Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/e7b1d7-3d7a-46ab-810f-eddf23c1ba6d/1/vrsZjXkbuEc3z5LPPe8k__Qz7No.roa
File:                     vrsZjXkbuEc3z5LPPe8k__Qz7No.roa (raw, json)
Hash identifier:          3X6CELyf3fp20q8kT41dBEfu2G9K9jEFFXE0/y9xX3E=
Subject key identifier:   BE:BB:19:8D:79:1B:B8:47:37:CF:92:CF:3D:EF:24:FF:F4:33:EC:DA
Certificate issuer:       /CN=18caeb14a01ee16d836565e14fa53b4ab3c3cd26
Certificate serial:       018CC9BC94E7D0560D1B21112F6436CC5F2A
Authority key identifier: 18:CA:EB:14:A0:1E:E1:6D:83:65:65:E1:4F:A5:3B:4A:B3:C3:CD:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GMrrFKAe4W2DZWXhT6U7SrPDzSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/e7b1d7-3d7a-46ab-810f-eddf23c1ba6d/1/vrsZjXkbuEc3z5LPPe8k__Qz7No.roa
Signing time:             Tue 02 Jan 2024 10:33:48 +0000
ROA not before:           Tue 02 Jan 2024 10:33:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29423
IP address blocks:        91.217.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/e7b1d7-3d7a-46ab-810f-eddf23c1ba6d/1/GMrrFKAe4W2DZWXhT6U7SrPDzSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/e7b1d7-3d7a-46ab-810f-eddf23c1ba6d/1/GMrrFKAe4W2DZWXhT6U7SrPDzSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GMrrFKAe4W2DZWXhT6U7SrPDzSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:94:e7:d0:56:0d:1b:21:11:2f:64:36:cc:5f:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18caeb14a01ee16d836565e14fa53b4ab3c3cd26
        Validity
            Not Before: Jan  2 10:33:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bebb198d791bb84737cf92cf3def24fff433ecda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a0:8d:15:5c:1a:ef:ac:cf:0c:37:0a:f9:84:
                    ff:2e:a8:15:bd:1c:ac:d4:bf:6a:2d:c4:81:5e:a9:
                    bf:44:66:5e:9d:c6:22:54:9a:a0:11:b1:c5:48:5a:
                    51:40:31:b6:c4:fd:bb:ea:3e:22:17:a4:2d:16:f2:
                    66:a8:17:4b:a5:f8:df:47:f6:86:3f:c2:2c:a8:fc:
                    0e:45:70:93:4d:b3:ab:8b:b6:88:ef:ed:a2:3a:86:
                    a6:bf:98:bb:3e:f7:56:b3:7b:d7:22:53:05:f5:2a:
                    e0:aa:88:df:ad:dc:1d:eb:be:d7:30:81:06:66:44:
                    b7:88:28:20:d0:e9:68:8f:74:1a:04:95:c2:3c:36:
                    e8:c1:6f:c5:62:8e:03:78:d0:15:a9:e4:96:2a:cb:
                    7c:71:6d:68:ff:f4:b5:39:d3:74:a8:f4:51:5c:99:
                    fb:2c:95:3f:98:9b:38:d4:10:0a:d5:e6:96:fb:e2:
                    ac:ac:68:36:72:d6:e1:78:4b:a3:69:c9:3f:48:bb:
                    33:86:6d:8b:ee:a1:ba:48:e4:f3:fe:7e:68:cc:35:
                    7d:d1:63:c5:94:d5:10:47:23:b5:58:08:0b:51:ec:
                    07:3a:02:07:38:b1:fd:d7:32:c2:37:50:f9:00:9a:
                    8e:28:cd:45:e1:d4:74:05:ac:20:09:99:08:bb:2a:
                    ff:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:BB:19:8D:79:1B:B8:47:37:CF:92:CF:3D:EF:24:FF:F4:33:EC:DA
            X509v3 Authority Key Identifier:
                keyid:18:CA:EB:14:A0:1E:E1:6D:83:65:65:E1:4F:A5:3B:4A:B3:C3:CD:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GMrrFKAe4W2DZWXhT6U7SrPDzSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/e7b1d7-3d7a-46ab-810f-eddf23c1ba6d/1/vrsZjXkbuEc3z5LPPe8k__Qz7No.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/e7b1d7-3d7a-46ab-810f-eddf23c1ba6d/1/GMrrFKAe4W2DZWXhT6U7SrPDzSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:a1:6b:24:6e:80:3b:2e:f5:30:f4:3c:32:52:b3:66:a3:91:
         78:b4:49:1e:ea:ec:0f:6f:0f:ce:d6:5c:bf:e8:22:9f:88:5e:
         1c:f1:33:c7:2c:68:3d:57:4c:f7:6d:bc:d7:36:ac:da:3c:90:
         d7:c2:24:4d:dd:ef:6a:db:d6:75:1b:1b:38:8c:d3:dd:0b:14:
         ca:b7:44:37:5b:e7:e1:af:99:16:12:03:aa:4a:84:a0:4a:94:
         5e:6d:82:ac:eb:cb:ac:f4:ba:cc:fb:0d:9d:99:ea:68:3c:16:
         2a:9f:8c:9e:41:1b:97:ca:19:11:17:87:72:eb:8e:db:a3:c8:
         04:12:f7:61:bf:ab:cc:0c:d3:de:c8:0c:82:fe:4d:d0:7d:4e:
         e5:8c:05:cf:80:27:ff:78:90:78:bf:79:5d:fb:eb:ad:ba:2b:
         84:26:ba:8c:3e:94:96:41:e3:2c:80:c3:10:3b:87:f1:60:02:
         cc:82:a0:f1:3b:f3:3d:44:78:e1:fa:ed:01:12:53:10:84:55:
         b7:27:b8:a0:24:b3:b4:68:13:e3:48:c1:ff:df:a5:22:39:df:
         6b:ec:76:d6:81:09:e5:a4:36:cf:1f:5e:5b:12:b3:3f:15:f3:
         2a:c7:73:8d:b7:96:fc:cf:87:3c:44:4e:04:39:da:b6:06:82:
         73:00:39:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvJTn0FYNGyERL2Q2zF8qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4Y2FlYjE0YTAxZWUxNmQ4MzY1NjVlMTRmYTUzYjRhYjNj
M2NkMjYwHhcNMjQwMTAyMTAzMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWJiMTk4ZDc5MWJiODQ3MzdjZjkyY2YzZGVmMjRmZmY0MzNlY2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqCNFVwa76zPDDcK+YT/LqgVvRys
1L9qLcSBXqm/RGZencYiVJqgEbHFSFpRQDG2xP276j4iF6QtFvJmqBdLpfjfR/aG
P8IsqPwORXCTTbOri7aI7+2iOoamv5i7PvdWs3vXIlMF9Srgqojfrdwd677XMIEG
ZkS3iCgg0Oloj3QaBJXCPDbowW/FYo4DeNAVqeSWKst8cW1o//S1OdN0qPRRXJn7
LJU/mJs41BAK1eaW++KsrGg2ctbheEujack/SLszhm2L7qG6SOTz/n5ozDV90WPF
lNUQRyO1WAgLUewHOgIHOLH91zLCN1D5AJqOKM1F4dR0BawgCZkIuyr/QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL67GY15G7hHN8+Szz3vJP/0M+zaMB8GA1UdIwQY
MBaAFBjK6xSgHuFtg2Vl4U+lO0qzw80mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR01yckZLQWU0VzJEWldYaFQ2VTdTclBEelNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9lN2IxZDctM2Q3YS00NmFiLTgxMGYt
ZWRkZjIzYzFiYTZkLzEvdnJzWmpYa2J1RWMzejVMUFBlOGtfX1F6N05vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9lN2IxZDctM2Q3YS00NmFiLTgxMGYtZWRkZjIzYzFiYTZk
LzEvR01yckZLQWU0VzJEWldYaFQ2VTdTclBEelNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9kbMA0G
CSqGSIb3DQEBCwUAA4IBAQAwoWskboA7LvUw9DwyUrNmo5F4tEke6uwPbw/O1ly/
6CKfiF4c8TPHLGg9V0z3bbzXNqzaPJDXwiRN3e9q29Z1Gxs4jNPdCxTKt0Q3W+fh
r5kWEgOqSoSgSpRebYKs68us9LrM+w2dmepoPBYqn4yeQRuXyhkRF4dy647bo8gE
Evdhv6vMDNPeyAyC/k3QfU7ljAXPgCf/eJB4v3ld++utuiuEJrqMPpSWQeMsgMMQ
O4fxYALMgqDxO/M9RHjh+u0BElMQhFW3J7igJLO0aBPjSMH/36UiOd9r7HbWgQnl
pDbPH15bErM/FfMqx3ONt5b8z4c8RE4EOdq2BoJzADmv
-----END CERTIFICATE-----