Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/afae7c-6ebf-4543-bc2f-b8c3dd76613e/1/keQpuKDABw0fhKnG8I6mk4UMPaw.roa
File:                     keQpuKDABw0fhKnG8I6mk4UMPaw.roa (raw, json)
Hash identifier:          jFAywGYCGWQvl+F8U1walDBlRAIARMcBZeT9OF06Dzo=
Subject key identifier:   91:E4:29:B8:A0:C0:07:0D:1F:84:A9:C6:F0:8E:A6:93:85:0C:3D:AC
Certificate issuer:       /CN=8348cce4fb6d36140eb7d56fed289b3871fc4d74
Certificate serial:       018E8574C1C4579B9FD536CDB8E0B38F7406
Authority key identifier: 83:48:CC:E4:FB:6D:36:14:0E:B7:D5:6F:ED:28:9B:38:71:FC:4D:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g0jM5PttNhQOt9Vv7SibOHH8TXQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/afae7c-6ebf-4543-bc2f-b8c3dd76613e/1/keQpuKDABw0fhKnG8I6mk4UMPaw.roa
Signing time:             Thu 28 Mar 2024 14:26:45 +0000
ROA not before:           Thu 28 Mar 2024 14:26:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49692
IP address blocks:        91.213.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/afae7c-6ebf-4543-bc2f-b8c3dd76613e/1/g0jM5PttNhQOt9Vv7SibOHH8TXQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/afae7c-6ebf-4543-bc2f-b8c3dd76613e/1/g0jM5PttNhQOt9Vv7SibOHH8TXQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g0jM5PttNhQOt9Vv7SibOHH8TXQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:85:74:c1:c4:57:9b:9f:d5:36:cd:b8:e0:b3:8f:74:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8348cce4fb6d36140eb7d56fed289b3871fc4d74
        Validity
            Not Before: Mar 28 14:26:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91e429b8a0c0070d1f84a9c6f08ea693850c3dac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:a9:8f:dd:bf:bf:02:51:5f:4c:3d:aa:ef:78:
                    8b:54:06:a2:62:a6:4f:8b:04:07:ad:74:65:e1:f4:
                    92:e6:77:fe:4f:fd:cc:cc:fb:d8:2a:c8:67:51:23:
                    9e:e8:51:48:fa:0a:bb:7c:c9:e9:e0:60:28:c8:6f:
                    4d:7e:6c:37:dc:62:41:09:bf:40:0b:da:fb:da:7d:
                    2f:82:0a:14:60:77:17:e5:89:72:9c:bf:ca:63:be:
                    43:04:32:01:16:ab:2e:e0:6d:99:af:be:c4:18:ce:
                    21:08:0c:a7:8b:3a:7a:9f:b9:e0:03:e2:e1:fc:b6:
                    7d:9b:8d:1f:34:cf:0e:ec:6f:a7:c7:29:77:d8:4c:
                    7a:74:93:63:78:67:f8:51:52:91:fc:26:f1:48:27:
                    c6:89:44:e5:1f:c1:a6:60:85:dc:ec:6b:db:ff:af:
                    a7:8e:fd:7b:9f:37:db:f9:0b:1c:52:ab:ce:13:3e:
                    8f:96:0b:71:b3:88:1c:ff:97:c1:39:f7:56:95:68:
                    a0:34:3d:46:be:c9:71:a9:40:7b:13:f3:88:46:16:
                    80:ef:df:1e:d8:37:11:d3:7b:81:10:0b:7e:be:0c:
                    25:d2:a3:db:c4:03:ca:e4:24:75:c6:d0:46:35:9c:
                    cd:82:a8:7d:5b:43:ae:f5:5e:38:ba:3e:01:68:0e:
                    dc:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:E4:29:B8:A0:C0:07:0D:1F:84:A9:C6:F0:8E:A6:93:85:0C:3D:AC
            X509v3 Authority Key Identifier:
                keyid:83:48:CC:E4:FB:6D:36:14:0E:B7:D5:6F:ED:28:9B:38:71:FC:4D:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g0jM5PttNhQOt9Vv7SibOHH8TXQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/afae7c-6ebf-4543-bc2f-b8c3dd76613e/1/keQpuKDABw0fhKnG8I6mk4UMPaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/afae7c-6ebf-4543-bc2f-b8c3dd76613e/1/g0jM5PttNhQOt9Vv7SibOHH8TXQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:b2:09:2e:3e:77:30:1c:2b:1f:0e:12:a9:5e:53:0d:13:0e:
         e0:11:55:b5:b9:f7:34:fd:79:33:f4:24:52:c3:ac:1b:dc:7f:
         e5:24:c1:18:6a:70:a3:7d:80:f5:82:92:59:bf:41:7f:74:b9:
         ed:13:e7:b5:5f:ed:d0:93:29:f7:2b:c0:0c:aa:fb:aa:f2:31:
         fe:3a:4d:bc:20:4c:0a:e5:b3:39:64:43:44:74:68:81:8d:b5:
         8e:3d:c2:5d:30:d0:89:64:d4:19:7d:8c:2c:14:29:54:56:b2:
         ee:c0:ac:b4:90:6a:e3:b2:7a:4d:dc:87:db:46:a6:a9:7b:9b:
         6a:20:48:d8:27:45:f3:2c:37:bc:44:1e:27:64:0a:14:87:5f:
         b5:b9:30:c6:3a:5c:61:78:01:80:36:d9:d8:ca:00:b1:3f:5b:
         fa:9f:ac:e0:54:ae:78:7a:af:31:de:46:10:5a:a7:b5:e2:5d:
         24:26:d6:f2:c2:67:d0:bd:44:4c:69:37:64:aa:cf:d4:87:82:
         c3:6a:ee:2d:b4:dc:fa:59:b4:42:09:12:85:f8:6a:7b:0f:a0:
         57:7e:3d:b9:1c:c3:22:ee:ad:3c:52:7f:8c:dc:35:c9:ff:fa:
         14:78:ff:5d:e7:e8:e0:1d:55:2f:87:b3:d1:4f:d5:47:2b:b6:
         4d:0c:ae:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6FdMHEV5uf1TbNuOCzj3QGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNDhjY2U0ZmI2ZDM2MTQwZWI3ZDU2ZmVkMjg5YjM4NzFm
YzRkNzQwHhcNMjQwMzI4MTQyNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWU0MjliOGEwYzAwNzBkMWY4NGE5YzZmMDhlYTY5Mzg1MGMzZGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiKmP3b+/AlFfTD2q73iLVAaiYqZP
iwQHrXRl4fSS5nf+T/3MzPvYKshnUSOe6FFI+gq7fMnp4GAoyG9Nfmw33GJBCb9A
C9r72n0vggoUYHcX5YlynL/KY75DBDIBFqsu4G2Zr77EGM4hCAynizp6n7ngA+Lh
/LZ9m40fNM8O7G+nxyl32Ex6dJNjeGf4UVKR/CbxSCfGiUTlH8GmYIXc7Gvb/6+n
jv17nzfb+QscUqvOEz6Plgtxs4gc/5fBOfdWlWigND1GvslxqUB7E/OIRhaA798e
2DcR03uBEAt+vgwl0qPbxAPK5CR1xtBGNZzNgqh9W0Ou9V44uj4BaA7cewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJHkKbigwAcNH4SpxvCOppOFDD2sMB8GA1UdIwQY
MBaAFINIzOT7bTYUDrfVb+0omzhx/E10MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzBqTTVQdHROaFFPdDlWdjdTaWJPSEg4VFhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9hZmFlN2MtNmViZi00NTQzLWJjMmYt
YjhjM2RkNzY2MTNlLzEva2VRcHVLREFCdzBmaEtuRzhJNm1rNFVNUGF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9hZmFlN2MtNmViZi00NTQzLWJjMmYtYjhjM2RkNzY2MTNl
LzEvZzBqTTVQdHROaFFPdDlWdjdTaWJPSEg4VFhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9W0MA0G
CSqGSIb3DQEBCwUAA4IBAQBJsgkuPncwHCsfDhKpXlMNEw7gEVW1ufc0/Xkz9CRS
w6wb3H/lJMEYanCjfYD1gpJZv0F/dLntE+e1X+3Qkyn3K8AMqvuq8jH+Ok28IEwK
5bM5ZENEdGiBjbWOPcJdMNCJZNQZfYwsFClUVrLuwKy0kGrjsnpN3IfbRqape5tq
IEjYJ0XzLDe8RB4nZAoUh1+1uTDGOlxheAGANtnYygCxP1v6n6zgVK54eq8x3kYQ
Wqe14l0kJtbywmfQvURMaTdkqs/Uh4LDau4ttNz6WbRCCRKF+Gp7D6BXfj25HMMi
7q08Un+M3DXJ//oUeP9d5+jgHVUvh7PRT9VHK7ZNDK5/
-----END CERTIFICATE-----