Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/626525-6ac4-4ad3-b8d2-9c3000245676/1/E2FVsV7EoV4vfo05fZ1b-wFHWRw.roa
File:                     E2FVsV7EoV4vfo05fZ1b-wFHWRw.roa (raw, json)
Hash identifier:          +7o/mgsV88ZSLUGirMRQJWiFNrbX8hxtQ2kFUbpcTG8=
Subject key identifier:   13:61:55:B1:5E:C4:A1:5E:2F:7E:8D:39:7D:9D:5B:FB:01:47:59:1C
Certificate issuer:       /CN=2f920d9912b3a728b94818188ef3e3e57f8d3f9c
Certificate serial:       018CC3488B410518BDA5F02216DF21DA7F4F
Authority key identifier: 2F:92:0D:99:12:B3:A7:28:B9:48:18:18:8E:F3:E3:E5:7F:8D:3F:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5INmRKzpyi5SBgYjvPj5X-NP5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/626525-6ac4-4ad3-b8d2-9c3000245676/1/E2FVsV7EoV4vfo05fZ1b-wFHWRw.roa
Signing time:             Mon 01 Jan 2024 04:29:20 +0000
ROA not before:           Mon 01 Jan 2024 04:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204991
IP address blocks:        91.203.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/626525-6ac4-4ad3-b8d2-9c3000245676/1/L5INmRKzpyi5SBgYjvPj5X-NP5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/626525-6ac4-4ad3-b8d2-9c3000245676/1/L5INmRKzpyi5SBgYjvPj5X-NP5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5INmRKzpyi5SBgYjvPj5X-NP5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 04:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:8b:41:05:18:bd:a5:f0:22:16:df:21:da:7f:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f920d9912b3a728b94818188ef3e3e57f8d3f9c
        Validity
            Not Before: Jan  1 04:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=136155b15ec4a15e2f7e8d397d9d5bfb0147591c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d3:1c:e3:14:70:e8:50:0f:ca:bd:0d:5a:ff:
                    3a:b2:d9:02:4f:4e:49:10:6f:b2:bf:8a:20:96:79:
                    68:92:07:da:de:f3:9a:c5:7b:84:f6:ff:a2:fa:98:
                    f4:2c:36:7b:9e:4b:2f:8b:ef:88:8a:8d:e8:6a:15:
                    f6:fa:0f:71:a4:a3:8c:81:3d:e5:b5:a7:4d:3b:46:
                    bc:19:41:aa:86:df:38:b1:64:2e:87:cd:09:db:dd:
                    b5:ab:ab:7a:75:ae:93:48:67:52:a2:88:52:69:af:
                    c8:01:4c:e2:bd:0c:3c:21:62:03:8e:de:30:89:c5:
                    c8:ca:28:9d:e7:dd:00:ec:b2:de:61:f2:dc:f0:5f:
                    80:07:23:40:90:25:74:bd:91:64:86:b2:89:80:56:
                    36:a9:7b:08:78:e7:83:f7:7c:2e:19:2d:9a:a0:31:
                    c6:a5:67:d2:aa:a0:61:cb:31:b8:33:d6:79:53:0a:
                    e1:2f:2b:19:fd:2d:35:33:1f:12:c4:f0:a1:22:b9:
                    a2:cc:4b:83:05:8f:74:c3:6d:af:8c:94:d2:71:29:
                    6a:7f:9f:f4:bf:bb:ff:45:62:a5:27:f5:6d:e2:20:
                    7b:8c:cd:2c:98:0d:0e:23:ed:e5:86:92:9c:d6:4f:
                    2a:d6:68:c6:5d:a4:59:42:b4:1e:9c:d9:2c:8c:bd:
                    e2:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:61:55:B1:5E:C4:A1:5E:2F:7E:8D:39:7D:9D:5B:FB:01:47:59:1C
            X509v3 Authority Key Identifier:
