Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/e2d1ad-cfe0-4494-aa75-e0c2b94792ca/1/Sni0e8DXmW1gWx5XqDFaFBEV5i0.roa
File:                     Sni0e8DXmW1gWx5XqDFaFBEV5i0.roa (raw, json)
Hash identifier:          avliRauxY6AxtYMTmSOXM+4Pwipcn5CiWzmC7cZsMz4=
Subject key identifier:   4A:78:B4:7B:C0:D7:99:6D:60:5B:1E:57:A8:31:5A:14:11:15:E6:2D
Certificate issuer:       /CN=c77111ec5549115cb347654d8fe5b2709d27f7df
Certificate serial:       018CC72724CAC356F5E03689528781F13711
Authority key identifier: C7:71:11:EC:55:49:11:5C:B3:47:65:4D:8F:E5:B2:70:9D:27:F7:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x3ER7FVJEVyzR2VNj-WycJ0n998.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/e2d1ad-cfe0-4494-aa75-e0c2b94792ca/1/Sni0e8DXmW1gWx5XqDFaFBEV5i0.roa
Signing time:             Mon 01 Jan 2024 22:31:20 +0000
ROA not before:           Mon 01 Jan 2024 22:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41505
IP address blocks:        91.208.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/e2d1ad-cfe0-4494-aa75-e0c2b94792ca/1/x3ER7FVJEVyzR2VNj-WycJ0n998.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/e2d1ad-cfe0-4494-aa75-e0c2b94792ca/1/x3ER7FVJEVyzR2VNj-WycJ0n998.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x3ER7FVJEVyzR2VNj-WycJ0n998.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:24:ca:c3:56:f5:e0:36:89:52:87:81:f1:37:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c77111ec5549115cb347654d8fe5b2709d27f7df
        Validity
            Not Before: Jan  1 22:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a78b47bc0d7996d605b1e57a8315a141115e62d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:2b:61:de:18:d1:c3:11:c8:02:97:ee:d2:e4:
                    f2:fc:78:e1:01:1a:58:a0:0a:b3:29:4f:3c:5a:cc:
                    07:b5:c0:cd:9d:8a:cd:00:5c:d1:c2:bd:70:5c:4b:
                    06:f4:00:1b:18:81:c0:50:9d:32:d1:08:1e:b7:df:
                    32:93:43:9a:3e:ea:3d:6f:30:e5:ed:c6:c2:84:13:
                    74:b3:0e:d2:e1:3d:fb:fe:af:c1:a6:58:e9:6f:19:
                    b0:2f:9c:bd:b2:d4:32:6b:b0:e1:78:8c:52:c6:fe:
                    74:00:23:a0:02:27:d6:a2:c6:1b:2e:83:be:e8:79:
                    14:e1:a7:0c:f9:27:d5:82:f8:ba:2e:38:e9:0a:09:
                    be:3a:d5:cb:cb:f5:43:70:c5:69:01:37:16:7b:1e:
                    b2:65:3d:29:b1:b9:35:fa:8a:2f:2a:09:ba:9b:42:
                    31:cd:0d:58:2b:4a:56:c5:df:60:98:f2:34:95:ba:
                    b8:94:58:72:8d:50:db:84:47:df:a5:d2:21:b8:84:
                    ae:42:04:f6:da:75:15:0b:8f:66:ba:7f:d6:99:f5:
                    d7:2f:f1:8d:38:f4:a2:ad:59:4e:7f:71:82:8c:7a:
                    b0:66:97:7a:de:88:3e:d7:19:16:57:2e:3b:78:7f:
                    3a:d4:de:1b:53:30:e6:df:7b:a3:2c:c1:73:7a:d1:
                    87:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:78:B4:7B:C0:D7:99:6D:60:5B:1E:57:A8:31:5A:14:11:15:E6:2D
            X509v3 Authority Key Identifier:
                keyid:C7:71:11:EC:55:49:11:5C:B3:47:65:4D:8F:E5:B2:70:9D:27:F7:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3ER7FVJEVyzR2VNj-WycJ0n998.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/e2d1ad-cfe0-4494-aa75-e0c2b94792ca/1/Sni0e8DXmW1gWx5XqDFaFBEV5i0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/e2d1ad-cfe0-4494-aa75-e0c2b94792ca/1/x3ER7FVJEVyzR2VNj-WycJ0n998.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:ae:94:0b:a2:3e:1f:ac:74:32:c6:d9:69:87:b5:70:99:27:
         52:55:b2:14:89:c2:ba:12:c9:9b:bc:b7:15:a3:94:92:95:40:
         51:b7:9f:de:60:6c:12:30:fd:36:e6:f0:3d:9a:62:47:63:8f:
         34:09:c1:fe:f6:e6:87:34:cc:c9:ee:44:d4:7a:88:48:57:10:
         5d:a7:8b:9e:69:ba:cc:dc:18:e8:b7:5d:84:9c:b6:13:a2:96:
         3e:ca:1b:8b:ce:47:e1:80:5a:0b:00:cf:6a:95:c7:19:0e:b0:
         f7:93:85:cc:8a:0c:62:02:17:44:28:56:60:c7:00:fe:07:62:
         87:5f:ec:67:b9:61:f3:7b:63:64:22:6b:59:48:e1:df:a4:fc:
         a5:f2:61:61:52:c2:e2:aa:b2:73:c0:e3:a5:b0:71:ff:73:48:
         ee:40:ed:6a:28:fe:f8:31:42:aa:8b:9d:e9:8d:4a:0f:54:c0:
         f3:2d:2d:1e:7e:98:a0:11:d5:c2:2e:3b:f6:0a:d5:96:6f:29:
         18:69:4b:6f:87:93:b7:c0:bf:b5:eb:41:97:67:d9:7e:30:eb:
         d6:f0:35:99:30:75:44:98:89:de:3e:8f:f4:98:13:5e:9f:5d:
         af:fe:ac:f4:af:ba:ff:24:ee:65:30:30:7b:a2:e6:8c:6a:02:
         ab:f7:8f:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJyTKw1b14DaJUoeB8TcRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NzExMWVjNTU0OTExNWNiMzQ3NjU0ZDhmZTViMjcwOWQy
N2Y3ZGYwHhcNMjQwMTAxMjIzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTc4YjQ3YmMwZDc5OTZkNjA1YjFlNTdhODMxNWExNDExMTVlNjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiSth3hjRwxHIApfu0uTy/HjhARpY
oAqzKU88WswHtcDNnYrNAFzRwr1wXEsG9AAbGIHAUJ0y0Qget98yk0OaPuo9bzDl
7cbChBN0sw7S4T37/q/BpljpbxmwL5y9stQya7DheIxSxv50ACOgAifWosYbLoO+
6HkU4acM+SfVgvi6LjjpCgm+OtXLy/VDcMVpATcWex6yZT0psbk1+oovKgm6m0Ix
zQ1YK0pWxd9gmPI0lbq4lFhyjVDbhEffpdIhuISuQgT22nUVC49mun/WmfXXL/GN
OPSirVlOf3GCjHqwZpd63og+1xkWVy47eH861N4bUzDm33ujLMFzetGHewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEp4tHvA15ltYFseV6gxWhQRFeYtMB8GA1UdIwQY
MBaAFMdxEexVSRFcs0dlTY/lsnCdJ/ffMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDNFUjdGVkpFVnl6UjJWTmotV3ljSjBuOTk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9lMmQxYWQtY2ZlMC00NDk0LWFhNzUt
ZTBjMmI5NDc5MmNhLzEvU25pMGU4RFhtVzFnV3g1WHFERmFGQkVWNWkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9lMmQxYWQtY2ZlMC00NDk0LWFhNzUtZTBjMmI5NDc5MmNh
LzEveDNFUjdGVkpFVnl6UjJWTmotV3ljSjBuOTk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9BlMA0G
CSqGSIb3DQEBCwUAA4IBAQCDrpQLoj4frHQyxtlph7VwmSdSVbIUicK6EsmbvLcV
o5SSlUBRt5/eYGwSMP025vA9mmJHY480CcH+9uaHNMzJ7kTUeohIVxBdp4ueabrM
3Bjot12EnLYTopY+yhuLzkfhgFoLAM9qlccZDrD3k4XMigxiAhdEKFZgxwD+B2KH
X+xnuWHze2NkImtZSOHfpPyl8mFhUsLiqrJzwOOlsHH/c0juQO1qKP74MUKqi53p
jUoPVMDzLS0efpigEdXCLjv2CtWWbykYaUtvh5O3wL+160GXZ9l+MOvW8DWZMHVE
mInePo/0mBNen12v/qz0r7r/JO5lMDB7ouaMagKr948U
-----END CERTIFICATE-----