Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/5e4d05-ce79-4f7f-8a95-46cd28316aa7/1/STgWPV6VI7gTxEuHHtPHRPtphJI.roa
File:                     STgWPV6VI7gTxEuHHtPHRPtphJI.roa (raw, json)
Hash identifier:          IEebNMFw0rHlv5k1K2ztfk6hkbRPHVUZIf1KKrq9VyE=
Subject key identifier:   49:38:16:3D:5E:95:23:B8:13:C4:4B:87:1E:D3:C7:44:FB:69:84:92
Certificate issuer:       /CN=e83c7507faff0f4126813851e927e8fb09fb7a6f
Certificate serial:       018CC56E5C82D0A10D1C64989E7C37E49A42
Authority key identifier: E8:3C:75:07:FA:FF:0F:41:26:81:38:51:E9:27:E8:FB:09:FB:7A:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6Dx1B_r_D0EmgThR6Sfo-wn7em8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/5e4d05-ce79-4f7f-8a95-46cd28316aa7/1/STgWPV6VI7gTxEuHHtPHRPtphJI.roa
Signing time:             Mon 01 Jan 2024 14:29:53 +0000
ROA not before:           Mon 01 Jan 2024 14:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198530
IP address blocks:        91.236.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/5e4d05-ce79-4f7f-8a95-46cd28316aa7/1/6Dx1B_r_D0EmgThR6Sfo-wn7em8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/5e4d05-ce79-4f7f-8a95-46cd28316aa7/1/6Dx1B_r_D0EmgThR6Sfo-wn7em8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6Dx1B_r_D0EmgThR6Sfo-wn7em8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:5c:82:d0:a1:0d:1c:64:98:9e:7c:37:e4:9a:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e83c7507faff0f4126813851e927e8fb09fb7a6f
        Validity
            Not Before: Jan  1 14:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4938163d5e9523b813c44b871ed3c744fb698492
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:18:d4:2c:fc:97:8d:b8:f2:4b:91:1b:d8:02:
                    63:ac:a3:c2:61:8d:5a:ff:e1:a2:7e:46:42:0e:64:
                    ad:9d:42:9a:2d:2b:f4:a6:e6:ff:f9:46:9e:e0:7e:
                    49:5e:ff:3b:8d:a6:c5:95:bd:a8:85:48:da:b2:8f:
                    82:7d:5a:b2:e6:6f:fd:b2:2d:ab:60:ed:3f:5a:fd:
                    a8:33:96:d1:f3:9d:9a:93:63:30:30:4b:8b:f3:1b:
                    69:80:1c:a1:18:8a:c5:1c:f5:52:ba:fd:d9:7a:3a:
                    0f:64:6a:4c:93:71:a0:6d:a4:d2:c2:fb:f8:77:71:
                    f0:40:50:2e:1d:f2:79:39:e4:f0:e7:d0:db:71:96:
                    8b:90:19:a2:a2:50:85:38:51:31:4d:32:92:27:2e:
                    91:13:a8:d0:80:a3:ef:34:22:9d:26:49:71:3b:9b:
                    3d:93:09:b1:aa:7c:b6:6a:f0:1c:92:f0:43:a3:5c:
                    a4:9b:69:6a:ad:22:7f:4c:f2:1b:ef:d8:da:4f:43:
                    b2:83:d6:52:ff:f4:1a:e4:e2:97:5f:08:62:e6:72:
                    5e:9f:46:aa:f9:cd:49:17:9a:6d:8c:5d:ff:74:91:
                    f3:98:aa:7c:d4:be:90:5b:ea:36:a8:1f:81:32:10:
                    26:14:84:ee:fe:57:f4:84:f8:a9:23:2d:51:30:2b:
                    9d:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:38:16:3D:5E:95:23:B8:13:C4:4B:87:1E:D3:C7:44:FB:69:84:92
            X509v3 Authority Key Identifier:
