Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/lRKEJCWf1G-9fiu8MNvh_SrxEhU.roa
File:                     lRKEJCWf1G-9fiu8MNvh_SrxEhU.roa (raw, json)
Hash identifier:          cwPKS0Zi5ojw2cm1hJWLbEhJSDfhkK6HWI0wSMrwbfs=
Subject key identifier:   95:12:84:24:25:9F:D4:6F:BD:7E:2B:BC:30:DB:E1:FD:2A:F1:12:15
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       018DF4409085278523DD7EF6FCC83E91737C
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/lRKEJCWf1G-9fiu8MNvh_SrxEhU.roa
Signing time:             Thu 29 Feb 2024 09:44:48 +0000
ROA not before:           Thu 29 Feb 2024 09:44:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209043
IP address blocks:        91.208.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f4:40:90:85:27:85:23:dd:7e:f6:fc:c8:3e:91:73:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Feb 29 09:44:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95128424259fd46fbd7e2bbc30dbe1fd2af11215
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:bc:24:a2:5c:fe:56:90:40:e4:8c:9f:22:23:
                    98:09:1d:96:e8:81:23:4b:50:65:bb:ad:0e:86:5a:
                    33:df:85:c2:9e:de:a4:e7:01:cd:c0:8c:ef:e6:0e:
                    de:c7:bd:8e:7e:98:91:c6:f5:ab:ab:fe:37:0e:a3:
                    25:82:93:ce:00:e5:86:1f:8d:d4:36:36:7f:8c:a3:
                    6e:41:e4:a4:0c:a4:61:4d:f3:62:d2:70:08:94:82:
                    e4:3e:ac:60:a5:c2:8b:0c:96:aa:3d:5e:8d:6e:5f:
                    47:f4:ed:49:ad:41:7d:d1:57:5c:d7:25:5c:a8:f2:
                    b9:8e:f0:ae:7e:c6:a2:b3:35:99:0e:ef:e0:b4:be:
                    b6:6c:c5:25:fa:03:33:be:f7:91:2b:38:29:bb:4e:
                    d1:00:e5:06:59:29:7c:f5:1b:e7:0d:65:d1:fb:48:
                    e5:37:d7:6e:c7:b0:f0:c2:af:c7:5c:43:50:a0:f3:
                    0b:99:40:59:b6:c9:09:d3:91:19:b1:93:3b:22:1d:
                    3c:9b:8c:4b:97:be:00:f2:30:b9:ce:da:fa:a1:68:
                    cc:e1:7b:c2:d2:80:9e:32:bf:86:b3:0e:9f:1d:aa:
                    20:6c:72:e3:05:e1:5d:a9:4f:d7:0b:77:29:d6:58:
                    9e:ac:66:02:3d:4d:b9:ac:3a:dc:5b:bc:3f:b6:d6:
                    9f:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:12:84:24:25:9F:D4:6F:BD:7E:2B:BC:30:DB:E1:FD:2A:F1:12:15
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/lRKEJCWf1G-9fiu8MNvh_SrxEhU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:f2:10:bb:f9:fb:3f:fe:24:41:5e:80:2f:3a:49:2c:56:b5:
         7b:d4:a0:d4:83:e8:4c:2b:00:42:d6:1f:09:b8:b3:da:d7:51:
         18:e4:36:c8:fe:42:05:5d:fa:4d:7a:3c:04:b4:6f:f9:ec:48:
         7d:ab:08:fd:84:4d:f7:d6:d5:be:53:64:24:45:0b:1b:b3:1b:
         fc:e0:8d:3e:6f:b2:4b:8f:84:93:ff:5a:6d:4b:f8:28:81:21:
         e7:4c:45:e1:4e:ef:f2:bc:73:03:2d:1a:dd:67:95:c2:c0:a5:
         8a:6d:e7:5f:07:f0:ad:d0:42:a1:4f:c5:5d:d5:0f:55:06:1c:
         5d:b4:0e:a8:38:3b:9b:28:15:42:7a:a1:9a:f7:7d:05:04:27:
         ae:11:d9:ab:b5:55:9e:33:61:1c:ea:5f:dc:f2:cd:61:d6:73:
         3e:88:a6:59:a9:a1:0f:20:54:55:43:2e:57:47:e5:b2:30:13:
         80:76:38:2f:96:dc:5b:af:65:26:7e:b9:c0:cd:11:c6:cb:a5:
         ba:87:67:9f:97:a3:e5:4c:fa:5a:46:33:2a:63:ce:d9:4f:f5:
         70:02:e2:11:3f:bb:8e:d8:34:02:e6:5d:e4:4f:12:f4:64:12:
         f3:22:78:4b:eb:86:f8:cc:4f:b8:59:0a:e8:62:dc:5a:64:37:
         e3:94:9c:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY30QJCFJ4Uj3X72/Mg+kXN8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjQwMjI5MDk0NDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTEyODQyNDI1OWZkNDZmYmQ3ZTJiYmMzMGRiZTFmZDJhZjExMjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLwkolz+VpBA5IyfIiOYCR2W6IEj
S1Blu60Ohloz34XCnt6k5wHNwIzv5g7ex72OfpiRxvWrq/43DqMlgpPOAOWGH43U
NjZ/jKNuQeSkDKRhTfNi0nAIlILkPqxgpcKLDJaqPV6Nbl9H9O1JrUF90Vdc1yVc
qPK5jvCufsaiszWZDu/gtL62bMUl+gMzvveRKzgpu07RAOUGWSl89RvnDWXR+0jl
N9dux7Dwwq/HXENQoPMLmUBZtskJ05EZsZM7Ih08m4xLl74A8jC5ztr6oWjM4XvC
0oCeMr+Gsw6fHaogbHLjBeFdqU/XC3cp1lierGYCPU25rDrcW7w/ttafmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJUShCQln9RvvX4rvDDb4f0q8RIVMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvbFJLRUpDV2YxRy05Zml1OE1OdmhfU3J4RWhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9BFMA0G
CSqGSIb3DQEBCwUAA4IBAQA38hC7+fs//iRBXoAvOkksVrV71KDUg+hMKwBC1h8J
uLPa11EY5DbI/kIFXfpNejwEtG/57Eh9qwj9hE331tW+U2QkRQsbsxv84I0+b7JL
j4ST/1ptS/gogSHnTEXhTu/yvHMDLRrdZ5XCwKWKbedfB/Ct0EKhT8Vd1Q9VBhxd
tA6oODubKBVCeqGa930FBCeuEdmrtVWeM2Ec6l/c8s1h1nM+iKZZqaEPIFRVQy5X
R+WyMBOAdjgvltxbr2UmfrnAzRHGy6W6h2efl6PlTPpaRjMqY87ZT/VwAuIRP7uO
2DQC5l3kTxL0ZBLzInhL64b4zE+4WQroYtxaZDfjlJzR
-----END CERTIFICATE-----