Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/ea7121-5414-4484-9185-eec14c971c4d/1/QRLm6-40U0eO6nlDa8ORIcWCeso.roa
File:                     QRLm6-40U0eO6nlDa8ORIcWCeso.roa (raw, json)
Hash identifier:          NWFkC8ZO2u5HOMcBG4pihKC+dCvDu60Ev5rP3Llu/RE=
Subject key identifier:   41:12:E6:EB:EE:34:53:47:8E:EA:79:43:6B:C3:91:21:C5:82:7A:CA
Certificate issuer:       /CN=c91820b50007e41c53dd6029b37954d3572f4c29
Certificate serial:       018CCA29164B1620436E4C4638B85CFEA0CA
Authority key identifier: C9:18:20:B5:00:07:E4:1C:53:DD:60:29:B3:79:54:D3:57:2F:4C:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yRggtQAH5BxT3WAps3lU01cvTCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/ea7121-5414-4484-9185-eec14c971c4d/1/QRLm6-40U0eO6nlDa8ORIcWCeso.roa
Signing time:             Tue 02 Jan 2024 12:32:19 +0000
ROA not before:           Tue 02 Jan 2024 12:32:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48642
IP address blocks:        91.223.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/ea7121-5414-4484-9185-eec14c971c4d/1/yRggtQAH5BxT3WAps3lU01cvTCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/ea7121-5414-4484-9185-eec14c971c4d/1/yRggtQAH5BxT3WAps3lU01cvTCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yRggtQAH5BxT3WAps3lU01cvTCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:16:4b:16:20:43:6e:4c:46:38:b8:5c:fe:a0:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c91820b50007e41c53dd6029b37954d3572f4c29
        Validity
            Not Before: Jan  2 12:32:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4112e6ebee3453478eea79436bc39121c5827aca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:5e:8d:13:bb:48:18:af:f6:82:77:1c:85:4f:
                    01:2a:5b:fb:4d:a6:5a:0b:ec:0c:86:66:46:94:72:
                    be:5f:ae:28:e0:32:af:33:2b:22:73:5b:fd:50:0a:
                    7a:91:27:18:a5:23:62:f8:c8:c7:cc:3e:1e:7e:6d:
                    72:06:88:ce:50:38:e1:ed:11:07:30:11:21:15:46:
                    b4:b5:fa:c2:ed:95:e4:ed:dc:d3:db:78:7b:5a:f6:
                    69:40:f2:ef:89:4c:52:13:5e:9b:05:ce:21:7b:a7:
                    fb:d2:11:2f:21:be:37:02:c1:f7:04:90:c6:0d:38:
                    8d:e4:7d:17:2a:37:f1:d6:0e:9e:57:e5:a4:39:1a:
                    16:6d:bb:9b:0c:80:71:39:85:41:36:16:18:aa:48:
                    88:01:30:f6:14:69:6b:c1:61:b7:a7:db:e6:a8:a6:
                    6f:58:d9:11:73:30:fb:8f:85:ed:44:54:42:af:f1:
                    6f:60:5b:f1:55:a6:34:08:ba:56:8a:40:b8:97:34:
                    28:9a:66:34:8d:ba:55:79:56:05:1d:fa:9d:a2:a3:
                    8a:19:75:57:b2:65:8e:5f:b1:d1:09:74:22:e7:ba:
                    2b:98:cc:26:94:19:4b:e1:13:ca:9c:b1:9e:2f:04:
                    da:d6:5b:8b:5b:32:9c:7b:68:49:4b:d4:8f:6d:a7:
                    19:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:12:E6:EB:EE:34:53:47:8E:EA:79:43:6B:C3:91:21:C5:82:7A:CA
            X509v3 Authority Key Identifier:
                keyid:C9:18:20:B5:00:07:E4:1C:53:DD:60:29:B3:79:54:D3:57:2F:4C:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yRggtQAH5BxT3WAps3lU01cvTCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/ea7121-5414-4484-9185-eec14c971c4d/1/QRLm6-40U0eO6nlDa8ORIcWCeso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/ea7121-5414-4484-9185-eec14c971c4d/1/yRggtQAH5BxT3WAps3lU01cvTCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:2b:c1:75:1d:75:f9:09:f2:10:52:1c:35:14:c5:61:61:28:
         56:15:2c:a2:b9:50:bc:55:29:e7:2d:3d:2c:b5:70:e7:10:94:
         1e:31:08:22:8f:62:17:1a:0f:e5:ef:d0:3c:ee:07:4e:97:54:
         fe:0d:3c:c1:49:fd:a4:fc:3e:ce:2a:15:83:f6:3f:6f:70:58:
         27:46:a2:21:5e:2c:5b:c5:ad:50:e3:d1:3e:dc:4e:7e:f8:df:
         92:a9:71:4e:42:53:75:f2:43:c2:e9:b9:98:ef:bf:d6:bd:bc:
         d3:59:3b:9d:03:b9:0b:de:c7:cf:c7:27:0a:91:37:4f:1e:f5:
         c6:25:79:97:62:34:23:d7:ce:44:e7:6d:f7:d2:67:cb:aa:ef:
         4f:6a:16:49:f5:63:3c:24:4f:e0:51:f6:24:0c:4a:f6:0c:41:
         6c:f8:39:3a:a4:08:0b:43:a1:63:a4:71:21:6c:11:7a:98:3b:
         8c:b7:98:9f:6d:e7:90:74:74:47:c4:c2:fe:e7:d5:9a:38:2a:
         27:8a:9b:9a:ac:ad:58:39:9e:33:b6:98:74:f4:f4:8f:94:fd:
         21:60:e7:26:47:76:f1:5e:e1:8f:ea:51:43:53:0c:f3:43:fb:
         53:2d:96:1e:cc:39:4f:e9:58:d0:5c:75:b7:94:05:19:b1:5a:
         b9:6c:6a:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKRZLFiBDbkxGOLhc/qDKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5MTgyMGI1MDAwN2U0MWM1M2RkNjAyOWIzNzk1NGQzNTcy
ZjRjMjkwHhcNMjQwMTAyMTIzMjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTEyZTZlYmVlMzQ1MzQ3OGVlYTc5NDM2YmMzOTEyMWM1ODI3YWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm16NE7tIGK/2gncchU8BKlv7TaZa
C+wMhmZGlHK+X64o4DKvMysic1v9UAp6kScYpSNi+MjHzD4efm1yBojOUDjh7REH
MBEhFUa0tfrC7ZXk7dzT23h7WvZpQPLviUxSE16bBc4he6f70hEvIb43AsH3BJDG
DTiN5H0XKjfx1g6eV+WkORoWbbubDIBxOYVBNhYYqkiIATD2FGlrwWG3p9vmqKZv
WNkRczD7j4XtRFRCr/FvYFvxVaY0CLpWikC4lzQommY0jbpVeVYFHfqdoqOKGXVX
smWOX7HRCXQi57ormMwmlBlL4RPKnLGeLwTa1luLWzKce2hJS9SPbacZFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEES5uvuNFNHjup5Q2vDkSHFgnrKMB8GA1UdIwQY
MBaAFMkYILUAB+QcU91gKbN5VNNXL0wpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVJnZ3RRQUg1QnhUM1dBcHMzbFUwMWN2VENrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9lYTcxMjEtNTQxNC00NDg0LTkxODUt
ZWVjMTRjOTcxYzRkLzEvUVJMbTYtNDBVMGVPNm5sRGE4T1JJY1dDZXNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9lYTcxMjEtNTQxNC00NDg0LTkxODUtZWVjMTRjOTcxYzRk
LzEveVJnZ3RRQUg1QnhUM1dBcHMzbFUwMWN2VENrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9+qMA0G
CSqGSIb3DQEBCwUAA4IBAQCNK8F1HXX5CfIQUhw1FMVhYShWFSyiuVC8VSnnLT0s
tXDnEJQeMQgij2IXGg/l79A87gdOl1T+DTzBSf2k/D7OKhWD9j9vcFgnRqIhXixb
xa1Q49E+3E5++N+SqXFOQlN18kPC6bmY77/WvbzTWTudA7kL3sfPxycKkTdPHvXG
JXmXYjQj185E52330mfLqu9PahZJ9WM8JE/gUfYkDEr2DEFs+Dk6pAgLQ6FjpHEh
bBF6mDuMt5ifbeeQdHRHxML+59WaOConipuarK1YOZ4ztph09PSPlP0hYOcmR3bx
XuGP6lFDUwzzQ/tTLZYezDlP6VjQXHW3lAUZsVq5bGqD
-----END CERTIFICATE-----