Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/04e64b-924c-48a0-89a4-a00944fd7d9d/1/DrNEC0Zr5yeCTdcsJNhFv2ajlmE.roa
File:                     DrNEC0Zr5yeCTdcsJNhFv2ajlmE.roa (raw, json)
Hash identifier:          ZBsKHJe83hSzLPB/DbNV1wJjL7N3di4x0lhgSaQ+1Rg=
Subject key identifier:   0E:B3:44:0B:46:6B:E7:27:82:4D:D7:2C:24:D8:45:BF:66:A3:96:61
Certificate issuer:       /CN=534676d66932c77a25761136ac99eb9b74d801a6
Certificate serial:       0192DC9AAD579B2BD954ED81EAD06F3B135B
Authority key identifier: 53:46:76:D6:69:32:C7:7A:25:76:11:36:AC:99:EB:9B:74:D8:01:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U0Z21mkyx3oldhE2rJnrm3TYAaY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/04e64b-924c-48a0-89a4-a00944fd7d9d/1/DrNEC0Zr5yeCTdcsJNhFv2ajlmE.roa
Signing time:             Wed 30 Oct 2024 08:46:17 +0000
ROA not before:           Wed 30 Oct 2024 08:46:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197941
IP address blocks:        91.230.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/04e64b-924c-48a0-89a4-a00944fd7d9d/1/U0Z21mkyx3oldhE2rJnrm3TYAaY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/04e64b-924c-48a0-89a4-a00944fd7d9d/1/U0Z21mkyx3oldhE2rJnrm3TYAaY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U0Z21mkyx3oldhE2rJnrm3TYAaY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:dc:9a:ad:57:9b:2b:d9:54:ed:81:ea:d0:6f:3b:13:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=534676d66932c77a25761136ac99eb9b74d801a6
        Validity
            Not Before: Oct 30 08:46:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0eb3440b466be727824dd72c24d845bf66a39661
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:7d:4f:4d:ec:42:df:84:b5:11:23:67:a6:11:
                    17:3e:fb:a0:5d:85:ed:7e:e8:f8:ba:ff:72:d6:0b:
                    40:db:14:da:85:ba:b0:1e:89:85:cd:84:a0:fc:c3:
                    96:9a:d2:7b:ad:5b:d8:2e:d0:ac:cd:fa:97:34:66:
                    43:9c:a2:19:1c:e2:84:ad:35:58:ee:fc:68:2c:c4:
                    8f:2f:43:f5:f2:06:c2:26:a6:c9:73:48:52:4e:e0:
                    f6:71:dc:ec:8a:2a:4e:86:45:bd:d2:64:57:c2:08:
                    43:67:fd:30:53:1a:2f:0e:d5:51:77:d8:bf:8f:a1:
                    9d:ce:e8:bc:7a:d0:71:59:9a:c5:5f:86:21:14:4d:
                    c2:22:c1:9e:f3:b0:f3:a0:65:9e:89:f9:9e:b6:f9:
                    e7:d1:c7:10:43:db:32:d1:ce:7f:85:c5:71:a9:68:
                    f0:8a:45:13:3c:72:ee:56:56:3a:bf:47:32:07:0f:
                    98:6a:fe:82:04:14:b5:75:c7:8b:2c:db:59:73:d8:
                    01:93:42:c3:5f:95:a5:dd:9c:cd:da:59:e3:f2:86:
                    a7:60:92:a1:e9:24:a2:a0:62:e3:8f:f5:c1:4b:c1:
                    1e:1f:cb:2b:83:2e:89:02:63:4c:f7:9f:a4:c1:99:
                    a4:84:b2:02:5c:ea:d4:a8:af:dc:86:1c:2a:f4:fb:
                    71:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:B3:44:0B:46:6B:E7:27:82:4D:D7:2C:24:D8:45:BF:66:A3:96:61
            X509v3 Authority Key Identifier:
                keyid:53:46:76:D6:69:32:C7:7A:25:76:11:36:AC:99:EB:9B:74:D8:01:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U0Z21mkyx3oldhE2rJnrm3TYAaY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/04e64b-924c-48a0-89a4-a00944fd7d9d/1/DrNEC0Zr5yeCTdcsJNhFv2ajlmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/04e64b-924c-48a0-89a4-a00944fd7d9d/1/U0Z21mkyx3oldhE2rJnrm3TYAaY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:d9:83:cb:11:29:02:7e:e7:e3:88:ec:7b:a3:ff:bb:c5:07:
         31:2f:2e:23:37:95:b0:2e:72:44:8e:73:89:e2:7a:b5:f6:c0:
         ce:69:1e:0e:c3:24:40:47:76:d5:16:95:1e:6e:b7:55:47:b1:
         fe:29:c9:21:d3:9e:af:97:bf:86:5c:41:3c:0b:fe:fb:19:c4:
         c3:96:cd:8d:47:a8:06:1d:0a:63:fb:bb:5f:75:40:49:a7:82:
         04:c8:58:39:f3:07:4b:0e:b0:99:50:bf:63:34:11:37:6c:bd:
         e6:52:3b:7f:82:de:28:24:8f:69:36:2e:d0:57:cb:58:55:91:
         a4:b8:3d:b8:ef:36:66:ae:3f:9f:25:ed:6e:ea:f2:0d:2a:f0:
         69:c1:08:41:fd:95:6c:c2:6d:a4:5a:84:67:16:2c:57:31:9f:
         86:40:d4:c4:a9:f8:3d:89:f9:1e:8d:73:d1:b0:30:45:15:69:
         25:e6:f7:5c:54:23:f0:8e:89:1c:de:cc:71:ce:9b:ca:74:5d:
         77:5c:05:36:dd:1b:c8:94:c1:59:7c:e8:84:85:7b:6c:80:47:
         f5:7d:b7:a4:c1:88:2d:f1:c8:6a:8e:58:28:36:6d:e5:61:81:
         9c:6d:1a:ca:0c:c4:ee:a6:b0:7b:ca:fd:7d:60:53:b7:ae:9f:
         55:ab:6b:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLcmq1XmyvZVO2B6tBvOxNbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNDY3NmQ2NjkzMmM3N2EyNTc2MTEzNmFjOTllYjliNzRk
ODAxYTYwHhcNMjQxMDMwMDg0NjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWIzNDQwYjQ2NmJlNzI3ODI0ZGQ3MmMyNGQ4NDViZjY2YTM5NjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsn1PTexC34S1ESNnphEXPvugXYXt
fuj4uv9y1gtA2xTahbqwHomFzYSg/MOWmtJ7rVvYLtCszfqXNGZDnKIZHOKErTVY
7vxoLMSPL0P18gbCJqbJc0hSTuD2cdzsiipOhkW90mRXwghDZ/0wUxovDtVRd9i/
j6Gdzui8etBxWZrFX4YhFE3CIsGe87DzoGWeifmetvnn0ccQQ9sy0c5/hcVxqWjw
ikUTPHLuVlY6v0cyBw+Yav6CBBS1dceLLNtZc9gBk0LDX5Wl3ZzN2lnj8oanYJKh
6SSioGLjj/XBS8EeH8srgy6JAmNM95+kwZmkhLICXOrUqK/chhwq9Ptx2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA6zRAtGa+cngk3XLCTYRb9mo5ZhMB8GA1UdIwQY
MBaAFFNGdtZpMsd6JXYRNqyZ65t02AGmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTBaMjFta3l4M29sZGhFMnJKbnJtM1RZQWFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC8wNGU2NGItOTI0Yy00OGEwLTg5YTQt
YTAwOTQ0ZmQ3ZDlkLzEvRHJORUMwWnI1eWVDVGRjc0pOaEZ2MmFqbG1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC8wNGU2NGItOTI0Yy00OGEwLTg5YTQtYTAwOTQ0ZmQ3ZDlk
LzEvVTBaMjFta3l4M29sZGhFMnJKbnJtM1RZQWFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+ZVMA0G
CSqGSIb3DQEBCwUAA4IBAQAj2YPLESkCfufjiOx7o/+7xQcxLy4jN5WwLnJEjnOJ
4nq19sDOaR4OwyRAR3bVFpUebrdVR7H+Kckh056vl7+GXEE8C/77GcTDls2NR6gG
HQpj+7tfdUBJp4IEyFg58wdLDrCZUL9jNBE3bL3mUjt/gt4oJI9pNi7QV8tYVZGk
uD247zZmrj+fJe1u6vINKvBpwQhB/ZVswm2kWoRnFixXMZ+GQNTEqfg9ifkejXPR
sDBFFWkl5vdcVCPwjokc3sxxzpvKdF13XAU23RvIlMFZfOiEhXtsgEf1fbekwYgt
8chqjlgoNm3lYYGcbRrKDMTuprB7yv19YFO3rp9Vq2t1
-----END CERTIFICATE-----