Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/ce4822-c991-40f0-b154-b8bbca8636cc/1/I2bACCxph7PfiexR4cPaqqdfJkk.roa
File:                     I2bACCxph7PfiexR4cPaqqdfJkk.roa (raw, json)
Hash identifier:          zqYwZLUEQx6DvdVChLlPKhrwACiHHguJq8RaiiVSEws=
Subject key identifier:   23:66:C0:08:2C:69:87:B3:DF:89:EC:51:E1:C3:DA:AA:A7:5F:26:49
Certificate issuer:       /CN=c0cb3ab4392eaa0b38f1965d54fcbeeb5067ad1c
Certificate serial:       018CC3B71979432E832D8CE241D9569FFDB8
Authority key identifier: C0:CB:3A:B4:39:2E:AA:0B:38:F1:96:5D:54:FC:BE:EB:50:67:AD:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wMs6tDkuqgs48ZZdVPy-61BnrRw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/ce4822-c991-40f0-b154-b8bbca8636cc/1/I2bACCxph7PfiexR4cPaqqdfJkk.roa
Signing time:             Mon 01 Jan 2024 06:30:05 +0000
ROA not before:           Mon 01 Jan 2024 06:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47957
IP address blocks:        91.208.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/ce4822-c991-40f0-b154-b8bbca8636cc/1/wMs6tDkuqgs48ZZdVPy-61BnrRw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/ce4822-c991-40f0-b154-b8bbca8636cc/1/wMs6tDkuqgs48ZZdVPy-61BnrRw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wMs6tDkuqgs48ZZdVPy-61BnrRw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:19:79:43:2e:83:2d:8c:e2:41:d9:56:9f:fd:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0cb3ab4392eaa0b38f1965d54fcbeeb5067ad1c
        Validity
            Not Before: Jan  1 06:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2366c0082c6987b3df89ec51e1c3daaaa75f2649
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:33:a6:76:b2:f8:68:86:0b:1b:ed:0a:54:c9:
                    32:0c:cd:2f:a8:82:05:62:d5:d3:ab:bf:36:41:99:
                    dc:e8:2f:62:36:f0:4b:6d:5a:75:f5:6d:c1:7a:d9:
                    fc:da:05:65:42:d7:43:76:4b:f2:27:0a:ea:57:eb:
                    a0:de:f1:b3:54:6b:fe:6d:e9:63:86:4b:4a:af:4f:
                    68:a2:3a:cc:be:f6:ed:64:67:09:5c:41:d8:d0:1f:
                    c9:2d:d9:54:54:01:58:2d:c9:8e:32:cd:4f:ee:3e:
                    fc:5d:c1:2d:7a:6d:94:7c:be:fd:0a:16:70:b1:c8:
                    22:69:ac:d4:97:43:9f:02:93:4c:f2:0d:20:40:13:
                    73:42:8c:90:d4:87:69:b0:6d:9a:0e:1c:31:a3:4c:
                    6e:36:18:c7:30:ef:8f:e1:3c:1e:b3:bb:eb:6a:bc:
                    5a:0c:0a:6b:f4:ff:59:cb:bf:4f:bc:4e:e2:dc:2b:
                    8b:3b:37:fe:90:56:e5:29:da:46:91:3d:eb:69:72:
                    ae:35:f6:8f:ab:fe:ca:45:20:80:cf:26:c3:0b:26:
                    fc:97:6d:44:f4:d1:82:cb:a8:90:3f:98:9c:bc:27:
                    20:14:fe:5a:0f:e5:e2:9b:37:42:b7:fa:dc:4a:08:
                    53:dd:4c:64:9c:3d:51:a4:fc:2d:c5:cb:f2:dc:fc:
                    e1:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:66:C0:08:2C:69:87:B3:DF:89:EC:51:E1:C3:DA:AA:A7:5F:26:49
            X509v3 Authority Key Identifier:
                keyid:C0:CB:3A:B4:39:2E:AA:0B:38:F1:96:5D:54:FC:BE:EB:50:67:AD:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wMs6tDkuqgs48ZZdVPy-61BnrRw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/ce4822-c991-40f0-b154-b8bbca8636cc/1/I2bACCxph7PfiexR4cPaqqdfJkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/ce4822-c991-40f0-b154-b8bbca8636cc/1/wMs6tDkuqgs48ZZdVPy-61BnrRw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:7a:a9:c2:c6:43:18:58:28:89:1b:da:34:52:f3:03:8a:97:
         b5:d1:03:c0:86:8e:a4:f3:b6:30:4f:ae:a4:6e:c8:24:24:a9:
         27:1d:6d:f4:46:00:31:8a:24:0e:38:e6:19:2b:63:6c:e8:2e:
         cc:92:3a:3e:a4:6b:87:df:31:90:bb:2d:dd:a8:f7:91:f7:17:
         ae:de:bd:d3:09:7d:c7:12:fa:2b:a0:8c:f2:d6:8d:63:3e:4f:
         cc:00:23:df:ca:84:3b:86:48:d5:5e:1e:77:e8:ee:02:da:8e:
         88:80:54:10:c4:84:02:b6:ff:a1:84:e7:fe:ec:e5:3c:5a:ba:
         fe:0b:01:17:83:e0:02:13:a1:38:04:39:13:a6:d0:8e:20:e8:
         ac:85:7c:d5:36:7e:86:bd:67:42:e7:01:0f:39:52:35:3e:f7:
         3c:7d:77:76:8e:f2:39:c1:1b:6f:e9:2d:37:49:b4:f5:f9:44:
         13:f3:57:c4:b1:08:5b:68:fd:f6:2c:88:04:e0:3b:63:fe:f7:
         d2:fc:4e:60:7f:a1:1c:a7:af:17:e1:87:ea:ac:51:2c:fb:62:
         53:9a:37:72:c4:06:86:f0:4b:94:82:4e:9e:e6:4e:fe:e6:b5:
         a5:e4:2e:23:cb:23:59:77:a4:32:29:81:35:0b:5d:15:d2:44:
         46:31:a5:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtxl5Qy6DLYziQdlWn/24MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwY2IzYWI0MzkyZWFhMGIzOGYxOTY1ZDU0ZmNiZWViNTA2
N2FkMWMwHhcNMjQwMTAxMDYzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzY2YzAwODJjNjk4N2IzZGY4OWVjNTFlMWMzZGFhYWE3NWYyNjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDOmdrL4aIYLG+0KVMkyDM0vqIIF
YtXTq782QZnc6C9iNvBLbVp19W3Betn82gVlQtdDdkvyJwrqV+ug3vGzVGv+belj
hktKr09oojrMvvbtZGcJXEHY0B/JLdlUVAFYLcmOMs1P7j78XcEtem2UfL79ChZw
scgiaazUl0OfApNM8g0gQBNzQoyQ1IdpsG2aDhwxo0xuNhjHMO+P4Twes7vrarxa
DApr9P9Zy79PvE7i3CuLOzf+kFblKdpGkT3raXKuNfaPq/7KRSCAzybDCyb8l21E
9NGCy6iQP5icvCcgFP5aD+XimzdCt/rcSghT3UxknD1RpPwtxcvy3PzhZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNmwAgsaYez34nsUeHD2qqnXyZJMB8GA1UdIwQY
MBaAFMDLOrQ5LqoLOPGWXVT8vutQZ60cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd01zNnREa3VxZ3M0OFpaZFZQeS02MUJuclJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9jZTQ4MjItYzk5MS00MGYwLWIxNTQt
YjhiYmNhODYzNmNjLzEvSTJiQUNDeHBoN1BmaWV4UjRjUGFxcWRmSmtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9jZTQ4MjItYzk5MS00MGYwLWIxNTQtYjhiYmNhODYzNmNj
LzEvd01zNnREa3VxZ3M0OFpaZFZQeS02MUJuclJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9DWMA0G
CSqGSIb3DQEBCwUAA4IBAQC8eqnCxkMYWCiJG9o0UvMDipe10QPAho6k87YwT66k
bsgkJKknHW30RgAxiiQOOOYZK2Ns6C7Mkjo+pGuH3zGQuy3dqPeR9xeu3r3TCX3H
EvoroIzy1o1jPk/MACPfyoQ7hkjVXh536O4C2o6IgFQQxIQCtv+hhOf+7OU8Wrr+
CwEXg+ACE6E4BDkTptCOIOishXzVNn6GvWdC5wEPOVI1Pvc8fXd2jvI5wRtv6S03
SbT1+UQT81fEsQhbaP32LIgE4Dtj/vfS/E5gf6Ecp68X4YfqrFEs+2JTmjdyxAaG
8EuUgk6e5k7+5rWl5C4jyyNZd6QyKYE1C10V0kRGMaWe
-----END CERTIFICATE-----