Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/d4dfd6-d240-4b0e-9a01-e1d69fa908ca/1/LEpgeVi2CnzsZn8EBbKAGokZQdc.roa
File:                     LEpgeVi2CnzsZn8EBbKAGokZQdc.roa (raw, json)
Hash identifier:          EHpshAopjLiC3DDyviC4zCd0PIyPTf7R5b2kdVDfKZI=
Subject key identifier:   2C:4A:60:79:58:B6:0A:7C:EC:66:7F:04:05:B2:80:1A:89:19:41:D7
Certificate issuer:       /CN=4a80bbd08403871068fdf1fcb5e1012147f61619
Certificate serial:       018CC26D710F9DA666989724D59025761CBB
Authority key identifier: 4A:80:BB:D0:84:03:87:10:68:FD:F1:FC:B5:E1:01:21:47:F6:16:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SoC70IQDhxBo_fH8teEBIUf2Fhk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/d4dfd6-d240-4b0e-9a01-e1d69fa908ca/1/LEpgeVi2CnzsZn8EBbKAGokZQdc.roa
Signing time:             Mon 01 Jan 2024 00:30:01 +0000
ROA not before:           Mon 01 Jan 2024 00:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21217
IP address blocks:        91.200.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/d4dfd6-d240-4b0e-9a01-e1d69fa908ca/1/SoC70IQDhxBo_fH8teEBIUf2Fhk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/d4dfd6-d240-4b0e-9a01-e1d69fa908ca/1/SoC70IQDhxBo_fH8teEBIUf2Fhk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SoC70IQDhxBo_fH8teEBIUf2Fhk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:71:0f:9d:a6:66:98:97:24:d5:90:25:76:1c:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a80bbd08403871068fdf1fcb5e1012147f61619
        Validity
            Not Before: Jan  1 00:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c4a607958b60a7cec667f0405b2801a891941d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a8:57:6b:ce:59:48:a0:b7:9b:af:27:63:e2:
                    f8:e4:2a:d7:ef:34:37:17:fe:33:5a:d7:dc:39:63:
                    cf:14:97:46:e1:41:7b:17:c6:84:37:67:ee:9b:ec:
                    83:86:da:59:b8:df:e3:2b:80:e9:ef:38:c2:60:23:
                    ae:7a:1e:c3:07:74:47:26:35:4f:55:de:a5:5a:3e:
                    90:19:3d:6a:b0:92:48:2f:49:23:db:a7:59:97:34:
                    95:19:d5:c3:30:1b:2e:78:b3:25:75:0a:80:ce:f9:
                    be:bd:dd:0d:4a:26:dd:f9:5d:b3:26:51:67:55:06:
                    e7:06:65:e3:16:71:09:b4:cb:04:6f:0d:d0:b5:f7:
                    3b:66:16:39:57:a9:03:1f:36:2e:34:e9:d6:cd:ec:
                    77:aa:cb:fc:04:69:27:d7:89:a0:61:d8:8e:6f:7e:
                    09:97:3d:83:a7:e5:3c:4a:26:aa:48:2c:85:27:6a:
                    e0:85:6f:8c:1c:15:a6:73:92:06:69:b9:bc:d0:ae:
                    0b:ea:dc:1c:b8:38:6e:ab:48:d5:9d:93:54:db:5e:
                    5a:93:49:74:6c:3d:8b:6e:a0:88:b0:4d:9a:ac:50:
                    c1:4b:36:c7:c3:a9:f9:7d:75:46:4c:64:70:a1:d2:
                    67:b2:45:d3:bb:c3:b2:e6:6d:f8:a1:b6:c5:47:e6:
                    b1:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:4A:60:79:58:B6:0A:7C:EC:66:7F:04:05:B2:80:1A:89:19:41:D7
            X509v3 Authority Key Identifier:
