Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/4tvJmLfsCQaCM9QTTX56cGScBR4.roa
File:                     4tvJmLfsCQaCM9QTTX56cGScBR4.roa (raw, json)
Hash identifier:          xm+NNIwv7PsF5dI7znKPb5Qs6Fp/dOfdrepL5w1yB28=
Subject key identifier:   E2:DB:C9:98:B7:EC:09:06:82:33:D4:13:4D:7E:7A:70:64:9C:05:1E
Certificate issuer:       /CN=668e9b2eefb205342382b6072a903f9d9837071a
Certificate serial:       0191DBAC02141441492F91154D7EF132E126
Authority key identifier: 66:8E:9B:2E:EF:B2:05:34:23:82:B6:07:2A:90:3F:9D:98:37:07:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/4tvJmLfsCQaCM9QTTX56cGScBR4.roa
Signing time:             Tue 10 Sep 2024 11:22:48 +0000
ROA not before:           Tue 10 Sep 2024 11:22:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56676
IP address blocks:        91.237.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:db:ac:02:14:14:41:49:2f:91:15:4d:7e:f1:32:e1:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=668e9b2eefb205342382b6072a903f9d9837071a
        Validity
            Not Before: Sep 10 11:22:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2dbc998b7ec09068233d4134d7e7a70649c051e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:99:62:d3:08:bf:0c:36:b5:dd:34:1b:d0:97:
                    0b:3a:8c:37:b7:c7:00:44:f5:e9:95:5c:32:ff:09:
                    7b:ae:9b:de:3e:94:08:a1:10:38:07:64:a4:e2:84:
                    19:9d:25:3f:7e:7f:29:c9:30:93:7e:e9:e4:46:86:
                    7b:d4:84:bf:94:9b:99:93:11:7f:97:6d:63:06:7f:
                    79:76:97:81:d2:f2:03:7a:93:d0:35:48:f1:80:27:
                    05:81:21:a1:66:5d:dc:ea:70:29:aa:56:7a:e8:89:
                    57:16:b7:94:fd:0d:6c:85:96:32:ad:74:9c:10:27:
                    59:78:ec:48:99:f2:1d:c6:f7:3f:0d:20:9e:2d:06:
                    1b:51:e0:74:55:e5:8a:ab:86:37:77:28:29:f2:9a:
                    d2:a4:85:65:bc:d5:9a:78:49:ba:99:da:ee:f8:f2:
                    32:4a:56:79:1d:b3:6e:b7:ea:08:5b:55:6a:f1:ad:
                    a8:1c:28:4f:aa:ea:e8:5d:d0:da:ed:93:ca:5e:d7:
                    fb:15:0e:bb:45:8b:0b:dc:12:c1:4c:d4:3e:04:b9:
                    8f:10:27:00:19:e8:5c:8e:8c:bb:b4:eb:39:77:d2:
                    38:ed:56:b0:62:1e:7e:e0:02:c5:11:3d:b3:4d:05:
                    6d:a8:1f:30:e1:f2:8d:39:2c:64:ba:3e:5c:3e:d7:
                    35:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:DB:C9:98:B7:EC:09:06:82:33:D4:13:4D:7E:7A:70:64:9C:05:1E
            X509v3 Authority Key Identifier:
                keyid:66:8E:9B:2E:EF:B2:05:34:23:82:B6:07:2A:90:3F:9D:98:37:07:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/4tvJmLfsCQaCM9QTTX56cGScBR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:79:fb:b8:97:79:d9:3e:92:ff:d2:21:f0:f8:78:ea:a6:1e:
         ae:c3:0e:7f:5b:70:0c:18:03:6d:34:50:bb:8b:f2:0e:ea:aa:
         00:79:af:ae:68:23:4a:70:b9:7f:8e:7d:96:7c:ea:8f:94:7d:
         63:e7:ab:7a:b0:ef:b9:69:d9:99:20:21:91:6d:1c:28:f1:f3:
         03:1b:d0:0d:84:f0:95:e2:b4:80:56:53:88:55:af:9b:fa:a7:
         ed:78:87:92:b2:2c:63:40:69:6e:cc:1f:28:38:6c:a3:58:ab:
         9d:0c:9e:b2:d3:14:a9:6e:ce:14:c3:27:63:87:b8:20:7e:44:
         4a:85:49:5a:bf:ee:0f:ca:32:0f:d6:97:2d:63:85:e3:f5:d1:
         d9:fd:c2:64:e6:28:e4:86:c5:49:65:08:3f:51:10:49:a2:f0:
         20:89:c4:b3:ca:dc:35:c9:b6:90:a9:bb:31:e3:ad:70:b8:06:
         c5:fb:c7:eb:87:c9:b6:96:41:59:5e:75:6b:c2:b6:b3:a9:b9:
         f7:cd:95:05:8c:1e:5c:d7:b0:9e:71:89:92:f1:69:6e:1f:ca:
         ac:e8:b0:23:ac:fc:1d:53:1d:0b:ae:9d:4b:29:8f:86:36:6b:
         fd:86:86:f5:9e:c3:47:5b:0d:55:d8:b9:f0:c8:00:8a:73:04:
         d1:83:ca:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHbrAIUFEFJL5EVTX7xMuEmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OGU5YjJlZWZiMjA1MzQyMzgyYjYwNzJhOTAzZjlkOTgz
NzA3MWEwHhcNMjQwOTEwMTEyMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmRiYzk5OGI3ZWMwOTA2ODIzM2Q0MTM0ZDdlN2E3MDY0OWMwNTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpli0wi/DDa13TQb0JcLOow3t8cA
RPXplVwy/wl7rpvePpQIoRA4B2Sk4oQZnSU/fn8pyTCTfunkRoZ71IS/lJuZkxF/
l21jBn95dpeB0vIDepPQNUjxgCcFgSGhZl3c6nApqlZ66IlXFreU/Q1shZYyrXSc
ECdZeOxImfIdxvc/DSCeLQYbUeB0VeWKq4Y3dygp8prSpIVlvNWaeEm6mdru+PIy
SlZ5HbNut+oIW1Vq8a2oHChPquroXdDa7ZPKXtf7FQ67RYsL3BLBTNQ+BLmPECcA
Gehcjoy7tOs5d9I47VawYh5+4ALFET2zTQVtqB8w4fKNOSxkuj5cPtc1uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOLbyZi37AkGgjPUE01+enBknAUeMB8GA1UdIwQY
MBaAFGaOmy7vsgU0I4K2ByqQP52YNwcaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm82Ykx1LXlCVFFqZ3JZSEtwQV9uWmczQnhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC80YTEzMDUtMzkxYy00NDZjLTlhMzMt
NGMwOGZmZTEwMDc2LzEvNHR2Sm1MZnNDUWFDTTlRVFRYNTZjR1NjQlI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC80YTEzMDUtMzkxYy00NDZjLTlhMzMtNGMwOGZmZTEwMDc2
LzEvWm82Ykx1LXlCVFFqZ3JZSEtwQV9uWmczQnhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+27MA0G
CSqGSIb3DQEBCwUAA4IBAQB8efu4l3nZPpL/0iHw+Hjqph6uww5/W3AMGANtNFC7
i/IO6qoAea+uaCNKcLl/jn2WfOqPlH1j56t6sO+5admZICGRbRwo8fMDG9ANhPCV
4rSAVlOIVa+b+qfteIeSsixjQGluzB8oOGyjWKudDJ6y0xSpbs4Uwydjh7ggfkRK
hUlav+4PyjIP1pctY4Xj9dHZ/cJk5ijkhsVJZQg/URBJovAgicSzytw1ybaQqbsx
461wuAbF+8frh8m2lkFZXnVrwrazqbn3zZUFjB5c17CecYmS8WluH8qs6LAjrPwd
Ux0Lrp1LKY+GNmv9hob1nsNHWw1V2LnwyACKcwTRg8rj
-----END CERTIFICATE-----