Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/cabd64-186b-4282-b14a-aa6fd434e0ef/1/JAeujRoXgsvU0W3weMAd03pyIv4.roa
File:                     JAeujRoXgsvU0W3weMAd03pyIv4.roa (raw, json)
Hash identifier:          8srZPlAc03dy/fiEXNldyYkhdwXPkimlznoUvqiTd0M=
Subject key identifier:   24:07:AE:8D:1A:17:82:CB:D4:D1:6D:F0:78:C0:1D:D3:7A:72:22:FE
Certificate issuer:       /CN=01d19921440c2f2b22a777780293bc27fa47f35a
Certificate serial:       0192BA0759D24BB1B4B0696639AFDFF52F2C
Authority key identifier: 01:D1:99:21:44:0C:2F:2B:22:A7:77:78:02:93:BC:27:FA:47:F3:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AdGZIUQMLysip3d4ApO8J_pH81o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/cabd64-186b-4282-b14a-aa6fd434e0ef/1/JAeujRoXgsvU0W3weMAd03pyIv4.roa
Signing time:             Wed 23 Oct 2024 15:38:16 +0000
ROA not before:           Wed 23 Oct 2024 15:38:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56888
IP address blocks:        91.228.180.0/24 maxlen: 24
                          91.228.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/cabd64-186b-4282-b14a-aa6fd434e0ef/1/AdGZIUQMLysip3d4ApO8J_pH81o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/cabd64-186b-4282-b14a-aa6fd434e0ef/1/AdGZIUQMLysip3d4ApO8J_pH81o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AdGZIUQMLysip3d4ApO8J_pH81o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 18:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ba:07:59:d2:4b:b1:b4:b0:69:66:39:af:df:f5:2f:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01d19921440c2f2b22a777780293bc27fa47f35a
        Validity
            Not Before: Oct 23 15:38:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2407ae8d1a1782cbd4d16df078c01dd37a7222fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:79:1d:c8:32:52:22:da:91:8f:a4:f8:ab:4e:
                    f8:9c:d6:5e:8e:a0:52:94:e0:08:38:2a:e9:10:69:
                    c6:ec:6f:95:4f:ca:2c:fc:93:a1:83:da:50:0c:1c:
                    b4:0d:14:8a:d9:2c:e2:c1:a6:3a:31:f9:21:33:bc:
                    02:bc:94:b8:a7:f7:81:41:b3:33:6f:03:a2:86:43:
                    65:34:92:e0:dc:94:13:e6:ac:3a:72:01:1c:0e:1a:
                    d5:60:70:81:71:66:41:2d:a0:2b:0f:d3:ac:86:c2:
                    45:37:d1:a6:c2:78:ed:40:81:8c:1e:26:f6:96:ed:
                    fd:71:eb:66:19:11:2a:62:de:b7:2b:06:b2:e4:a7:
                    d0:81:5e:34:da:2b:1c:8e:b1:b0:37:15:18:b9:53:
                    0e:da:2d:b2:47:be:04:f2:d4:50:14:d7:f2:5a:ca:
                    f7:a3:6e:f1:a9:92:18:fe:c4:0b:bb:94:d9:31:be:
                    de:84:b1:4c:a9:1e:e0:fd:7d:42:4b:1c:cb:4d:4e:
                    78:5a:da:ce:7c:71:9d:96:cb:76:4e:e0:dd:84:50:
                    1e:80:3c:37:82:c5:77:12:b1:67:7c:ee:ed:57:67:
                    33:68:8b:85:25:a0:69:3c:e1:9a:ea:71:9f:97:01:
                    b1:a1:bf:7a:3c:76:af:23:b5:35:95:e9:8b:01:5a:
                    96:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:07:AE:8D:1A:17:82:CB:D4:D1:6D:F0:78:C0:1D:D3:7A:72:22:FE
