Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/73c15a-352b-4c09-9af1-3b82e43cf293/1/1d9xdX-6LwP8SUo_Tb1sycd8X1g.roa
File:                     1d9xdX-6LwP8SUo_Tb1sycd8X1g.roa (raw, json)
Hash identifier:          VVRc5jiDNY31p9kfN3OfNGOpIo4fAqLyQ1tYMqI66cA=
Subject key identifier:   D5:DF:71:75:7F:BA:2F:03:FC:49:4A:3F:4D:BD:6C:C9:C7:7C:5F:58
Certificate issuer:       /CN=51f2045386969d11c741c3b545e02a00c1252f71
Certificate serial:       018CC794431C77DBE746506391518542913B
Authority key identifier: 51:F2:04:53:86:96:9D:11:C7:41:C3:B5:45:E0:2A:00:C1:25:2F:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UfIEU4aWnRHHQcO1ReAqAMElL3E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/73c15a-352b-4c09-9af1-3b82e43cf293/1/1d9xdX-6LwP8SUo_Tb1sycd8X1g.roa
Signing time:             Tue 02 Jan 2024 00:30:31 +0000
ROA not before:           Tue 02 Jan 2024 00:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56744
IP address blocks:        91.238.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/73c15a-352b-4c09-9af1-3b82e43cf293/1/UfIEU4aWnRHHQcO1ReAqAMElL3E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/73c15a-352b-4c09-9af1-3b82e43cf293/1/UfIEU4aWnRHHQcO1ReAqAMElL3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UfIEU4aWnRHHQcO1ReAqAMElL3E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:43:1c:77:db:e7:46:50:63:91:51:85:42:91:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51f2045386969d11c741c3b545e02a00c1252f71
        Validity
            Not Before: Jan  2 00:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5df71757fba2f03fc494a3f4dbd6cc9c77c5f58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:0c:8f:36:ee:4b:f4:a0:86:08:d0:fb:01:1f:
                    28:e0:4c:ce:93:d6:dd:63:6f:cd:d1:91:5b:1d:e2:
                    db:5e:f2:98:95:eb:a8:2e:a6:cb:12:4e:5e:b2:99:
                    76:80:8f:b0:8e:cd:89:fd:45:0b:20:45:53:39:85:
                    ec:dd:89:89:81:50:3e:1c:6a:1a:eb:35:e6:39:3f:
                    08:f9:ad:cb:d9:14:b8:1e:6f:53:70:d4:36:49:d8:
                    24:d1:21:f9:75:e5:5e:15:fa:ef:ed:84:90:3f:34:
                    32:82:99:15:44:0c:7c:4a:2d:61:4c:8d:74:be:aa:
                    d9:7c:c3:5d:d0:39:2f:10:90:d1:6a:cf:52:9a:25:
                    15:59:e4:16:be:e9:db:5b:b1:57:1d:af:8f:7a:52:
                    d7:4a:df:5a:86:4e:a5:b3:06:ed:ce:c3:2e:c6:1f:
                    3d:f8:93:a7:a6:35:d0:65:b6:e7:7a:a7:77:89:10:
                    a7:a6:79:7b:15:cf:e4:94:5a:ca:ed:27:c5:65:1f:
                    13:ae:ae:ca:13:41:9d:65:3c:c2:bd:75:46:bc:68:
                    02:b0:13:a7:27:23:7e:5c:08:f5:c1:7c:cd:29:f3:
                    2c:46:10:42:c1:8a:f3:ec:4c:8c:76:cf:ab:6e:5c:
                    5d:bd:d5:31:9f:76:a5:d5:94:c8:65:d9:d8:2e:fe:
                    b9:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:DF:71:75:7F:BA:2F:03:FC:49:4A:3F:4D:BD:6C:C9:C7:7C:5F:58
            X509v3 Authority Key Identifier:
                keyid:51:F2:04:53:86:96:9D:11:C7:41:C3:B5:45:E0:2A:00:C1:25:2F:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UfIEU4aWnRHHQcO1ReAqAMElL3E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/73c15a-352b-4c09-9af1-3b82e43cf293/1/1d9xdX-6LwP8SUo_Tb1sycd8X1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/73c15a-352b-4c09-9af1-3b82e43cf293/1/UfIEU4aWnRHHQcO1ReAqAMElL3E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:4d:9f:27:02:4d:06:ba:14:2a:af:7b:12:7e:1f:68:76:38:
         bf:2e:0d:f3:28:53:63:55:d1:d8:11:e1:c2:47:fa:74:64:78:
         7a:d3:ef:19:bb:5e:ae:e0:49:94:41:94:e5:b0:d0:8e:4f:2b:
         cd:cf:a6:03:8c:67:2d:28:b2:dd:86:7a:00:63:e6:5c:cb:42:
         66:a7:73:c2:e8:51:da:94:8a:78:6c:c7:43:72:68:17:51:53:
         19:da:b3:95:01:d7:c5:dd:ed:43:95:ab:a4:e0:17:c2:57:3e:
         53:15:3e:6c:74:a4:70:7b:07:3f:0b:3f:de:28:73:c3:af:14:
         40:e8:3b:70:1d:66:41:6c:ab:22:3a:e3:a6:56:88:2b:db:63:
         60:b3:83:10:9c:0b:e3:58:2c:ed:3e:c2:5e:a3:d5:88:04:59:
         b1:99:37:31:7b:52:95:8f:27:b0:21:d0:a1:15:ca:6e:7c:b0:
         4b:ec:85:d8:ae:1c:b3:d8:ec:9b:6e:42:6c:0e:b9:b2:18:a7:
         49:79:bf:ae:10:21:a5:c4:cd:5f:bc:53:8b:b3:d3:a1:8b:b8:
         09:12:0e:28:73:29:c9:8d:30:14:62:1a:b4:2f:e7:f0:5a:41:
         d1:f1:66:7a:f0:94:94:b6:86:e1:cf:63:d6:54:73:42:97:a7:
         93:fd:98:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlEMcd9vnRlBjkVGFQpE7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxZjIwNDUzODY5NjlkMTFjNzQxYzNiNTQ1ZTAyYTAwYzEy
NTJmNzEwHhcNMjQwMTAyMDAzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWRmNzE3NTdmYmEyZjAzZmM0OTRhM2Y0ZGJkNmNjOWM3N2M1ZjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhgyPNu5L9KCGCND7AR8o4EzOk9bd
Y2/N0ZFbHeLbXvKYleuoLqbLEk5espl2gI+wjs2J/UULIEVTOYXs3YmJgVA+HGoa
6zXmOT8I+a3L2RS4Hm9TcNQ2Sdgk0SH5deVeFfrv7YSQPzQygpkVRAx8Si1hTI10
vqrZfMNd0DkvEJDRas9SmiUVWeQWvunbW7FXHa+PelLXSt9ahk6lswbtzsMuxh89
+JOnpjXQZbbneqd3iRCnpnl7Fc/klFrK7SfFZR8Trq7KE0GdZTzCvXVGvGgCsBOn
JyN+XAj1wXzNKfMsRhBCwYrz7EyMds+rblxdvdUxn3al1ZTIZdnYLv65hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNXfcXV/ui8D/ElKP029bMnHfF9YMB8GA1UdIwQY
MBaAFFHyBFOGlp0Rx0HDtUXgKgDBJS9xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWZJRVU0YVduUkhIUWNPMVJlQXFBTUVsTDNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83M2MxNWEtMzUyYi00YzA5LTlhZjEt
M2I4MmU0M2NmMjkzLzEvMWQ5eGRYLTZMd1A4U1VvX1RiMXN5Y2Q4WDFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83M2MxNWEtMzUyYi00YzA5LTlhZjEtM2I4MmU0M2NmMjkz
LzEvVWZJRVU0YVduUkhIUWNPMVJlQXFBTUVsTDNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+7aMA0G
CSqGSIb3DQEBCwUAA4IBAQAmTZ8nAk0GuhQqr3sSfh9odji/Lg3zKFNjVdHYEeHC
R/p0ZHh60+8Zu16u4EmUQZTlsNCOTyvNz6YDjGctKLLdhnoAY+Zcy0Jmp3PC6FHa
lIp4bMdDcmgXUVMZ2rOVAdfF3e1Dlauk4BfCVz5TFT5sdKRwewc/Cz/eKHPDrxRA
6DtwHWZBbKsiOuOmVogr22Ngs4MQnAvjWCztPsJeo9WIBFmxmTcxe1KVjyewIdCh
FcpufLBL7IXYrhyz2OybbkJsDrmyGKdJeb+uECGlxM1fvFOLs9Ohi7gJEg4ocynJ
jTAUYhq0L+fwWkHR8WZ68JSUtobhz2PWVHNCl6eT/ZhC
-----END CERTIFICATE-----