Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/LklA9YwMR4blYUdoa_uVgvqWv_8.roa
File:                     LklA9YwMR4blYUdoa_uVgvqWv_8.roa (raw, json)
Hash identifier:          iTB/XubYtM4JBWBEAgugLd1vdOlsIhelEFtYS61MEOk=
Subject key identifier:   2E:49:40:F5:8C:0C:47:86:E5:61:47:68:6B:FB:95:82:FA:96:BF:FF
Certificate issuer:       /CN=b27261d715348bfd73ce9dbb72488656993ba2f1
Certificate serial:       019155DCCDCE32B23526D39E7B685B1145DF
Authority key identifier: B2:72:61:D7:15:34:8B:FD:73:CE:9D:BB:72:48:86:56:99:3B:A2:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/LklA9YwMR4blYUdoa_uVgvqWv_8.roa
Signing time:             Thu 15 Aug 2024 11:46:59 +0000
ROA not before:           Thu 15 Aug 2024 11:46:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20688
IP address blocks:        185.18.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:55:dc:cd:ce:32:b2:35:26:d3:9e:7b:68:5b:11:45:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b27261d715348bfd73ce9dbb72488656993ba2f1
        Validity
            Not Before: Aug 15 11:46:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e4940f58c0c4786e56147686bfb9582fa96bfff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:0c:bd:6f:1b:ca:d1:23:62:8a:d0:4d:9e:bd:
                    8d:ea:66:b9:14:76:95:fb:a5:64:20:1d:ae:c8:fb:
                    39:88:2e:56:51:0b:8b:76:14:23:65:bd:81:56:a2:
                    f7:ea:37:b6:74:20:83:30:3b:d7:a0:8b:23:b5:18:
                    d9:be:3f:3d:4c:0f:be:df:04:39:0a:c0:e4:25:4e:
                    5f:2c:35:2c:83:94:38:4a:8b:d2:7a:0e:dc:ca:de:
                    44:34:a2:e0:b5:36:14:0b:4a:09:e0:38:f3:69:8f:
                    07:c0:4b:41:54:bb:63:b3:49:91:c6:11:ea:9a:22:
                    47:b4:ac:ed:43:dc:dd:23:5f:7f:25:b5:22:c5:d1:
                    45:68:e2:bf:63:c6:6e:c5:71:40:99:19:da:34:26:
                    00:f4:9b:13:c5:71:14:4e:31:39:31:6c:2b:67:52:
                    12:0c:fd:f3:33:e8:e7:b3:32:1a:af:de:8b:59:c3:
                    7a:69:2f:ef:75:44:3c:75:2c:45:a6:39:60:70:cf:
                    a7:2a:a8:85:76:11:65:23:76:dc:00:37:60:9b:9d:
                    90:bf:4b:98:58:19:b4:eb:97:e2:59:49:82:90:1e:
                    e5:cc:07:95:cf:83:29:bc:12:bb:7f:18:38:35:5d:
                    7f:56:44:07:dd:66:77:3a:05:c5:61:a4:60:d7:d4:
                    52:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:49:40:F5:8C:0C:47:86:E5:61:47:68:6B:FB:95:82:FA:96:BF:FF
            X509v3 Authority Key Identifier:
                keyid:B2:72:61:D7:15:34:8B:FD:73:CE:9D:BB:72:48:86:56:99:3B:A2:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/LklA9YwMR4blYUdoa_uVgvqWv_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.18.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:4c:f2:fd:98:f3:06:2f:9b:5c:bf:5b:6b:70:23:62:90:1f:
