Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/aa3661-deb3-45a4-8693-3881a8b827ac/1/ODhi5E2qw0vpUrSZxqC5wcC-apE.roa
File:                     ODhi5E2qw0vpUrSZxqC5wcC-apE.roa (raw, json)
Hash identifier:          Hbje0p0SujQmLjGDSqJqCfV+tt+S43MZPp6I9HCRnBc=
Subject key identifier:   38:38:62:E4:4D:AA:C3:4B:E9:52:B4:99:C6:A0:B9:C1:C0:BE:6A:91
Certificate issuer:       /CN=41fc55ee2488fb9401c4b668abac54110ebb8092
Certificate serial:       018CC7935E2AA5DA78E1ABA6BCC4FAE57A27
Authority key identifier: 41:FC:55:EE:24:88:FB:94:01:C4:B6:68:AB:AC:54:11:0E:BB:80:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QfxV7iSI-5QBxLZoq6xUEQ67gJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/aa3661-deb3-45a4-8693-3881a8b827ac/1/ODhi5E2qw0vpUrSZxqC5wcC-apE.roa
Signing time:             Tue 02 Jan 2024 00:29:32 +0000
ROA not before:           Tue 02 Jan 2024 00:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50246
IP address blocks:        91.227.187.0/24 maxlen: 24
                          193.29.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/aa3661-deb3-45a4-8693-3881a8b827ac/1/QfxV7iSI-5QBxLZoq6xUEQ67gJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/aa3661-deb3-45a4-8693-3881a8b827ac/1/QfxV7iSI-5QBxLZoq6xUEQ67gJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QfxV7iSI-5QBxLZoq6xUEQ67gJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:5e:2a:a5:da:78:e1:ab:a6:bc:c4:fa:e5:7a:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41fc55ee2488fb9401c4b668abac54110ebb8092
        Validity
            Not Before: Jan  2 00:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=383862e44daac34be952b499c6a0b9c1c0be6a91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:51:99:3a:43:e3:df:72:12:14:5f:c0:72:9a:
                    08:e2:e6:42:c1:89:4d:d1:86:86:de:b2:cf:21:3c:
                    17:b4:06:2a:2c:1b:c5:ac:81:17:06:d4:95:5b:b3:
                    11:d8:c5:fb:50:fe:a8:b5:6b:da:ac:15:cb:75:57:
                    d4:70:78:b2:e4:4a:9c:60:38:b1:1a:4f:70:90:e5:
                    e6:c6:bc:74:23:98:ca:38:20:57:6c:a5:22:f1:e2:
                    6a:d7:ea:ab:84:b7:78:2d:c5:f8:55:23:cb:27:b3:
                    34:c3:c3:d2:bd:fe:15:23:8a:d1:e6:26:8b:b4:cc:
                    20:3b:c9:af:a0:83:ab:91:88:0c:9d:c7:a4:34:9c:
                    2d:12:e7:89:c8:c1:9f:95:37:65:9e:61:f2:d6:d7:
                    ba:66:1c:3e:ec:e4:46:47:c0:b0:0a:eb:f2:f2:72:
                    b7:9b:02:2e:b0:47:bf:d8:c5:ed:f8:27:33:fe:14:
                    89:dc:2d:26:8e:e3:a0:d6:10:39:d5:61:e1:62:e1:
                    6a:be:6f:75:d0:bd:95:91:2b:f0:58:c7:b7:38:e1:
                    9c:a1:9f:e1:ac:30:d3:a1:66:c5:9e:1d:69:97:c0:
                    40:0d:88:27:cf:16:32:f4:90:1d:8a:2d:2e:7f:b7:
                    7a:32:81:63:8f:bc:b4:3c:a0:15:e3:04:85:04:1a:
                    e8:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:38:62:E4:4D:AA:C3:4B:E9:52:B4:99:C6:A0:B9:C1:C0:BE:6A:91
            X509v3 Authority Key Identifier:
                keyid:41:FC:55:EE:24:88:FB:94:01:C4:B6:68:AB:AC:54:11:0E:BB:80:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QfxV7iSI-5QBxLZoq6xUEQ67gJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/aa3661-deb3-45a4-8693-3881a8b827ac/1/ODhi5E2qw0vpUrSZxqC5wcC-apE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/aa3661-deb3-45a4-8693-3881a8b827ac/1/QfxV7iSI-5QBxLZoq6xUEQ67gJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.187.0/24
                  193.29.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:ef:ca:83:3a:e5:c9:b0:c8:d6:b9:ff:0d:a1:93:71:16:7c:
         bf:f5:d8:2f:f6:29:d4:d9:85:03:dd:31:93:91:28:6e:9d:ca:
         2a:24:56:fb:50:50:03:9c:a5:6e:2f:5a:80:ac:ae:74:a5:cf:
         a8:c1:40:d3:c8:49:ac:29:74:42:da:25:3b:78:68:37:61:eb:
         ed:fd:6c:ac:c0:33:fc:8b:f0:a5:92:07:e3:e7:25:6f:e1:f1:
         3d:21:92:07:d1:bf:89:ef:7f:67:6f:97:b6:bd:27:c1:42:48:
         b4:4a:f5:91:2e:b8:3f:df:37:85:2a:8a:ca:a6:6b:ed:5d:59:
         04:55:07:fb:5a:f1:10:59:6e:98:2d:c5:bf:74:de:f5:2d:d3:
         da:ce:e8:a2:69:9d:63:61:a9:be:a1:da:d0:b5:5f:81:ea:7e:
         73:84:c4:a5:1d:3c:30:ed:e0:16:a7:36:91:c2:0c:86:d0:87:
         2a:5b:cf:3b:24:4a:bc:25:fe:38:f5:ed:64:49:d9:f8:2f:32:
         e8:47:fb:2e:52:9c:b4:47:9d:d6:8e:70:01:85:54:27:88:fe:
         b7:93:08:91:22:d5:f8:b6:09:d8:29:97:5b:d0:6e:6b:d3:2c:
         f1:e5:60:11:c1:04:8b:27:b3:19:52:c7:85:83:d2:1c:ed:df:
         45:d9:54:42
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHk14qpdp44aumvMT65XonMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZmM1NWVlMjQ4OGZiOTQwMWM0YjY2OGFiYWM1NDExMGVi
YjgwOTIwHhcNMjQwMTAyMDAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODM4NjJlNDRkYWFjMzRiZTk1MmI0OTljNmEwYjljMWMwYmU2YTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5FGZOkPj33ISFF/AcpoI4uZCwYlN
0YaG3rLPITwXtAYqLBvFrIEXBtSVW7MR2MX7UP6otWvarBXLdVfUcHiy5EqcYDix
Gk9wkOXmxrx0I5jKOCBXbKUi8eJq1+qrhLd4LcX4VSPLJ7M0w8PSvf4VI4rR5iaL
tMwgO8mvoIOrkYgMncekNJwtEueJyMGflTdlnmHy1te6Zhw+7ORGR8CwCuvy8nK3
mwIusEe/2MXt+Ccz/hSJ3C0mjuOg1hA51WHhYuFqvm910L2VkSvwWMe3OOGcoZ/h
rDDToWbFnh1pl8BADYgnzxYy9JAdii0uf7d6MoFjj7y0PKAV4wSFBBroeQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDg4YuRNqsNL6VK0mcagucHAvmqRMB8GA1UdIwQY
MBaAFEH8Ve4kiPuUAcS2aKusVBEOu4CSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWZ4VjdpU0ktNVFCeExab3E2eFVFUTY3Z0pJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hYTM2NjEtZGViMy00NWE0LTg2OTMt
Mzg4MWE4YjgyN2FjLzEvT0RoaTVFMnF3MHZwVXJTWnhxQzV3Y0MtYXBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hYTM2NjEtZGViMy00NWE0LTg2OTMtMzg4MWE4YjgyN2Fj
LzEvUWZ4VjdpU0ktNVFCeExab3E2eFVFUTY3Z0pJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+O7AwQA
wR0mMA0GCSqGSIb3DQEBCwUAA4IBAQAi78qDOuXJsMjWuf8NoZNxFny/9dgv9inU
2YUD3TGTkShuncoqJFb7UFADnKVuL1qArK50pc+owUDTyEmsKXRC2iU7eGg3Yevt
/WyswDP8i/Clkgfj5yVv4fE9IZIH0b+J739nb5e2vSfBQki0SvWRLrg/3zeFKorK
pmvtXVkEVQf7WvEQWW6YLcW/dN71LdPazuiiaZ1jYam+odrQtV+B6n5zhMSlHTww
7eAWpzaRwgyG0IcqW887JEq8Jf449e1kSdn4LzLoR/suUpy0R53WjnABhVQniP63
kwiRItX4tgnYKZdb0G5r0yzx5WARwQSLJ7MZUseFg9Ic7d9F2VRC
-----END CERTIFICATE-----