Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/R0tAQ9KjIKBc2QiDyFzcE7i5K0w.roa
File:                     R0tAQ9KjIKBc2QiDyFzcE7i5K0w.roa (raw, json)
Hash identifier:          SVbesCqfYBucQwRnkPBALlRK2xgIi9KhpTB7E9x5VJU=
Subject key identifier:   47:4B:40:43:D2:A3:20:A0:5C:D9:08:83:C8:5C:DC:13:B8:B9:2B:4C
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       018CC5003019DC8175A6B92205BD73728DEC
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/R0tAQ9KjIKBc2QiDyFzcE7i5K0w.roa
Signing time:             Mon 01 Jan 2024 12:29:33 +0000
ROA not before:           Mon 01 Jan 2024 12:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14445
IP address blocks:        91.208.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:30:19:dc:81:75:a6:b9:22:05:bd:73:72:8d:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Jan  1 12:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=474b4043d2a320a05cd90883c85cdc13b8b92b4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a2:f9:68:91:76:c9:26:2c:2c:d3:df:3b:5a:
                    99:46:50:e3:2e:8c:62:56:f2:04:ee:d3:d9:df:5d:
                    a4:84:77:eb:2c:a5:88:2b:ae:e1:c9:d3:3a:68:82:
                    e6:fc:36:44:98:75:8e:ad:f7:77:3d:ed:b3:6b:4c:
                    0d:7d:3d:08:de:fc:a3:c1:7b:95:2d:4f:bc:bc:ed:
                    48:18:a7:0d:46:2e:4a:3e:43:ab:12:7d:6c:63:b7:
                    83:fc:16:44:71:34:c1:ce:cb:c4:ab:65:cd:39:dc:
                    45:e8:8c:a3:07:6d:62:61:4a:9b:e0:60:10:c3:85:
                    a1:45:c3:df:28:26:f3:27:48:33:e7:7d:df:89:e4:
                    ee:79:75:2f:4f:ee:17:c3:d0:e9:d0:bf:bc:ef:2b:
                    c9:0a:c2:63:d3:a7:4a:3c:ea:81:ba:3c:6c:fb:cc:
                    ea:8f:ed:23:f4:18:38:05:12:48:81:65:7c:b6:c2:
                    1b:14:bf:0a:fd:b2:d2:1b:e9:00:0d:e8:fe:1b:90:
                    ff:19:bd:97:90:00:9e:8d:ca:df:ef:99:ed:05:63:
                    ea:da:0f:49:4e:29:83:5a:25:2c:da:6c:76:a2:1c:
                    a8:59:6d:38:10:be:e7:b6:fe:18:a7:6f:e2:cc:1d:
                    37:7e:85:60:ad:05:06:20:e0:6a:ee:31:75:45:14:
                    ec:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:4B:40:43:D2:A3:20:A0:5C:D9:08:83:C8:5C:DC:13:B8:B9:2B:4C
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/R0tAQ9KjIKBc2QiDyFzcE7i5K0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:54:88:7e:c8:a5:8a:89:2b:55:46:aa:90:92:a5:73:72:7f:
         b4:30:fe:9b:04:71:0e:b3:5e:dd:7f:c9:58:ff:97:8c:60:30:
         56:71:b9:20:dc:23:05:6c:1d:9e:93:b5:3d:0d:f6:32:55:ee:
         2e:1d:ff:66:12:5b:63:1f:45:54:20:48:69:68:a5:21:5d:86:
         d4:0c:d2:19:ea:a2:b0:d0:5d:b5:46:ce:f7:08:30:80:18:ad:
         69:d3:7a:2a:e3:f9:00:76:85:86:76:55:7a:c6:4d:be:4a:c3:
         6a:a5:2e:82:c6:85:bc:66:4e:3f:85:c2:d3:ee:c5:7a:d2:b3:
         12:0f:72:ca:f7:71:2d:fa:82:71:8d:2c:ce:3d:fd:cb:7f:44:
         8f:68:f1:a2:af:98:92:97:44:e2:0f:08:20:70:b4:ea:63:ee:
         8e:d4:5d:df:2e:00:c5:02:2c:86:b7:c0:ea:d8:19:96:af:5e:
         36:7b:9e:f0:89:82:74:8c:03:5b:43:a1:1d:fb:72:00:08:ae:
         0e:c3:ba:ae:6b:a6:fd:67:2f:e7:61:c2:58:f0:62:ec:64:0c:
         85:c1:6f:6a:f9:43:70:e9:7b:41:96:68:7b:bb:0c:fc:8f:42:
         89:f9:4b:63:12:44:46:1d:9c:52:9b:e5:b8:c6:6d:7a:f1:bb:
         d8:69:e5:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFADAZ3IF1prkiBb1zco3sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjQwMTAxMTIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzRiNDA0M2QyYTMyMGEwNWNkOTA4ODNjODVjZGMxM2I4YjkyYjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqL5aJF2ySYsLNPfO1qZRlDjLoxi
VvIE7tPZ312khHfrLKWIK67hydM6aILm/DZEmHWOrfd3Pe2za0wNfT0I3vyjwXuV
LU+8vO1IGKcNRi5KPkOrEn1sY7eD/BZEcTTBzsvEq2XNOdxF6IyjB21iYUqb4GAQ
w4WhRcPfKCbzJ0gz533fieTueXUvT+4Xw9Dp0L+87yvJCsJj06dKPOqBujxs+8zq
j+0j9Bg4BRJIgWV8tsIbFL8K/bLSG+kADej+G5D/Gb2XkACejcrf75ntBWPq2g9J
TimDWiUs2mx2ohyoWW04EL7ntv4Yp2/izB03foVgrQUGIOBq7jF1RRTsQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEdLQEPSoyCgXNkIg8hc3BO4uStMMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvUjB0QVE5S2pJS0JjMlFpRHlGemNFN2k1SzB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9BtMA0G
CSqGSIb3DQEBCwUAA4IBAQA/VIh+yKWKiStVRqqQkqVzcn+0MP6bBHEOs17df8lY
/5eMYDBWcbkg3CMFbB2ek7U9DfYyVe4uHf9mEltjH0VUIEhpaKUhXYbUDNIZ6qKw
0F21Rs73CDCAGK1p03oq4/kAdoWGdlV6xk2+SsNqpS6CxoW8Zk4/hcLT7sV60rMS
D3LK93Et+oJxjSzOPf3Lf0SPaPGir5iSl0TiDwggcLTqY+6O1F3fLgDFAiyGt8Dq
2BmWr142e57wiYJ0jANbQ6Ed+3IACK4Ow7qua6b9Zy/nYcJY8GLsZAyFwW9q+UNw
6XtBlmh7uwz8j0KJ+UtjEkRGHZxSm+W4xm168bvYaeWb
-----END CERTIFICATE-----