Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/f86013-fe1d-41be-afe8-c8fc6163942b/1/XReKLjcHleNrYhFK5A95AuWjxts.roa
File:                     XReKLjcHleNrYhFK5A95AuWjxts.roa (raw, json)
Hash identifier:          fe8DFRQwzgQhJ93WFlmkdP8VS7b3/UQqCaKgEhEt/Ro=
Subject key identifier:   5D:17:8A:2E:37:07:95:E3:6B:62:11:4A:E4:0F:79:02:E5:A3:C6:DB
Certificate issuer:       /CN=2046367390224a07684d7977f9165a0950f03d54
Certificate serial:       018CC2DAFAD8406232415C2FC4C296030FCB
Authority key identifier: 20:46:36:73:90:22:4A:07:68:4D:79:77:F9:16:5A:09:50:F0:3D:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IEY2c5AiSgdoTXl3-RZaCVDwPVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/f86013-fe1d-41be-afe8-c8fc6163942b/1/XReKLjcHleNrYhFK5A95AuWjxts.roa
Signing time:             Mon 01 Jan 2024 02:29:40 +0000
ROA not before:           Mon 01 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48342
IP address blocks:        91.209.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/f86013-fe1d-41be-afe8-c8fc6163942b/1/IEY2c5AiSgdoTXl3-RZaCVDwPVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/f86013-fe1d-41be-afe8-c8fc6163942b/1/IEY2c5AiSgdoTXl3-RZaCVDwPVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IEY2c5AiSgdoTXl3-RZaCVDwPVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:03:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:fa:d8:40:62:32:41:5c:2f:c4:c2:96:03:0f:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2046367390224a07684d7977f9165a0950f03d54
        Validity
            Not Before: Jan  1 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d178a2e370795e36b62114ae40f7902e5a3c6db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:79:c0:e5:06:42:c8:fb:57:f2:b2:8f:76:54:
                    ec:ba:90:3f:51:c8:aa:4f:47:61:e6:72:e5:bc:a7:
                    91:2f:46:32:1c:87:75:d0:a2:92:bb:80:17:95:8a:
                    e2:c0:dc:72:91:27:1f:b1:d2:a0:fc:b4:2a:ab:b3:
                    a5:48:73:cf:45:f9:ac:8d:c1:ef:48:c6:cd:37:86:
                    66:8f:38:48:61:f0:7d:ae:67:46:71:6b:82:91:94:
                    c0:7a:aa:d9:cd:92:63:cb:f7:44:90:f5:4e:fd:de:
                    2b:59:eb:2a:5f:dd:27:53:3d:13:e8:7f:7d:20:93:
                    20:75:fa:36:44:61:92:e1:7e:a8:47:4a:86:b0:e8:
                    56:3f:f9:85:8a:c7:49:db:dd:2a:eb:a3:88:f5:f9:
                    98:54:e8:a2:88:01:ff:9a:53:3b:f3:02:91:b1:57:
                    20:e8:db:bb:8f:60:43:9d:b3:af:c4:4b:e8:cc:78:
                    32:9c:3e:d7:5a:31:ff:45:89:31:1d:51:e2:f5:65:
                    83:c4:22:fc:e6:a4:cb:dc:e9:d3:66:79:f9:61:c3:
                    32:3d:44:54:14:90:75:22:01:c3:13:78:0b:33:f4:
                    1a:59:af:43:ac:62:a0:56:87:26:2f:e1:31:d1:26:
                    f0:10:02:b4:9f:74:a8:64:37:ee:e2:78:72:7d:4b:
                    1f:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:17:8A:2E:37:07:95:E3:6B:62:11:4A:E4:0F:79:02:E5:A3:C6:DB
            X509v3 Authority Key Identifier:
