Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/e797f2-f272-4663-b145-bc6a1b21fd5e/1/E_2NLFaBn2NItOTUxkWjhk_FEiU.roa
File:                     E_2NLFaBn2NItOTUxkWjhk_FEiU.roa (raw, json)
Hash identifier:          cwAWckHEVBwtrHTGTS+5G9BvjpegJJi0ObAbaMKpRFc=
Subject key identifier:   13:FD:8D:2C:56:81:9F:63:48:B4:E4:D4:C6:45:A3:86:4F:C5:12:25
Certificate issuer:       /CN=400de28131c73b5f5320f51dae6c1bd47ab82f92
Certificate serial:       01927710F13735BF42651E58A3D2BE356390
Authority key identifier: 40:0D:E2:81:31:C7:3B:5F:53:20:F5:1D:AE:6C:1B:D4:7A:B8:2F:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QA3igTHHO19TIPUdrmwb1Hq4L5I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/e797f2-f272-4663-b145-bc6a1b21fd5e/1/E_2NLFaBn2NItOTUxkWjhk_FEiU.roa
Signing time:             Thu 10 Oct 2024 15:34:11 +0000
ROA not before:           Thu 10 Oct 2024 15:34:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        91.197.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/e797f2-f272-4663-b145-bc6a1b21fd5e/1/QA3igTHHO19TIPUdrmwb1Hq4L5I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/e797f2-f272-4663-b145-bc6a1b21fd5e/1/QA3igTHHO19TIPUdrmwb1Hq4L5I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QA3igTHHO19TIPUdrmwb1Hq4L5I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 15:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:77:10:f1:37:35:bf:42:65:1e:58:a3:d2:be:35:63:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=400de28131c73b5f5320f51dae6c1bd47ab82f92
        Validity
            Not Before: Oct 10 15:34:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13fd8d2c56819f6348b4e4d4c645a3864fc51225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:4b:eb:8d:18:c5:5b:a9:fe:04:b3:c0:ba:03:
                    d9:4d:32:3f:2d:1b:20:10:fe:e4:75:54:1e:52:ac:
                    4d:02:8d:d0:68:18:93:44:5e:f8:58:06:85:52:46:
                    e9:b9:a5:a5:81:cc:2c:2c:2f:c1:66:e9:4a:76:bd:
                    98:fc:0f:97:44:b0:27:67:a7:b8:be:b8:44:2e:e5:
                    b0:6b:b0:98:b6:88:19:b0:26:28:ec:b9:bc:7e:30:
                    8f:92:69:f6:07:12:a9:38:01:08:72:ea:26:4c:fc:
                    ee:f7:6c:6f:b1:83:86:c6:29:a0:18:db:30:74:da:
                    36:4e:27:73:4c:a0:bc:7f:f0:bb:6d:f5:47:6e:8a:
                    8f:bb:73:c7:43:5c:c5:d7:f5:8a:e0:1b:23:f2:f1:
                    7d:05:f4:25:24:4d:e1:5a:b9:be:2c:b1:34:b2:11:
                    40:5a:5b:1e:07:c0:4f:9e:6c:3b:d4:f0:4e:a1:3f:
                    2d:c2:64:9f:04:8a:8a:42:ab:b9:d0:76:3f:15:90:
                    eb:90:3b:e7:f6:3b:36:a4:85:7f:7d:69:64:4c:8a:
                    65:f7:99:d8:af:c0:82:62:40:ac:34:9d:1d:18:db:
                    f3:e5:e7:b0:18:6a:b2:95:bd:5c:48:45:52:27:a5:
                    8b:b9:50:03:da:79:c3:2a:3c:63:8c:9c:43:a7:45:
                    20:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:FD:8D:2C:56:81:9F:63:48:B4:E4:D4:C6:45:A3:86:4F:C5:12:25
            X509v3 Authority Key Identifier:
