Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/563afc-b194-41fb-a7a1-6aeae63ed8fe/1/1-hpQjDeFJIOor7bNyYt1R9_pfyA.roa
File:                     1-hpQjDeFJIOor7bNyYt1R9_pfyA.roa (raw, json)
Hash identifier:          BvW2Pr5q+T4yY4tbonuV6/HNF9uIVdUdDDueeFrfouc=
Subject key identifier:   FA:1A:50:8C:37:85:24:83:A8:AF:B6:CD:C9:8B:75:47:DF:E9:7F:20
Certificate issuer:       /CN=e38aabea8ee29bf7c915bc3ef0bbacc27d0ecede
Certificate serial:       018CC4922CA5160A63CFBA21D593E19B05E6
Authority key identifier: E3:8A:AB:EA:8E:E2:9B:F7:C9:15:BC:3E:F0:BB:AC:C2:7D:0E:CE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/44qr6o7im_fJFbw-8Luswn0Ozt4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/563afc-b194-41fb-a7a1-6aeae63ed8fe/1/1-hpQjDeFJIOor7bNyYt1R9_pfyA.roa
Signing time:             Mon 01 Jan 2024 10:29:23 +0000
ROA not before:           Mon 01 Jan 2024 10:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        91.208.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/563afc-b194-41fb-a7a1-6aeae63ed8fe/1/44qr6o7im_fJFbw-8Luswn0Ozt4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/563afc-b194-41fb-a7a1-6aeae63ed8fe/1/44qr6o7im_fJFbw-8Luswn0Ozt4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/44qr6o7im_fJFbw-8Luswn0Ozt4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 10:02:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:2c:a5:16:0a:63:cf:ba:21:d5:93:e1:9b:05:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e38aabea8ee29bf7c915bc3ef0bbacc27d0ecede
        Validity
            Not Before: Jan  1 10:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa1a508c37852483a8afb6cdc98b7547dfe97f20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:9b:20:b8:c1:3b:92:61:ff:9f:e0:60:41:77:
                    4f:08:16:f6:4b:46:40:c0:a8:7c:84:ff:69:b2:0d:
                    f0:b9:48:a9:e5:31:15:e1:89:16:e1:fb:0a:5d:70:
                    3e:97:a3:a8:89:b3:45:ae:6d:23:97:82:9d:38:a4:
                    9c:21:a1:d3:21:6b:a4:54:6b:96:62:4f:95:ad:7d:
                    a3:cb:5f:1f:62:64:5e:01:53:f8:ac:b4:90:ee:74:
                    ef:e2:d0:79:0f:de:15:4c:61:ce:ee:cb:30:76:b9:
                    16:ae:fb:f9:41:69:50:e6:81:08:43:ad:5e:51:12:
                    93:54:a3:c4:b0:28:1c:02:67:9f:ab:0d:27:03:96:
                    3e:2a:9a:2b:da:3f:6f:d8:d2:c7:ee:33:17:8a:ae:
                    81:30:67:51:1a:07:cb:3e:82:6a:d5:71:7b:42:62:
                    e5:cb:a7:5e:fb:75:ab:a8:aa:aa:00:43:7d:dd:67:
                    8f:9f:7e:ee:eb:16:4f:ba:b7:06:50:93:cd:df:23:
                    45:62:83:ad:f7:72:30:0c:e4:9b:6d:d4:91:c1:1f:
                    a7:ae:c4:e2:93:c8:a4:30:69:88:8a:59:52:13:eb:
                    74:9c:9e:28:6c:f9:b8:ea:ff:8c:58:ac:d0:e0:75:
                    a1:5e:18:30:64:63:4f:c9:9f:89:92:1b:e5:48:4f:
                    97:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:1A:50:8C:37:85:24:83:A8:AF:B6:CD:C9:8B:75:47:DF:E9:7F:20
            X509v3 Authority Key Identifier:
