Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/9e67f5-e580-4686-b82a-6b9dca9c4ece/1/o4v0_5qAkMXoM_zWFbeBs6m_LSY.roa
File:                     o4v0_5qAkMXoM_zWFbeBs6m_LSY.roa (raw, json)
Hash identifier:          /hssgEsRrZg2oY/5bzUUtvuqB7+or/WnCblU6CfUA6w=
Subject key identifier:   A3:8B:F4:FF:9A:80:90:C5:E8:33:FC:D6:15:B7:81:B3:A9:BF:2D:26
Certificate issuer:       /CN=fada41774765a4cdb050d82af11ba7d2d54b6e13
Certificate serial:       018CC4251488BDA4E0E4A0B42D81CDAB0ED0
Authority key identifier: FA:DA:41:77:47:65:A4:CD:B0:50:D8:2A:F1:1B:A7:D2:D5:4B:6E:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-tpBd0dlpM2wUNgq8Run0tVLbhM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/9e67f5-e580-4686-b82a-6b9dca9c4ece/1/o4v0_5qAkMXoM_zWFbeBs6m_LSY.roa
Signing time:             Mon 01 Jan 2024 08:30:13 +0000
ROA not before:           Mon 01 Jan 2024 08:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47922
IP address blocks:        91.216.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/9e67f5-e580-4686-b82a-6b9dca9c4ece/1/1-tpBd0dlpM2wUNgq8Run0tVLbhM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/9e67f5-e580-4686-b82a-6b9dca9c4ece/1/1-tpBd0dlpM2wUNgq8Run0tVLbhM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-tpBd0dlpM2wUNgq8Run0tVLbhM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:14:88:bd:a4:e0:e4:a0:b4:2d:81:cd:ab:0e:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fada41774765a4cdb050d82af11ba7d2d54b6e13
        Validity
            Not Before: Jan  1 08:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a38bf4ff9a8090c5e833fcd615b781b3a9bf2d26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:44:5e:da:32:24:61:14:1a:51:ad:a6:39:ad:
                    0b:0b:f4:de:f6:65:22:27:67:0a:94:f8:f8:91:01:
                    bc:6e:a6:e3:a3:31:64:9a:0e:c6:13:78:86:f5:d1:
                    92:46:de:0f:6a:ee:6c:d7:75:9c:d7:c2:5d:67:10:
                    2b:68:29:81:55:41:70:df:dd:b9:66:f8:06:89:13:
                    e8:5c:71:75:ec:ee:2b:2f:e7:fb:5a:02:7e:48:0e:
                    c8:55:4b:76:d0:a6:1a:02:7c:22:6a:73:7a:fc:08:
                    e0:06:16:ee:d4:e8:be:46:8f:3a:d2:fe:e9:c4:8d:
                    f2:1c:db:12:c0:78:d6:fa:2d:10:61:94:63:08:97:
                    71:9e:77:ec:de:cd:a0:68:50:d5:35:e1:c7:3d:ab:
                    33:77:0c:e5:a4:2e:f3:a5:3c:ec:d7:72:33:ae:1b:
                    8d:bb:ac:d5:af:39:58:24:5c:4b:68:65:f2:95:38:
                    94:e9:7b:fe:66:71:25:51:cf:21:e4:67:a1:ea:54:
                    46:74:88:c4:56:99:51:c5:b1:53:1a:82:a0:fc:00:
                    4f:fb:c9:9f:dd:24:1b:9a:cf:e8:60:6c:d8:ab:00:
                    d6:78:ba:3d:f4:af:ec:7a:cf:dc:c4:58:79:ff:89:
                    10:27:f9:58:9c:d0:90:75:7e:50:df:b0:c0:7c:0f:
                    49:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:8B:F4:FF:9A:80:90:C5:E8:33:FC:D6:15:B7:81:B3:A9:BF:2D:26
            X509v3 Authority Key Identifier:
                keyid:FA:DA:41:77:47:65:A4:CD:B0:50:D8:2A:F1:1B:A7:D2:D5:4B:6E:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-tpBd0dlpM2wUNgq8Run0tVLbhM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/9e67f5-e580-4686-b82a-6b9dca9c4ece/1/o4v0_5qAkMXoM_zWFbeBs6m_LSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/9e67f5-e580-4686-b82a-6b9dca9c4ece/1/1-tpBd0dlpM2wUNgq8Run0tVLbhM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:29:92:12:db:1b:ea:14:41:94:93:68:01:ec:a0:3d:81:3e:
         d0:ba:bf:f5:b2:4c:5b:a2:16:e9:f5:36:d0:2f:7b:a9:f2:04:
         55:17:fa:8b:3f:36:09:8c:b1:50:32:4b:d1:22:89:ab:b4:e3:
         91:e5:c7:5e:52:2d:f5:9f:ff:27:6c:6e:0c:a2:92:e0:38:1b:
         51:09:50:4a:a2:18:a4:ef:d8:38:c9:d2:c0:c1:1a:a2:61:7e:
         92:41:96:52:f3:a3:6f:aa:d4:ef:3f:62:7e:a9:05:ef:76:e8:
         aa:e6:20:a9:03:42:dd:9a:cb:25:b0:f6:ad:12:26:4b:2a:30:
         26:71:ef:4b:b6:a1:fc:a1:c1:2f:e9:38:e8:27:cd:d5:35:5a:
         df:fc:e4:c4:48:19:e6:aa:73:9c:65:4f:3d:f8:68:38:47:e8:
         47:50:d3:21:a0:02:c6:41:70:f3:15:b9:2b:6d:c8:82:4f:4d:
         89:74:f3:74:c7:c7:75:2c:44:ba:a3:5b:de:aa:e2:02:6c:47:
         04:e9:06:0b:a6:c7:e2:bd:82:64:cf:c6:95:67:ca:d4:64:f9:
         43:d5:b5:fd:95:ee:83:27:ba:5a:18:20:62:59:dd:02:31:4b:
         c0:48:63:2f:e3:ce:1a:22:6a:6c:b4:27:3f:2d:d3:01:9c:9a:
         67:a6:b4:88
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzEJRSIvaTg5KC0LYHNqw7QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZGE0MTc3NDc2NWE0Y2RiMDUwZDgyYWYxMWJhN2QyZDU0
YjZlMTMwHhcNMjQwMTAxMDgzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzhiZjRmZjlhODA5MGM1ZTgzM2ZjZDYxNWI3ODFiM2E5YmYyZDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0Re2jIkYRQaUa2mOa0LC/Te9mUi
J2cKlPj4kQG8bqbjozFkmg7GE3iG9dGSRt4Pau5s13Wc18JdZxAraCmBVUFw3925
ZvgGiRPoXHF17O4rL+f7WgJ+SA7IVUt20KYaAnwianN6/AjgBhbu1Oi+Ro860v7p
xI3yHNsSwHjW+i0QYZRjCJdxnnfs3s2gaFDVNeHHPaszdwzlpC7zpTzs13IzrhuN
u6zVrzlYJFxLaGXylTiU6Xv+ZnElUc8h5Geh6lRGdIjEVplRxbFTGoKg/ABP+8mf
3SQbms/oYGzYqwDWeLo99K/ses/cxFh5/4kQJ/lYnNCQdX5Q37DAfA9JqwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKOL9P+agJDF6DP81hW3gbOpvy0mMB8GA1UdIwQY
MBaAFPraQXdHZaTNsFDYKvEbp9LVS24TMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS10cEJkMGRscE0yd1VOZ3E4UnVuMHRWTGJoTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWEvOWU2N2Y1LWU1ODAtNDY4Ni1iODJh
LTZiOWRjYTljNGVjZS8xL280djBfNXFBa01Yb01feldGYmVCczZtX0xTWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZWEvOWU2N2Y1LWU1ODAtNDY4Ni1iODJhLTZiOWRjYTljNGVj
ZS8xLzEtdHBCZDBkbHBNMndVTmdxOFJ1bjB0VkxiaE0uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABb2AIw
DQYJKoZIhvcNAQELBQADggEBAKwpkhLbG+oUQZSTaAHsoD2BPtC6v/WyTFuiFun1
NtAve6nyBFUX+os/NgmMsVAyS9Eiiau045Hlx15SLfWf/ydsbgyikuA4G1EJUEqi
GKTv2DjJ0sDBGqJhfpJBllLzo2+q1O8/Yn6pBe926KrmIKkDQt2ayyWw9q0SJksq
MCZx70u2ofyhwS/pOOgnzdU1Wt/85MRIGeaqc5xlTz34aDhH6EdQ0yGgAsZBcPMV
uSttyIJPTYl083THx3UsRLqjW96q4gJsRwTpBgumx+K9gmTPxpVnytRk+UPVtf2V
7oMnuloYIGJZ3QIxS8BIYy/jzhoiamy0Jz8t0wGcmmemtIg=
-----END CERTIFICATE-----