Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/49bef1-401a-48d2-8746-267275e92570/1/htM3Z92fBdpbc-mq0v8kdxH7Q9I.roa
File:                     htM3Z92fBdpbc-mq0v8kdxH7Q9I.roa (raw, json)
Hash identifier:          XcaeIWQHXobvZEHK0S0hyjpPRi2ZqPd4tUpJbBqAnag=
Subject key identifier:   86:D3:37:67:DD:9F:05:DA:5B:73:E9:AA:D2:FF:24:77:11:FB:43:D2
Certificate issuer:       /CN=2ebb3624b82f0e1e538b00919f442d200c7e3cd2
Certificate serial:       018CC3491AC09CCE93901ACF642887DB31E4
Authority key identifier: 2E:BB:36:24:B8:2F:0E:1E:53:8B:00:91:9F:44:2D:20:0C:7E:3C:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Lrs2JLgvDh5TiwCRn0QtIAx-PNI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/49bef1-401a-48d2-8746-267275e92570/1/htM3Z92fBdpbc-mq0v8kdxH7Q9I.roa
Signing time:             Mon 01 Jan 2024 04:29:57 +0000
ROA not before:           Mon 01 Jan 2024 04:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57146
IP address blocks:        91.231.4.0/23 maxlen: 24
                          91.231.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/49bef1-401a-48d2-8746-267275e92570/1/Lrs2JLgvDh5TiwCRn0QtIAx-PNI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/49bef1-401a-48d2-8746-267275e92570/1/Lrs2JLgvDh5TiwCRn0QtIAx-PNI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Lrs2JLgvDh5TiwCRn0QtIAx-PNI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:1a:c0:9c:ce:93:90:1a:cf:64:28:87:db:31:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ebb3624b82f0e1e538b00919f442d200c7e3cd2
        Validity
            Not Before: Jan  1 04:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86d33767dd9f05da5b73e9aad2ff247711fb43d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:26:4a:bd:2f:26:e7:25:0b:39:8a:46:6f:c4:
                    c8:df:74:fd:06:9d:73:92:7a:50:57:0a:d0:69:07:
                    ec:c8:18:e6:34:72:9e:dc:41:26:82:01:d8:ae:fa:
                    ad:51:3f:f6:08:2c:35:62:0b:f4:38:b5:f2:28:16:
                    6a:91:a4:f8:d4:8e:ca:f9:d2:7e:08:38:96:c3:9a:
                    d2:f5:f6:4e:88:e0:64:07:54:fe:80:9f:ec:7d:ee:
                    70:50:bf:e4:fe:6c:1f:84:a9:36:d3:92:89:5e:7a:
                    9a:fa:79:d9:77:ba:37:38:82:26:c0:34:34:54:c6:
                    56:7d:e9:57:0d:1d:13:78:3f:c3:45:42:94:04:e3:
                    4e:ab:61:1c:15:86:b8:ae:cc:04:10:99:63:06:fd:
                    8e:78:85:78:ff:7c:a9:61:77:c1:64:63:d5:77:b1:
                    28:c5:fb:56:33:57:ac:e1:c0:80:c0:7d:8e:b5:d8:
                    93:ba:26:26:b7:27:4c:97:f9:5c:99:cd:fc:0e:52:
                    25:c0:22:b5:24:29:ac:b5:90:d1:6c:36:c5:57:76:
                    d1:1e:16:6d:b7:25:5f:4c:91:ae:da:94:16:27:be:
                    c6:66:16:e0:17:40:3b:d6:66:8e:c0:11:ea:a0:3b:
                    91:ae:83:32:f5:95:37:93:e6:be:c3:30:96:93:05:
                    89:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:D3:37:67:DD:9F:05:DA:5B:73:E9:AA:D2:FF:24:77:11:FB:43:D2
            X509v3 Authority Key Identifier:
                keyid:2E:BB:36:24:B8:2F:0E:1E:53:8B:00:91:9F:44:2D:20:0C:7E:3C:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Lrs2JLgvDh5TiwCRn0QtIAx-PNI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/49bef1-401a-48d2-8746-267275e92570/1/htM3Z92fBdpbc-mq0v8kdxH7Q9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/49bef1-401a-48d2-8746-267275e92570/1/Lrs2JLgvDh5TiwCRn0QtIAx-PNI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.4.0-91.231.6.255

    Signature Algorithm: sha256WithRSAEncryption
         7a:71:98:7d:a9:70:32:bd:53:61:94:8a:34:75:f0:82:ed:0e:
         58:52:17:99:d2:fc:bd:b6:1c:43:58:3e:dd:f9:2b:bc:6e:67:
         6b:97:dc:bf:0e:fb:2a:6f:c6:30:2a:ab:d4:cb:19:d7:8a:5f:
         e7:d2:d3:cd:8f:50:75:6a:bd:71:36:c0:5a:4a:58:cc:86:a2:
         b5:d2:81:f1:9d:73:f8:df:1d:18:c5:c7:2c:f5:22:3b:17:f1:
         94:11:d3:e0:a2:d4:42:17:a7:16:1d:81:63:f8:b3:e9:13:26:
         b0:e3:e5:f4:32:d7:93:ea:98:4b:c9:87:8d:f5:da:6f:c4:be:
         0f:7c:e2:c9:5b:c1:89:f5:7d:e2:3d:b9:fa:ae:51:90:4b:d8:
         19:7b:6a:05:92:c4:90:95:77:23:aa:41:e3:4c:45:94:70:8e:
         d7:f5:82:27:32:8b:aa:65:5e:41:9f:5f:87:c7:26:61:45:c2:
         92:15:3d:ee:3a:0a:59:48:da:3e:e4:36:06:20:8d:7a:1f:c5:
         8a:a2:81:e1:f3:b1:c9:bf:f2:60:bc:d4:cb:1e:df:40:e6:5c:
         db:63:cc:a1:5f:ea:cf:ea:69:e9:1f:ba:72:28:cc:11:a6:5d:
         44:f6:f4:7a:1c:b7:b4:bd:6c:67:aa:6a:43:23:ee:02:64:70:
         70:56:f7:0b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDSRrAnM6TkBrPZCiH2zHkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlYmIzNjI0YjgyZjBlMWU1MzhiMDA5MTlmNDQyZDIwMGM3
ZTNjZDIwHhcNMjQwMTAxMDQyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmQzMzc2N2RkOWYwNWRhNWI3M2U5YWFkMmZmMjQ3NzExZmI0M2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiZKvS8m5yULOYpGb8TI33T9Bp1z
knpQVwrQaQfsyBjmNHKe3EEmggHYrvqtUT/2CCw1Ygv0OLXyKBZqkaT41I7K+dJ+
CDiWw5rS9fZOiOBkB1T+gJ/sfe5wUL/k/mwfhKk205KJXnqa+nnZd7o3OIImwDQ0
VMZWfelXDR0TeD/DRUKUBONOq2EcFYa4rswEEJljBv2OeIV4/3ypYXfBZGPVd7Eo
xftWM1es4cCAwH2OtdiTuiYmtydMl/lcmc38DlIlwCK1JCmstZDRbDbFV3bRHhZt
tyVfTJGu2pQWJ77GZhbgF0A71maOwBHqoDuRroMy9ZU3k+a+wzCWkwWJ5QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIbTN2fdnwXaW3PpqtL/JHcR+0PSMB8GA1UdIwQY
MBaAFC67NiS4Lw4eU4sAkZ9ELSAMfjzSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHJzMkpMZ3ZEaDVUaXdDUm4wUXRJQXgtUE5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC80OWJlZjEtNDAxYS00OGQyLTg3NDYt
MjY3Mjc1ZTkyNTcwLzEvaHRNM1o5MmZCZHBiYy1tcTB2OGtkeEg3UTlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC80OWJlZjEtNDAxYS00OGQyLTg3NDYtMjY3Mjc1ZTkyNTcw
LzEvTHJzMkpMZ3ZEaDVUaXdDUm4wUXRJQXgtUE5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAJb5wQD
BABb5wYwDQYJKoZIhvcNAQELBQADggEBAHpxmH2pcDK9U2GUijR18ILtDlhSF5nS
/L22HENYPt35K7xuZ2uX3L8O+ypvxjAqq9TLGdeKX+fS082PUHVqvXE2wFpKWMyG
orXSgfGdc/jfHRjFxyz1IjsX8ZQR0+Ci1EIXpxYdgWP4s+kTJrDj5fQy15PqmEvJ
h4312m/Evg984slbwYn1feI9ufquUZBL2Bl7agWSxJCVdyOqQeNMRZRwjtf1gicy
i6plXkGfX4fHJmFFwpIVPe46CllI2j7kNgYgjXofxYqigeHzscm/8mC81Mse30Dm
XNtjzKFf6s/qaekfunIozBGmXUT29Hoct7S9bGeqakMj7gJkcHBW9ws=
-----END CERTIFICATE-----