Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/3e802e-fab8-44fc-991b-2b50693dbf95/1/O4m-l_mn-SXBJ8ny6TCWzxEUenc.roa
File:                     O4m-l_mn-SXBJ8ny6TCWzxEUenc.roa (raw, json)
Hash identifier:          Hk9R34JgDPP+p573JWdk27fbNW4mB+XxaIUIKnJSlYQ=
Subject key identifier:   3B:89:BE:97:F9:A7:F9:25:C1:27:C9:F2:E9:30:96:CF:11:14:7A:77
Certificate issuer:       /CN=aae6ab047bc73296c9715bcbaeae2e918316b78a
Certificate serial:       018D176334F60DD725CA7645213A24C9306A
Authority key identifier: AA:E6:AB:04:7B:C7:32:96:C9:71:5B:CB:AE:AE:2E:91:83:16:B7:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/quarBHvHMpbJcVvLrq4ukYMWt4o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/3e802e-fab8-44fc-991b-2b50693dbf95/1/O4m-l_mn-SXBJ8ny6TCWzxEUenc.roa
Signing time:             Wed 17 Jan 2024 12:26:34 +0000
ROA not before:           Wed 17 Jan 2024 12:26:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61971
IP address blocks:        91.226.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/3e802e-fab8-44fc-991b-2b50693dbf95/1/quarBHvHMpbJcVvLrq4ukYMWt4o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/3e802e-fab8-44fc-991b-2b50693dbf95/1/quarBHvHMpbJcVvLrq4ukYMWt4o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/quarBHvHMpbJcVvLrq4ukYMWt4o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:02:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:17:63:34:f6:0d:d7:25:ca:76:45:21:3a:24:c9:30:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aae6ab047bc73296c9715bcbaeae2e918316b78a
        Validity
            Not Before: Jan 17 12:26:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b89be97f9a7f925c127c9f2e93096cf11147a77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:49:d7:87:c7:7f:96:bf:41:f2:3a:12:62:7a:
                    07:db:d1:0e:e1:a0:7f:28:df:53:47:02:ba:b3:c3:
                    d5:44:fe:2e:b2:9b:e5:a3:68:f2:a0:41:3d:2c:01:
                    a5:d3:29:b7:4c:35:7e:b4:78:84:ee:df:12:ad:91:
                    b7:bf:1c:00:f7:1e:34:68:9f:30:42:60:f6:ae:de:
                    53:d9:0d:77:09:bc:a1:3a:77:6b:0d:ef:c5:66:14:
                    23:7a:56:db:e6:54:7e:63:b5:68:91:7b:5c:ef:12:
                    ac:9c:1e:2b:2f:ee:a9:03:43:df:e1:2e:de:18:64:
                    f5:a0:78:38:71:84:84:dd:6b:d6:00:42:94:c8:31:
                    54:78:3f:0e:7f:50:90:bd:04:90:2b:6a:23:32:0c:
                    eb:00:d1:e3:f1:da:de:9d:72:2d:f0:43:94:7a:d1:
                    8c:38:7f:ed:5f:4e:a6:8c:a3:e8:cf:3a:e3:61:26:
                    c6:21:8f:5d:35:a1:4d:e9:2e:0a:ea:41:46:aa:4a:
                    1c:a7:a8:dc:aa:1c:1e:4e:dd:ef:ec:97:90:ed:08:
                    59:10:10:f5:71:b6:af:71:7a:f0:76:53:d6:d5:b1:
                    d8:94:f8:19:2f:ff:48:e1:39:50:16:09:83:50:67:
                    7d:8e:96:57:04:20:98:9a:90:4c:13:1b:68:d6:5e:
                    94:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:89:BE:97:F9:A7:F9:25:C1:27:C9:F2:E9:30:96:CF:11:14:7A:77
            X509v3 Authority Key Identifier:
                keyid:AA:E6:AB:04:7B:C7:32:96:C9:71:5B:CB:AE:AE:2E:91:83:16:B7:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/quarBHvHMpbJcVvLrq4ukYMWt4o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/3e802e-fab8-44fc-991b-2b50693dbf95/1/O4m-l_mn-SXBJ8ny6TCWzxEUenc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/3e802e-fab8-44fc-991b-2b50693dbf95/1/quarBHvHMpbJcVvLrq4ukYMWt4o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:c3:3e:dc:bb:3a:c2:b9:05:76:02:49:02:91:b1:f0:ed:10:
         79:a6:fc:de:8b:5d:09:c7:69:55:93:2b:ab:89:8a:1b:29:68:
         00:03:62:4d:5b:23:6c:0e:3b:d3:b6:60:70:61:4f:e5:b0:12:
         c9:38:ec:a4:79:f7:07:f6:a0:24:f3:05:74:18:ee:21:3f:ba:
         ff:25:60:d9:d8:30:3b:67:e2:72:77:6a:a8:cd:9d:ef:d4:0d:
         ea:5f:89:30:a9:e7:10:06:96:21:ec:45:68:15:ce:ef:9d:20:
         7c:a6:1e:b1:b8:7c:11:7e:c6:11:e7:61:90:ab:59:6a:b8:37:
         ac:8c:4d:be:78:91:33:73:c7:14:b1:67:0d:75:11:1a:73:ce:
         b8:ea:86:4c:9f:3b:b3:dd:27:a3:fa:78:d7:0d:4a:d3:9f:63:
         1c:3a:f5:fc:f1:44:23:d1:da:3e:02:4f:10:dd:61:57:44:89:
         11:a5:d3:0f:66:6b:4c:9e:01:1c:5d:e6:f2:db:36:28:db:65:
         2c:da:5a:2f:31:75:6c:7e:6d:d8:e1:78:51:7f:4d:34:6a:ba:
         0a:02:8e:d4:b5:81:04:23:22:1e:0d:9f:ec:ae:60:e3:37:5b:
         eb:2c:df:da:16:2b:ce:8e:d3:38:e5:45:70:fa:9a:b2:b9:a5:
         d4:1c:44:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0XYzT2DdclynZFITokyTBqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhZTZhYjA0N2JjNzMyOTZjOTcxNWJjYmFlYWUyZTkxODMx
NmI3OGEwHhcNMjQwMTE3MTIyNjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjg5YmU5N2Y5YTdmOTI1YzEyN2M5ZjJlOTMwOTZjZjExMTQ3YTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUnXh8d/lr9B8joSYnoH29EO4aB/
KN9TRwK6s8PVRP4uspvlo2jyoEE9LAGl0ym3TDV+tHiE7t8SrZG3vxwA9x40aJ8w
QmD2rt5T2Q13CbyhOndrDe/FZhQjelbb5lR+Y7VokXtc7xKsnB4rL+6pA0Pf4S7e
GGT1oHg4cYSE3WvWAEKUyDFUeD8Of1CQvQSQK2ojMgzrANHj8drenXIt8EOUetGM
OH/tX06mjKPozzrjYSbGIY9dNaFN6S4K6kFGqkocp6jcqhweTt3v7JeQ7QhZEBD1
cbavcXrwdlPW1bHYlPgZL/9I4TlQFgmDUGd9jpZXBCCYmpBMExto1l6UiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDuJvpf5p/klwSfJ8ukwls8RFHp3MB8GA1UdIwQY
MBaAFKrmqwR7xzKWyXFby66uLpGDFreKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXVhckJIdkhNcGJKY1Z2THJxNHVrWU1XdDRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8zZTgwMmUtZmFiOC00NGZjLTk5MWIt
MmI1MDY5M2RiZjk1LzEvTzRtLWxfbW4tU1hCSjhueTZUQ1d6eEVVZW5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8zZTgwMmUtZmFiOC00NGZjLTk5MWItMmI1MDY5M2RiZjk1
LzEvcXVhckJIdkhNcGJKY1Z2THJxNHVrWU1XdDRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+KIMA0G
CSqGSIb3DQEBCwUAA4IBAQBuwz7cuzrCuQV2AkkCkbHw7RB5pvzei10Jx2lVkyur
iYobKWgAA2JNWyNsDjvTtmBwYU/lsBLJOOykefcH9qAk8wV0GO4hP7r/JWDZ2DA7
Z+Jyd2qozZ3v1A3qX4kwqecQBpYh7EVoFc7vnSB8ph6xuHwRfsYR52GQq1lquDes
jE2+eJEzc8cUsWcNdREac8646oZMnzuz3Sej+njXDUrTn2McOvX88UQj0do+Ak8Q
3WFXRIkRpdMPZmtMngEcXeby2zYo22Us2lovMXVsfm3Y4XhRf000aroKAo7UtYEE
IyIeDZ/srmDjN1vrLN/aFivOjtM45UVw+pqyuaXUHETr
-----END CERTIFICATE-----