Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/1eKDEzanldy-J3Qb2a4L9TCP2oI.roa
File:                     1eKDEzanldy-J3Qb2a4L9TCP2oI.roa (raw, json)
Hash identifier:          AefCrAYMKf/Kh3wl5A0tZpDGYgoDVg6TkEBgLLiVOes=
Subject key identifier:   D5:E2:83:13:36:A7:95:DC:BE:27:74:1B:D9:AE:0B:F5:30:8F:DA:82
Certificate issuer:       /CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Certificate serial:       0190C1644D30839951C8E97AB627873D446C
Authority key identifier: DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/1eKDEzanldy-J3Qb2a4L9TCP2oI.roa
Signing time:             Wed 17 Jul 2024 15:51:34 +0000
ROA not before:           Wed 17 Jul 2024 15:51:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48031
IP address blocks:        86.111.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c1:64:4d:30:83:99:51:c8:e9:7a:b6:27:87:3d:44:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
        Validity
            Not Before: Jul 17 15:51:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5e2831336a795dcbe27741bd9ae0bf5308fda82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:6e:54:30:56:9e:70:6f:2c:ff:0d:4d:8b:f6:
                    d0:e0:9a:2e:9c:29:dc:e3:99:9a:4f:16:41:3c:ec:
                    d1:b0:80:7b:4a:40:55:04:1b:aa:2a:64:49:0f:ed:
                    3f:43:4e:ef:44:eb:2b:5f:af:cf:cf:b2:b0:c1:78:
                    03:db:eb:49:18:40:a4:31:ff:0b:fb:29:9e:f5:75:
                    71:8e:b1:3c:dc:e0:6d:16:2e:21:96:12:b8:b0:86:
                    2a:06:c4:ff:81:cb:7d:8e:95:10:b3:49:bb:5d:d0:
                    f6:67:2f:5a:42:f8:b0:0a:9e:3c:34:cf:13:a3:24:
                    99:ee:f9:ce:ed:69:1a:87:ce:98:0c:e1:25:e1:46:
                    36:1c:80:26:64:4f:00:93:46:62:65:54:02:d8:19:
                    8e:fa:c4:49:05:c0:05:82:07:be:5e:4f:68:e6:1d:
                    ff:1b:80:69:fe:24:63:46:5b:89:ff:b4:7e:71:39:
                    51:66:9b:ee:1d:8d:7c:2b:9b:bb:22:a3:4a:19:2c:
                    f1:ef:ed:22:44:d7:4c:e6:d2:c4:3d:fa:a0:68:47:
                    5f:d9:0a:e5:a2:49:ea:d1:c7:86:ec:4e:82:8c:06:
                    57:12:c8:09:e0:d7:8b:e8:a0:9b:42:f7:d7:24:e3:
                    d5:96:99:60:cd:0f:df:2c:f1:7e:13:b2:c2:e9:02:
                    bc:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:E2:83:13:36:A7:95:DC:BE:27:74:1B:D9:AE:0B:F5:30:8F:DA:82
            X509v3 Authority Key Identifier:
                keyid:DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/1eKDEzanldy-J3Qb2a4L9TCP2oI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.111.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:0c:63:45:a8:77:bb:43:89:5e:45:1c:72:b5:ab:07:3c:25:
         95:7a:19:72:f6:2b:e6:ff:09:6e:9e:6e:a4:0b:ed:9b:9b:3a:
         9b:19:a8:f2:c5:63:c7:9e:31:80:d2:48:9f:cf:16:c3:60:07:
         98:88:a4:db:d6:6b:b9:de:bf:2b:61:57:91:21:af:df:44:da:
         54:51:1c:77:1d:8b:be:62:a4:3f:7f:97:cd:2c:3c:b9:03:47:
         bb:4e:1a:ed:6b:84:25:f7:b0:2d:01:77:2d:9c:8a:ed:08:8e:
         f0:de:43:fd:92:75:2a:97:7f:6d:d9:cb:eb:a2:18:ef:ce:d2:
         6e:d8:d8:be:7f:a5:bc:68:44:f5:8e:0b:50:df:07:b5:8c:ec:
         30:61:46:12:7d:8d:37:32:77:dc:e8:fa:a3:6c:e7:2f:be:77:
         d4:4a:84:6d:20:80:57:01:e0:cf:ab:f5:de:8e:e9:4a:74:57:
         57:42:06:d2:96:3e:d0:99:71:9b:01:ad:e5:ce:a1:46:c5:30:
         3f:43:4d:36:90:d4:43:07:f9:df:df:20:1d:74:27:82:86:83:
         81:43:e6:e5:e7:1c:72:ab:4a:86:36:9d:37:cc:ef:40:06:da:
         a3:28:f9:ea:ed:3e:aa:c1:65:b0:e4:53:3c:fb:49:9c:80:44:
         42:08:da:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDBZE0wg5lRyOl6tieHPURsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM5NmRmYTk1MWVjNDE1N2YyMTFlNWVkNzQwZWQ5N2Ux
YjBmM2YwHhcNMjQwNzE3MTU1MTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWUyODMxMzM2YTc5NWRjYmUyNzc0MWJkOWFlMGJmNTMwOGZkYTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzG5UMFaecG8s/w1Ni/bQ4JounCnc
45maTxZBPOzRsIB7SkBVBBuqKmRJD+0/Q07vROsrX6/Pz7KwwXgD2+tJGECkMf8L
+yme9XVxjrE83OBtFi4hlhK4sIYqBsT/gct9jpUQs0m7XdD2Zy9aQviwCp48NM8T
oySZ7vnO7Wkah86YDOEl4UY2HIAmZE8Ak0ZiZVQC2BmO+sRJBcAFgge+Xk9o5h3/
G4Bp/iRjRluJ/7R+cTlRZpvuHY18K5u7IqNKGSzx7+0iRNdM5tLEPfqgaEdf2Qrl
oknq0ceG7E6CjAZXEsgJ4NeL6KCbQvfXJOPVlplgzQ/fLPF+E7LC6QK8fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNXigxM2p5Xcvid0G9muC/Uwj9qCMB8GA1UdIwQY
MBaAFNuzlt+pUexBV/IR5e10Dtl+Gw8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMt
ZGY1NzJmZTk2NzJhLzEvMWVLREV6YW5sZHktSjNRYjJhNEw5VENQMm9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMtZGY1NzJmZTk2NzJh
LzEvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm/lMA0G
CSqGSIb3DQEBCwUAA4IBAQBiDGNFqHe7Q4leRRxytasHPCWVehly9ivm/wlunm6k
C+2bmzqbGajyxWPHnjGA0kifzxbDYAeYiKTb1mu53r8rYVeRIa/fRNpUURx3HYu+
YqQ/f5fNLDy5A0e7Thrta4Ql97AtAXctnIrtCI7w3kP9knUql39t2cvrohjvztJu
2Ni+f6W8aET1jgtQ3we1jOwwYUYSfY03Mnfc6PqjbOcvvnfUSoRtIIBXAeDPq/Xe
julKdFdXQgbSlj7QmXGbAa3lzqFGxTA/Q002kNRDB/nf3yAddCeChoOBQ+bl5xxy
q0qGNp03zO9ABtqjKPnq7T6qwWWw5FM8+0mcgERCCNpI
-----END CERTIFICATE-----