Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/f251ed-5967-4ddd-932b-7d40b7c8fb01/1/E1MYGsMHzZO8tAaJl0oGrrJK7Wk.roa
File:                     E1MYGsMHzZO8tAaJl0oGrrJK7Wk.roa (raw, json)
Hash identifier:          M423oZlquqKdeifhnzd+QsMLBdAWFVcPlcQzqCI322U=
Subject key identifier:   13:53:18:1A:C3:07:CD:93:BC:B4:06:89:97:4A:06:AE:B2:4A:ED:69
Certificate issuer:       /CN=32a77427c03709b339a95b0ad9a4ac9d2c92c903
Certificate serial:       018CC6B78F7E3007597CD5EBBD8D0528DB93
Authority key identifier: 32:A7:74:27:C0:37:09:B3:39:A9:5B:0A:D9:A4:AC:9D:2C:92:C9:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mqd0J8A3CbM5qVsK2aSsnSySyQM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/f251ed-5967-4ddd-932b-7d40b7c8fb01/1/E1MYGsMHzZO8tAaJl0oGrrJK7Wk.roa
Signing time:             Mon 01 Jan 2024 20:29:27 +0000
ROA not before:           Mon 01 Jan 2024 20:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43666
IP address blocks:        91.197.182.0/24 maxlen: 24
                          91.197.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/f251ed-5967-4ddd-932b-7d40b7c8fb01/1/Mqd0J8A3CbM5qVsK2aSsnSySyQM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/f251ed-5967-4ddd-932b-7d40b7c8fb01/1/Mqd0J8A3CbM5qVsK2aSsnSySyQM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mqd0J8A3CbM5qVsK2aSsnSySyQM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:8f:7e:30:07:59:7c:d5:eb:bd:8d:05:28:db:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32a77427c03709b339a95b0ad9a4ac9d2c92c903
        Validity
            Not Before: Jan  1 20:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1353181ac307cd93bcb40689974a06aeb24aed69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:1f:d9:59:ee:a5:e8:e2:ef:9d:e0:13:8b:7e:
                    53:fa:49:5f:ab:06:4d:6e:c7:34:ec:90:cd:fc:7b:
                    84:dc:44:0e:be:5a:4b:aa:a6:4e:81:85:12:0c:cb:
                    bc:04:b7:8e:2d:78:09:4e:8a:92:2d:3d:8c:9e:a2:
                    31:44:6e:35:a8:ae:23:8b:45:8a:b3:88:0b:d3:af:
                    95:99:8f:11:7b:26:ca:84:3b:b2:13:c4:f6:d1:74:
                    7b:2d:6c:33:58:0c:5a:b3:9e:04:80:cd:c0:cd:ff:
                    3a:16:6f:39:1d:0d:d1:32:7e:79:7e:22:2e:5b:c7:
                    4a:cf:3c:ea:77:c3:f4:2f:d4:3f:7a:0b:19:2f:01:
                    7f:3f:e5:ee:b2:4e:c9:01:c7:da:63:fc:ae:e5:4d:
                    20:b0:ac:1c:ec:30:df:91:cf:a5:6d:b7:df:3d:24:
                    e5:dc:7d:23:0b:8b:f0:ca:94:ff:47:b1:3c:c8:c4:
                    18:68:5f:23:d8:aa:68:de:f2:cb:04:2e:f5:34:bf:
                    a9:2d:a5:2c:3f:ab:98:96:b5:97:61:b4:3f:43:ef:
                    4b:36:7e:4e:c7:91:bb:05:82:f1:ee:86:57:ad:61:
                    5a:17:5d:a8:dc:58:4a:d8:b0:08:2e:c0:c7:30:cb:
                    9d:6f:ce:0f:63:9b:28:3e:a6:d2:96:59:15:4f:a1:
                    17:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:53:18:1A:C3:07:CD:93:BC:B4:06:89:97:4A:06:AE:B2:4A:ED:69
            X509v3 Authority Key Identifier:
                keyid:32:A7:74:27:C0:37:09:B3:39:A9:5B:0A:D9:A4:AC:9D:2C:92:C9:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mqd0J8A3CbM5qVsK2aSsnSySyQM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/f251ed-5967-4ddd-932b-7d40b7c8fb01/1/E1MYGsMHzZO8tAaJl0oGrrJK7Wk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/f251ed-5967-4ddd-932b-7d40b7c8fb01/1/Mqd0J8A3CbM5qVsK2aSsnSySyQM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.180.0/24
                  91.197.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:c2:e6:ff:2a:4f:54:e9:4c:05:0d:49:2b:dd:f0:27:c7:f3:
         61:40:5a:99:66:52:66:72:ea:1c:55:4e:8a:9a:41:1b:a9:90:
         38:d6:ca:94:65:b5:f0:f7:f9:42:52:25:5e:21:e9:47:bc:a3:
         33:56:56:90:5c:c2:f1:8d:d3:ab:af:e9:e3:fd:2e:da:ed:b1:
         8f:58:27:cf:19:05:91:af:d2:87:f1:62:aa:f8:c5:36:96:ce:
         dd:84:d2:70:75:29:11:a8:b4:c9:d8:07:92:a2:e4:d3:67:16:
         01:30:1d:76:f1:65:79:fd:74:a9:f7:5d:77:58:bc:19:1f:79:
         09:13:2e:3c:06:70:02:d4:ed:fb:6a:41:36:83:12:ba:60:ee:
         09:83:ec:db:31:92:19:2c:27:58:4b:18:f5:a1:dc:c0:40:f7:
         44:6f:8a:57:01:48:6d:e4:4f:2b:95:12:cd:99:ea:d0:a5:3b:
         b5:3a:01:e7:a0:5e:bc:5d:65:4f:c9:2b:ba:45:46:e1:e5:e2:
         2a:f7:83:16:53:4a:8b:41:05:d3:e1:4d:1a:8b:e7:98:4a:d1:
         b3:a7:99:92:a0:62:cb:9b:9b:50:14:ea:bf:01:84:f0:cb:5e:
         22:c9:35:58:b3:f6:af:95:be:91:57:28:b5:3a:e4:2a:ef:33:
         3b:5b:99:4d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGt49+MAdZfNXrvY0FKNuTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYTc3NDI3YzAzNzA5YjMzOWE5NWIwYWQ5YTRhYzlkMmM5
MmM5MDMwHhcNMjQwMTAxMjAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzUzMTgxYWMzMDdjZDkzYmNiNDA2ODk5NzRhMDZhZWIyNGFlZDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjh/ZWe6l6OLvneATi35T+klfqwZN
bsc07JDN/HuE3EQOvlpLqqZOgYUSDMu8BLeOLXgJToqSLT2MnqIxRG41qK4ji0WK
s4gL06+VmY8ReybKhDuyE8T20XR7LWwzWAxas54EgM3Azf86Fm85HQ3RMn55fiIu
W8dKzzzqd8P0L9Q/egsZLwF/P+Xusk7JAcfaY/yu5U0gsKwc7DDfkc+lbbffPSTl
3H0jC4vwypT/R7E8yMQYaF8j2Kpo3vLLBC71NL+pLaUsP6uYlrWXYbQ/Q+9LNn5O
x5G7BYLx7oZXrWFaF12o3FhK2LAILsDHMMudb84PY5soPqbSllkVT6EXjQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBNTGBrDB82TvLQGiZdKBq6ySu1pMB8GA1UdIwQY
MBaAFDKndCfANwmzOalbCtmkrJ0skskDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXFkMEo4QTNDYk01cVZzSzJhU3NuU3lTeVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9mMjUxZWQtNTk2Ny00ZGRkLTkzMmIt
N2Q0MGI3YzhmYjAxLzEvRTFNWUdzTUh6Wk84dEFhSmwwb0dyckpLN1drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9mMjUxZWQtNTk2Ny00ZGRkLTkzMmItN2Q0MGI3YzhmYjAx
LzEvTXFkMEo4QTNDYk01cVZzSzJhU3NuU3lTeVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8W0AwQA
W8W2MA0GCSqGSIb3DQEBCwUAA4IBAQBawub/Kk9U6UwFDUkr3fAnx/NhQFqZZlJm
cuocVU6KmkEbqZA41sqUZbXw9/lCUiVeIelHvKMzVlaQXMLxjdOrr+nj/S7a7bGP
WCfPGQWRr9KH8WKq+MU2ls7dhNJwdSkRqLTJ2AeSouTTZxYBMB128WV5/XSp9113
WLwZH3kJEy48BnAC1O37akE2gxK6YO4Jg+zbMZIZLCdYSxj1odzAQPdEb4pXAUht
5E8rlRLNmerQpTu1OgHnoF68XWVPySu6RUbh5eIq94MWU0qLQQXT4U0ai+eYStGz
p5mSoGLLm5tQFOq/AYTwy14iyTVYs/avlb6RVyi1OuQq7zM7W5lN
-----END CERTIFICATE-----