Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2db08-c845-41ab-a08a-3375617d4efd/1/oCXIMVoiQiCVLqhOp_nwxnNd5Js.roa
File:                     oCXIMVoiQiCVLqhOp_nwxnNd5Js.roa (raw, json)
Hash identifier:          ecUGSP2fUwf7j5GgneiSsu+4PYuxomPO2t7Lu4X6lRE=
Subject key identifier:   A0:25:C8:31:5A:22:42:20:95:2E:A8:4E:A7:F9:F0:C6:73:5D:E4:9B
Certificate issuer:       /CN=e2c5861210dc38bdbaeb477d6da719664a84a6bc
Certificate serial:       018CC8DECF39059C8B478CB9608E226EC36F
Authority key identifier: E2:C5:86:12:10:DC:38:BD:BA:EB:47:7D:6D:A7:19:66:4A:84:A6:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sWGEhDcOL2660d9bacZZkqEprw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2db08-c845-41ab-a08a-3375617d4efd/1/oCXIMVoiQiCVLqhOp_nwxnNd5Js.roa
Signing time:             Tue 02 Jan 2024 06:31:34 +0000
ROA not before:           Tue 02 Jan 2024 06:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51815
IP address blocks:        91.226.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2db08-c845-41ab-a08a-3375617d4efd/1/4sWGEhDcOL2660d9bacZZkqEprw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2db08-c845-41ab-a08a-3375617d4efd/1/4sWGEhDcOL2660d9bacZZkqEprw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sWGEhDcOL2660d9bacZZkqEprw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:cf:39:05:9c:8b:47:8c:b9:60:8e:22:6e:c3:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c5861210dc38bdbaeb477d6da719664a84a6bc
        Validity
            Not Before: Jan  2 06:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a025c8315a224220952ea84ea7f9f0c6735de49b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:44:3c:73:71:25:b6:f3:58:70:ae:3a:d6:72:
                    6b:e6:a5:e5:71:90:25:aa:7c:21:14:4b:6a:90:65:
                    30:7d:a8:af:1e:93:d6:09:b0:e5:6d:03:6a:9f:71:
                    32:d6:ed:46:2e:b6:76:be:03:3c:c7:37:f5:07:20:
                    01:7e:ac:74:a1:9a:ae:a2:ec:9a:5f:fa:fe:a6:13:
                    f6:f9:78:aa:21:25:18:6a:17:d2:4b:7e:01:fa:20:
                    a0:ce:e9:2c:2d:66:f8:b8:c6:61:c3:2c:21:e9:f4:
                    10:63:1b:88:6e:1f:3f:c8:5b:7c:33:d5:77:6f:68:
                    a4:14:19:bd:9d:69:2c:c4:cd:f1:75:ca:90:da:1f:
                    7b:a3:7f:3c:f6:7c:84:e9:28:6b:85:0e:7f:a6:87:
                    ca:00:66:6a:11:e7:e4:38:5b:fe:72:e2:68:4d:58:
                    d3:4d:9d:8f:be:70:08:91:37:c6:a8:65:c7:69:cb:
                    f8:30:3d:55:c5:93:33:6c:7a:6a:c4:f6:ac:72:b4:
                    e0:0b:6f:18:84:30:6c:29:42:7e:cb:23:9d:d8:81:
                    e5:78:cf:34:5b:5c:a0:83:45:b2:a5:1d:d5:37:68:
                    0f:4a:96:13:0a:66:18:64:07:a9:ae:f3:40:73:8d:
                    5c:f4:75:23:87:ed:dc:3a:e0:d3:b2:5a:65:fd:63:
                    da:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:25:C8:31:5A:22:42:20:95:2E:A8:4E:A7:F9:F0:C6:73:5D:E4:9B
            X509v3 Authority Key Identifier:
                keyid:E2:C5:86:12:10:DC:38:BD:BA:EB:47:7D:6D:A7:19:66:4A:84:A6:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sWGEhDcOL2660d9bacZZkqEprw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2db08-c845-41ab-a08a-3375617d4efd/1/oCXIMVoiQiCVLqhOp_nwxnNd5Js.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2db08-c845-41ab-a08a-3375617d4efd/1/4sWGEhDcOL2660d9bacZZkqEprw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:a6:67:6f:03:9e:db:fe:3d:b8:38:ff:08:11:ba:04:96:68:
         b1:93:59:bf:d1:34:fc:32:e3:24:02:e3:b3:2e:f3:57:63:52:
         e6:58:e5:32:db:2c:5a:61:41:64:be:53:04:bb:dd:14:57:c9:
         08:13:c1:5b:8e:2a:b4:d4:88:60:9c:39:07:61:b5:39:7e:51:
         97:8d:42:62:e6:d5:c6:45:87:be:88:b3:ce:a2:82:01:fb:5c:
         4a:ef:3d:9b:a1:fc:06:d3:8d:49:72:4e:4f:ed:d4:b7:4a:94:
         fc:90:92:98:01:1e:87:cb:40:be:6c:3c:d0:93:dc:c7:32:54:
         a1:59:9b:2e:76:ec:6a:29:4d:84:7e:4c:56:07:11:84:39:83:
         f6:24:12:4a:49:41:71:d0:d5:71:2e:5a:43:54:63:79:22:aa:
         75:60:e9:85:12:33:87:dd:74:c8:2b:da:05:7f:ec:1d:66:7b:
         34:7f:f1:4c:ed:33:c5:cb:8c:cd:07:cf:74:34:1c:07:99:f7:
         20:66:74:db:ae:bb:01:95:55:8a:c2:c7:a3:65:db:7d:ff:cb:
         2b:db:e1:4b:31:76:5e:3f:f3:44:ad:3d:63:9c:92:b0:a3:a7:
         fc:58:2c:db:23:0d:44:9b:a2:e7:da:86:b3:0b:96:bd:e7:50:
         38:91:51:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3s85BZyLR4y5YI4ibsNvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzU4NjEyMTBkYzM4YmRiYWViNDc3ZDZkYTcxOTY2NGE4
NGE2YmMwHhcNMjQwMTAyMDYzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDI1YzgzMTVhMjI0MjIwOTUyZWE4NGVhN2Y5ZjBjNjczNWRlNDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUQ8c3EltvNYcK461nJr5qXlcZAl
qnwhFEtqkGUwfaivHpPWCbDlbQNqn3Ey1u1GLrZ2vgM8xzf1ByABfqx0oZquouya
X/r+phP2+XiqISUYahfSS34B+iCgzuksLWb4uMZhwywh6fQQYxuIbh8/yFt8M9V3
b2ikFBm9nWksxM3xdcqQ2h97o3889nyE6ShrhQ5/pofKAGZqEefkOFv+cuJoTVjT
TZ2PvnAIkTfGqGXHacv4MD1VxZMzbHpqxPascrTgC28YhDBsKUJ+yyOd2IHleM80
W1ygg0WypR3VN2gPSpYTCmYYZAeprvNAc41c9HUjh+3cOuDTslpl/WPaFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKAlyDFaIkIglS6oTqf58MZzXeSbMB8GA1UdIwQY
MBaAFOLFhhIQ3Di9uutHfW2nGWZKhKa8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNXR0VoRGNPTDI2NjBkOWJhY1paa3FFcHJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmRiMDgtYzg0NS00MWFiLWEwOGEt
MzM3NTYxN2Q0ZWZkLzEvb0NYSU1Wb2lRaUNWTHFoT3Bfbnd4bk5kNUpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmRiMDgtYzg0NS00MWFiLWEwOGEtMzM3NTYxN2Q0ZWZk
LzEvNHNXR0VoRGNPTDI2NjBkOWJhY1paa3FFcHJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+KxMA0G
CSqGSIb3DQEBCwUAA4IBAQAfpmdvA57b/j24OP8IEboElmixk1m/0TT8MuMkAuOz
LvNXY1LmWOUy2yxaYUFkvlMEu90UV8kIE8Fbjiq01IhgnDkHYbU5flGXjUJi5tXG
RYe+iLPOooIB+1xK7z2bofwG041Jck5P7dS3SpT8kJKYAR6Hy0C+bDzQk9zHMlSh
WZsuduxqKU2EfkxWBxGEOYP2JBJKSUFx0NVxLlpDVGN5Iqp1YOmFEjOH3XTIK9oF
f+wdZns0f/FM7TPFy4zNB890NBwHmfcgZnTbrrsBlVWKwsejZdt9/8sr2+FLMXZe
P/NErT1jnJKwo6f8WCzbIw1Em6Ln2oazC5a951A4kVH5
-----END CERTIFICATE-----