Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/34e40f-e1d2-4d29-89c5-c69a7f03e18f/1/l3E023J2mm3ufQ5qi4a3A4aztKY.roa
File:                     l3E023J2mm3ufQ5qi4a3A4aztKY.roa (raw, json)
Hash identifier:          UIDxudwS9OImTd8c0fponA0kEz1988CchPP+gRJHwr0=
Subject key identifier:   97:71:34:DB:72:76:9A:6D:EE:7D:0E:6A:8B:86:B7:03:86:B3:B4:A6
Certificate issuer:       /CN=950082a85946722c7fc1c864f0fbd80dc54dcd29
Certificate serial:       018CC7275E1A0961C602361522F176A71709
Authority key identifier: 95:00:82:A8:59:46:72:2C:7F:C1:C8:64:F0:FB:D8:0D:C5:4D:CD:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lQCCqFlGcix_wchk8PvYDcVNzSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/34e40f-e1d2-4d29-89c5-c69a7f03e18f/1/l3E023J2mm3ufQ5qi4a3A4aztKY.roa
Signing time:             Mon 01 Jan 2024 22:31:35 +0000
ROA not before:           Mon 01 Jan 2024 22:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        91.240.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/34e40f-e1d2-4d29-89c5-c69a7f03e18f/1/lQCCqFlGcix_wchk8PvYDcVNzSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/34e40f-e1d2-4d29-89c5-c69a7f03e18f/1/lQCCqFlGcix_wchk8PvYDcVNzSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lQCCqFlGcix_wchk8PvYDcVNzSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 16:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:5e:1a:09:61:c6:02:36:15:22:f1:76:a7:17:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=950082a85946722c7fc1c864f0fbd80dc54dcd29
        Validity
            Not Before: Jan  1 22:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=977134db72769a6dee7d0e6a8b86b70386b3b4a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:89:5c:0c:9a:cf:11:63:3b:de:03:02:94:2d:
                    ff:fe:03:6d:1e:16:6a:d9:43:df:d6:75:01:ad:44:
                    bc:b6:31:85:4b:b7:ec:ff:b1:33:e0:a9:ab:b5:ed:
                    d0:a4:49:e7:00:02:99:64:14:4d:a2:45:45:52:e8:
                    a1:aa:dc:24:05:33:27:ef:70:59:6a:66:00:4f:0a:
                    3c:17:f1:33:f1:23:21:ff:4a:5e:0a:74:a3:71:f7:
                    29:6e:3b:f3:6a:cb:f0:73:57:a0:ab:06:56:c6:2f:
                    45:7b:ff:bd:76:51:5c:e3:1e:6f:07:5b:dc:40:61:
                    dd:88:de:35:76:12:24:94:58:51:e2:93:8c:c9:88:
                    8f:fb:39:e9:f0:c5:28:ef:11:b8:b3:a3:4d:9c:6f:
                    f2:3d:cf:d5:ef:37:f6:c7:d2:d4:d9:ef:e3:1f:4e:
                    7c:37:8c:bb:3a:ef:02:d8:0d:97:79:3d:3f:69:e7:
                    0c:ab:4b:07:f6:a0:21:ae:7c:b1:61:cf:13:0a:23:
                    ab:9e:6a:99:4f:b7:96:44:df:8f:b7:d3:76:1a:b0:
                    ec:40:d2:4e:61:83:63:ed:ff:85:95:8c:fd:f3:4a:
                    a8:73:a6:29:16:af:da:ad:59:54:fa:aa:2c:67:d8:
                    a7:ed:97:a8:f9:16:63:31:54:1e:12:6a:2e:32:1e:
                    cd:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:71:34:DB:72:76:9A:6D:EE:7D:0E:6A:8B:86:B7:03:86:B3:B4:A6
            X509v3 Authority Key Identifier:
                keyid:95:00:82:A8:59:46:72:2C:7F:C1:C8:64:F0:FB:D8:0D:C5:4D:CD:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lQCCqFlGcix_wchk8PvYDcVNzSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/34e40f-e1d2-4d29-89c5-c69a7f03e18f/1/l3E023J2mm3ufQ5qi4a3A4aztKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/34e40f-e1d2-4d29-89c5-c69a7f03e18f/1/lQCCqFlGcix_wchk8PvYDcVNzSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:4d:96:c6:c1:7e:ee:95:4c:f4:ee:64:c8:4e:fd:26:23:1d:
         ae:76:78:c6:33:24:4b:e2:fc:4a:a6:a2:93:ff:65:51:d0:73:
         2c:29:f5:dc:63:56:a5:19:6f:49:b7:05:6b:45:f2:cb:92:8b:
         21:1d:e7:f6:09:74:a1:78:38:9e:2e:de:39:e8:24:15:3a:06:
         0c:ae:33:96:7d:a1:ea:14:75:4c:c7:d9:b7:0d:75:12:29:2e:
         d5:08:66:69:3e:a0:da:28:b6:3f:97:be:8b:c6:2a:06:d2:da:
         97:f3:63:cf:eb:30:73:7d:6d:d2:ed:04:89:09:26:7a:b6:93:
         4f:1a:9b:5c:9f:49:58:c8:80:d6:65:c4:ee:c8:23:90:0f:2b:
         a4:af:a0:22:2b:3c:c8:b6:aa:c4:ff:66:df:92:70:2f:12:86:
         e2:d3:73:fb:69:d7:09:d7:ef:b9:c7:5a:0c:b5:45:92:93:03:
         b5:22:1a:c0:d0:1e:33:9b:39:7c:4e:7a:5e:bc:6e:86:6a:bb:
         7b:9d:38:48:1e:6f:5a:b6:a8:ec:e9:4e:aa:60:f5:b3:e7:88:
         a6:e7:dd:1a:26:13:71:13:c0:a0:32:f9:83:fa:3c:ef:dd:9d:
         cf:13:32:2e:58:94:e6:ff:0c:bc:13:18:30:37:49:c7:57:40:
         55:92:ea:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ14aCWHGAjYVIvF2pxcJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MDA4MmE4NTk0NjcyMmM3ZmMxYzg2NGYwZmJkODBkYzU0
ZGNkMjkwHhcNMjQwMTAxMjIzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzcxMzRkYjcyNzY5YTZkZWU3ZDBlNmE4Yjg2YjcwMzg2YjNiNGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnYlcDJrPEWM73gMClC3//gNtHhZq
2UPf1nUBrUS8tjGFS7fs/7Ez4Kmrte3QpEnnAAKZZBRNokVFUuihqtwkBTMn73BZ
amYATwo8F/Ez8SMh/0peCnSjcfcpbjvzasvwc1egqwZWxi9Fe/+9dlFc4x5vB1vc
QGHdiN41dhIklFhR4pOMyYiP+znp8MUo7xG4s6NNnG/yPc/V7zf2x9LU2e/jH058
N4y7Ou8C2A2XeT0/aecMq0sH9qAhrnyxYc8TCiOrnmqZT7eWRN+Pt9N2GrDsQNJO
YYNj7f+FlYz980qoc6YpFq/arVlU+qosZ9in7Zeo+RZjMVQeEmouMh7NyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJdxNNtydppt7n0OaouGtwOGs7SmMB8GA1UdIwQY
MBaAFJUAgqhZRnIsf8HIZPD72A3FTc0pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFFDQ3FGbEdjaXhfd2NoazhQdllEY1ZOelNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8zNGU0MGYtZTFkMi00ZDI5LTg5YzUt
YzY5YTdmMDNlMThmLzEvbDNFMDIzSjJtbTN1ZlE1cWk0YTNBNGF6dEtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8zNGU0MGYtZTFkMi00ZDI5LTg5YzUtYzY5YTdmMDNlMThm
LzEvbFFDQ3FGbEdjaXhfd2NoazhQdllEY1ZOelNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/DpMA0G
CSqGSIb3DQEBCwUAA4IBAQCaTZbGwX7ulUz07mTITv0mIx2udnjGMyRL4vxKpqKT
/2VR0HMsKfXcY1alGW9JtwVrRfLLkoshHef2CXSheDieLt456CQVOgYMrjOWfaHq
FHVMx9m3DXUSKS7VCGZpPqDaKLY/l76LxioG0tqX82PP6zBzfW3S7QSJCSZ6tpNP
Gptcn0lYyIDWZcTuyCOQDyukr6AiKzzItqrE/2bfknAvEobi03P7adcJ1++5x1oM
tUWSkwO1IhrA0B4zmzl8TnpevG6Gart7nThIHm9atqjs6U6qYPWz54im590aJhNx
E8CgMvmD+jzv3Z3PEzIuWJTm/wy8ExgwN0nHV0BVkuo4
-----END CERTIFICATE-----