Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/df292d-959b-4ead-9348-29f09d893ae7/1/rMe4BVEbuoXGjXCjXSPL_A3Os0U.roa
File:                     rMe4BVEbuoXGjXCjXSPL_A3Os0U.roa (raw, json)
Hash identifier:          SSaAFGzhcQY81RBoRHb1IcBpczlGfHlEBh7LIgC64DU=
Subject key identifier:   AC:C7:B8:05:51:1B:BA:85:C6:8D:70:A3:5D:23:CB:FC:0D:CE:B3:45
Certificate issuer:       /CN=1741bd7685138dc51d5a6b0cd3780f466b57fd13
Certificate serial:       018CC2DAB56EFCEA63401C8AE53B1D296F5A
Authority key identifier: 17:41:BD:76:85:13:8D:C5:1D:5A:6B:0C:D3:78:0F:46:6B:57:FD:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F0G9doUTjcUdWmsM03gPRmtX_RM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/df292d-959b-4ead-9348-29f09d893ae7/1/rMe4BVEbuoXGjXCjXSPL_A3Os0U.roa
Signing time:             Mon 01 Jan 2024 02:29:22 +0000
ROA not before:           Mon 01 Jan 2024 02:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13030
IP address blocks:        91.198.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/df292d-959b-4ead-9348-29f09d893ae7/1/F0G9doUTjcUdWmsM03gPRmtX_RM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/df292d-959b-4ead-9348-29f09d893ae7/1/F0G9doUTjcUdWmsM03gPRmtX_RM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F0G9doUTjcUdWmsM03gPRmtX_RM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b5:6e:fc:ea:63:40:1c:8a:e5:3b:1d:29:6f:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1741bd7685138dc51d5a6b0cd3780f466b57fd13
        Validity
            Not Before: Jan  1 02:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acc7b805511bba85c68d70a35d23cbfc0dceb345
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:42:6d:e7:5b:4b:c2:1d:6a:79:d7:27:ea:38:
                    95:a3:c7:be:4b:19:41:e2:c8:21:ca:bc:4a:8d:05:
                    5e:27:8f:51:17:4a:47:80:c5:af:87:03:aa:b7:2c:
                    4f:74:e5:25:98:70:cf:e9:ce:3b:5b:a9:30:23:95:
                    3f:2e:76:e9:5b:25:20:65:d7:56:7c:b5:a3:5e:fc:
                    88:df:03:e8:9e:f6:5b:b0:d6:7e:83:1c:99:e1:fb:
                    3f:ab:e9:1f:06:0a:1d:b9:fa:6c:f4:af:91:2e:c5:
                    27:e6:20:68:28:5c:79:85:96:0f:90:11:6f:d8:1f:
                    ed:b4:13:17:ae:f2:42:6e:77:08:79:63:7e:36:88:
                    e8:20:b2:2a:f2:8f:19:59:01:66:6b:d1:39:f8:e5:
                    1b:40:a9:74:56:d3:8f:d9:68:2a:f1:ba:b0:d3:3b:
                    f0:c4:51:20:8b:13:3d:45:7d:5e:e3:49:5f:40:80:
                    ec:9c:ef:cd:0d:af:a4:27:0c:34:87:c1:4a:34:c9:
                    de:b9:e7:6e:1b:06:96:11:af:42:1d:06:a5:82:f4:
                    fe:dc:96:66:77:0e:8c:da:60:2b:6f:e3:5f:31:cc:
                    7a:a7:34:37:b5:41:64:0f:6a:fe:0c:45:fa:d4:52:
                    0d:7c:83:ce:b1:19:31:f0:ca:d3:db:38:a8:4e:ea:
                    43:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:C7:B8:05:51:1B:BA:85:C6:8D:70:A3:5D:23:CB:FC:0D:CE:B3:45
            X509v3 Authority Key Identifier:
                keyid:17:41:BD:76:85:13:8D:C5:1D:5A:6B:0C:D3:78:0F:46:6B:57:FD:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F0G9doUTjcUdWmsM03gPRmtX_RM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/df292d-959b-4ead-9348-29f09d893ae7/1/rMe4BVEbuoXGjXCjXSPL_A3Os0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/df292d-959b-4ead-9348-29f09d893ae7/1/F0G9doUTjcUdWmsM03gPRmtX_RM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:0f:97:90:a2:c0:9a:81:0a:68:c0:60:4c:0b:cd:33:fc:92:
         7d:99:75:21:31:39:7b:0c:4c:fb:11:1c:f9:f6:9f:65:8e:d8:
         65:de:3c:6b:f8:15:a8:5a:b7:f4:ab:81:98:af:be:57:8a:ec:
         88:28:ca:3c:fe:62:70:fe:0a:c1:b6:b0:bd:5f:9f:3d:95:0a:
         66:a2:30:f8:42:f0:57:44:05:33:75:8c:41:24:71:f3:30:18:
         54:07:08:54:c6:a5:ef:a3:45:d1:39:59:95:d3:26:96:b8:74:
         d7:78:ca:27:93:e2:67:d1:4d:f3:07:ca:c5:f2:e6:35:90:4f:
         49:65:ba:84:b3:b8:5c:5a:cb:57:26:f1:ce:3b:e7:38:40:c0:
         8a:2f:0b:a3:94:bc:14:39:2f:c7:6a:25:9f:7e:4b:d7:f7:a3:
         2f:a2:85:e0:70:78:7e:e3:61:cd:29:ed:36:da:30:4d:f1:f1:
         a0:a2:10:46:6e:34:6d:f1:8f:f4:25:b6:43:c2:9d:ce:29:03:
         d2:7a:af:70:df:bb:a9:ea:a2:c7:0e:d0:56:e5:9d:68:1c:ae:
         a6:c3:0a:2b:70:95:6a:77:6d:81:96:f4:f1:d3:3b:33:a6:6d:
         12:b4:3c:42:10:b2:20:81:78:67:bb:7b:37:d5:61:ba:df:53:
         ce:91:13:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2rVu/OpjQByK5TsdKW9aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NDFiZDc2ODUxMzhkYzUxZDVhNmIwY2QzNzgwZjQ2NmI1
N2ZkMTMwHhcNMjQwMTAxMDIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2M3YjgwNTUxMWJiYTg1YzY4ZDcwYTM1ZDIzY2JmYzBkY2ViMzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjUJt51tLwh1qedcn6jiVo8e+SxlB
4sghyrxKjQVeJ49RF0pHgMWvhwOqtyxPdOUlmHDP6c47W6kwI5U/LnbpWyUgZddW
fLWjXvyI3wPonvZbsNZ+gxyZ4fs/q+kfBgodufps9K+RLsUn5iBoKFx5hZYPkBFv
2B/ttBMXrvJCbncIeWN+NojoILIq8o8ZWQFma9E5+OUbQKl0VtOP2Wgq8bqw0zvw
xFEgixM9RX1e40lfQIDsnO/NDa+kJww0h8FKNMneueduGwaWEa9CHQalgvT+3JZm
dw6M2mArb+NfMcx6pzQ3tUFkD2r+DEX61FINfIPOsRkx8MrT2zioTupDbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKzHuAVRG7qFxo1wo10jy/wNzrNFMB8GA1UdIwQY
MBaAFBdBvXaFE43FHVprDNN4D0ZrV/0TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjBHOWRvVVRqY1VkV21zTTAzZ1BSbXRYX1JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9kZjI5MmQtOTU5Yi00ZWFkLTkzNDgt
MjlmMDlkODkzYWU3LzEvck1lNEJWRWJ1b1hHalhDalhTUExfQTNPczBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9kZjI5MmQtOTU5Yi00ZWFkLTkzNDgtMjlmMDlkODkzYWU3
LzEvRjBHOWRvVVRqY1VkV21zTTAzZ1BSbXRYX1JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8aaMA0G
CSqGSIb3DQEBCwUAA4IBAQAgD5eQosCagQpowGBMC80z/JJ9mXUhMTl7DEz7ERz5
9p9ljthl3jxr+BWoWrf0q4GYr75XiuyIKMo8/mJw/grBtrC9X589lQpmojD4QvBX
RAUzdYxBJHHzMBhUBwhUxqXvo0XROVmV0yaWuHTXeMonk+Jn0U3zB8rF8uY1kE9J
ZbqEs7hcWstXJvHOO+c4QMCKLwujlLwUOS/HaiWffkvX96MvooXgcHh+42HNKe02
2jBN8fGgohBGbjRt8Y/0JbZDwp3OKQPSeq9w37up6qLHDtBW5Z1oHK6mwworcJVq
d22BlvTx0zszpm0StDxCELIggXhnu3s31WG631POkRPI
-----END CERTIFICATE-----