Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Al1ouhlgStzSYM5GvJRJQpS-A7M.roa
File:                     Al1ouhlgStzSYM5GvJRJQpS-A7M.roa (raw, json)
Hash identifier:          wepbl2rAnEa3xgW49ysnC6SucunGNTXW2annya7UhM8=
Subject key identifier:   02:5D:68:BA:19:60:4A:DC:D2:60:CE:46:BC:94:49:42:94:BE:03:B3
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0191BD77FD26792666B6A158F32E1027B8E6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Al1ouhlgStzSYM5GvJRJQpS-A7M.roa
Signing time:             Wed 04 Sep 2024 14:37:23 +0000
ROA not before:           Wed 04 Sep 2024 14:37:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214346
IP address blocks:        194.105.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bd:77:fd:26:79:26:66:b6:a1:58:f3:2e:10:27:b8:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep  4 14:37:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=025d68ba19604adcd260ce46bc94494294be03b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:d6:2b:31:c8:7d:2f:55:3b:ba:db:4b:df:af:
                    c0:f9:5d:c9:8d:1e:44:5d:00:4a:31:71:3f:32:e3:
                    70:96:8c:3c:15:ff:38:27:0d:bc:52:bc:fe:ba:82:
                    f7:15:33:54:59:8d:a2:ea:12:e5:be:a9:7b:53:d2:
                    c4:d7:52:c9:7b:0f:43:a2:3f:1e:fc:4a:0f:2b:cb:
                    cb:fa:f1:29:04:28:06:1b:b7:51:26:9c:cc:d9:a3:
                    68:bd:fe:a8:9b:8f:fa:91:b3:8e:36:3a:26:94:2f:
                    73:3e:cc:94:d0:c6:96:8a:c7:c5:e9:ce:d0:4b:1f:
                    29:09:6b:3d:b6:f4:56:98:e8:4c:55:3b:da:5f:ae:
                    0c:d2:8c:23:72:51:78:9a:5a:f5:b9:5c:53:cc:43:
                    83:49:97:84:d7:e5:d0:73:be:b2:41:39:af:42:a5:
                    bf:88:44:0f:44:1f:54:cc:c2:37:75:c7:a7:98:e5:
                    f0:19:cb:fc:aa:96:3b:20:b3:26:c7:6b:18:2e:75:
                    82:9e:79:2b:e9:1d:20:86:1c:71:96:b7:57:44:d4:
                    1f:d7:a8:ec:45:b1:ae:bc:37:25:ce:d5:4d:8d:13:
                    59:64:99:fa:52:07:cb:85:14:79:71:03:dd:f0:5d:
                    71:a4:e4:5d:d8:32:e3:75:5f:54:84:08:b4:46:28:
                    80:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:5D:68:BA:19:60:4A:DC:D2:60:CE:46:BC:94:49:42:94:BE:03:B3
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Al1ouhlgStzSYM5GvJRJQpS-A7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.105.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:9b:9d:d5:fc:7a:2f:7f:f3:de:e9:e6:00:6b:79:7b:90:12:
         18:b5:18:8f:dd:f3:50:96:ae:53:5e:73:1f:4f:db:d5:eb:53:
         5b:0c:e0:c7:88:86:a0:ef:5f:18:fd:f1:4b:2a:b2:da:d4:11:
         8a:03:57:f1:45:6f:de:2f:66:a4:cd:a2:0a:48:8d:ef:47:7c:
         c6:46:80:1e:12:65:dd:f1:14:81:0d:89:72:0c:fb:bf:10:5b:
         6b:1b:7b:fd:6a:d5:c7:77:42:31:31:80:50:cf:cd:79:97:d9:
         7d:e3:2d:9c:7a:a7:19:ce:60:6f:4d:b5:d0:19:8c:1f:2a:74:
         0b:98:69:b9:a1:c0:ca:be:fa:11:23:81:8c:82:db:88:44:86:
         83:87:9a:ee:78:c2:36:ff:b6:85:a8:83:c5:04:89:fc:11:f1:
         23:5b:2a:9a:9e:4c:a3:8b:ce:9e:3b:46:b8:25:1b:39:cd:7d:
         6c:68:d3:84:18:9e:fa:1c:bf:18:2a:ab:43:2a:fe:87:0e:15:
         d3:64:1d:b8:bb:f6:20:55:e6:d1:88:82:97:f4:ab:98:5a:b3:
         75:5a:c9:9a:9e:a0:99:49:0d:90:d8:1a:a6:ea:1d:4a:11:3e:
         86:e1:bc:79:5f:8d:9d:77:07:7f:eb:59:4b:1c:5e:62:af:15:
         72:70:ec:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZG9d/0meSZmtqFY8y4QJ7jmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwOTA0MTQzNzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjVkNjhiYTE5NjA0YWRjZDI2MGNlNDZiYzk0NDk0Mjk0YmUwM2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1tYrMch9L1U7uttL36/A+V3JjR5E
XQBKMXE/MuNwlow8Ff84Jw28Urz+uoL3FTNUWY2i6hLlvql7U9LE11LJew9Doj8e
/EoPK8vL+vEpBCgGG7dRJpzM2aNovf6om4/6kbOONjomlC9zPsyU0MaWisfF6c7Q
Sx8pCWs9tvRWmOhMVTvaX64M0owjclF4mlr1uVxTzEODSZeE1+XQc76yQTmvQqW/
iEQPRB9UzMI3dcenmOXwGcv8qpY7ILMmx2sYLnWCnnkr6R0ghhxxlrdXRNQf16js
RbGuvDclztVNjRNZZJn6UgfLhRR5cQPd8F1xpORd2DLjdV9UhAi0RiiACwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAJdaLoZYErc0mDORryUSUKUvgOzMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQWwxb3VobGdTdHpTWU01R3ZKUkpRcFMtQTdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmlbMA0G
CSqGSIb3DQEBCwUAA4IBAQAim53V/Hovf/Pe6eYAa3l7kBIYtRiP3fNQlq5TXnMf
T9vV61NbDODHiIag718Y/fFLKrLa1BGKA1fxRW/eL2akzaIKSI3vR3zGRoAeEmXd
8RSBDYlyDPu/EFtrG3v9atXHd0IxMYBQz815l9l94y2ceqcZzmBvTbXQGYwfKnQL
mGm5ocDKvvoRI4GMgtuIRIaDh5rueMI2/7aFqIPFBIn8EfEjWyqankyji86eO0a4
JRs5zX1saNOEGJ76HL8YKqtDKv6HDhXTZB24u/YgVebRiIKX9KuYWrN1WsmanqCZ
SQ2Q2Bqm6h1KET6G4bx5X42ddwd/61lLHF5irxVycOzo
-----END CERTIFICATE-----