Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/e4ccbb-fd61-4fc4-aabd-a1883c8b1fe4/1/0NzfJ5kgqtsE_AH_XFM3jgDcB2E.roa
File:                     0NzfJ5kgqtsE_AH_XFM3jgDcB2E.roa (raw, json)
Hash identifier:          ZqdfwHipq8xAEn69Ij0W0Owgk876vFfTK0Z47UPhKH0=
Subject key identifier:   D0:DC:DF:27:99:20:AA:DB:04:FC:01:FF:5C:53:37:8E:00:DC:07:61
Certificate issuer:       /CN=e2e4cfe47aed51ec71aa75f536189bad6e862deb
Certificate serial:       018CC9BA63D27B8B635E52F178D64D9ADF40
Authority key identifier: E2:E4:CF:E4:7A:ED:51:EC:71:AA:75:F5:36:18:9B:AD:6E:86:2D:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4uTP5HrtUexxqnX1NhibrW6GLes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/e4ccbb-fd61-4fc4-aabd-a1883c8b1fe4/1/0NzfJ5kgqtsE_AH_XFM3jgDcB2E.roa
Signing time:             Tue 02 Jan 2024 10:31:24 +0000
ROA not before:           Tue 02 Jan 2024 10:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8811
IP address blocks:        91.231.148.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/e4ccbb-fd61-4fc4-aabd-a1883c8b1fe4/1/4uTP5HrtUexxqnX1NhibrW6GLes.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/e4ccbb-fd61-4fc4-aabd-a1883c8b1fe4/1/4uTP5HrtUexxqnX1NhibrW6GLes.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4uTP5HrtUexxqnX1NhibrW6GLes.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:63:d2:7b:8b:63:5e:52:f1:78:d6:4d:9a:df:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2e4cfe47aed51ec71aa75f536189bad6e862deb
        Validity
            Not Before: Jan  2 10:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0dcdf279920aadb04fc01ff5c53378e00dc0761
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:79:6d:af:5f:64:cf:73:18:50:84:9a:15:12:
                    0a:84:e8:f2:f6:17:6e:e2:e0:4c:55:1e:2b:78:53:
                    b0:02:2c:48:d4:78:77:be:cb:bf:fd:0e:04:1a:8b:
                    be:81:50:92:1f:99:82:8d:70:8b:5d:09:b5:ac:75:
                    59:bc:01:eb:06:c0:bc:0c:7f:b6:a8:82:bd:8a:32:
                    9a:61:ce:6b:03:ad:c8:6c:67:3d:ad:c3:e9:61:22:
                    7e:67:40:a8:5d:e5:3a:0f:d6:38:54:33:c3:87:40:
                    cd:53:fb:f8:a2:a2:df:18:7d:9a:e0:d8:aa:68:b1:
                    af:be:04:e8:b7:e0:e7:7f:60:be:53:d7:89:d0:c2:
                    2d:25:9d:1e:41:58:8e:fe:dd:51:a6:79:49:e2:e9:
                    d7:ed:db:68:98:ab:5b:3b:c9:a6:d8:df:a6:7a:c0:
                    10:6e:ae:6a:8f:d2:10:19:1b:8c:c4:16:0a:e1:7a:
                    d7:99:46:b4:fb:02:69:b4:3e:0a:8b:14:12:46:4d:
                    5d:7f:22:ff:26:b8:bb:ad:56:a5:47:07:7c:ea:66:
                    de:da:78:da:8a:75:60:b2:42:48:43:d5:4b:28:fe:
                    8e:9a:f3:89:ce:cd:44:ad:9a:a2:c7:14:1f:a7:22:
                    37:78:f5:e3:65:df:3e:63:97:91:0b:0f:a9:4d:91:
                    8e:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:DC:DF:27:99:20:AA:DB:04:FC:01:FF:5C:53:37:8E:00:DC:07:61
            X509v3 Authority Key Identifier:
                keyid:E2:E4:CF:E4:7A:ED:51:EC:71:AA:75:F5:36:18:9B:AD:6E:86:2D:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4uTP5HrtUexxqnX1NhibrW6GLes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/e4ccbb-fd61-4fc4-aabd-a1883c8b1fe4/1/0NzfJ5kgqtsE_AH_XFM3jgDcB2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/e4ccbb-fd61-4fc4-aabd-a1883c8b1fe4/1/4uTP5HrtUexxqnX1NhibrW6GLes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:c7:88:9a:9f:bc:e7:88:b1:4c:9c:cb:07:3b:17:2d:64:05:
         20:b4:3d:80:46:8d:d4:c0:52:60:b1:4e:70:58:b1:79:1d:30:
         ee:b6:be:fd:2e:66:cd:6b:aa:17:c0:34:7d:5a:bc:df:07:b2:
         6a:c8:7c:fc:ea:78:81:6f:74:e7:d8:bc:75:86:71:12:c3:a1:
         eb:7e:37:b5:74:77:07:85:14:cf:50:a3:5f:7b:85:1e:cd:35:
         6a:cc:6f:5b:af:bc:f2:52:f0:b1:0f:f9:d1:09:66:71:d2:84:
         4a:85:4a:2c:81:83:cc:c4:b1:21:b9:ec:ff:dd:cc:9d:97:4b:
         21:36:c7:3f:cf:af:dc:1e:5d:f3:ca:0e:51:54:fa:eb:7c:59:
         8a:e2:8b:58:03:35:5e:61:63:f4:9b:80:41:c0:43:de:11:7b:
         c5:de:af:81:bb:1b:da:4e:99:00:ef:23:00:47:a9:d1:a5:5e:
         85:4b:e9:28:7f:5a:b3:e4:21:8d:ad:78:9b:28:a7:73:b2:5a:
         6c:b7:16:58:7a:48:46:c0:d4:e2:fb:28:56:72:1c:9f:23:a1:
         26:71:9b:9a:6b:94:98:46:1e:ff:e5:5e:a6:83:81:26:c4:f7:
         be:91:84:af:4c:15:b1:9c:92:59:93:fc:f5:16:78:46:a8:e7:
         cc:22:22:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJumPSe4tjXlLxeNZNmt9AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZTRjZmU0N2FlZDUxZWM3MWFhNzVmNTM2MTg5YmFkNmU4
NjJkZWIwHhcNMjQwMTAyMTAzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGRjZGYyNzk5MjBhYWRiMDRmYzAxZmY1YzUzMzc4ZTAwZGMwNzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3ltr19kz3MYUISaFRIKhOjy9hdu
4uBMVR4reFOwAixI1Hh3vsu//Q4EGou+gVCSH5mCjXCLXQm1rHVZvAHrBsC8DH+2
qIK9ijKaYc5rA63IbGc9rcPpYSJ+Z0CoXeU6D9Y4VDPDh0DNU/v4oqLfGH2a4Niq
aLGvvgTot+Dnf2C+U9eJ0MItJZ0eQViO/t1RpnlJ4unX7dtomKtbO8mm2N+mesAQ
bq5qj9IQGRuMxBYK4XrXmUa0+wJptD4KixQSRk1dfyL/Jri7rValRwd86mbe2nja
inVgskJIQ9VLKP6OmvOJzs1ErZqixxQfpyI3ePXjZd8+Y5eRCw+pTZGOPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNDc3yeZIKrbBPwB/1xTN44A3AdhMB8GA1UdIwQY
MBaAFOLkz+R67VHscap19TYYm61uhi3rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHVUUDVIcnRVZXh4cW5YMU5oaWJyVzZHTGVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9lNGNjYmItZmQ2MS00ZmM0LWFhYmQt
YTE4ODNjOGIxZmU0LzEvME56Zko1a2dxdHNFX0FIX1hGTTNqZ0RjQjJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9lNGNjYmItZmQ2MS00ZmM0LWFhYmQtYTE4ODNjOGIxZmU0
LzEvNHVUUDVIcnRVZXh4cW5YMU5oaWJyVzZHTGVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+eUMA0G
CSqGSIb3DQEBCwUAA4IBAQBIx4ian7zniLFMnMsHOxctZAUgtD2ARo3UwFJgsU5w
WLF5HTDutr79LmbNa6oXwDR9WrzfB7JqyHz86niBb3Tn2Lx1hnESw6Hrfje1dHcH
hRTPUKNfe4UezTVqzG9br7zyUvCxD/nRCWZx0oRKhUosgYPMxLEhuez/3cydl0sh
Nsc/z6/cHl3zyg5RVPrrfFmK4otYAzVeYWP0m4BBwEPeEXvF3q+BuxvaTpkA7yMA
R6nRpV6FS+kof1qz5CGNrXibKKdzslpstxZYekhGwNTi+yhWchyfI6EmcZuaa5SY
Rh7/5V6mg4EmxPe+kYSvTBWxnJJZk/z1FnhGqOfMIiK7
-----END CERTIFICATE-----