                keyid:E8:3C:75:07:FA:FF:0F:41:26:81:38:51:E9:27:E8:FB:09:FB:7A:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6Dx1B_r_D0EmgThR6Sfo-wn7em8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5e4d05-ce79-4f7f-8a95-46cd28316aa7/1/STgWPV6VI7gTxEuHHtPHRPtphJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5e4d05-ce79-4f7f-8a95-46cd28316aa7/1/6Dx1B_r_D0EmgThR6Sfo-wn7em8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:96:19:e2:3b:bc:07:c3:37:29:8a:ea:38:87:73:97:95:59:
         08:cf:9f:41:7c:ef:ac:7c:db:fd:68:84:16:8f:56:4e:28:72:
         1a:33:ff:a4:87:b9:b6:bd:93:4b:bc:05:e8:42:17:65:d1:5b:
         97:21:8b:f4:ea:ce:83:e9:02:90:37:ae:b6:7d:2d:29:31:b2:
         d3:93:9c:b2:53:32:0b:21:76:2a:77:d0:93:16:80:6b:ff:f8:
         f4:a1:ed:f9:03:57:80:b3:6f:27:85:86:31:5d:c0:32:e6:a2:
         8c:21:e0:f7:66:5c:c4:62:41:02:99:7b:e4:9f:43:a3:00:e6:
         fc:98:2e:8a:9b:91:43:1f:e4:6f:72:6c:9c:e3:a4:e4:10:5c:
         dd:38:7d:a6:cc:b1:0b:e2:71:4d:4e:dc:fe:94:0d:06:68:87:
         2c:34:64:51:33:24:ef:41:0e:c1:9f:f3:34:b5:63:6c:7a:ce:
         ad:fc:58:f9:66:79:65:14:8c:a7:1a:81:48:66:64:f1:01:c1:
         8c:5a:95:7e:f2:75:54:b1:5a:5f:91:aa:40:36:79:04:d9:1f:
         54:e5:d6:59:a9:8c:78:98:c2:f6:95:f0:09:ef:8d:8c:34:9b:
         cc:d7:46:00:a6:c5:72:d9:60:70:11:5a:5d:3e:6c:a9:75:99:
         8c:db:a7:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFblyC0KENHGSYnnw35JpCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4M2M3NTA3ZmFmZjBmNDEyNjgxMzg1MWU5MjdlOGZiMDlm
YjdhNmYwHhcNMjQwMTAxMTQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTM4MTYzZDVlOTUyM2I4MTNjNDRiODcxZWQzYzc0NGZiNjk4NDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBjULPyXjbjyS5Eb2AJjrKPCYY1a
/+GifkZCDmStnUKaLSv0pub/+Uae4H5JXv87jabFlb2ohUjaso+CfVqy5m/9si2r
YO0/Wv2oM5bR852ak2MwMEuL8xtpgByhGIrFHPVSuv3ZejoPZGpMk3GgbaTSwvv4
d3HwQFAuHfJ5OeTw59DbcZaLkBmiolCFOFExTTKSJy6RE6jQgKPvNCKdJklxO5s9
kwmxqny2avAckvBDo1ykm2lqrSJ/TPIb79jaT0Oyg9ZS//Qa5OKXXwhi5nJen0aq
+c1JF5ptjF3/dJHzmKp81L6QW+o2qB+BMhAmFITu/lf0hPipIy1RMCud9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEk4Fj1elSO4E8RLhx7Tx0T7aYSSMB8GA1UdIwQY
MBaAFOg8dQf6/w9BJoE4Uekn6PsJ+3pvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkR4MUJfcl9EMEVtZ1RoUjZTZm8td243ZW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC81ZTRkMDUtY2U3OS00ZjdmLThhOTUt
NDZjZDI4MzE2YWE3LzEvU1RnV1BWNlZJN2dUeEV1SEh0UEhSUHRwaEpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC81ZTRkMDUtY2U3OS00ZjdmLThhOTUtNDZjZDI4MzE2YWE3
LzEvNkR4MUJfcl9EMEVtZ1RoUjZTZm8td243ZW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+wQMA0G
CSqGSIb3DQEBCwUAA4IBAQColhniO7wHwzcpiuo4h3OXlVkIz59BfO+sfNv9aIQW
j1ZOKHIaM/+kh7m2vZNLvAXoQhdl0VuXIYv06s6D6QKQN662fS0pMbLTk5yyUzIL
IXYqd9CTFoBr//j0oe35A1eAs28nhYYxXcAy5qKMIeD3ZlzEYkECmXvkn0OjAOb8
mC6Km5FDH+Rvcmyc46TkEFzdOH2mzLEL4nFNTtz+lA0GaIcsNGRRMyTvQQ7Bn/M0
tWNses6t/Fj5ZnllFIynGoFIZmTxAcGMWpV+8nVUsVpfkapANnkE2R9U5dZZqYx4
mML2lfAJ742MNJvM10YApsVy2WBwEVpdPmypdZmM26dA
-----END CERTIFICATE-----