         4f:b3:b7:c8:71:24:e6:1a:f7:eb:0c:6d:53:1b:db:50:83:89:
         8d:72:5f:a4:06:2f:72:18:f8:99:74:bc:0e:23:e1:51:84:ec:
         1e:05:8f:90:67:29:b3:b1:5b:f4:a8:38:ce:1f:73:a4:8f:57:
         2f:46:ad:40:99:7b:f7:9a:aa:8d:3c:33:0d:08:33:99:96:21:
         4a:6c:6c:cc:0d:d9:04:ff:a2:d4:cb:39:ba:92:d9:76:d7:9f:
         c8:68:97:06:24:80:c9:d0:6f:5c:84:e0:07:da:5e:d8:9e:17:
         bb:9e:74:47:b1:c7:78:cd:d3:1c:6a:31:87:54:5c:0a:1b:bf:
         24:b9:24:31:23:23:8c:97:a4:6c:05:9a:e3:99:10:a1:88:25:
         48:c6:f8:e8:96:f9:b1:f9:9b:67:06:0b:d8:1f:23:ee:b9:77:
         3e:eb:83:d5:92:8d:30:f3:73:2a:94:e7:5e:a1:0f:71:79:68:
         47:f8:fb:ad:b5:14:58:9a:cd:a5:11:e6:4e:25:76:f5:24:4d:
         55:10:72:ce:53:48:fa:b3:41:3a:df:bf:3e:65:ab:fd:98:a6:
         d9:6f:02:75:cc:9d:25:c3:80:a6:a1:10:ec:4d:a7:be:7b:be:
         e2:33:38:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFV3M3OMrI1JtOee2hbEUXfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNzI2MWQ3MTUzNDhiZmQ3M2NlOWRiYjcyNDg4NjU2OTkz
YmEyZjEwHhcNMjQwODE1MTE0NjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTQ5NDBmNThjMGM0Nzg2ZTU2MTQ3Njg2YmZiOTU4MmZhOTZiZmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQy9bxvK0SNiitBNnr2N6ma5FHaV
+6VkIB2uyPs5iC5WUQuLdhQjZb2BVqL36je2dCCDMDvXoIsjtRjZvj89TA++3wQ5
CsDkJU5fLDUsg5Q4SovSeg7cyt5ENKLgtTYUC0oJ4DjzaY8HwEtBVLtjs0mRxhHq
miJHtKztQ9zdI19/JbUixdFFaOK/Y8ZuxXFAmRnaNCYA9JsTxXEUTjE5MWwrZ1IS
DP3zM+jnszIar96LWcN6aS/vdUQ8dSxFpjlgcM+nKqiFdhFlI3bcADdgm52Qv0uY
WBm065fiWUmCkB7lzAeVz4MpvBK7fxg4NV1/VkQH3WZ3OgXFYaRg19RSnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC5JQPWMDEeG5WFHaGv7lYL6lr//MB8GA1UdIwQY
MBaAFLJyYdcVNIv9c86du3JIhlaZO6LxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc25KaDF4VTBpXzF6enAyN2NraUdWcGs3b3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9hYmE1MDItZDE5MS00ZmQ3LWE3Y2Yt
NTA0ZjI3NjY3NjBmLzEvTGtsQTlZd01SNGJsWVVkb2FfdVZndnFXdl84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9hYmE1MDItZDE5MS00ZmQ3LWE3Y2YtNTA0ZjI3NjY3NjBm
LzEvc25KaDF4VTBpXzF6enAyN2NraUdWcGs3b3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRJbMA0G
CSqGSIb3DQEBCwUAA4IBAQBITPL9mPMGL5tcv1trcCNikB9Ps7fIcSTmGvfrDG1T
G9tQg4mNcl+kBi9yGPiZdLwOI+FRhOweBY+QZymzsVv0qDjOH3Okj1cvRq1AmXv3
mqqNPDMNCDOZliFKbGzMDdkE/6LUyzm6ktl215/IaJcGJIDJ0G9chOAH2l7Ynhe7
nnRHscd4zdMcajGHVFwKG78kuSQxIyOMl6RsBZrjmRChiCVIxvjolvmx+ZtnBgvY
HyPuuXc+64PVko0w83MqlOdeoQ9xeWhH+PuttRRYms2lEeZOJXb1JE1VEHLOU0j6
s0E6378+Zav9mKbZbwJ1zJ0lw4CmoRDsTae+e77iMzjS
-----END CERTIFICATE-----