Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/abb89f-09b9-44e8-8487-e31c0fdecd27/1/1-PhhVLmVjlQW_GpR-R6dmzfTdk.roa
File:                     1-PhhVLmVjlQW_GpR-R6dmzfTdk.roa (raw, json)
Hash identifier:          zIUpQVeJk4zg5JWNXZSpB3osOJCk63egQU3mYE3X7Tk=
Subject key identifier:   D7:E3:E1:85:52:E6:56:39:50:5B:F1:A9:47:E4:7A:76:6C:DF:4D:D9
Certificate issuer:       /CN=ad39fa7cd1533da975cf399b9acffebfed26a9eb
Certificate serial:       018CC5DC3E13128F383986F74FE21DF8C01C
Authority key identifier: AD:39:FA:7C:D1:53:3D:A9:75:CF:39:9B:9A:CF:FE:BF:ED:26:A9:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rTn6fNFTPal1zzmbms_-v-0mqes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/abb89f-09b9-44e8-8487-e31c0fdecd27/1/1-PhhVLmVjlQW_GpR-R6dmzfTdk.roa
Signing time:             Mon 01 Jan 2024 16:29:54 +0000
ROA not before:           Mon 01 Jan 2024 16:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59401
IP address blocks:        91.240.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/abb89f-09b9-44e8-8487-e31c0fdecd27/1/rTn6fNFTPal1zzmbms_-v-0mqes.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/abb89f-09b9-44e8-8487-e31c0fdecd27/1/rTn6fNFTPal1zzmbms_-v-0mqes.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rTn6fNFTPal1zzmbms_-v-0mqes.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:3e:13:12:8f:38:39:86:f7:4f:e2:1d:f8:c0:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad39fa7cd1533da975cf399b9acffebfed26a9eb
        Validity
            Not Before: Jan  1 16:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7e3e18552e65639505bf1a947e47a766cdf4dd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:fb:cb:a9:a9:fe:e0:0d:32:d5:0a:37:bb:3d:
                    56:d9:b3:68:4f:58:29:c0:6f:56:5a:36:f8:ec:a3:
                    45:53:10:1d:f0:8d:e7:c4:74:b7:39:6f:b8:79:e3:
                    ba:f3:54:0a:97:e0:44:fb:f4:b4:e0:50:fe:42:f5:
                    94:5f:9d:f6:00:6f:5a:af:c0:cf:27:8d:17:c1:81:
                    61:43:29:9d:88:52:d2:b5:9d:30:ea:9b:35:07:8a:
                    54:8d:57:3b:50:c9:bd:ea:5f:96:97:60:35:1a:46:
                    5f:fa:c8:d8:e1:3d:83:21:f8:c5:25:67:d9:87:32:
                    a0:92:ce:31:cd:5c:ca:d3:a9:31:f9:70:03:0a:eb:
                    28:31:85:b3:da:2c:f0:15:42:90:94:44:a0:d6:12:
                    37:d0:90:88:cb:14:26:c0:59:2a:d0:72:0a:a9:fa:
                    10:75:aa:52:1d:3c:70:13:93:a7:0b:99:c1:4d:1c:
                    9e:79:ce:65:63:8e:3b:5b:33:bb:31:fe:a7:3f:0f:
                    e9:e4:d0:34:e8:47:a2:50:bd:a3:b6:65:26:c1:7e:
                    48:c5:f9:8d:29:0b:d2:eb:ed:0e:8c:52:75:a9:c8:
                    c7:df:47:e6:a1:d5:bd:2c:14:a2:47:0f:76:7c:6a:
                    85:5b:e2:ab:fa:34:31:60:ad:c1:5a:ec:aa:b9:76:
                    f0:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:E3:E1:85:52:E6:56:39:50:5B:F1:A9:47:E4:7A:76:6C:DF:4D:D9
            X509v3 Authority Key Identifier:
                keyid:AD:39:FA:7C:D1:53:3D:A9:75:CF:39:9B:9A:CF:FE:BF:ED:26:A9:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rTn6fNFTPal1zzmbms_-v-0mqes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/abb89f-09b9-44e8-8487-e31c0fdecd27/1/1-PhhVLmVjlQW_GpR-R6dmzfTdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/abb89f-09b9-44e8-8487-e31c0fdecd27/1/rTn6fNFTPal1zzmbms_-v-0mqes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:d4:68:ab:c0:a5:c5:e5:de:e9:97:5a:e2:8e:73:ec:2b:07:
         81:e6:d2:95:9d:14:bd:02:83:7d:1c:5e:27:68:ba:bb:60:7b:
         5b:70:ca:5b:88:61:53:06:a1:3c:26:25:d7:38:74:a1:16:bf:
         65:b6:7a:67:19:c7:a2:9f:e0:e9:bb:92:1b:ce:c6:5b:89:ec:
         01:42:81:14:3d:81:24:ed:f8:b4:01:36:68:04:9d:1a:ee:fa:
         98:5d:84:d3:85:33:26:80:b5:6a:a4:7d:81:37:d8:fe:53:68:
         7b:22:2a:7c:bb:03:0a:02:66:b0:25:e7:8f:1a:2e:ea:75:50:
         56:56:40:02:37:fc:b7:1e:65:8a:17:22:33:f6:d4:89:0e:81:
         4d:f2:10:f5:99:8a:25:55:ff:3c:67:05:21:7d:4b:d2:a2:8f:
         b6:b4:79:f2:8e:b3:db:66:1e:28:39:97:bf:a3:7b:b8:30:33:
         e0:74:42:e0:28:a1:f0:6b:49:07:3b:44:f9:08:ae:a9:90:69:
         c7:05:38:91:0a:80:f4:70:bb:22:be:cf:91:44:58:7d:9c:5d:
         49:cf:14:d9:25:09:d8:41:f6:ed:32:64:80:e9:56:ce:5d:29:
         83:a5:30:71:78:ba:3d:14:83:ee:69:75:87:c8:ff:4e:8b:66:
         82:f1:9f:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3D4TEo84OYb3T+Id+MAcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMzlmYTdjZDE1MzNkYTk3NWNmMzk5YjlhY2ZmZWJmZWQy
NmE5ZWIwHhcNMjQwMTAxMTYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2UzZTE4NTUyZTY1NjM5NTA1YmYxYTk0N2U0N2E3NjZjZGY0ZGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/vLqan+4A0y1Qo3uz1W2bNoT1gp
wG9WWjb47KNFUxAd8I3nxHS3OW+4eeO681QKl+BE+/S04FD+QvWUX532AG9ar8DP
J40XwYFhQymdiFLStZ0w6ps1B4pUjVc7UMm96l+Wl2A1GkZf+sjY4T2DIfjFJWfZ
hzKgks4xzVzK06kx+XADCusoMYWz2izwFUKQlESg1hI30JCIyxQmwFkq0HIKqfoQ
dapSHTxwE5OnC5nBTRyeec5lY447WzO7Mf6nPw/p5NA06EeiUL2jtmUmwX5IxfmN
KQvS6+0OjFJ1qcjH30fmodW9LBSiRw92fGqFW+Kr+jQxYK3BWuyquXbwNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNfj4YVS5lY5UFvxqUfkenZs303ZMB8GA1UdIwQY
MBaAFK05+nzRUz2pdc85m5rP/r/tJqnrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclRuNmZORlRQYWwxenptYm1zXy12LTBtcWVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9hYmI4OWYtMDliOS00NGU4LTg0ODct
ZTMxYzBmZGVjZDI3LzEvMS1QaGhWTG1WamxRV19HcFItUjZkbXpmVGRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9hYmI4OWYtMDliOS00NGU4LTg0ODctZTMxYzBmZGVjZDI3
LzEvclRuNmZORlRQYWwxenptYm1zXy12LTBtcWVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/C8MA0G
CSqGSIb3DQEBCwUAA4IBAQAG1GirwKXF5d7pl1rijnPsKweB5tKVnRS9AoN9HF4n
aLq7YHtbcMpbiGFTBqE8JiXXOHShFr9ltnpnGcein+Dpu5IbzsZbiewBQoEUPYEk
7fi0ATZoBJ0a7vqYXYTThTMmgLVqpH2BN9j+U2h7Iip8uwMKAmawJeePGi7qdVBW
VkACN/y3HmWKFyIz9tSJDoFN8hD1mYolVf88ZwUhfUvSoo+2tHnyjrPbZh4oOZe/
o3u4MDPgdELgKKHwa0kHO0T5CK6pkGnHBTiRCoD0cLsivs+RRFh9nF1JzxTZJQnY
QfbtMmSA6VbOXSmDpTBxeLo9FIPuaXWHyP9Oi2aC8Z+C
-----END CERTIFICATE-----