                keyid:20:46:36:73:90:22:4A:07:68:4D:79:77:F9:16:5A:09:50:F0:3D:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IEY2c5AiSgdoTXl3-RZaCVDwPVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/f86013-fe1d-41be-afe8-c8fc6163942b/1/XReKLjcHleNrYhFK5A95AuWjxts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/f86013-fe1d-41be-afe8-c8fc6163942b/1/IEY2c5AiSgdoTXl3-RZaCVDwPVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:8c:78:d7:c6:79:f9:15:9b:ad:42:27:1c:a8:9d:62:9f:76:
         3a:b5:56:2b:67:e8:4c:75:bd:a9:e3:5e:8e:a1:43:8f:d8:66:
         b1:05:9b:47:d2:7d:ca:93:ef:38:06:87:10:9d:85:32:4a:fa:
         30:05:c1:9f:30:27:4a:b2:06:e3:97:4d:f1:64:82:a4:b9:3e:
         6a:43:5e:94:c0:35:1c:a8:cf:a6:d4:bb:a5:a8:50:81:28:9d:
         38:a8:73:76:18:cf:90:4b:5b:5c:29:b2:16:79:8c:db:91:8b:
         7b:a6:72:04:43:1d:5a:75:e8:85:25:ef:49:84:a2:46:45:53:
         a5:9d:b7:f4:16:69:2c:77:40:30:08:c2:1b:89:5d:1c:98:96:
         ac:52:28:1b:12:99:e9:ca:b2:66:f3:50:09:5a:0d:c8:f4:a2:
         05:1e:b5:f8:ac:90:3b:48:97:e0:ca:f7:20:0a:52:d1:b7:78:
         98:59:35:5d:02:7f:79:ca:79:02:bf:71:6e:09:aa:72:39:f3:
         8e:6c:23:16:45:95:ea:72:00:b7:b5:4c:37:fd:a4:70:e4:5b:
         7d:f5:33:56:e6:de:3e:b8:d0:1a:16:ee:64:11:19:6e:f4:5b:
         2e:d3:dc:a4:d2:44:8f:ab:39:ae:a5:39:40:c0:2f:6c:36:ff:
         b2:af:f4:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2vrYQGIyQVwvxMKWAw/LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNDYzNjczOTAyMjRhMDc2ODRkNzk3N2Y5MTY1YTA5NTBm
MDNkNTQwHhcNMjQwMTAxMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDE3OGEyZTM3MDc5NWUzNmI2MjExNGFlNDBmNzkwMmU1YTNjNmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnnA5QZCyPtX8rKPdlTsupA/Uciq
T0dh5nLlvKeRL0YyHId10KKSu4AXlYriwNxykScfsdKg/LQqq7OlSHPPRfmsjcHv
SMbNN4ZmjzhIYfB9rmdGcWuCkZTAeqrZzZJjy/dEkPVO/d4rWesqX90nUz0T6H99
IJMgdfo2RGGS4X6oR0qGsOhWP/mFisdJ290q66OI9fmYVOiiiAH/mlM78wKRsVcg
6Nu7j2BDnbOvxEvozHgynD7XWjH/RYkxHVHi9WWDxCL85qTL3OnTZnn5YcMyPURU
FJB1IgHDE3gLM/QaWa9DrGKgVocmL+Ex0SbwEAK0n3SoZDfu4nhyfUsfcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF0Xii43B5Xja2IRSuQPeQLlo8bbMB8GA1UdIwQY
MBaAFCBGNnOQIkoHaE15d/kWWglQ8D1UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUVZMmM1QWlTZ2RvVFhsMy1SWmFDVkR3UFZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9mODYwMTMtZmUxZC00MWJlLWFmZTgt
YzhmYzYxNjM5NDJiLzEvWFJlS0xqY0hsZU5yWWhGSzVBOTVBdVdqeHRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9mODYwMTMtZmUxZC00MWJlLWFmZTgtYzhmYzYxNjM5NDJi
LzEvSUVZMmM1QWlTZ2RvVFhsMy1SWmFDVkR3UFZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9FqMA0G
CSqGSIb3DQEBCwUAA4IBAQCAjHjXxnn5FZutQiccqJ1in3Y6tVYrZ+hMdb2p416O
oUOP2GaxBZtH0n3Kk+84BocQnYUySvowBcGfMCdKsgbjl03xZIKkuT5qQ16UwDUc
qM+m1LulqFCBKJ04qHN2GM+QS1tcKbIWeYzbkYt7pnIEQx1adeiFJe9JhKJGRVOl
nbf0Fmksd0AwCMIbiV0cmJasUigbEpnpyrJm81AJWg3I9KIFHrX4rJA7SJfgyvcg
ClLRt3iYWTVdAn95ynkCv3FuCapyOfOObCMWRZXqcgC3tUw3/aRw5Ft99TNW5t4+
uNAaFu5kERlu9Fsu09yk0kSPqzmupTlAwC9sNv+yr/Ts
-----END CERTIFICATE-----