Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/9d960f-a59a-435c-ae92-1ca739bb00cc/1/KsHUVdcrXw3P3Aowo6Hdw1osmkw.roa
File:                     KsHUVdcrXw3P3Aowo6Hdw1osmkw.roa (raw, json)
Hash identifier:          pfYt0e/0zBD3vAjPhRuY9FyhzUllqIMIQXO1HSRYPqk=
Subject key identifier:   2A:C1:D4:55:D7:2B:5F:0D:CF:DC:0A:30:A3:A1:DD:C3:5A:2C:9A:4C
Certificate issuer:       /CN=e208ecb9f34c1fbc3f3589710ab3e349fc6295cc
Certificate serial:       018CC6B77E5660C12F2F771F16524E52B724
Authority key identifier: E2:08:EC:B9:F3:4C:1F:BC:3F:35:89:71:0A:B3:E3:49:FC:62:95:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4gjsufNMH7w_NYlxCrPjSfxilcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/9d960f-a59a-435c-ae92-1ca739bb00cc/1/KsHUVdcrXw3P3Aowo6Hdw1osmkw.roa
Signing time:             Mon 01 Jan 2024 20:29:23 +0000
ROA not before:           Mon 01 Jan 2024 20:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2856
IP address blocks:        91.90.125.0/24 maxlen: 24
                          91.90.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/9d960f-a59a-435c-ae92-1ca739bb00cc/1/4gjsufNMH7w_NYlxCrPjSfxilcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/9d960f-a59a-435c-ae92-1ca739bb00cc/1/4gjsufNMH7w_NYlxCrPjSfxilcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4gjsufNMH7w_NYlxCrPjSfxilcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:7e:56:60:c1:2f:2f:77:1f:16:52:4e:52:b7:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e208ecb9f34c1fbc3f3589710ab3e349fc6295cc
        Validity
            Not Before: Jan  1 20:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ac1d455d72b5f0dcfdc0a30a3a1ddc35a2c9a4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:4c:bb:d7:87:62:2e:d0:a1:a3:b7:39:b2:25:
                    a2:7a:37:8b:5f:18:4c:d7:4b:73:d9:08:c0:ce:82:
                    a2:79:a6:67:8f:6c:70:d9:77:25:df:54:12:01:5b:
                    da:4a:f0:9c:4c:44:8a:91:fd:8e:8b:d9:58:e4:74:
                    e0:f9:a0:cf:98:48:21:5b:a2:fb:5e:82:23:0d:43:
                    f7:b4:6f:f0:9b:37:4b:53:8c:0b:87:8e:31:65:ac:
                    78:5d:fb:a3:8e:97:cc:73:9d:34:e9:49:51:de:9d:
                    a7:1f:ec:78:0d:54:9a:d7:5a:a4:44:89:56:c8:d9:
                    4e:26:cb:7b:a2:8a:31:8e:15:7d:00:78:59:7d:12:
                    b8:fa:b5:cc:59:12:11:95:56:bc:b2:44:63:71:72:
                    5c:c4:88:b8:3d:8c:4a:77:1b:dd:4e:36:b3:5d:ee:
                    5b:8d:9c:b7:3c:2c:21:3a:11:46:7f:d2:57:00:4c:
                    4e:f2:9e:eb:a7:db:1f:ee:b0:87:80:78:b2:fa:a6:
                    d2:ca:1f:89:c7:71:c6:23:a0:fa:01:25:42:64:cb:
                    01:bd:9b:f1:2f:dc:4a:6a:6c:99:0b:ab:14:71:71:
                    51:36:9a:3d:5b:f5:0d:7d:0c:99:df:c7:5c:1a:72:
                    5f:28:54:40:e9:ef:b3:0a:b5:a9:19:2c:8a:40:54:
                    42:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:C1:D4:55:D7:2B:5F:0D:CF:DC:0A:30:A3:A1:DD:C3:5A:2C:9A:4C
            X509v3 Authority Key Identifier:
                keyid:E2:08:EC:B9:F3:4C:1F:BC:3F:35:89:71:0A:B3:E3:49:FC:62:95:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4gjsufNMH7w_NYlxCrPjSfxilcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/9d960f-a59a-435c-ae92-1ca739bb00cc/1/KsHUVdcrXw3P3Aowo6Hdw1osmkw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/9d960f-a59a-435c-ae92-1ca739bb00cc/1/4gjsufNMH7w_NYlxCrPjSfxilcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.90.125.0/24
                  91.90.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:12:98:2c:ae:37:76:6a:06:01:4d:92:1e:9f:41:2b:81:f1:
         29:65:0b:00:33:56:0b:4c:e3:ed:73:c4:0e:7b:4f:17:34:c3:
         09:2c:a0:9e:aa:2f:c2:7a:17:b9:96:73:67:74:fe:32:72:1c:
         25:8b:c5:cf:b6:f0:08:7b:ee:6f:67:88:04:d9:d3:fb:a4:55:
         12:af:e2:7e:c8:03:70:b3:d7:89:9e:e8:df:b1:2a:58:54:0e:
         c5:4f:2f:e1:1d:8c:66:be:df:a9:f8:81:44:3c:d2:cf:60:71:
         ee:40:e7:fe:07:e3:99:10:ab:5a:40:4c:0d:6c:02:0a:c6:a9:
         79:c5:f9:0e:7d:f3:51:01:cf:7c:6d:c8:9a:3d:4e:a3:d3:30:
         11:1d:e4:10:9c:75:cd:dd:11:22:39:b2:2b:9d:1c:b7:04:46:
         01:51:16:e2:91:eb:71:7b:89:ad:b5:58:90:a6:42:78:b7:d7:
         ae:06:f4:cd:8d:3d:a3:9f:4a:07:cb:93:17:94:4a:72:18:e9:
         b2:5d:06:e8:6b:16:54:ed:1f:5a:66:d4:52:70:90:24:af:e3:
         b2:22:ea:80:69:51:df:85:01:c5:fa:12:11:4d:8c:c6:e0:26:
         a4:8e:1e:34:71:f1:2a:b7:b2:b5:a4:71:96:1c:24:8d:db:8a:
         34:fe:1f:5f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGt35WYMEvL3cfFlJOUrckMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyMDhlY2I5ZjM0YzFmYmMzZjM1ODk3MTBhYjNlMzQ5ZmM2
Mjk1Y2MwHhcNMjQwMTAxMjAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWMxZDQ1NWQ3MmI1ZjBkY2ZkYzBhMzBhM2ExZGRjMzVhMmM5YTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlky714diLtCho7c5siWiejeLXxhM
10tz2QjAzoKieaZnj2xw2Xcl31QSAVvaSvCcTESKkf2Oi9lY5HTg+aDPmEghW6L7
XoIjDUP3tG/wmzdLU4wLh44xZax4XfujjpfMc5006UlR3p2nH+x4DVSa11qkRIlW
yNlOJst7oooxjhV9AHhZfRK4+rXMWRIRlVa8skRjcXJcxIi4PYxKdxvdTjazXe5b
jZy3PCwhOhFGf9JXAExO8p7rp9sf7rCHgHiy+qbSyh+Jx3HGI6D6ASVCZMsBvZvx
L9xKamyZC6sUcXFRNpo9W/UNfQyZ38dcGnJfKFRA6e+zCrWpGSyKQFRCMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCrB1FXXK18Nz9wKMKOh3cNaLJpMMB8GA1UdIwQY
MBaAFOII7LnzTB+8PzWJcQqz40n8YpXMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGdqc3VmTk1IN3dfTllseENyUGpTZnhpbGN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC85ZDk2MGYtYTU5YS00MzVjLWFlOTIt
MWNhNzM5YmIwMGNjLzEvS3NIVVZkY3JYdzNQM0Fvd282SGR3MW9zbWt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC85ZDk2MGYtYTU5YS00MzVjLWFlOTItMWNhNzM5YmIwMGNj
LzEvNGdqc3VmTk1IN3dfTllseENyUGpTZnhpbGN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW1p9AwQA
W1p/MA0GCSqGSIb3DQEBCwUAA4IBAQAtEpgsrjd2agYBTZIen0ErgfEpZQsAM1YL
TOPtc8QOe08XNMMJLKCeqi/Cehe5lnNndP4ychwli8XPtvAIe+5vZ4gE2dP7pFUS
r+J+yANws9eJnujfsSpYVA7FTy/hHYxmvt+p+IFEPNLPYHHuQOf+B+OZEKtaQEwN
bAIKxql5xfkOffNRAc98bciaPU6j0zARHeQQnHXN3REiObIrnRy3BEYBURbiketx
e4mttViQpkJ4t9euBvTNjT2jn0oHy5MXlEpyGOmyXQboaxZU7R9aZtRScJAkr+Oy
IuqAaVHfhQHF+hIRTYzG4Cakjh40cfEqt7K1pHGWHCSN24o0/h9f
-----END CERTIFICATE-----