                keyid:40:0D:E2:81:31:C7:3B:5F:53:20:F5:1D:AE:6C:1B:D4:7A:B8:2F:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QA3igTHHO19TIPUdrmwb1Hq4L5I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/e797f2-f272-4663-b145-bc6a1b21fd5e/1/E_2NLFaBn2NItOTUxkWjhk_FEiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/e797f2-f272-4663-b145-bc6a1b21fd5e/1/QA3igTHHO19TIPUdrmwb1Hq4L5I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:ac:e1:77:1d:9c:47:7a:ea:f6:51:61:be:52:d4:98:c8:e3:
         a4:43:d9:3e:f4:a7:46:01:23:75:8e:f5:23:16:7e:44:bd:d4:
         b6:8d:8c:ad:7d:43:8e:ef:3b:c0:d8:60:95:f0:44:05:05:5f:
         4b:71:73:bd:ab:52:1b:17:a1:65:93:e6:29:05:4c:b8:9b:a8:
         34:69:ee:e9:bf:83:88:54:49:52:7d:f8:62:22:07:4d:1e:77:
         55:ab:74:ce:22:d0:1d:ad:04:92:49:fe:6c:9f:8b:ee:2f:a7:
         2c:3a:5b:5b:20:e9:9f:da:49:24:cd:ce:74:e8:a6:06:5e:de:
         00:14:3d:6f:ef:7d:72:77:f3:6c:57:40:4d:6b:79:46:14:3e:
         18:11:d6:b1:6a:b2:ce:bb:07:4f:6a:f5:6e:7e:86:af:5f:b9:
         59:9f:cf:ab:0b:f5:70:70:f7:3a:bf:73:e0:08:16:bb:34:0b:
         a2:fb:9b:3f:ea:c8:56:c0:ea:7d:03:4a:ba:23:b4:73:b5:29:
         b8:b6:f5:22:25:83:ec:ef:31:39:73:15:ed:b4:64:a9:61:15:
         03:f2:9e:55:e1:e4:eb:47:d6:79:c1:df:ee:e7:9c:c6:3d:29:
         7d:58:78:10:b3:41:ad:5f:37:52:a6:f1:ac:1c:f8:0e:e7:4c:
         f0:02:0f:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ3EPE3Nb9CZR5Yo9K+NWOQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwMGRlMjgxMzFjNzNiNWY1MzIwZjUxZGFlNmMxYmQ0N2Fi
ODJmOTIwHhcNMjQxMDEwMTUzNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2ZkOGQyYzU2ODE5ZjYzNDhiNGU0ZDRjNjQ1YTM4NjRmYzUxMjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUvrjRjFW6n+BLPAugPZTTI/LRsg
EP7kdVQeUqxNAo3QaBiTRF74WAaFUkbpuaWlgcwsLC/BZulKdr2Y/A+XRLAnZ6e4
vrhELuWwa7CYtogZsCYo7Lm8fjCPkmn2BxKpOAEIcuomTPzu92xvsYOGximgGNsw
dNo2TidzTKC8f/C7bfVHboqPu3PHQ1zF1/WK4Bsj8vF9BfQlJE3hWrm+LLE0shFA
WlseB8BPnmw71PBOoT8twmSfBIqKQqu50HY/FZDrkDvn9js2pIV/fWlkTIpl95nY
r8CCYkCsNJ0dGNvz5eewGGqylb1cSEVSJ6WLuVAD2nnDKjxjjJxDp0UgewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBP9jSxWgZ9jSLTk1MZFo4ZPxRIlMB8GA1UdIwQY
MBaAFEAN4oExxztfUyD1Ha5sG9R6uC+SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUEzaWdUSEhPMTlUSVBVZHJtd2IxSHE0TDVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9lNzk3ZjItZjI3Mi00NjYzLWIxNDUt
YmM2YTFiMjFmZDVlLzEvRV8yTkxGYUJuMk5JdE9UVXhrV2poa19GRWlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9lNzk3ZjItZjI3Mi00NjYzLWIxNDUtYmM2YTFiMjFmZDVl
LzEvUUEzaWdUSEhPMTlUSVBVZHJtd2IxSHE0TDVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8XzMA0G
CSqGSIb3DQEBCwUAA4IBAQCIrOF3HZxHeur2UWG+UtSYyOOkQ9k+9KdGASN1jvUj
Fn5EvdS2jYytfUOO7zvA2GCV8EQFBV9LcXO9q1IbF6Flk+YpBUy4m6g0ae7pv4OI
VElSffhiIgdNHndVq3TOItAdrQSSSf5sn4vuL6csOltbIOmf2kkkzc506KYGXt4A
FD1v731yd/NsV0BNa3lGFD4YEdaxarLOuwdPavVufoavX7lZn8+rC/VwcPc6v3Pg
CBa7NAui+5s/6shWwOp9A0q6I7RztSm4tvUiJYPs7zE5cxXttGSpYRUD8p5V4eTr
R9Z5wd/u55zGPSl9WHgQs0GtXzdSpvGsHPgO50zwAg9I
-----END CERTIFICATE-----