Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/ec2482-c651-4a2d-aaee-8a56b0f50731/1/_KJsnM1W63GQxzl8jO5A-1OHDhI.roa
File:                     _KJsnM1W63GQxzl8jO5A-1OHDhI.roa (raw, json)
Hash identifier:          32Cqj00d1arIlsLeGyh3aGwgk7sm1yr2Xbsbc2XCJ0I=
Subject key identifier:   FC:A2:6C:9C:CD:56:EB:71:90:C7:39:7C:8C:EE:40:FB:53:87:0E:12
Certificate issuer:       /CN=8a5a08f41c373027e081b5c1ca8a800bf1855d9f
Certificate serial:       018CC9BBC34E6EEC62B6C6A0D74638469024
Authority key identifier: 8A:5A:08:F4:1C:37:30:27:E0:81:B5:C1:CA:8A:80:0B:F1:85:5D:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iloI9Bw3MCfggbXByoqAC_GFXZ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/ec2482-c651-4a2d-aaee-8a56b0f50731/1/_KJsnM1W63GQxzl8jO5A-1OHDhI.roa
Signing time:             Tue 02 Jan 2024 10:32:54 +0000
ROA not before:           Tue 02 Jan 2024 10:32:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44477
IP address blocks:        91.207.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/ec2482-c651-4a2d-aaee-8a56b0f50731/1/iloI9Bw3MCfggbXByoqAC_GFXZ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/ec2482-c651-4a2d-aaee-8a56b0f50731/1/iloI9Bw3MCfggbXByoqAC_GFXZ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iloI9Bw3MCfggbXByoqAC_GFXZ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:c3:4e:6e:ec:62:b6:c6:a0:d7:46:38:46:90:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a5a08f41c373027e081b5c1ca8a800bf1855d9f
        Validity
            Not Before: Jan  2 10:32:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fca26c9ccd56eb7190c7397c8cee40fb53870e12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:0c:98:3f:f8:fb:fa:f7:44:71:f6:4c:0d:36:
                    01:92:60:d3:6a:63:45:29:1d:19:a9:ff:8c:95:cb:
                    a5:93:c2:32:f8:21:38:b8:e0:d2:16:5d:6f:4d:b5:
                    71:7a:83:19:0c:6f:5f:bb:44:7a:28:49:83:b2:27:
                    a0:e4:93:3e:ac:58:0a:36:c8:77:d7:ff:04:d8:71:
                    9d:f9:de:cf:8c:01:aa:7e:ce:38:c8:ab:ca:98:0f:
                    c0:4e:ae:1f:fd:bf:19:96:43:19:a8:24:7e:9c:1c:
                    a8:c4:2c:c2:a9:6d:c9:ef:86:bf:c2:bb:d3:41:07:
                    61:f0:46:27:f1:79:c4:de:63:47:f6:07:2b:90:ab:
                    78:3e:88:51:df:0a:43:b0:af:02:4f:60:cd:65:28:
                    2d:ef:58:0e:fc:cf:4c:df:73:07:fb:cb:af:41:cd:
                    7a:c1:2c:bf:34:a0:fe:1a:f4:40:92:cf:41:70:08:
                    00:9e:80:f7:cc:53:96:a0:d3:b6:25:c1:d1:1d:8f:
                    98:b4:99:73:36:a4:dc:a1:14:e7:36:12:36:5a:06:
                    12:68:07:46:86:61:cc:50:11:64:fb:92:65:51:de:
                    a4:d1:8c:b5:ee:a4:52:01:61:db:fe:48:92:b6:bb:
                    6c:d5:10:d5:cc:97:29:d1:83:38:d0:3b:87:ed:0d:
                    5e:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:A2:6C:9C:CD:56:EB:71:90:C7:39:7C:8C:EE:40:FB:53:87:0E:12
            X509v3 Authority Key Identifier:
                keyid:8A:5A:08:F4:1C:37:30:27:E0:81:B5:C1:CA:8A:80:0B:F1:85:5D:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iloI9Bw3MCfggbXByoqAC_GFXZ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/ec2482-c651-4a2d-aaee-8a56b0f50731/1/_KJsnM1W63GQxzl8jO5A-1OHDhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/ec2482-c651-4a2d-aaee-8a56b0f50731/1/iloI9Bw3MCfggbXByoqAC_GFXZ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:ae:d0:a5:f5:10:04:78:5e:9b:51:4c:37:e2:16:f2:90:e5:
         7d:c0:58:54:2d:3d:96:20:2c:7b:f4:2b:8e:f6:02:6b:b6:f7:
         56:f2:28:bd:ea:86:2a:63:f9:81:f5:f5:74:7f:91:64:d6:ee:
         99:d1:10:5a:42:a1:25:72:e2:0b:29:f4:3e:62:51:83:f8:8b:
         1f:2d:8f:e2:bf:5d:82:4a:dc:31:ba:1f:3a:48:8c:7e:47:46:
         03:9e:04:13:e5:a7:07:0d:81:ad:66:be:f6:5d:c7:e4:57:4c:
         fe:4a:07:19:fe:93:d3:9a:72:ed:6f:d2:f4:94:a8:8f:0f:fc:
         fc:e8:0e:33:0a:32:9d:eb:e2:7f:8b:a8:4a:5f:b1:a8:e8:94:
         ec:74:91:b8:e1:02:96:15:ea:e4:a8:13:b5:39:6b:9e:14:43:
         5f:dd:54:78:f1:68:b0:92:c8:de:fd:b9:97:9a:ef:c5:ed:cc:
         68:2e:61:e7:0a:5a:fa:0f:6e:15:95:68:b8:ea:a6:5f:7c:ec:
         41:d9:a5:ab:69:49:f7:5e:bb:cc:a0:eb:0e:11:d3:d3:d2:34:
         88:73:65:ec:49:0c:24:a1:3e:24:9d:03:ee:ad:bf:96:b9:27:
         36:30:4c:6b:f0:ca:5d:7e:b9:74:84:47:9e:54:e8:bb:33:cd:
         7c:b5:fe:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu8NObuxitsag10Y4RpAkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNWEwOGY0MWMzNzMwMjdlMDgxYjVjMWNhOGE4MDBiZjE4
NTVkOWYwHhcNMjQwMTAyMTAzMjU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2EyNmM5Y2NkNTZlYjcxOTBjNzM5N2M4Y2VlNDBmYjUzODcwZTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhAyYP/j7+vdEcfZMDTYBkmDTamNF
KR0Zqf+Mlculk8Iy+CE4uODSFl1vTbVxeoMZDG9fu0R6KEmDsieg5JM+rFgKNsh3
1/8E2HGd+d7PjAGqfs44yKvKmA/ATq4f/b8ZlkMZqCR+nByoxCzCqW3J74a/wrvT
QQdh8EYn8XnE3mNH9gcrkKt4PohR3wpDsK8CT2DNZSgt71gO/M9M33MH+8uvQc16
wSy/NKD+GvRAks9BcAgAnoD3zFOWoNO2JcHRHY+YtJlzNqTcoRTnNhI2WgYSaAdG
hmHMUBFk+5JlUd6k0Yy17qRSAWHb/kiStrts1RDVzJcp0YM40DuH7Q1e+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPyibJzNVutxkMc5fIzuQPtThw4SMB8GA1UdIwQY
MBaAFIpaCPQcNzAn4IG1wcqKgAvxhV2fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWxvSTlCdzNNQ2ZnZ2JYQnlvcUFDX0dGWFo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9lYzI0ODItYzY1MS00YTJkLWFhZWUt
OGE1NmIwZjUwNzMxLzEvX0tKc25NMVc2M0dReHpsOGpPNUEtMU9IRGhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9lYzI0ODItYzY1MS00YTJkLWFhZWUtOGE1NmIwZjUwNzMx
LzEvaWxvSTlCdzNNQ2ZnZ2JYQnlvcUFDX0dGWFo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8+3MA0G
CSqGSIb3DQEBCwUAA4IBAQBWrtCl9RAEeF6bUUw34hbykOV9wFhULT2WICx79CuO
9gJrtvdW8ii96oYqY/mB9fV0f5Fk1u6Z0RBaQqElcuILKfQ+YlGD+IsfLY/iv12C
Stwxuh86SIx+R0YDngQT5acHDYGtZr72XcfkV0z+SgcZ/pPTmnLtb9L0lKiPD/z8
6A4zCjKd6+J/i6hKX7Go6JTsdJG44QKWFerkqBO1OWueFENf3VR48Wiwksje/bmX
mu/F7cxoLmHnClr6D24VlWi46qZffOxB2aWraUn3XrvMoOsOEdPT0jSIc2XsSQwk
oT4knQPurb+WuSc2MExr8Mpdfrl0hEeeVOi7M818tf4L
-----END CERTIFICATE-----