Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2db08-c845-41ab-a08a-3375617d4efd/1/V1IYhraqy6GtWLev9Eiy1F0cSC0.roa
File:                     V1IYhraqy6GtWLev9Eiy1F0cSC0.roa (raw, json)
Hash identifier:          OXaQyDbPBz9AsW1XM72kAOArg1kTGFWfPBLrTjWDPns=
Subject key identifier:   57:52:18:86:B6:AA:CB:A1:AD:58:B7:AF:F4:48:B2:D4:5D:1C:48:2D
Certificate issuer:       /CN=e2c5861210dc38bdbaeb477d6da719664a84a6bc
Certificate serial:       019423D72F8F47810619F9BB13C96623A786
Authority key identifier: E2:C5:86:12:10:DC:38:BD:BA:EB:47:7D:6D:A7:19:66:4A:84:A6:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sWGEhDcOL2660d9bacZZkqEprw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2db08-c845-41ab-a08a-3375617d4efd/1/V1IYhraqy6GtWLev9Eiy1F0cSC0.roa
Signing time:             Wed 01 Jan 2025 21:48:12 +0000
ROA not before:           Wed 01 Jan 2025 21:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51815
IP address blocks:        91.226.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2db08-c845-41ab-a08a-3375617d4efd/1/4sWGEhDcOL2660d9bacZZkqEprw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2db08-c845-41ab-a08a-3375617d4efd/1/4sWGEhDcOL2660d9bacZZkqEprw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sWGEhDcOL2660d9bacZZkqEprw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:2f:8f:47:81:06:19:f9:bb:13:c9:66:23:a7:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c5861210dc38bdbaeb477d6da719664a84a6bc
        Validity
            Not Before: Jan  1 21:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=57521886b6aacba1ad58b7aff448b2d45d1c482d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:2c:42:00:e4:2e:29:26:4c:61:36:ed:4b:ce:
                    a1:98:66:4b:ac:f9:0c:ab:b1:e2:e4:c6:92:b5:b3:
                    5e:4b:e3:36:13:40:c9:6c:ce:2f:22:c7:c5:cb:77:
                    70:7d:3c:90:52:7c:e9:3b:ea:ce:47:a5:19:fe:be:
                    0d:0d:b3:b8:15:af:c6:9c:80:8f:e1:2e:30:87:02:
                    1b:74:b2:9a:bd:1e:66:15:92:33:0d:f8:4c:85:35:
                    ea:49:da:e4:e8:36:15:1c:6d:01:61:78:66:a3:af:
                    83:17:7e:ed:f3:1a:f3:ca:11:55:41:86:6d:5c:b6:
                    4d:40:59:37:be:76:2b:87:e8:ff:09:5a:5b:7a:11:
                    ef:ee:ae:2e:c2:1e:71:fb:5f:6d:f4:02:52:e0:3f:
                    f5:48:38:26:07:39:90:82:40:93:db:36:e2:6f:59:
                    24:a3:92:ea:45:6b:e6:1e:39:aa:b4:8c:2f:cb:1a:
                    61:b2:2c:75:36:ff:90:3a:30:0e:6a:4a:2e:fb:62:
                    2f:ea:66:d3:b2:29:7a:07:f4:47:dd:22:83:e7:58:
                    02:45:a6:e1:77:2e:2d:c0:0e:9e:17:0a:3b:88:e8:
                    94:7b:1e:a5:0a:32:73:e8:a2:34:4a:0a:29:09:09:
                    49:25:c6:e5:d1:23:29:a2:9d:be:f1:01:18:a4:cb:
                    cb:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:52:18:86:B6:AA:CB:A1:AD:58:B7:AF:F4:48:B2:D4:5D:1C:48:2D
            X509v3 Authority Key Identifier:
                keyid:E2:C5:86:12:10:DC:38:BD:BA:EB:47:7D:6D:A7:19:66:4A:84:A6:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sWGEhDcOL2660d9bacZZkqEprw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2db08-c845-41ab-a08a-3375617d4efd/1/V1IYhraqy6GtWLev9Eiy1F0cSC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2db08-c845-41ab-a08a-3375617d4efd/1/4sWGEhDcOL2660d9bacZZkqEprw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:8b:c0:87:b4:72:b9:d1:d0:45:d9:88:67:ec:aa:15:95:98:
         bb:dc:a8:2a:18:ac:5c:b5:91:74:1d:d2:50:9f:27:79:1b:9f:
         f9:21:7a:a3:ec:76:bb:95:c6:9d:03:0a:66:2b:2f:70:b0:e9:
         eb:62:b6:d6:e5:f5:04:92:7b:7c:0b:25:6f:49:e5:7f:c1:c9:
         8b:4d:c6:4f:9a:12:ec:e4:20:1b:3c:1b:a2:46:35:d1:7d:aa:
         c9:56:45:ca:de:88:42:55:d1:ab:bf:01:5e:f8:a6:f4:3b:94:
         92:ba:7c:27:7d:b6:cc:c4:61:40:68:bf:d6:1e:1a:ef:05:9b:
         93:e1:7e:99:4f:b5:a9:93:93:b2:ea:63:27:a9:e6:70:5d:e3:
         af:57:11:ae:4c:aa:c0:da:99:2a:73:bb:a2:40:b8:c7:89:79:
         55:f7:bb:b0:ac:ee:98:da:0d:c5:ab:97:20:29:3a:18:c4:96:
         54:da:ba:f6:38:71:c5:32:f3:18:95:32:32:b3:2a:7a:98:fc:
         6b:ef:02:a5:ce:2d:25:01:c7:82:62:dd:6d:76:a2:c9:fb:f0:
         b2:ef:be:50:06:1a:e0:d8:17:27:f1:24:90:f6:9e:82:d2:b9:
         c7:4e:59:dc:15:b5:ad:52:ed:53:30:dc:8a:20:8e:5f:86:9b:
         2d:c9:90:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1y+PR4EGGfm7E8lmI6eGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzU4NjEyMTBkYzM4YmRiYWViNDc3ZDZkYTcxOTY2NGE4
NGE2YmMwHhcNMjUwMTAxMjE0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzUyMTg4NmI2YWFjYmExYWQ1OGI3YWZmNDQ4YjJkNDVkMWM0ODJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCxCAOQuKSZMYTbtS86hmGZLrPkM
q7Hi5MaStbNeS+M2E0DJbM4vIsfFy3dwfTyQUnzpO+rOR6UZ/r4NDbO4Fa/GnICP
4S4whwIbdLKavR5mFZIzDfhMhTXqSdrk6DYVHG0BYXhmo6+DF37t8xrzyhFVQYZt
XLZNQFk3vnYrh+j/CVpbehHv7q4uwh5x+19t9AJS4D/1SDgmBzmQgkCT2zbib1kk
o5LqRWvmHjmqtIwvyxphsix1Nv+QOjAOakou+2Iv6mbTsil6B/RH3SKD51gCRabh
dy4twA6eFwo7iOiUex6lCjJz6KI0SgopCQlJJcbl0SMpop2+8QEYpMvLnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFdSGIa2qsuhrVi3r/RIstRdHEgtMB8GA1UdIwQY
MBaAFOLFhhIQ3Di9uutHfW2nGWZKhKa8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNXR0VoRGNPTDI2NjBkOWJhY1paa3FFcHJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmRiMDgtYzg0NS00MWFiLWEwOGEt
MzM3NTYxN2Q0ZWZkLzEvVjFJWWhyYXF5Nkd0V0xldjlFaXkxRjBjU0MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmRiMDgtYzg0NS00MWFiLWEwOGEtMzM3NTYxN2Q0ZWZk
LzEvNHNXR0VoRGNPTDI2NjBkOWJhY1paa3FFcHJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+KxMA0G
CSqGSIb3DQEBCwUAA4IBAQAOi8CHtHK50dBF2Yhn7KoVlZi73KgqGKxctZF0HdJQ
nyd5G5/5IXqj7Ha7lcadAwpmKy9wsOnrYrbW5fUEknt8CyVvSeV/wcmLTcZPmhLs
5CAbPBuiRjXRfarJVkXK3ohCVdGrvwFe+Kb0O5SSunwnfbbMxGFAaL/WHhrvBZuT
4X6ZT7Wpk5Oy6mMnqeZwXeOvVxGuTKrA2pkqc7uiQLjHiXlV97uwrO6Y2g3Fq5cg
KToYxJZU2rr2OHHFMvMYlTIysyp6mPxr7wKlzi0lAceCYt1tdqLJ+/Cy775QBhrg
2Bcn8SSQ9p6C0rnHTlncFbWtUu1TMNyKII5fhpstyZCu
-----END CERTIFICATE-----