                keyid:4A:80:BB:D0:84:03:87:10:68:FD:F1:FC:B5:E1:01:21:47:F6:16:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SoC70IQDhxBo_fH8teEBIUf2Fhk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/d4dfd6-d240-4b0e-9a01-e1d69fa908ca/1/LEpgeVi2CnzsZn8EBbKAGokZQdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/d4dfd6-d240-4b0e-9a01-e1d69fa908ca/1/SoC70IQDhxBo_fH8teEBIUf2Fhk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cf:99:c1:9d:07:44:00:fc:1c:4f:fa:5b:9f:d8:f0:d8:af:7a:
         d1:f3:d1:86:49:bc:17:29:01:f9:8c:25:67:43:2c:5d:2b:d8:
         af:7e:8c:99:e5:63:d7:67:40:69:55:38:4c:24:a5:fa:00:8d:
         15:96:b8:1a:1e:1f:ab:5a:8a:a9:be:5f:e5:f4:0d:b3:c6:75:
         97:46:25:3b:31:35:cf:ad:af:72:43:4b:60:db:58:de:24:cc:
         f1:47:8f:5e:fa:c4:1e:bf:8a:2d:19:2e:3e:7f:5d:22:42:be:
         75:e0:d7:4d:7d:c6:c9:91:92:17:dd:4a:25:88:1e:49:c5:0c:
         99:48:a3:50:41:fd:fe:54:c1:c7:f6:e4:a8:3c:fb:9f:54:d7:
         83:d5:fa:88:fe:7f:9f:54:82:fd:3f:cc:e5:d5:1c:cc:8c:17:
         c1:88:cd:76:96:d3:75:65:de:17:7b:82:fa:8a:7e:1c:cf:86:
         ac:91:77:dc:45:c6:a6:42:60:b4:10:fb:40:78:b1:b2:b4:2e:
         fb:53:d8:8b:bc:03:a9:79:2c:cd:4d:ca:d6:d8:fb:03:97:cf:
         c2:ac:73:db:0f:ac:5d:fa:74:ec:7d:da:a5:2c:57:38:ac:d0:
         3a:9e:19:8d:fd:06:91:8f:02:b5:21:0d:00:9a:bc:a7:7c:61:
         59:d2:fb:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXEPnaZmmJck1ZAldhy7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhODBiYmQwODQwMzg3MTA2OGZkZjFmY2I1ZTEwMTIxNDdm
NjE2MTkwHhcNMjQwMTAxMDAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzRhNjA3OTU4YjYwYTdjZWM2NjdmMDQwNWIyODAxYTg5MTk0MWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqhXa85ZSKC3m68nY+L45CrX7zQ3
F/4zWtfcOWPPFJdG4UF7F8aEN2fum+yDhtpZuN/jK4Dp7zjCYCOueh7DB3RHJjVP
Vd6lWj6QGT1qsJJIL0kj26dZlzSVGdXDMBsueLMldQqAzvm+vd0NSibd+V2zJlFn
VQbnBmXjFnEJtMsEbw3Qtfc7ZhY5V6kDHzYuNOnWzex3qsv8BGkn14mgYdiOb34J
lz2Dp+U8SiaqSCyFJ2rghW+MHBWmc5IGabm80K4L6twcuDhuq0jVnZNU215ak0l0
bD2LbqCIsE2arFDBSzbHw6n5fXVGTGRwodJnskXTu8Oy5m34obbFR+axqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCxKYHlYtgp87GZ/BAWygBqJGUHXMB8GA1UdIwQY
MBaAFEqAu9CEA4cQaP3x/LXhASFH9hYZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU29DNzBJUURoeEJvX2ZIOHRlRUJJVWYyRmhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9kNGRmZDYtZDI0MC00YjBlLTlhMDEt
ZTFkNjlmYTkwOGNhLzEvTEVwZ2VWaTJDbnpzWm44RUJiS0FHb2taUWRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9kNGRmZDYtZDI0MC00YjBlLTlhMDEtZTFkNjlmYTkwOGNh
LzEvU29DNzBJUURoeEJvX2ZIOHRlRUJJVWYyRmhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8iQMA0G
CSqGSIb3DQEBCwUAA4IBAQDPmcGdB0QA/BxP+luf2PDYr3rR89GGSbwXKQH5jCVn
QyxdK9ivfoyZ5WPXZ0BpVThMJKX6AI0VlrgaHh+rWoqpvl/l9A2zxnWXRiU7MTXP
ra9yQ0tg21jeJMzxR49e+sQev4otGS4+f10iQr514NdNfcbJkZIX3UoliB5JxQyZ
SKNQQf3+VMHH9uSoPPufVNeD1fqI/n+fVIL9P8zl1RzMjBfBiM12ltN1Zd4Xe4L6
in4cz4askXfcRcamQmC0EPtAeLGytC77U9iLvAOpeSzNTcrW2PsDl8/CrHPbD6xd
+nTsfdqlLFc4rNA6nhmN/QaRjwK1IQ0AmrynfGFZ0vu9
-----END CERTIFICATE-----