Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/frQREmIzAQctONbseYNiiBXu6xU.roa
File:                     frQREmIzAQctONbseYNiiBXu6xU.roa (raw, json)
Hash identifier:          snNaB1LD4zxwryjD9qkxgsn3dU+U8R3ATxHsRE9kWTw=
Subject key identifier:   7E:B4:11:12:62:33:01:07:2D:38:D6:EC:79:83:62:88:15:EE:EB:15
Certificate issuer:       /CN=a4f8436003d37602026b65531755ca8fcd31bed2
Certificate serial:       018CC86F4B20D356454F4A497FC340E7F004
Authority key identifier: A4:F8:43:60:03:D3:76:02:02:6B:65:53:17:55:CA:8F:CD:31:BE:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pPhDYAPTdgICa2VTF1XKj80xvtI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/frQREmIzAQctONbseYNiiBXu6xU.roa
Signing time:             Tue 02 Jan 2024 04:29:45 +0000
ROA not before:           Tue 02 Jan 2024 04:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44508
IP address blocks:        91.198.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/pPhDYAPTdgICa2VTF1XKj80xvtI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/pPhDYAPTdgICa2VTF1XKj80xvtI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pPhDYAPTdgICa2VTF1XKj80xvtI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:4b:20:d3:56:45:4f:4a:49:7f:c3:40:e7:f0:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4f8436003d37602026b65531755ca8fcd31bed2
        Validity
            Not Before: Jan  2 04:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7eb41112623301072d38d6ec7983628815eeeb15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:b3:95:99:ed:16:ae:85:78:d2:b4:e5:1b:c8:
                    dc:24:d0:ed:b0:b3:7c:77:73:18:c9:f5:3b:5a:5b:
                    fd:b4:43:8c:f9:e6:29:23:f1:6e:d5:30:a7:28:04:
                    c5:aa:0a:53:e9:b0:26:e8:a8:31:14:2d:28:65:65:
                    a5:f6:2c:8e:60:4a:6e:17:c7:50:f7:5b:13:1b:ea:
                    0b:2c:c9:5c:d8:1a:ce:52:68:22:7d:c6:03:7e:aa:
                    3c:59:7b:db:c2:de:f0:b4:e7:b3:76:94:8b:3f:33:
                    0b:34:46:10:c1:b7:06:47:d6:87:26:d6:bf:35:48:
                    84:5f:d1:8f:27:ff:fc:ed:6e:00:b1:0e:19:ca:3b:
                    23:ab:01:3a:30:6f:c2:79:d8:97:41:c0:c9:6b:54:
                    5d:66:51:b9:e7:8e:ed:a5:82:9f:4f:da:d6:63:c2:
                    44:73:b0:07:ba:e3:1b:7f:54:b0:90:a6:d9:cf:c8:
                    7d:87:44:ed:8a:bc:dd:c9:22:35:4b:fb:d8:e2:a8:
                    d4:7f:76:dc:fc:06:0e:57:6a:b7:0c:17:74:1f:9a:
                    6f:bf:0d:39:6b:4b:df:31:2b:8f:30:fb:27:4a:40:
                    d5:f1:95:dd:f0:8f:8b:74:b4:f2:4f:29:83:6f:38:
                    9a:58:8b:9a:ff:33:cc:10:89:a9:d8:6e:ad:de:d4:
                    72:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:B4:11:12:62:33:01:07:2D:38:D6:EC:79:83:62:88:15:EE:EB:15
            X509v3 Authority Key Identifier:
                keyid:A4:F8:43:60:03:D3:76:02:02:6B:65:53:17:55:CA:8F:CD:31:BE:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pPhDYAPTdgICa2VTF1XKj80xvtI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/frQREmIzAQctONbseYNiiBXu6xU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/pPhDYAPTdgICa2VTF1XKj80xvtI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:da:a3:c6:04:b0:9e:74:bc:5a:45:f7:ef:cb:bc:b1:cf:5a:
         44:21:67:ba:0b:0b:98:72:a6:f7:de:74:83:c1:d8:ad:1e:a1:
         8c:db:26:4c:b5:90:6c:77:3d:bb:6c:32:ed:78:50:6c:e4:8f:
         9f:67:4f:db:ff:3c:c0:cf:74:79:ad:7d:aa:94:0d:f5:fa:12:
         fe:2e:5d:90:f8:9d:cc:b0:03:c7:51:d4:62:f3:0f:e1:87:d6:
         aa:9b:67:8e:68:ee:a1:7b:48:42:51:8a:a3:59:9d:64:9a:c5:
         26:79:d5:78:6a:25:d1:5c:20:90:e6:44:b8:ae:af:7d:9f:30:
         d0:5c:f6:7b:b0:bb:84:bd:5b:e6:d4:df:dc:4a:56:ed:e3:9e:
         34:71:a1:45:f1:a5:6d:e8:71:48:56:ea:82:c9:bc:d6:b5:3f:
         76:17:e2:80:bb:38:d4:77:e0:49:2d:0a:82:72:2d:f6:e6:10:
         39:14:44:8b:4d:cf:54:96:2b:c9:d4:ff:51:1a:89:ca:da:61:
         e7:4f:a0:51:93:e0:61:00:ca:86:c4:9e:7a:0e:0e:5b:69:c2:
         a7:e9:b1:26:54:c8:e6:0a:50:d3:69:d7:f4:22:70:2d:01:0d:
         88:90:72:32:f4:a8:15:d8:09:03:15:11:d5:95:4a:c9:18:40:
         88:76:fc:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb0sg01ZFT0pJf8NA5/AEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0Zjg0MzYwMDNkMzc2MDIwMjZiNjU1MzE3NTVjYThmY2Qz
MWJlZDIwHhcNMjQwMTAyMDQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWI0MTExMjYyMzMwMTA3MmQzOGQ2ZWM3OTgzNjI4ODE1ZWVlYjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjrOVme0WroV40rTlG8jcJNDtsLN8
d3MYyfU7Wlv9tEOM+eYpI/Fu1TCnKATFqgpT6bAm6KgxFC0oZWWl9iyOYEpuF8dQ
91sTG+oLLMlc2BrOUmgifcYDfqo8WXvbwt7wtOezdpSLPzMLNEYQwbcGR9aHJta/
NUiEX9GPJ//87W4AsQ4ZyjsjqwE6MG/CediXQcDJa1RdZlG5547tpYKfT9rWY8JE
c7AHuuMbf1SwkKbZz8h9h0TtirzdySI1S/vY4qjUf3bc/AYOV2q3DBd0H5pvvw05
a0vfMSuPMPsnSkDV8ZXd8I+LdLTyTymDbziaWIua/zPMEImp2G6t3tRylwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH60ERJiMwEHLTjW7HmDYogV7usVMB8GA1UdIwQY
MBaAFKT4Q2AD03YCAmtlUxdVyo/NMb7SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFBoRFlBUFRkZ0lDYTJWVEYxWEtqODB4dnRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS81MTU2MDgtNTAxMi00YTQwLWIzMjQt
MjdiZjgzY2RlZDZiLzEvZnJRUkVtSXpBUWN0T05ic2VZTmlpQlh1NnhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS81MTU2MDgtNTAxMi00YTQwLWIzMjQtMjdiZjgzY2RlZDZi
LzEvcFBoRFlBUFRkZ0lDYTJWVEYxWEtqODB4dnRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8bjMA0G
CSqGSIb3DQEBCwUAA4IBAQBx2qPGBLCedLxaRffvy7yxz1pEIWe6CwuYcqb33nSD
wditHqGM2yZMtZBsdz27bDLteFBs5I+fZ0/b/zzAz3R5rX2qlA31+hL+Ll2Q+J3M
sAPHUdRi8w/hh9aqm2eOaO6he0hCUYqjWZ1kmsUmedV4aiXRXCCQ5kS4rq99nzDQ
XPZ7sLuEvVvm1N/cSlbt4540caFF8aVt6HFIVuqCybzWtT92F+KAuzjUd+BJLQqC
ci325hA5FESLTc9UlivJ1P9RGonK2mHnT6BRk+BhAMqGxJ56Dg5bacKn6bEmVMjm
ClDTadf0InAtAQ2IkHIy9KgV2AkDFRHVlUrJGECIdvwY
-----END CERTIFICATE-----