Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/4485be-d779-41f5-a558-e6ac9b6a219e/1/xM7arG7PWSQijRXtLHgKrhJu0ko.roa
File:                     xM7arG7PWSQijRXtLHgKrhJu0ko.roa (raw, json)
Hash identifier:          KE7xCoy9QQI966VxACoYg15b0kJUPEmT1xMDsukNo5I=
Subject key identifier:   C4:CE:DA:AC:6E:CF:59:24:22:8D:15:ED:2C:78:0A:AE:12:6E:D2:4A
Certificate issuer:       /CN=ae17b1bbe78ce40aa1ec6d2778bc1e4ea295167e
Certificate serial:       018CC94E3CE81AA2FEE4630E0550B72D912E
Authority key identifier: AE:17:B1:BB:E7:8C:E4:0A:A1:EC:6D:27:78:BC:1E:4E:A2:95:16:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rhexu-eM5Aqh7G0neLweTqKVFn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/4485be-d779-41f5-a558-e6ac9b6a219e/1/xM7arG7PWSQijRXtLHgKrhJu0ko.roa
Signing time:             Tue 02 Jan 2024 08:33:16 +0000
ROA not before:           Tue 02 Jan 2024 08:33:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44455
IP address blocks:        91.199.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/4485be-d779-41f5-a558-e6ac9b6a219e/1/rhexu-eM5Aqh7G0neLweTqKVFn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/4485be-d779-41f5-a558-e6ac9b6a219e/1/rhexu-eM5Aqh7G0neLweTqKVFn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rhexu-eM5Aqh7G0neLweTqKVFn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:3c:e8:1a:a2:fe:e4:63:0e:05:50:b7:2d:91:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae17b1bbe78ce40aa1ec6d2778bc1e4ea295167e
        Validity
            Not Before: Jan  2 08:33:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4cedaac6ecf5924228d15ed2c780aae126ed24a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:c6:ec:30:3e:d3:6d:f2:82:4d:76:8f:49:65:
                    12:43:87:a0:92:a9:5d:72:9e:d5:d7:43:9f:45:de:
                    ce:54:c3:c6:91:d2:fe:28:da:72:49:5c:86:6e:1d:
                    f1:21:17:85:fc:52:2f:60:8f:87:a3:3f:5e:d1:fd:
                    e3:e2:29:b7:ab:c7:d6:2a:1f:53:c4:6a:f3:c0:f0:
                    2e:9f:48:ee:06:dd:e7:39:36:2f:d7:16:0d:af:b6:
                    dc:38:8f:41:ed:c6:37:12:5c:a4:14:87:1e:06:d4:
                    44:d0:aa:e2:a4:58:84:8a:e6:c7:f7:ba:ce:58:f1:
                    e1:d5:53:dc:c1:73:85:1d:01:e0:a1:06:9e:41:e0:
                    31:b3:f9:22:dc:d9:6a:74:7b:c3:62:9c:49:77:16:
                    86:b7:47:9d:23:1f:ce:3c:33:bb:04:3d:09:87:f8:
                    3c:91:d1:c2:ca:dc:3c:58:74:dd:ed:7a:56:d2:70:
                    ee:b0:4b:e5:94:d6:1e:a4:a2:bb:d1:e7:b9:6e:ee:
                    52:1a:b4:0e:84:f9:ce:d0:20:c2:e5:9b:fe:aa:5b:
                    8b:73:cd:80:50:1e:d6:9b:17:9b:8f:dc:d3:4d:18:
                    1f:44:55:9f:1d:a2:f1:75:c3:95:4b:e0:37:ce:ca:
                    e2:da:d9:f6:0d:a6:e3:03:23:97:33:34:dc:7d:66:
                    7d:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:CE:DA:AC:6E:CF:59:24:22:8D:15:ED:2C:78:0A:AE:12:6E:D2:4A
            X509v3 Authority Key Identifier:
                keyid:AE:17:B1:BB:E7:8C:E4:0A:A1:EC:6D:27:78:BC:1E:4E:A2:95:16:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rhexu-eM5Aqh7G0neLweTqKVFn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4485be-d779-41f5-a558-e6ac9b6a219e/1/xM7arG7PWSQijRXtLHgKrhJu0ko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4485be-d779-41f5-a558-e6ac9b6a219e/1/rhexu-eM5Aqh7G0neLweTqKVFn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:57:f3:43:c3:29:f0:42:90:ba:01:5e:88:1d:ce:b0:da:82:
         ca:56:e3:f7:ce:b8:25:73:1c:61:3c:1d:ce:6a:1a:14:ff:53:
         f6:2b:8b:35:6b:e9:79:b3:83:00:2e:a6:ef:69:fa:f1:ff:28:
         82:04:c3:32:70:5f:4e:a5:4c:07:90:70:f9:2b:79:fd:07:74:
         6a:d7:09:7b:af:ee:14:cd:97:af:b2:f2:a0:03:db:a0:bb:08:
         ea:6e:9f:b0:08:70:73:74:9f:54:46:35:a7:4b:ff:14:90:77:
         12:84:35:94:8e:c8:93:f6:c7:f3:b9:99:62:0e:ec:e9:50:69:
         a7:2c:a9:6f:e6:af:ae:83:06:f6:18:59:82:56:e4:b4:a7:b1:
         ac:e0:dc:f4:3e:1b:9d:06:37:d3:b9:20:41:26:9b:ce:c4:ab:
         3a:9c:61:98:fb:6c:c3:be:15:1e:b5:2d:4d:e7:13:96:07:88:
         27:d0:85:8b:20:b3:c3:4b:2e:bd:ad:eb:3e:57:ce:a1:37:27:
         21:94:ff:34:f4:08:ff:cb:50:5f:99:d6:bb:19:c3:21:d0:cb:
         0f:98:cd:02:90:2b:a5:a9:10:5d:6c:90:c0:f8:0f:e9:56:19:
         82:c9:9a:ff:16:7f:e8:e4:6f:4a:7a:a6:4d:7b:71:02:3a:11:
         48:5c:89:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTjzoGqL+5GMOBVC3LZEuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlMTdiMWJiZTc4Y2U0MGFhMWVjNmQyNzc4YmMxZTRlYTI5
NTE2N2UwHhcNMjQwMTAyMDgzMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGNlZGFhYzZlY2Y1OTI0MjI4ZDE1ZWQyYzc4MGFhZTEyNmVkMjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9sbsMD7TbfKCTXaPSWUSQ4egkqld
cp7V10OfRd7OVMPGkdL+KNpySVyGbh3xIReF/FIvYI+Hoz9e0f3j4im3q8fWKh9T
xGrzwPAun0juBt3nOTYv1xYNr7bcOI9B7cY3ElykFIceBtRE0KripFiEiubH97rO
WPHh1VPcwXOFHQHgoQaeQeAxs/ki3NlqdHvDYpxJdxaGt0edIx/OPDO7BD0Jh/g8
kdHCytw8WHTd7XpW0nDusEvllNYepKK70ee5bu5SGrQOhPnO0CDC5Zv+qluLc82A
UB7Wmxebj9zTTRgfRFWfHaLxdcOVS+A3zsri2tn2DabjAyOXMzTcfWZ9NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMTO2qxuz1kkIo0V7Sx4Cq4SbtJKMB8GA1UdIwQY
MBaAFK4XsbvnjOQKoextJ3i8Hk6ilRZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmhleHUtZU01QXFoN0cwbmVMd2VUcUtWRm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS80NDg1YmUtZDc3OS00MWY1LWE1NTgt
ZTZhYzliNmEyMTllLzEveE03YXJHN1BXU1FpalJYdExIZ0tyaEp1MGtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS80NDg1YmUtZDc3OS00MWY1LWE1NTgtZTZhYzliNmEyMTll
LzEvcmhleHUtZU01QXFoN0cwbmVMd2VUcUtWRm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8d8MA0G
CSqGSIb3DQEBCwUAA4IBAQBmV/NDwynwQpC6AV6IHc6w2oLKVuP3zrglcxxhPB3O
ahoU/1P2K4s1a+l5s4MALqbvafrx/yiCBMMycF9OpUwHkHD5K3n9B3Rq1wl7r+4U
zZevsvKgA9uguwjqbp+wCHBzdJ9URjWnS/8UkHcShDWUjsiT9sfzuZliDuzpUGmn
LKlv5q+ugwb2GFmCVuS0p7Gs4Nz0PhudBjfTuSBBJpvOxKs6nGGY+2zDvhUetS1N
5xOWB4gn0IWLILPDSy69res+V86hNychlP809Aj/y1Bfmda7GcMh0MsPmM0CkCul
qRBdbJDA+A/pVhmCyZr/Fn/o5G9KeqZNe3ECOhFIXIlZ
-----END CERTIFICATE-----