Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/trnxx5O3TtgnQYLKEQuoPyhR5gg.roa
File:                     trnxx5O3TtgnQYLKEQuoPyhR5gg.roa (raw, json)
Hash identifier:          3ejfqMowRQ3qZQKTlYey+bvlxd/1qVvWnMEzunlz0xk=
Subject key identifier:   B6:B9:F1:C7:93:B7:4E:D8:27:41:82:CA:11:0B:A8:3F:28:51:E6:08
Certificate issuer:       /CN=45effe98c24c3d6d6087c8d1d3f901b8ccd40088
Certificate serial:       0192542D9EFA34D989454FC99E1F0B74D394
Authority key identifier: 45:EF:FE:98:C2:4C:3D:6D:60:87:C8:D1:D3:F9:01:B8:CC:D4:00:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Re_-mMJMPW1gh8jR0_kBuMzUAIg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/trnxx5O3TtgnQYLKEQuoPyhR5gg.roa
Signing time:             Thu 03 Oct 2024 20:58:48 +0000
ROA not before:           Thu 03 Oct 2024 20:58:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207388
IP address blocks:        91.217.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/Re_-mMJMPW1gh8jR0_kBuMzUAIg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/Re_-mMJMPW1gh8jR0_kBuMzUAIg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Re_-mMJMPW1gh8jR0_kBuMzUAIg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:54:2d:9e:fa:34:d9:89:45:4f:c9:9e:1f:0b:74:d3:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45effe98c24c3d6d6087c8d1d3f901b8ccd40088
        Validity
            Not Before: Oct  3 20:58:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6b9f1c793b74ed8274182ca110ba83f2851e608
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:96:1f:92:02:77:cf:f0:2f:86:27:ea:21:34:
                    90:0b:9a:84:da:31:a5:ca:a1:bf:d4:f3:47:e7:d9:
                    2b:b0:b6:b2:3d:6a:02:c2:5b:06:a4:06:03:42:f8:
                    b5:a4:bf:18:93:af:48:c5:c0:64:d1:ae:36:e0:85:
                    f1:8b:48:23:9f:b9:c3:4e:ef:50:9b:38:83:9d:bf:
                    cf:bd:05:58:ea:bb:31:e9:22:c7:70:36:74:d0:aa:
                    dd:e2:1a:20:02:49:7b:5e:e0:46:57:c3:57:15:a2:
                    17:95:35:df:49:36:3d:67:72:3f:58:cd:cf:a2:a4:
                    c1:bd:96:f0:e5:0f:0b:a6:e3:78:fa:d8:fb:44:ed:
                    2e:84:b0:e2:7e:81:12:f1:80:50:50:e9:64:32:a0:
                    4d:40:56:16:11:a7:ed:72:c0:a2:a1:22:16:1a:30:
                    11:4a:d6:1c:c7:18:55:b2:f8:cd:8a:d3:33:61:2c:
                    a2:30:7e:d0:19:ba:34:ba:cc:44:0a:62:74:59:d7:
                    8c:ab:c9:df:b0:cd:42:de:17:a9:68:8b:5f:02:f2:
                    dd:86:e5:a2:43:fe:7f:2c:c8:c9:43:4e:66:f9:e4:
                    ab:9c:86:84:14:eb:e0:c3:a7:a9:ce:b8:fb:e1:3a:
                    7e:e2:b0:b5:b6:d9:f3:02:05:88:a1:33:cd:93:e8:
                    cb:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:B9:F1:C7:93:B7:4E:D8:27:41:82:CA:11:0B:A8:3F:28:51:E6:08
            X509v3 Authority Key Identifier:
                keyid:45:EF:FE:98:C2:4C:3D:6D:60:87:C8:D1:D3:F9:01:B8:CC:D4:00:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Re_-mMJMPW1gh8jR0_kBuMzUAIg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/trnxx5O3TtgnQYLKEQuoPyhR5gg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/Re_-mMJMPW1gh8jR0_kBuMzUAIg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:c9:cf:eb:c1:60:6b:80:fd:66:80:45:4d:73:81:29:a8:f8:
         d2:44:3c:ee:63:05:19:69:b7:0c:47:d5:de:ad:a3:e5:82:e2:
         3a:71:3a:5f:ab:98:04:b0:4a:6d:f2:7e:88:0b:f3:d3:b8:7f:
         49:f4:cc:98:7b:4d:11:9f:9d:2a:94:01:88:c9:a4:66:c6:8e:
         8b:3c:2b:7f:1e:50:41:72:49:9c:21:ed:7d:14:c8:59:72:0f:
         99:4f:ae:e7:7a:94:33:92:07:6f:be:0b:36:e1:56:3c:5a:69:
         99:c1:32:96:9b:29:68:29:0e:be:5a:72:0c:bd:c8:1d:76:2f:
         0a:51:51:ce:61:89:a6:42:2d:ad:64:d0:c6:81:c3:0d:77:ff:
         2b:7a:89:12:d5:5b:c2:a5:ec:d0:30:9e:65:ef:dd:f9:48:6a:
         b6:8f:95:9c:71:78:7c:81:2a:1d:d1:52:ec:a6:fa:cb:45:99:
         fa:f5:a2:ff:5b:e4:36:56:23:ae:e7:45:36:01:e2:7e:ff:d9:
         7d:6d:ff:cf:41:af:a7:54:5c:8b:f6:e7:4e:93:af:23:ce:87:
         99:b4:bc:aa:cd:87:67:fe:bb:9b:96:e3:be:6c:8e:2a:81:7e:
         97:88:98:58:e8:f5:dc:06:1f:c9:e7:6d:7b:58:0f:3c:ed:b7:
         02:1f:12:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJULZ76NNmJRU/Jnh8LdNOUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ZWZmZTk4YzI0YzNkNmQ2MDg3YzhkMWQzZjkwMWI4Y2Nk
NDAwODgwHhcNMjQxMDAzMjA1ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmI5ZjFjNzkzYjc0ZWQ4Mjc0MTgyY2ExMTBiYTgzZjI4NTFlNjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5YfkgJ3z/AvhifqITSQC5qE2jGl
yqG/1PNH59krsLayPWoCwlsGpAYDQvi1pL8Yk69IxcBk0a424IXxi0gjn7nDTu9Q
mziDnb/PvQVY6rsx6SLHcDZ00Krd4hogAkl7XuBGV8NXFaIXlTXfSTY9Z3I/WM3P
oqTBvZbw5Q8LpuN4+tj7RO0uhLDifoES8YBQUOlkMqBNQFYWEaftcsCioSIWGjAR
StYcxxhVsvjNitMzYSyiMH7QGbo0usxECmJ0WdeMq8nfsM1C3hepaItfAvLdhuWi
Q/5/LMjJQ05m+eSrnIaEFOvgw6epzrj74Tp+4rC1ttnzAgWIoTPNk+jL9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLa58ceTt07YJ0GCyhELqD8oUeYIMB8GA1UdIwQY
MBaAFEXv/pjCTD1tYIfI0dP5AbjM1ACIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmVfLW1NSk1QVzFnaDhqUjBfa0J1TXpVQUlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8xZTRhNjQtN2FhMC00Yzk0LTliYjAt
ZGViN2I5MTg5MTY5LzEvdHJueHg1TzNUdGduUVlMS0VRdW9QeWhSNWdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8xZTRhNjQtN2FhMC00Yzk0LTliYjAtZGViN2I5MTg5MTY5
LzEvUmVfLW1NSk1QVzFnaDhqUjBfa0J1TXpVQUlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9mVMA0G
CSqGSIb3DQEBCwUAA4IBAQAYyc/rwWBrgP1mgEVNc4EpqPjSRDzuYwUZabcMR9Xe
raPlguI6cTpfq5gEsEpt8n6IC/PTuH9J9MyYe00Rn50qlAGIyaRmxo6LPCt/HlBB
ckmcIe19FMhZcg+ZT67nepQzkgdvvgs24VY8WmmZwTKWmyloKQ6+WnIMvcgddi8K
UVHOYYmmQi2tZNDGgcMNd/8reokS1VvCpezQMJ5l7935SGq2j5WccXh8gSod0VLs
pvrLRZn69aL/W+Q2ViOu50U2AeJ+/9l9bf/PQa+nVFyL9udOk68jzoeZtLyqzYdn
/rubluO+bI4qgX6XiJhY6PXcBh/J5217WA887bcCHxLw
-----END CERTIFICATE-----