Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/dd8878-2941-4c15-b204-8fc33737ceab/1/13rU8nhg31f282Ufq4fY9epK_mk.roa
File:                     13rU8nhg31f282Ufq4fY9epK_mk.roa (raw, json)
Hash identifier:          71Un032C55jpwedQZGjeiCXgaYcH9RkzCt+gCgI2Wak=
Subject key identifier:   D7:7A:D4:F2:78:60:DF:57:F6:F3:65:1F:AB:87:D8:F5:EA:4A:FE:69
Certificate issuer:       /CN=a20cc67154b403145d139469886127ab629eb928
Certificate serial:       01942521FFCA3E7942DF11CDB46E47065FD1
Authority key identifier: A2:0C:C6:71:54:B4:03:14:5D:13:94:69:88:61:27:AB:62:9E:B9:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ogzGcVS0AxRdE5RpiGEnq2KeuSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/dd8878-2941-4c15-b204-8fc33737ceab/1/13rU8nhg31f282Ufq4fY9epK_mk.roa
Signing time:             Thu 02 Jan 2025 03:49:32 +0000
ROA not before:           Thu 02 Jan 2025 03:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198949
IP address blocks:        91.208.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/dd8878-2941-4c15-b204-8fc33737ceab/1/ogzGcVS0AxRdE5RpiGEnq2KeuSg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/dd8878-2941-4c15-b204-8fc33737ceab/1/ogzGcVS0AxRdE5RpiGEnq2KeuSg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ogzGcVS0AxRdE5RpiGEnq2KeuSg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:ff:ca:3e:79:42:df:11:cd:b4:6e:47:06:5f:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a20cc67154b403145d139469886127ab629eb928
        Validity
            Not Before: Jan  2 03:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d77ad4f27860df57f6f3651fab87d8f5ea4afe69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:3c:af:c5:a8:53:9e:02:b3:6d:8a:1c:ec:b4:
                    d0:a9:ec:41:8a:a7:ed:b0:08:88:cd:5e:04:02:1e:
                    20:45:36:cd:d6:0c:7d:63:04:10:11:2a:6a:75:aa:
                    78:54:ec:fc:b5:94:09:53:9c:b6:69:a8:8c:d7:96:
                    a3:79:ac:c6:7a:78:a0:7a:08:21:b9:b7:99:c0:4b:
                    d7:b6:91:ab:80:e3:60:6c:e8:37:da:b2:aa:ac:41:
                    69:08:fb:a0:47:ea:8b:9f:58:c6:71:81:9d:f6:70:
                    c2:f0:bc:36:0d:79:f0:ea:5b:b5:da:0f:c0:28:24:
                    86:aa:39:44:b7:66:d1:6d:cd:3b:07:e3:f1:a8:17:
                    40:39:de:50:12:e3:9d:e9:74:ed:91:0f:f9:75:a5:
                    aa:17:06:d0:fd:39:e1:9f:b8:12:71:bb:5b:76:56:
                    b7:55:7d:5f:60:4a:07:97:7e:2b:32:c7:7f:11:c3:
                    bd:3d:13:41:47:92:ff:07:77:fc:8f:46:8f:c1:42:
                    8d:2c:d1:2e:ef:60:60:e9:ec:ae:44:75:6a:1f:e1:
                    19:56:78:e7:9a:6b:d5:7a:00:a0:28:17:65:1f:73:
                    74:b5:a5:58:ba:d9:86:54:04:24:95:9b:fd:0f:6a:
                    f6:57:46:d9:1f:9c:bb:1b:a1:d1:66:f6:06:31:83:
                    48:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:7A:D4:F2:78:60:DF:57:F6:F3:65:1F:AB:87:D8:F5:EA:4A:FE:69
            X509v3 Authority Key Identifier:
                keyid:A2:0C:C6:71:54:B4:03:14:5D:13:94:69:88:61:27:AB:62:9E:B9:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ogzGcVS0AxRdE5RpiGEnq2KeuSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/dd8878-2941-4c15-b204-8fc33737ceab/1/13rU8nhg31f282Ufq4fY9epK_mk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/dd8878-2941-4c15-b204-8fc33737ceab/1/ogzGcVS0AxRdE5RpiGEnq2KeuSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:e7:ff:0f:4a:89:30:38:24:4d:f8:21:59:d4:c7:4d:6a:b7:
         df:f0:bd:59:b4:1f:dd:4c:10:19:bf:c5:36:47:bb:f0:3a:9e:
         b7:3d:04:50:92:2d:f3:65:24:7b:ce:f4:31:4f:08:2b:b9:f3:
         65:78:69:8f:ef:cd:a6:52:ba:a6:b1:7a:4b:43:ce:93:92:54:
         7d:94:59:b9:39:d4:b6:90:26:f2:a9:66:10:46:63:b7:d2:10:
         ed:d5:8e:f8:a5:61:f5:fb:cd:40:f2:10:d4:52:d3:76:fe:f4:
         17:56:e2:d7:a0:16:47:1d:de:9e:4e:ec:af:cf:1a:9e:ce:e8:
         ae:49:ef:f4:5b:b5:dd:f0:62:22:b1:72:b6:34:7e:97:43:7b:
         e0:ce:e1:86:24:be:49:01:2a:2e:79:ff:d8:54:99:21:7e:8e:
         a2:41:c4:a6:f1:7a:b4:2d:34:b4:03:13:bc:d0:49:15:e8:44:
         88:3d:58:93:4e:53:25:68:0b:5d:83:23:72:a1:d3:06:88:99:
         f1:81:e6:46:ee:dc:31:15:85:a4:ff:f2:33:53:01:33:16:27:
         12:4a:d6:d2:17:7f:06:6c:d7:ac:a0:ca:16:6c:fd:59:47:c0:
         37:bc:df:23:d2:b5:75:76:11:77:a2:4e:ed:1b:a1:d9:1b:26:
         7c:5e:2a:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIf/KPnlC3xHNtG5HBl/RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMGNjNjcxNTRiNDAzMTQ1ZDEzOTQ2OTg4NjEyN2FiNjI5
ZWI5MjgwHhcNMjUwMTAyMDM0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzdhZDRmMjc4NjBkZjU3ZjZmMzY1MWZhYjg3ZDhmNWVhNGFmZTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTyvxahTngKzbYoc7LTQqexBiqft
sAiIzV4EAh4gRTbN1gx9YwQQESpqdap4VOz8tZQJU5y2aaiM15ajeazGenigeggh
ubeZwEvXtpGrgONgbOg32rKqrEFpCPugR+qLn1jGcYGd9nDC8Lw2DXnw6lu12g/A
KCSGqjlEt2bRbc07B+PxqBdAOd5QEuOd6XTtkQ/5daWqFwbQ/Tnhn7gScbtbdla3
VX1fYEoHl34rMsd/EcO9PRNBR5L/B3f8j0aPwUKNLNEu72Bg6eyuRHVqH+EZVnjn
mmvVegCgKBdlH3N0taVYutmGVAQklZv9D2r2V0bZH5y7G6HRZvYGMYNI0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNd61PJ4YN9X9vNlH6uH2PXqSv5pMB8GA1UdIwQY
MBaAFKIMxnFUtAMUXROUaYhhJ6tinrkoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2d6R2NWUzBBeFJkRTVScGlHRW5xMktldVNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9kZDg4NzgtMjk0MS00YzE1LWIyMDQt
OGZjMzM3MzdjZWFiLzEvMTNyVThuaGczMWYyODJVZnE0Zlk5ZXBLX21rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9kZDg4NzgtMjk0MS00YzE1LWIyMDQtOGZjMzM3MzdjZWFi
LzEvb2d6R2NWUzBBeFJkRTVScGlHRW5xMktldVNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9B2MA0G
CSqGSIb3DQEBCwUAA4IBAQA55/8PSokwOCRN+CFZ1MdNarff8L1ZtB/dTBAZv8U2
R7vwOp63PQRQki3zZSR7zvQxTwgrufNleGmP782mUrqmsXpLQ86TklR9lFm5OdS2
kCbyqWYQRmO30hDt1Y74pWH1+81A8hDUUtN2/vQXVuLXoBZHHd6eTuyvzxqezuiu
Se/0W7Xd8GIisXK2NH6XQ3vgzuGGJL5JASouef/YVJkhfo6iQcSm8Xq0LTS0AxO8
0EkV6ESIPViTTlMlaAtdgyNyodMGiJnxgeZG7twxFYWk//IzUwEzFicSStbSF38G
bNesoMoWbP1ZR8A3vN8j0rV1dhF3ok7tG6HZGyZ8Xiq4
-----END CERTIFICATE-----