                keyid:E3:8A:AB:EA:8E:E2:9B:F7:C9:15:BC:3E:F0:BB:AC:C2:7D:0E:CE:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/44qr6o7im_fJFbw-8Luswn0Ozt4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/563afc-b194-41fb-a7a1-6aeae63ed8fe/1/1-hpQjDeFJIOor7bNyYt1R9_pfyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/563afc-b194-41fb-a7a1-6aeae63ed8fe/1/44qr6o7im_fJFbw-8Luswn0Ozt4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:75:e7:dd:b4:e5:48:b3:90:46:07:af:9c:b7:17:d2:fb:cc:
         70:b1:60:a3:e8:32:71:3f:50:de:06:c9:3c:da:56:31:1c:df:
         65:ee:57:8d:15:bc:e4:50:2c:1b:b6:39:0c:41:7a:03:12:33:
         7b:40:b5:8b:e4:70:a0:b6:3a:5a:64:9f:d8:25:a0:fe:7e:9e:
         68:7c:91:9b:91:0b:07:08:b8:73:68:94:60:63:1f:8c:cc:94:
         0e:16:2a:92:26:bc:10:78:ed:b0:ef:90:a4:4f:9f:8d:13:bf:
         ed:bd:d0:ba:16:64:ee:d4:a0:cc:4e:e4:1c:7f:cd:9a:19:f5:
         32:40:1a:a8:47:59:11:fc:49:a0:3b:34:35:fa:45:9e:29:5e:
         f6:49:06:d5:81:b0:c8:34:5b:52:52:b0:55:16:83:97:43:6d:
         8d:f5:a7:bc:b6:eb:76:15:ef:cd:64:2b:64:ec:b8:36:bc:dc:
         10:44:dc:91:18:5c:17:48:e9:53:6f:7c:00:a2:18:21:e3:b6:
         d4:52:5b:42:bc:1e:df:3b:50:a8:0c:50:50:fa:5d:43:e6:d5:
         46:1a:01:0a:ea:63:bf:e5:7c:4a:5b:87:e9:53:c4:19:68:90:
         52:e5:93:fb:31:cf:96:bb:37:89:35:9b:0e:5a:8c:8c:07:04:
         7e:9d:54:04
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEkiylFgpjz7oh1ZPhmwXmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzOGFhYmVhOGVlMjliZjdjOTE1YmMzZWYwYmJhY2MyN2Qw
ZWNlZGUwHhcNMjQwMTAxMTAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTFhNTA4YzM3ODUyNDgzYThhZmI2Y2RjOThiNzU0N2RmZTk3ZjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg5sguME7kmH/n+BgQXdPCBb2S0ZA
wKh8hP9psg3wuUip5TEV4YkW4fsKXXA+l6OoibNFrm0jl4KdOKScIaHTIWukVGuW
Yk+VrX2jy18fYmReAVP4rLSQ7nTv4tB5D94VTGHO7sswdrkWrvv5QWlQ5oEIQ61e
URKTVKPEsCgcAmefqw0nA5Y+Kpor2j9v2NLH7jMXiq6BMGdRGgfLPoJq1XF7QmLl
y6de+3WrqKqqAEN93WePn37u6xZPurcGUJPN3yNFYoOt93IwDOSbbdSRwR+nrsTi
k8ikMGmIillSE+t0nJ4obPm46v+MWKzQ4HWhXhgwZGNPyZ+JkhvlSE+XOwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPoaUIw3hSSDqK+2zcmLdUff6X8gMB8GA1UdIwQY
MBaAFOOKq+qO4pv3yRW8PvC7rMJ9Ds7eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDRxcjZvN2ltX2ZKRmJ3LThMdXN3bjBPenQ0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi81NjNhZmMtYjE5NC00MWZiLWE3YTEt
NmFlYWU2M2VkOGZlLzEvMS1ocFFqRGVGSklPb3I3Yk55WXQxUjlfcGZ5QS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjIvNTYzYWZjLWIxOTQtNDFmYi1hN2ExLTZhZWFlNjNlZDhm
ZS8xLzQ0cXI2bzdpbV9mSkZidy04THVzd24wT3p0NC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvQfDAN
BgkqhkiG9w0BAQsFAAOCAQEAnnXn3bTlSLOQRgevnLcX0vvMcLFgo+gycT9Q3gbJ
PNpWMRzfZe5XjRW85FAsG7Y5DEF6AxIze0C1i+RwoLY6WmSf2CWg/n6eaHyRm5EL
Bwi4c2iUYGMfjMyUDhYqkia8EHjtsO+QpE+fjRO/7b3QuhZk7tSgzE7kHH/Nmhn1
MkAaqEdZEfxJoDs0NfpFnile9kkG1YGwyDRbUlKwVRaDl0NtjfWnvLbrdhXvzWQr
ZOy4NrzcEETckRhcF0jpU298AKIYIeO21FJbQrwe3ztQqAxQUPpdQ+bVRhoBCupj
v+V8SluH6VPEGWiQUuWT+zHPlrs3iTWbDlqMjAcEfp1UBA==
-----END CERTIFICATE-----