            X509v3 Authority Key Identifier:
                keyid:01:D1:99:21:44:0C:2F:2B:22:A7:77:78:02:93:BC:27:FA:47:F3:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AdGZIUQMLysip3d4ApO8J_pH81o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/cabd64-186b-4282-b14a-aa6fd434e0ef/1/JAeujRoXgsvU0W3weMAd03pyIv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/cabd64-186b-4282-b14a-aa6fd434e0ef/1/AdGZIUQMLysip3d4ApO8J_pH81o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         cc:e9:9f:1d:e4:cf:43:9d:c0:84:ac:17:22:04:74:dd:3c:b2:
         37:aa:b1:e2:17:be:87:b9:93:d9:e7:1d:a3:3c:b9:ef:de:65:
         d4:5a:04:7d:e5:fd:b5:93:c2:37:fa:95:fc:6a:ab:42:cc:8a:
         c6:f8:88:04:b4:22:4b:fd:29:b1:67:3d:fc:82:ea:22:4f:1d:
         72:c3:cf:2e:39:2c:b4:f7:a5:9a:bb:2a:f2:df:50:4c:9b:2b:
         91:58:c5:bb:20:71:e6:cd:3f:23:7b:4b:a8:c0:13:e3:94:71:
         79:5a:b5:3f:20:a6:e4:21:0c:9f:6a:02:73:a8:93:af:ea:97:
         28:b5:e7:8d:84:40:f8:8d:60:bb:08:fd:0c:35:e0:43:b7:a7:
         7d:f1:c3:75:b8:ee:31:05:59:2a:e1:1f:3e:b4:31:51:a1:e7:
         f2:cc:cf:e0:91:3e:d7:39:17:01:d4:fd:05:cf:11:19:e0:c7:
         2c:04:b2:78:d2:34:84:3c:86:1c:82:4c:7e:8e:d9:9c:82:00:
         04:f6:d6:87:cb:52:53:27:ac:47:5e:5b:23:3b:8c:46:45:d8:
         8d:18:6a:51:6d:6a:b5:ce:a8:87:35:11:1e:d2:4f:f7:46:fb:
         b2:7e:3a:ee:f6:ee:f8:45:34:1f:60:b6:d5:80:f4:db:9d:45:
         4d:b5:62:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK6B1nSS7G0sGlmOa/f9S8sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxZDE5OTIxNDQwYzJmMmIyMmE3Nzc3ODAyOTNiYzI3ZmE0
N2YzNWEwHhcNMjQxMDIzMTUzODE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDA3YWU4ZDFhMTc4MmNiZDRkMTZkZjA3OGMwMWRkMzdhNzIyMmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnkdyDJSItqRj6T4q074nNZejqBS
lOAIOCrpEGnG7G+VT8os/JOhg9pQDBy0DRSK2SziwaY6MfkhM7wCvJS4p/eBQbMz
bwOihkNlNJLg3JQT5qw6cgEcDhrVYHCBcWZBLaArD9OshsJFN9GmwnjtQIGMHib2
lu39cetmGREqYt63Kway5KfQgV402iscjrGwNxUYuVMO2i2yR74E8tRQFNfyWsr3
o27xqZIY/sQLu5TZMb7ehLFMqR7g/X1CSxzLTU54WtrOfHGdlst2TuDdhFAegDw3
gsV3ErFnfO7tV2czaIuFJaBpPOGa6nGflwGxob96PHavI7U1lemLAVqW/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCQHro0aF4LL1NFt8HjAHdN6ciL+MB8GA1UdIwQY
MBaAFAHRmSFEDC8rIqd3eAKTvCf6R/NaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWRHWklVUU1MeXNpcDNkNEFwTzhKX3BIODFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9jYWJkNjQtMTg2Yi00MjgyLWIxNGEt
YWE2ZmQ0MzRlMGVmLzEvSkFldWpSb1hnc3ZVMFczd2VNQWQwM3B5SXY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9jYWJkNjQtMTg2Yi00MjgyLWIxNGEtYWE2ZmQ0MzRlMGVm
LzEvQWRHWklVUU1MeXNpcDNkNEFwTzhKX3BIODFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+S0MA0G
CSqGSIb3DQEBCwUAA4IBAQDM6Z8d5M9DncCErBciBHTdPLI3qrHiF76HuZPZ5x2j
PLnv3mXUWgR95f21k8I3+pX8aqtCzIrG+IgEtCJL/SmxZz38guoiTx1yw88uOSy0
96Wauyry31BMmyuRWMW7IHHmzT8je0uowBPjlHF5WrU/IKbkIQyfagJzqJOv6pco
teeNhED4jWC7CP0MNeBDt6d98cN1uO4xBVkq4R8+tDFRoefyzM/gkT7XORcB1P0F
zxEZ4McsBLJ40jSEPIYcgkx+jtmcggAE9taHy1JTJ6xHXlsjO4xGRdiNGGpRbWq1
zqiHNREe0k/3Rvuyfjru9u74RTQfYLbVgPTbnUVNtWJ8
-----END CERTIFICATE-----