                keyid:2F:92:0D:99:12:B3:A7:28:B9:48:18:18:8E:F3:E3:E5:7F:8D:3F:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5INmRKzpyi5SBgYjvPj5X-NP5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/626525-6ac4-4ad3-b8d2-9c3000245676/1/E2FVsV7EoV4vfo05fZ1b-wFHWRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/626525-6ac4-4ad3-b8d2-9c3000245676/1/L5INmRKzpyi5SBgYjvPj5X-NP5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:ff:c1:86:19:ac:5a:bc:60:e0:33:da:28:bf:b7:89:0b:af:
         e8:25:0a:75:80:f7:79:eb:90:be:84:25:e9:19:9a:ea:94:aa:
         8a:62:65:66:8b:15:e4:0c:60:89:8f:10:e4:63:d2:64:bf:9c:
         ea:17:42:b4:72:0a:b3:cd:f9:7c:96:30:4b:c2:3c:f1:a9:c6:
         e7:18:ad:51:58:e2:cc:e8:12:7a:06:d9:30:b1:8d:cc:4c:66:
         52:02:a2:25:27:3b:ed:e5:28:21:4a:55:b4:3f:2d:3e:f5:1d:
         96:5a:e2:ce:f0:a9:05:10:ba:e2:62:70:a7:b7:d0:8a:64:21:
         bc:4a:02:e5:e6:0c:b3:8c:46:13:12:b5:50:2a:9f:66:82:bc:
         ef:21:57:36:02:56:ac:11:ae:ec:9c:22:ef:69:00:4f:8f:99:
         f7:c8:50:aa:cd:b6:ba:64:1e:66:88:54:86:5b:3f:01:3c:16:
         ac:28:87:b2:85:53:53:4c:ba:1c:f1:99:26:7b:5e:55:67:93:
         71:5e:ac:f5:f5:6b:45:a2:93:13:a5:07:d6:b7:5b:06:b3:c0:
         07:96:55:86:fa:c1:41:e5:50:3e:9e:f2:24:50:58:59:17:82:
         c9:c6:b1:b5:5d:f0:16:47:4b:d4:93:37:55:22:0e:dc:03:d7:
         7e:f3:25:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSItBBRi9pfAiFt8h2n9PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTIwZDk5MTJiM2E3MjhiOTQ4MTgxODhlZjNlM2U1N2Y4
ZDNmOWMwHhcNMjQwMTAxMDQyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzYxNTViMTVlYzRhMTVlMmY3ZThkMzk3ZDlkNWJmYjAxNDc1OTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNMc4xRw6FAPyr0NWv86stkCT05J
EG+yv4oglnlokgfa3vOaxXuE9v+i+pj0LDZ7nksvi++Iio3oahX2+g9xpKOMgT3l
tadNO0a8GUGqht84sWQuh80J2921q6t6da6TSGdSoohSaa/IAUzivQw8IWIDjt4w
icXIyiid590A7LLeYfLc8F+AByNAkCV0vZFkhrKJgFY2qXsIeOeD93wuGS2aoDHG
pWfSqqBhyzG4M9Z5UwrhLysZ/S01Mx8SxPChIrmizEuDBY90w22vjJTScSlqf5/0
v7v/RWKlJ/Vt4iB7jM0smA0OI+3lhpKc1k8q1mjGXaRZQrQenNksjL3i8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBNhVbFexKFeL36NOX2dW/sBR1kcMB8GA1UdIwQY
MBaAFC+SDZkSs6couUgYGI7z4+V/jT+cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVJTm1SS3pweWk1U0JnWWp2UGo1WC1OUDV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi82MjY1MjUtNmFjNC00YWQzLWI4ZDIt
OWMzMDAwMjQ1Njc2LzEvRTJGVnNWN0VvVjR2Zm8wNWZaMWItd0ZIV1J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi82MjY1MjUtNmFjNC00YWQzLWI4ZDItOWMzMDAwMjQ1Njc2
LzEvTDVJTm1SS3pweWk1U0JnWWp2UGo1WC1OUDV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8viMA0G
CSqGSIb3DQEBCwUAA4IBAQCX/8GGGaxavGDgM9oov7eJC6/oJQp1gPd565C+hCXp
GZrqlKqKYmVmixXkDGCJjxDkY9Jkv5zqF0K0cgqzzfl8ljBLwjzxqcbnGK1RWOLM
6BJ6BtkwsY3MTGZSAqIlJzvt5SghSlW0Py0+9R2WWuLO8KkFELriYnCnt9CKZCG8
SgLl5gyzjEYTErVQKp9mgrzvIVc2AlasEa7snCLvaQBPj5n3yFCqzba6ZB5miFSG
Wz8BPBasKIeyhVNTTLoc8Zkme15VZ5NxXqz19WtFopMTpQfWt1sGs8AHllWG+sFB
5VA+nvIkUFhZF4LJxrG1XfAWR0vUkzdVIg7cA9d+8yXV
-----END CERTIFICATE-----