File:                     9UrruotFS7qOEkYxt1B0lLUOzK0.roa (raw, json)
Hash identifier:          KyzGLXsoGQnJ/wQzvhnn8rIJTHO/Iw4q8l+4NEEYGcs=
Subject key identifier:   F5:4A:EB:BA:8B:45:4B:BA:8E:12:46:31:B7:50:74:94:B5:0E:CC:AD
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       018DB4D7DC1D68869F8B2BF6220901689B3B
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/9UrruotFS7qOEkYxt1B0lLUOzK0.roa
Signing time:             Sat 17 Feb 2024 02:14:21 +0000
ROA not before:           Sat 17 Feb 2024 02:14:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215539
IP address blocks:        91.213.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b4:d7:dc:1d:68:86:9f:8b:2b:f6:22:09:01:68:9b:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Feb 17 02:14:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f54aebba8b454bba8e124631b7507494b50eccad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:5e:36:b7:a3:15:f3:7a:34:41:3d:a7:ed:f4:
                    dd:42:9e:7e:d9:00:88:d3:10:b2:96:45:72:66:c3:
                    ba:00:cd:23:ee:9b:9c:12:a6:e6:3f:7d:ed:da:88:
                    13:c5:a6:7b:df:13:93:59:2e:6b:60:62:a7:fb:bb:
                    69:cb:b9:f6:5d:42:63:e5:8c:94:e1:a4:b6:42:6b:
                    d9:33:5b:05:2d:12:da:cf:8a:49:4f:b5:89:98:75:
                    5f:8c:2b:cc:fd:86:6c:44:1c:bc:88:de:85:53:22:
                    86:16:ed:5a:6e:46:eb:56:af:fa:fd:50:9a:88:4a:
                    f3:c9:a0:71:f6:62:d9:dd:4f:c0:f4:c7:12:5c:cb:
                    86:8e:9b:92:35:7b:19:74:95:92:bb:60:62:9d:79:
                    ed:3c:d8:6b:9f:f5:5e:26:07:79:c4:f9:19:00:fa:
                    8d:77:81:82:65:94:c8:14:bd:32:99:6c:16:44:c1:
                    78:5c:b2:b7:5b:1e:4c:1f:dc:77:2f:bf:ea:11:8f:
                    1b:f1:7f:81:21:58:0d:93:0a:d0:06:9e:ff:77:63:
                    35:04:d8:2f:30:55:74:9c:80:75:08:22:b8:43:33:
                    b3:f3:4f:af:d0:19:68:f3:23:e4:81:84:b1:71:b3:
                    e2:32:00:bb:51:90:66:10:0c:5d:c8:2b:90:f9:aa:
                    7f:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:4A:EB:BA:8B:45:4B:BA:8E:12:46:31:B7:50:74:94:B5:0E:CC:AD
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/9UrruotFS7qOEkYxt1B0lLUOzK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:d7:5b:3b:a3:25:0d:60:65:a1:b7:71:41:ec:b8:65:9a:56:
         40:29:7a:96:49:99:6a:ed:39:30:5c:b4:13:b7:3b:09:46:6d:
         64:c7:7e:47:1e:aa:77:f6:64:da:53:64:f6:51:fd:d5:ee:02:
         76:61:21:d9:14:76:f6:1f:7e:2f:4b:8e:ea:80:ad:6e:1b:ac:
         5a:8b:3a:4f:b3:da:6a:f5:7f:e0:e5:04:84:d4:7e:b1:83:47:
         3e:ee:57:ce:74:e4:5c:be:5f:eb:87:0c:89:f7:ce:61:fe:09:
         68:31:5f:c9:35:d3:62:27:48:38:5a:50:2f:29:cd:87:64:46:
         ea:2a:46:aa:81:0b:f1:93:d5:db:13:99:fb:8c:8b:ce:2d:3a:
         bd:1e:49:e3:eb:ea:db:dd:7f:c5:05:11:f5:fb:10:6c:9a:05:
         58:e2:4e:b4:48:29:60:9c:37:1c:86:e2:90:cd:d4:ec:5c:b1:
         6b:0a:5d:4a:b3:15:d8:21:b6:a2:09:42:51:82:b5:ad:60:d3:
         4e:7b:c8:6b:9e:3b:47:df:1b:6f:19:92:40:42:6b:58:d9:00:
         cb:83:55:fc:09:27:8a:04:af:cc:7f:49:1a:33:bc:f6:b0:63:
         e1:dd:02:15:d2:5a:7f:6e:c9:46:d1:a3:1a:79:33:99:1d:86:
         88:9d:a5:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2019wdaIafiyv2IgkBaJs7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjQwMjE3MDIxNDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTRhZWJiYThiNDU0YmJhOGUxMjQ2MzFiNzUwNzQ5NGI1MGVjY2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgF42t6MV83o0QT2n7fTdQp5+2QCI
0xCylkVyZsO6AM0j7pucEqbmP33t2ogTxaZ73xOTWS5rYGKn+7tpy7n2XUJj5YyU
4aS2QmvZM1sFLRLaz4pJT7WJmHVfjCvM/YZsRBy8iN6FUyKGFu1abkbrVq/6/VCa
iErzyaBx9mLZ3U/A9McSXMuGjpuSNXsZdJWSu2BinXntPNhrn/VeJgd5xPkZAPqN
d4GCZZTIFL0ymWwWRMF4XLK3Wx5MH9x3L7/qEY8b8X+BIVgNkwrQBp7/d2M1BNgv
MFV0nIB1CCK4QzOz80+v0Blo8yPkgYSxcbPiMgC7UZBmEAxdyCuQ+ap/mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVK67qLRUu6jhJGMbdQdJS1DsytMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvOVVycnVvdEZTN3FPRWtZeHQxQjBsTFVPekswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9W9MA0G
CSqGSIb3DQEBCwUAA4IBAQBG11s7oyUNYGWht3FB7LhlmlZAKXqWSZlq7TkwXLQT
tzsJRm1kx35HHqp39mTaU2T2Uf3V7gJ2YSHZFHb2H34vS47qgK1uG6xaizpPs9pq
9X/g5QSE1H6xg0c+7lfOdORcvl/rhwyJ985h/gloMV/JNdNiJ0g4WlAvKc2HZEbq
KkaqgQvxk9XbE5n7jIvOLTq9Hknj6+rb3X/FBRH1+xBsmgVY4k60SClgnDcchuKQ
zdTsXLFrCl1KsxXYIbaiCUJRgrWtYNNOe8hrnjtH3xtvGZJAQmtY2QDLg1X8CSeK
BK/Mf0kaM7z2sGPh3QIV0lp/bslG0aMaeTOZHYaInaVR
-----END CERTIFICATE-----