Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/a1c8bd-bd94-46f6-aa49-7417e71a76e8/1/4K3Ro7Vx-5K9TwVL-yYP3nW0NFM.roa
File:                     4K3Ro7Vx-5K9TwVL-yYP3nW0NFM.roa (raw, json)
Hash identifier:          6rR3HVwEeL8+3lp93Tn2ojXXCUKTLq9rzLicuOHIRcU=
Subject key identifier:   E0:AD:D1:A3:B5:71:FB:92:BD:4F:05:4B:FB:26:0F:DE:75:B4:34:53
Certificate issuer:       /CN=f68bc2019e8e506e399cbf6586699cc886fc20f6
Certificate serial:       018CC2DB318A7FE2BA3CF5B76A4D4DDAF804
Authority key identifier: F6:8B:C2:01:9E:8E:50:6E:39:9C:BF:65:86:69:9C:C8:86:FC:20:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9ovCAZ6OUG45nL9lhmmcyIb8IPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/a1c8bd-bd94-46f6-aa49-7417e71a76e8/1/4K3Ro7Vx-5K9TwVL-yYP3nW0NFM.roa
Signing time:             Mon 01 Jan 2024 02:29:54 +0000
ROA not before:           Mon 01 Jan 2024 02:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51533
IP address blocks:        91.217.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/a1c8bd-bd94-46f6-aa49-7417e71a76e8/1/9ovCAZ6OUG45nL9lhmmcyIb8IPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/a1c8bd-bd94-46f6-aa49-7417e71a76e8/1/9ovCAZ6OUG45nL9lhmmcyIb8IPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9ovCAZ6OUG45nL9lhmmcyIb8IPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:31:8a:7f:e2:ba:3c:f5:b7:6a:4d:4d:da:f8:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f68bc2019e8e506e399cbf6586699cc886fc20f6
        Validity
            Not Before: Jan  1 02:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0add1a3b571fb92bd4f054bfb260fde75b43453
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:66:7d:6c:a3:96:78:04:3a:2c:87:96:21:ba:
                    4a:c7:6f:ff:0c:32:8b:1d:39:41:b9:b8:bd:b8:ca:
                    92:63:57:50:31:51:c1:df:ad:b0:81:fd:5b:5c:ff:
                    3b:c5:77:e6:0f:58:71:e8:f0:bc:19:e8:80:6d:6b:
                    41:e3:7b:6e:ee:5a:2e:2a:f9:45:8f:2e:5a:6c:ab:
                    07:64:f9:c3:7a:00:97:cb:a8:39:3b:74:7d:d4:3c:
                    c4:8a:6f:52:ba:e7:70:1c:4f:fe:99:19:ea:92:c5:
                    b4:1a:9d:93:6f:ad:46:cc:14:40:90:02:1d:2d:7e:
                    19:0e:ce:27:2d:e5:c7:4c:28:bc:7e:a0:12:14:24:
                    4c:a3:45:86:ce:5a:be:8e:d6:bc:4e:22:79:e5:93:
                    8b:42:b9:68:fd:55:c0:3f:2b:1c:53:b4:fb:cd:a0:
                    76:29:14:9e:d5:58:d6:d9:fa:cc:e8:5a:52:c4:f7:
                    69:9e:37:32:d8:d1:c8:25:74:8e:79:86:c0:e3:70:
                    c1:de:e1:6f:ca:e6:8f:b4:13:0b:b9:d4:9f:18:34:
                    7a:f4:b4:61:0c:f2:3b:22:96:b3:61:63:6f:86:b1:
                    cc:15:32:4f:be:f7:da:87:b7:be:5f:dd:97:8a:af:
                    c5:ab:0b:b8:af:de:76:12:bc:9c:b6:61:96:c3:63:
                    60:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:AD:D1:A3:B5:71:FB:92:BD:4F:05:4B:FB:26:0F:DE:75:B4:34:53
            X509v3 Authority Key Identifier:
                keyid:F6:8B:C2:01:9E:8E:50:6E:39:9C:BF:65:86:69:9C:C8:86:FC:20:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9ovCAZ6OUG45nL9lhmmcyIb8IPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/a1c8bd-bd94-46f6-aa49-7417e71a76e8/1/4K3Ro7Vx-5K9TwVL-yYP3nW0NFM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/a1c8bd-bd94-46f6-aa49-7417e71a76e8/1/9ovCAZ6OUG45nL9lhmmcyIb8IPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:12:73:c0:3d:08:fa:e7:09:f6:21:28:1b:a5:98:24:86:1d:
         97:06:7e:94:37:f3:e1:cc:a9:f1:a8:ba:4b:7a:3a:1b:af:3b:
         8b:d2:0c:09:09:a6:79:a3:28:1b:80:28:04:86:f2:f7:69:8e:
         dd:6d:c6:c2:61:24:18:09:e3:94:58:0d:0e:cc:5e:13:3f:4a:
         ce:b9:52:ed:17:f2:f8:3d:e9:3a:cf:96:90:33:55:1d:22:cc:
         a9:a0:24:24:21:49:2c:b7:2a:2b:60:06:ce:6c:f2:78:38:2e:
         ba:6a:9a:97:ba:b8:3f:90:64:55:a7:a4:ed:20:e8:79:5a:07:
         6f:ab:37:4b:8f:4b:07:07:d7:b1:e1:6e:83:f9:15:c8:19:4f:
         71:d1:15:ea:93:7b:5f:43:bf:63:3a:59:0b:d9:ed:b9:75:9e:
         3e:ce:b6:04:12:0a:b3:45:c0:83:4b:ce:f5:25:92:1f:3e:44:
         7a:c2:ee:15:1b:e6:1b:04:f0:08:c7:0b:aa:06:27:53:15:81:
         04:3a:1c:80:89:68:ef:0e:ec:e1:88:29:ec:67:cf:c2:92:b4:
         58:40:da:26:c6:40:b5:8f:13:b9:ca:4c:aa:e3:b1:59:ff:c4:
         9c:4b:ce:b8:82:fe:a9:ac:28:5d:bd:11:1c:44:eb:0d:c5:bc:
         eb:ab:2f:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zGKf+K6PPW3ak1N2vgEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2OGJjMjAxOWU4ZTUwNmUzOTljYmY2NTg2Njk5Y2M4ODZm
YzIwZjYwHhcNMjQwMTAxMDIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGFkZDFhM2I1NzFmYjkyYmQ0ZjA1NGJmYjI2MGZkZTc1YjQzNDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGZ9bKOWeAQ6LIeWIbpKx2//DDKL
HTlBubi9uMqSY1dQMVHB362wgf1bXP87xXfmD1hx6PC8GeiAbWtB43tu7louKvlF
jy5abKsHZPnDegCXy6g5O3R91DzEim9SuudwHE/+mRnqksW0Gp2Tb61GzBRAkAId
LX4ZDs4nLeXHTCi8fqASFCRMo0WGzlq+jta8TiJ55ZOLQrlo/VXAPyscU7T7zaB2
KRSe1VjW2frM6FpSxPdpnjcy2NHIJXSOeYbA43DB3uFvyuaPtBMLudSfGDR69LRh
DPI7IpazYWNvhrHMFTJPvvfah7e+X92Xiq/Fqwu4r952EryctmGWw2Ng2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOCt0aO1cfuSvU8FS/smD951tDRTMB8GA1UdIwQY
MBaAFPaLwgGejlBuOZy/ZYZpnMiG/CD2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOW92Q0FaNk9VRzQ1bkw5bGhtbWN5SWI4SVBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9hMWM4YmQtYmQ5NC00NmY2LWFhNDkt
NzQxN2U3MWE3NmU4LzEvNEszUm83VngtNUs5VHdWTC15WVAzblcwTkZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9hMWM4YmQtYmQ5NC00NmY2LWFhNDktNzQxN2U3MWE3NmU4
LzEvOW92Q0FaNk9VRzQ1bkw5bGhtbWN5SWI4SVBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9nuMA0G
CSqGSIb3DQEBCwUAA4IBAQAZEnPAPQj65wn2ISgbpZgkhh2XBn6UN/PhzKnxqLpL
ejobrzuL0gwJCaZ5oygbgCgEhvL3aY7dbcbCYSQYCeOUWA0OzF4TP0rOuVLtF/L4
Pek6z5aQM1UdIsypoCQkIUkstyorYAbObPJ4OC66apqXurg/kGRVp6TtIOh5Wgdv
qzdLj0sHB9ex4W6D+RXIGU9x0RXqk3tfQ79jOlkL2e25dZ4+zrYEEgqzRcCDS871
JZIfPkR6wu4VG+YbBPAIxwuqBidTFYEEOhyAiWjvDuzhiCnsZ8/CkrRYQNomxkC1
jxO5ykyq47FZ/8ScS864gv6prChdvREcROsNxbzrqy+d
-----END CERTIFICATE-----