Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/PtOtUYTbzICj-_1zm36_1Cs5EsM.roa
File:                     PtOtUYTbzICj-_1zm36_1Cs5EsM.roa (raw, json)
Hash identifier:          9fL2zC0bZ6RPW0z71q5Hy5yitoGs5zwYblsICBuM4pA=
Subject key identifier:   3E:D3:AD:51:84:DB:CC:80:A3:FB:FD:73:9B:7E:BF:D4:2B:39:12:C3
Certificate issuer:       /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial:       018ECC550216D252C256C1465CED57CC7C9C
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/PtOtUYTbzICj-_1zm36_1Cs5EsM.roa
Signing time:             Thu 11 Apr 2024 08:45:06 +0000
ROA not before:           Thu 11 Apr 2024 08:45:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215826
IP address blocks:        91.214.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:cc:55:02:16:d2:52:c2:56:c1:46:5c:ed:57:cc:7c:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
        Validity
            Not Before: Apr 11 08:45:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ed3ad5184dbcc80a3fbfd739b7ebfd42b3912c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:e3:66:1b:b9:46:88:81:0b:33:eb:23:f0:d0:
                    a4:54:0f:53:54:b2:fd:04:c7:18:fd:15:54:07:80:
                    6e:b6:f5:da:5a:55:ba:be:12:38:a3:b0:8c:9f:1c:
                    2f:c3:2e:e3:4e:f6:7c:87:9a:2d:83:63:c9:d2:61:
                    fe:cf:49:56:bb:87:c5:3b:59:ec:cb:a9:16:8c:f0:
                    38:ae:51:a0:e7:e3:bd:4c:ae:91:26:80:13:ee:80:
                    87:1d:19:58:07:2a:a8:75:2e:9a:c7:b8:fb:4d:bc:
                    b1:0a:8c:8c:1d:9f:92:20:ac:9d:b2:c6:62:1e:30:
                    95:ea:d8:18:1b:6c:a6:24:6a:c1:1a:04:4c:0c:8a:
                    18:85:49:62:a7:4b:aa:f8:b7:41:29:1a:8b:e2:5c:
                    96:a3:de:eb:ee:d8:17:3b:84:16:b2:b2:ac:35:11:
                    f4:43:75:b6:82:a9:10:62:95:30:21:44:0b:f6:c1:
                    64:b1:37:ee:14:a8:57:cf:64:a6:9b:e3:85:15:e8:
                    c7:77:40:5b:2c:0a:34:0f:a6:55:ff:9e:f2:18:ac:
                    2c:51:1f:0c:b3:94:22:48:bb:71:c2:13:15:cc:de:
                    a8:5a:2a:53:c4:bd:ee:b2:a2:bc:0b:43:50:22:c8:
                    c3:06:80:fa:dc:dd:b8:36:db:9b:d1:b3:93:f2:ed:
                    8b:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:D3:AD:51:84:DB:CC:80:A3:FB:FD:73:9B:7E:BF:D4:2B:39:12:C3
            X509v3 Authority Key Identifier:
                keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/PtOtUYTbzICj-_1zm36_1Cs5EsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.214.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:5f:0f:e6:db:da:0a:b9:bc:a9:64:39:26:f4:e3:ac:4f:ba:
         e1:64:b5:e5:6e:fd:1b:6c:2a:a2:cf:d4:8f:b1:e0:d3:5f:62:
         6c:d1:f4:65:2d:b3:07:4f:bf:7a:93:5b:49:63:30:f6:dc:7b:
         c3:d8:6f:df:e8:a9:3d:60:ae:18:0a:2a:93:dd:3c:5e:19:39:
         df:df:f7:c4:1c:ba:9d:f2:d5:97:f5:4b:34:bf:e4:cd:02:53:
         39:28:55:bc:46:17:20:73:e6:2f:9e:77:a3:9e:48:29:0a:34:
         79:b2:19:dd:26:9e:77:ad:a6:c1:d2:c4:c8:61:02:61:04:02:
         fd:e7:a8:8b:cb:8d:c2:24:08:05:ad:60:4f:e9:93:66:a2:98:
         79:2e:35:9e:ce:99:20:94:47:8a:cc:09:20:10:dd:5d:bf:db:
         4a:0c:d9:ac:a3:59:bd:93:2d:f6:0d:d8:0d:4a:cb:4f:76:9a:
         b2:14:11:27:44:32:45:03:7e:77:6e:ca:dc:f5:84:36:b8:84:
         76:e7:8e:2d:a7:7a:e8:eb:c9:b7:e5:74:21:89:d7:a9:09:71:
         1f:bc:ce:ff:e5:1d:45:de:b6:74:b7:6b:38:92:9b:71:86:3a:
         a0:f5:4c:84:51:cb:09:eb:3b:83:07:af:dd:ba:eb:7e:47:e5:
         85:d8:80:3f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY7MVQIW0lLCVsFGXO1XzHycMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMzJlOWY0YWEzMmFiYTczMTJmYWIwNTRiMTc0ZGNlOGM1
MTVjYTMwHhcNMjQwNDExMDg0NTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWQzYWQ1MTg0ZGJjYzgwYTNmYmZkNzM5YjdlYmZkNDJiMzkxMmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkONmG7lGiIELM+sj8NCkVA9TVLL9
BMcY/RVUB4ButvXaWlW6vhI4o7CMnxwvwy7jTvZ8h5otg2PJ0mH+z0lWu4fFO1ns
y6kWjPA4rlGg5+O9TK6RJoAT7oCHHRlYByqodS6ax7j7TbyxCoyMHZ+SIKydssZi
HjCV6tgYG2ymJGrBGgRMDIoYhUlip0uq+LdBKRqL4lyWo97r7tgXO4QWsrKsNRH0
Q3W2gqkQYpUwIUQL9sFksTfuFKhXz2Smm+OFFejHd0BbLAo0D6ZV/57yGKwsUR8M
s5QiSLtxwhMVzN6oWipTxL3usqK8C0NQIsjDBoD63N24Ntub0bOT8u2LswIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFD7TrVGE28yAo/v9c5t+v9QrORLDMB8GA1UdIwQY
MBaAFPsy6fSqMqunMS+rBUsXTc6MUVyjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS16THA5S295cTZjeEw2c0ZTeGROem94UlhLTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0
LTIwNjI0YjNjMTU3Zi8xL1B0T3RVWVRieklDai1fMXptMzZfMUNzNUVzTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0LTIwNjI0YjNjMTU3
Zi8xLzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABb1k4w
DQYJKoZIhvcNAQELBQADggEBAAdfD+bb2gq5vKlkOSb046xPuuFkteVu/RtsKqLP
1I+x4NNfYmzR9GUtswdPv3qTW0ljMPbce8PYb9/oqT1grhgKKpPdPF4ZOd/f98Qc
up3y1Zf1SzS/5M0CUzkoVbxGFyBz5i+ed6OeSCkKNHmyGd0mnnetpsHSxMhhAmEE
Av3nqIvLjcIkCAWtYE/pk2aimHkuNZ7OmSCUR4rMCSAQ3V2/20oM2ayjWb2TLfYN
2A1Ky092mrIUESdEMkUDfnduytz1hDa4hHbnji2neujrybfldCGJ16kJcR+8zv/l
HUXetnS3aziSm3GGOqD1TIRRywnrO4MHr926635H5YXYgD8=
-----END CERTIFICATE-----