Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/886646-ffaa-400e-8df6-595f2100166b/1/LiZKylfB_9lz4JVojj0zepUxYQw.roa
File:                     LiZKylfB_9lz4JVojj0zepUxYQw.roa (raw, json)
Hash identifier:          ug2Y+chqy8b+LzbFJTXkRcJet30DxpYDG2xFDnLUd0w=
Subject key identifier:   2E:26:4A:CA:57:C1:FF:D9:73:E0:95:68:8E:3D:33:7A:95:31:61:0C
Certificate issuer:       /CN=f8a31d2eeeb67a937e2e87d76ad9f9d17cda97f0
Certificate serial:       018CC86EED3961C05019890693079DE30FE5
Authority key identifier: F8:A3:1D:2E:EE:B6:7A:93:7E:2E:87:D7:6A:D9:F9:D1:7C:DA:97:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-KMdLu62epN-LofXatn50Xzal_A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/886646-ffaa-400e-8df6-595f2100166b/1/LiZKylfB_9lz4JVojj0zepUxYQw.roa
Signing time:             Tue 02 Jan 2024 04:29:21 +0000
ROA not before:           Tue 02 Jan 2024 04:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199144
IP address blocks:        91.245.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/886646-ffaa-400e-8df6-595f2100166b/1/1-KMdLu62epN-LofXatn50Xzal_A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/886646-ffaa-400e-8df6-595f2100166b/1/1-KMdLu62epN-LofXatn50Xzal_A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-KMdLu62epN-LofXatn50Xzal_A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:ed:39:61:c0:50:19:89:06:93:07:9d:e3:0f:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8a31d2eeeb67a937e2e87d76ad9f9d17cda97f0
        Validity
            Not Before: Jan  2 04:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e264aca57c1ffd973e095688e3d337a9531610c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:3c:2d:f7:70:d0:bc:b3:46:a3:98:ac:87:22:
                    d1:95:14:3a:e7:12:72:d3:d6:05:d2:17:a9:79:b6:
                    50:9d:60:46:b9:92:4b:7f:63:7f:d7:a5:64:59:ff:
                    53:c3:09:68:c9:5d:2b:60:37:6b:6b:ce:57:87:5c:
                    e3:7d:2c:50:25:74:9c:7f:ce:8f:24:77:2a:af:96:
                    43:74:d3:61:cb:0e:95:36:ad:62:1a:a6:66:8e:4c:
                    96:37:eb:0f:80:88:8a:64:2a:6d:2a:ab:60:f9:93:
                    93:87:d6:4b:13:c3:ae:f5:32:de:cd:a8:82:94:6f:
                    96:f6:a3:08:15:1d:2b:ec:1a:38:39:52:02:c2:09:
                    0d:95:c3:23:b6:50:44:c8:d2:46:cb:50:b1:e4:19:
                    9e:89:24:84:81:8b:2b:db:a7:e5:11:18:bf:ac:7f:
                    b7:2c:1a:90:3c:ab:a3:c5:2b:ee:90:22:9c:07:fa:
                    dd:ad:ce:fc:8b:cb:dc:60:30:70:b6:22:77:c0:53:
                    2b:c1:30:78:76:5a:32:7a:fb:dd:b2:f4:57:7f:62:
                    f1:34:f5:10:dc:61:fe:ab:8e:33:bd:19:df:e6:7d:
                    7d:57:80:44:01:3b:1d:56:e2:f7:40:cf:32:c5:12:
                    93:bc:91:11:0e:fa:07:c2:4d:cc:9c:50:9f:78:3e:
                    d4:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:26:4A:CA:57:C1:FF:D9:73:E0:95:68:8E:3D:33:7A:95:31:61:0C
            X509v3 Authority Key Identifier:
                keyid:F8:A3:1D:2E:EE:B6:7A:93:7E:2E:87:D7:6A:D9:F9:D1:7C:DA:97:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-KMdLu62epN-LofXatn50Xzal_A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/886646-ffaa-400e-8df6-595f2100166b/1/LiZKylfB_9lz4JVojj0zepUxYQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/886646-ffaa-400e-8df6-595f2100166b/1/1-KMdLu62epN-LofXatn50Xzal_A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.245.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:b1:f3:01:08:6b:59:8b:49:b9:48:88:54:10:e0:5f:9f:bb:
         d2:78:e7:98:ec:e4:38:f7:73:2e:52:bb:8d:ca:b4:2a:70:84:
         5e:cb:ce:49:42:63:53:8a:50:3d:cd:eb:b9:3b:16:0b:07:75:
         04:7a:44:93:09:04:85:94:d5:f5:07:b3:ae:a3:e5:a6:95:59:
         1e:22:49:70:47:83:3f:7b:c2:85:d0:cc:d7:5d:86:05:9b:5e:
         cb:e3:c9:7a:7c:16:f5:e4:e2:52:8f:9e:52:6f:21:f5:66:b1:
         1c:6e:63:38:73:b9:37:1c:8f:b4:02:cf:42:c4:4b:3d:ef:7e:
         6b:05:0f:ea:26:7d:0b:a1:92:ed:cb:04:a9:bd:19:30:28:b8:
         7a:bd:e6:58:b4:3f:f8:98:2d:fe:da:62:05:80:eb:90:09:41:
         56:84:fd:5d:0c:43:71:bd:ff:83:25:22:c3:6e:06:2c:8f:58:
         a5:29:44:c4:05:bf:7a:65:68:0c:fd:3d:dc:06:6d:0d:33:c6:
         e6:75:25:4b:39:b0:cb:0c:3f:f3:90:44:e3:83:43:14:58:db:
         e9:f2:1f:d3:29:e7:d4:6e:0a:7c:11:1f:d2:14:7b:11:b9:b2:
         cc:b4:bb:cc:e9:7f:89:a2:39:2e:6d:39:bb:e5:76:80:a0:e5:
         2a:d2:a8:65
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzIbu05YcBQGYkGkwed4w/lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4YTMxZDJlZWViNjdhOTM3ZTJlODdkNzZhZDlmOWQxN2Nk
YTk3ZjAwHhcNMjQwMTAyMDQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTI2NGFjYTU3YzFmZmQ5NzNlMDk1Njg4ZTNkMzM3YTk1MzE2MTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhjwt93DQvLNGo5ishyLRlRQ65xJy
09YF0hepebZQnWBGuZJLf2N/16VkWf9TwwloyV0rYDdra85Xh1zjfSxQJXScf86P
JHcqr5ZDdNNhyw6VNq1iGqZmjkyWN+sPgIiKZCptKqtg+ZOTh9ZLE8Ou9TLezaiC
lG+W9qMIFR0r7Bo4OVICwgkNlcMjtlBEyNJGy1Cx5BmeiSSEgYsr26flERi/rH+3
LBqQPKujxSvukCKcB/rdrc78i8vcYDBwtiJ3wFMrwTB4dloyevvdsvRXf2LxNPUQ
3GH+q44zvRnf5n19V4BEATsdVuL3QM8yxRKTvJERDvoHwk3MnFCfeD7UWwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFC4mSspXwf/Zc+CVaI49M3qVMWEMMB8GA1UdIwQY
MBaAFPijHS7utnqTfi6H12rZ+dF82pfwMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1LTWRMdTYyZXBOLUxvZlhhdG41MFh6YWxfQS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2IvODg2NjQ2LWZmYWEtNDAwZS04ZGY2
LTU5NWYyMTAwMTY2Yi8xL0xpWkt5bGZCXzlsejRKVm9qajB6ZXBVeFlRdy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvN2IvODg2NjQ2LWZmYWEtNDAwZS04ZGY2LTU5NWYyMTAwMTY2
Yi8xLzEtS01kTHU2MmVwTi1Mb2ZYYXRuNTBYemFsX0EuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABb9dcw
DQYJKoZIhvcNAQELBQADggEBACOx8wEIa1mLSblIiFQQ4F+fu9J455js5Dj3cy5S
u43KtCpwhF7LzklCY1OKUD3N67k7FgsHdQR6RJMJBIWU1fUHs66j5aaVWR4iSXBH
gz97woXQzNddhgWbXsvjyXp8FvXk4lKPnlJvIfVmsRxuYzhzuTccj7QCz0LESz3v
fmsFD+omfQuhku3LBKm9GTAouHq95li0P/iYLf7aYgWA65AJQVaE/V0MQ3G9/4Ml
IsNuBiyPWKUpRMQFv3plaAz9PdwGbQ0zxuZ1JUs5sMsMP/OQROODQxRY2+nyH9Mp
59RuCnwRH9IUexG5ssy0u8zpf4miOS5tObvldoCg5SrSqGU=
-----END CERTIFICATE-----