Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/1cf0a8-1be2-49fa-8151-df6cab4e45b4/1/L3-FAk-oPFOzcoZ4Ie6SSGRmSsE.roa
File:                     L3-FAk-oPFOzcoZ4Ie6SSGRmSsE.roa (raw, json)
Hash identifier:          2mlXgKlK+WYv/DjwaTOjuQPO1+kUe/Sdd6N5P1KnBBk=
Subject key identifier:   2F:7F:85:02:4F:A8:3C:53:B3:72:86:78:21:EE:92:48:64:66:4A:C1
Certificate issuer:       /CN=06188adfd16445a2a014e012e739bb812fe9cd0e
Certificate serial:       0192F762D2757B5E92D7FB2A293CEB2C2516
Authority key identifier: 06:18:8A:DF:D1:64:45:A2:A0:14:E0:12:E7:39:BB:81:2F:E9:CD:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BhiK39FkRaKgFOAS5zm7gS_pzQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/1cf0a8-1be2-49fa-8151-df6cab4e45b4/1/L3-FAk-oPFOzcoZ4Ie6SSGRmSsE.roa
Signing time:             Mon 04 Nov 2024 13:35:01 +0000
ROA not before:           Mon 04 Nov 2024 13:35:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213926
IP address blocks:        91.202.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/1cf0a8-1be2-49fa-8151-df6cab4e45b4/1/BhiK39FkRaKgFOAS5zm7gS_pzQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/1cf0a8-1be2-49fa-8151-df6cab4e45b4/1/BhiK39FkRaKgFOAS5zm7gS_pzQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BhiK39FkRaKgFOAS5zm7gS_pzQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:f7:62:d2:75:7b:5e:92:d7:fb:2a:29:3c:eb:2c:25:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06188adfd16445a2a014e012e739bb812fe9cd0e
        Validity
            Not Before: Nov  4 13:35:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f7f85024fa83c53b372867821ee924864664ac1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:18:f7:c6:0b:04:d2:f3:af:08:d4:48:86:68:
                    99:07:12:46:a1:7b:ff:00:06:bb:0b:31:b8:42:99:
                    60:78:a6:6e:a0:0c:15:77:c5:e5:b6:b8:e5:d6:d9:
                    53:5f:89:89:63:e3:3c:c8:e0:40:7f:b4:1b:35:69:
                    7c:a8:39:c1:1f:31:01:19:bb:19:8b:d4:0f:7b:f6:
                    3e:12:2d:f9:bb:1e:e2:a8:20:d0:61:15:b2:9c:11:
                    e0:62:52:10:46:53:98:8f:08:7a:33:06:9d:85:7a:
                    b9:33:90:cc:da:df:03:d7:b7:90:16:6e:5c:bb:1a:
                    b9:2d:16:15:02:fe:68:9f:24:d5:a7:29:86:a4:27:
                    e1:b7:14:59:25:07:01:fe:5b:70:bd:fc:c1:a3:c1:
                    6b:b0:9f:dd:e7:38:8a:9e:35:00:c1:e1:bc:a7:da:
                    c3:9e:dd:d9:f7:22:a2:f1:76:8a:1f:8a:9f:2c:9d:
                    97:41:17:f1:78:9b:99:de:14:be:15:8b:53:de:b6:
                    fb:a1:27:48:02:2f:53:64:63:83:9c:3a:6c:6d:c3:
                    20:68:da:08:85:04:78:9d:f8:bf:da:94:c2:94:26:
                    0d:52:84:db:53:ac:2d:a1:fe:00:4b:5c:dc:4b:fc:
                    37:40:f5:d7:d6:53:3e:c8:3d:f7:a9:af:fb:36:79:
                    27:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:7F:85:02:4F:A8:3C:53:B3:72:86:78:21:EE:92:48:64:66:4A:C1
            X509v3 Authority Key Identifier:
                keyid:06:18:8A:DF:D1:64:45:A2:A0:14:E0:12:E7:39:BB:81:2F:E9:CD:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BhiK39FkRaKgFOAS5zm7gS_pzQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/1cf0a8-1be2-49fa-8151-df6cab4e45b4/1/L3-FAk-oPFOzcoZ4Ie6SSGRmSsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/1cf0a8-1be2-49fa-8151-df6cab4e45b4/1/BhiK39FkRaKgFOAS5zm7gS_pzQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.202.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:c5:7f:7a:c5:92:07:99:17:fb:7f:fc:71:be:d2:00:4c:9c:
         24:61:4d:18:5c:ce:c5:10:5d:7a:d3:50:5f:57:e3:64:ff:ba:
         2c:a3:92:f0:b4:be:8d:01:0b:66:0a:82:27:5a:b1:58:1b:76:
         ae:89:b2:bc:b7:ad:e5:4a:00:76:3f:a6:4e:55:a2:d0:43:00:
         e1:d3:61:ae:9f:15:f9:81:70:55:a6:09:3f:b5:9f:99:65:d8:
         47:c0:47:59:52:f4:8c:b7:75:a6:e9:50:7b:d2:e2:b0:e0:f2:
         bf:b4:dd:32:70:2a:50:65:73:8c:2f:67:a2:6f:98:7a:55:80:
         c3:a9:45:04:d4:0b:e6:56:69:44:2e:90:0f:5e:95:ef:4c:b2:
         ae:41:f1:94:04:64:ce:77:5f:ee:71:5b:4e:52:4a:8e:fc:49:
         90:d2:f2:bf:bc:9b:5b:ff:5b:8c:d7:39:97:cf:4f:0f:af:e9:
         ea:5a:13:71:82:3e:0c:3d:89:4a:92:c2:d5:a8:91:e4:c9:d1:
         45:b0:fb:8c:6c:ca:57:0d:cc:bf:f2:58:72:92:1d:f6:c9:d1:
         ba:6e:1b:42:44:95:32:b0:12:76:df:e7:41:0f:7f:eb:dd:5b:
         48:1f:01:9a:d5:45:a5:23:47:c3:4d:88:04:88:5a:95:5e:26:
         c1:a6:d1:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZL3YtJ1e16S1/sqKTzrLCUWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2MTg4YWRmZDE2NDQ1YTJhMDE0ZTAxMmU3MzliYjgxMmZl
OWNkMGUwHhcNMjQxMTA0MTMzNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjdmODUwMjRmYTgzYzUzYjM3Mjg2NzgyMWVlOTI0ODY0NjY0YWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwRj3xgsE0vOvCNRIhmiZBxJGoXv/
AAa7CzG4QplgeKZuoAwVd8Xltrjl1tlTX4mJY+M8yOBAf7QbNWl8qDnBHzEBGbsZ
i9QPe/Y+Ei35ux7iqCDQYRWynBHgYlIQRlOYjwh6MwadhXq5M5DM2t8D17eQFm5c
uxq5LRYVAv5onyTVpymGpCfhtxRZJQcB/ltwvfzBo8FrsJ/d5ziKnjUAweG8p9rD
nt3Z9yKi8XaKH4qfLJ2XQRfxeJuZ3hS+FYtT3rb7oSdIAi9TZGODnDpsbcMgaNoI
hQR4nfi/2pTClCYNUoTbU6wtof4AS1zcS/w3QPXX1lM+yD33qa/7NnknnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC9/hQJPqDxTs3KGeCHukkhkZkrBMB8GA1UdIwQY
MBaAFAYYit/RZEWioBTgEuc5u4Ev6c0OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmhpSzM5RmtSYUtnRk9BUzV6bTdnU19welE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS8xY2YwYTgtMWJlMi00OWZhLTgxNTEt
ZGY2Y2FiNGU0NWI0LzEvTDMtRkFrLW9QRk96Y29aNEllNlNTR1JtU3NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS8xY2YwYTgtMWJlMi00OWZhLTgxNTEtZGY2Y2FiNGU0NWI0
LzEvQmhpSzM5RmtSYUtnRk9BUzV6bTdnU19welE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8roMA0G
CSqGSIb3DQEBCwUAA4IBAQA9xX96xZIHmRf7f/xxvtIATJwkYU0YXM7FEF1601Bf
V+Nk/7oso5LwtL6NAQtmCoInWrFYG3auibK8t63lSgB2P6ZOVaLQQwDh02GunxX5
gXBVpgk/tZ+ZZdhHwEdZUvSMt3Wm6VB70uKw4PK/tN0ycCpQZXOML2eib5h6VYDD
qUUE1AvmVmlELpAPXpXvTLKuQfGUBGTOd1/ucVtOUkqO/EmQ0vK/vJtb/1uM1zmX
z08Pr+nqWhNxgj4MPYlKksLVqJHkydFFsPuMbMpXDcy/8lhykh32ydG6bhtCRJUy
sBJ23+dBD3/r3VtIHwGa1UWlI0fDTYgEiFqVXibBptGq
-----END CERTIFICATE-----