Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/4624fc-634f-40cd-a607-5efda468a200/1/eAX4pfjuajF0rtbLPjqEPN3Hw4A.roa
File:                     eAX4pfjuajF0rtbLPjqEPN3Hw4A.roa (raw, json)
Hash identifier:          mdFu/Hbhfo8GUTtbX+r4URTvp/+HwOu6P+HchCmTfAY=
Subject key identifier:   78:05:F8:A5:F8:EE:6A:31:74:AE:D6:CB:3E:3A:84:3C:DD:C7:C3:80
Certificate issuer:       /CN=1137c23453b88eba455c4208c6df5b3e1bbc245f
Certificate serial:       018CC5DC7D422896650C174AA57D3CEF3130
Authority key identifier: 11:37:C2:34:53:B8:8E:BA:45:5C:42:08:C6:DF:5B:3E:1B:BC:24:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ETfCNFO4jrpFXEIIxt9bPhu8JF8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/4624fc-634f-40cd-a607-5efda468a200/1/eAX4pfjuajF0rtbLPjqEPN3Hw4A.roa
Signing time:             Mon 01 Jan 2024 16:30:10 +0000
ROA not before:           Mon 01 Jan 2024 16:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47127
IP address blocks:        91.209.191.0/24 maxlen: 24
                          2001:67c:2b3c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/4624fc-634f-40cd-a607-5efda468a200/1/ETfCNFO4jrpFXEIIxt9bPhu8JF8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/4624fc-634f-40cd-a607-5efda468a200/1/ETfCNFO4jrpFXEIIxt9bPhu8JF8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ETfCNFO4jrpFXEIIxt9bPhu8JF8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:7d:42:28:96:65:0c:17:4a:a5:7d:3c:ef:31:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1137c23453b88eba455c4208c6df5b3e1bbc245f
        Validity
            Not Before: Jan  1 16:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7805f8a5f8ee6a3174aed6cb3e3a843cddc7c380
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:14:88:08:53:64:be:1d:62:f0:ba:83:1a:a9:
                    9d:2c:2f:64:07:e3:4a:dd:c7:cd:c5:a9:3c:4f:4c:
                    05:fe:9c:2d:46:dd:04:04:ba:65:ee:f2:87:30:84:
                    0a:e2:e6:d4:0b:ae:ce:ad:cb:20:56:fb:23:55:02:
                    aa:6c:1a:f8:7e:c7:ef:54:d4:2a:b2:5e:31:1e:51:
                    9a:7a:b6:4d:9b:b5:3a:1e:f9:ae:c2:9f:c6:86:b8:
                    eb:7c:7a:af:c8:b8:77:45:5d:95:5e:50:d5:76:da:
                    40:54:cb:38:85:e1:94:2f:80:e3:07:bc:d6:fa:09:
                    f1:a1:ec:80:41:fc:20:cf:ec:37:17:d5:e1:e1:4b:
                    c8:3b:fc:81:8a:5b:71:c0:85:1e:d7:59:6d:ae:8b:
                    ca:65:17:73:7d:9b:d3:ea:8e:83:8e:88:68:3d:23:
                    5b:26:d8:ac:d7:0d:07:fe:25:06:32:0c:96:1b:2d:
                    86:81:ac:d0:63:6e:e0:d5:99:e3:08:e4:55:18:4c:
                    b8:cf:6e:b2:9b:5f:37:6d:07:33:60:fb:65:23:4d:
                    69:37:5f:b4:39:58:e8:c5:3a:29:38:80:b4:6f:7b:
                    a6:70:d8:7b:42:c7:e4:63:c9:b2:8b:43:90:8c:0a:
                    1b:ce:2e:34:8d:37:0a:90:01:56:2a:08:ae:4b:ab:
                    62:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:05:F8:A5:F8:EE:6A:31:74:AE:D6:CB:3E:3A:84:3C:DD:C7:C3:80
            X509v3 Authority Key Identifier:
                keyid:11:37:C2:34:53:B8:8E:BA:45:5C:42:08:C6:DF:5B:3E:1B:BC:24:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ETfCNFO4jrpFXEIIxt9bPhu8JF8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/4624fc-634f-40cd-a607-5efda468a200/1/eAX4pfjuajF0rtbLPjqEPN3Hw4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/4624fc-634f-40cd-a607-5efda468a200/1/ETfCNFO4jrpFXEIIxt9bPhu8JF8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.191.0/24
                IPv6:
                  2001:67c:2b3c::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:7c:e6:50:1f:10:e2:a3:ac:66:72:cf:f5:87:10:b0:b3:8c:
         4a:83:c8:74:97:73:b2:d2:91:1d:1a:79:8d:f1:0d:b6:e8:ae:
         1d:a3:bc:a1:19:96:da:81:77:87:1f:87:ce:34:83:f4:bc:cb:
         5a:83:40:76:86:5d:dd:e8:19:86:50:c2:1a:8b:61:32:e2:0b:
         c6:ff:bd:ef:34:6e:1d:bf:d5:c0:d3:92:e1:83:d5:c6:31:c6:
         18:b7:aa:a9:9a:cf:bc:87:be:b9:0f:1d:16:5f:8e:4f:70:88:
         15:65:4b:ae:f0:01:e6:2d:d5:e5:8c:dd:43:30:93:6e:ac:da:
         94:c3:60:eb:31:00:16:13:d8:08:1c:2c:ac:b1:38:ea:17:f7:
         ac:2b:53:40:e0:e0:28:fe:97:48:37:98:98:5a:48:d3:4a:79:
         a0:5a:38:f0:aa:71:55:d1:4a:dc:a3:f1:a3:d7:38:75:77:84:
         98:ad:d1:aa:0b:c0:04:39:29:e8:ab:d9:a1:97:17:1f:84:f2:
         4d:ce:f1:e8:ea:ac:4b:71:b3:5b:29:e1:8b:0b:c0:91:fa:0d:
         02:1c:89:d6:5e:da:5b:dd:6b:30:22:e2:17:b8:4e:03:dd:15:
         45:37:d8:65:d9:36:0f:c2:7b:4a:15:0a:8b:2e:b4:85:14:e6:
         eb:73:4c:c8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF3H1CKJZlDBdKpX087zEwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMzdjMjM0NTNiODhlYmE0NTVjNDIwOGM2ZGY1YjNlMWJi
YzI0NWYwHhcNMjQwMTAxMTYzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODA1ZjhhNWY4ZWU2YTMxNzRhZWQ2Y2IzZTNhODQzY2RkYzdjMzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiRSICFNkvh1i8LqDGqmdLC9kB+NK
3cfNxak8T0wF/pwtRt0EBLpl7vKHMIQK4ubUC67OrcsgVvsjVQKqbBr4fsfvVNQq
sl4xHlGaerZNm7U6Hvmuwp/GhrjrfHqvyLh3RV2VXlDVdtpAVMs4heGUL4DjB7zW
+gnxoeyAQfwgz+w3F9Xh4UvIO/yBiltxwIUe11ltrovKZRdzfZvT6o6DjohoPSNb
Jtis1w0H/iUGMgyWGy2GgazQY27g1ZnjCORVGEy4z26ym183bQczYPtlI01pN1+0
OVjoxTopOIC0b3umcNh7QsfkY8myi0OQjAobzi40jTcKkAFWKgiuS6timwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHgF+KX47moxdK7Wyz46hDzdx8OAMB8GA1UdIwQY
MBaAFBE3wjRTuI66RVxCCMbfWz4bvCRfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVRmQ05GTzRqcnBGWEVJSXh0OWJQaHU4SkY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi80NjI0ZmMtNjM0Zi00MGNkLWE2MDct
NWVmZGE0NjhhMjAwLzEvZUFYNHBmanVhakYwcnRiTFBqcUVQTjNIdzRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi80NjI0ZmMtNjM0Zi00MGNkLWE2MDctNWVmZGE0NjhhMjAw
LzEvRVRmQ05GTzRqcnBGWEVJSXh0OWJQaHU4SkY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9G/MA8E
AgACMAkDBwAgAQZ8KzwwDQYJKoZIhvcNAQELBQADggEBAER85lAfEOKjrGZyz/WH
ELCzjEqDyHSXc7LSkR0aeY3xDbborh2jvKEZltqBd4cfh840g/S8y1qDQHaGXd3o
GYZQwhqLYTLiC8b/ve80bh2/1cDTkuGD1cYxxhi3qqmaz7yHvrkPHRZfjk9wiBVl
S67wAeYt1eWM3UMwk26s2pTDYOsxABYT2AgcLKyxOOoX96wrU0Dg4Cj+l0g3mJha
SNNKeaBaOPCqcVXRStyj8aPXOHV3hJit0aoLwAQ5Keir2aGXFx+E8k3O8ejqrEtx
s1sp4YsLwJH6DQIcidZe2lvdazAi4he4TgPdFUU32GXZNg/Ce0oVCosutIUU5utz
TMg=
-----END CERTIFICATE-----