Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/0e5711-2fd4-40ca-9136-6f4e6585b54b/1/z638cedZWH9w9bUHu5vpJ8v1ems.roa
File:                     z638cedZWH9w9bUHu5vpJ8v1ems.roa (raw, json)
Hash identifier:          L6qQkQac6Hq/AbOfbdREhxtTpStJlYRKIGa1FXeKDXY=
Subject key identifier:   CF:AD:FC:71:E7:59:58:7F:70:F5:B5:07:BB:9B:E9:27:CB:F5:7A:6B
Certificate issuer:       /CN=110e56177308c20c42fbf42f310f4c0ef6b27890
Certificate serial:       018CC64B41C51F764C51B99531BC86B1376E
Authority key identifier: 11:0E:56:17:73:08:C2:0C:42:FB:F4:2F:31:0F:4C:0E:F6:B2:78:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EQ5WF3MIwgxC-_QvMQ9MDvayeJA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/0e5711-2fd4-40ca-9136-6f4e6585b54b/1/z638cedZWH9w9bUHu5vpJ8v1ems.roa
Signing time:             Mon 01 Jan 2024 18:31:09 +0000
ROA not before:           Mon 01 Jan 2024 18:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        91.206.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/0e5711-2fd4-40ca-9136-6f4e6585b54b/1/EQ5WF3MIwgxC-_QvMQ9MDvayeJA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/0e5711-2fd4-40ca-9136-6f4e6585b54b/1/EQ5WF3MIwgxC-_QvMQ9MDvayeJA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EQ5WF3MIwgxC-_QvMQ9MDvayeJA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 10:03:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:41:c5:1f:76:4c:51:b9:95:31:bc:86:b1:37:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=110e56177308c20c42fbf42f310f4c0ef6b27890
        Validity
            Not Before: Jan  1 18:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfadfc71e759587f70f5b507bb9be927cbf57a6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:df:5b:fa:0a:6c:74:42:4c:08:04:e9:7d:e1:
                    7b:ed:05:15:e9:99:03:0b:4d:5f:97:d2:30:7b:0f:
                    2b:9d:1c:8d:52:00:b3:41:45:52:49:cc:52:80:90:
                    24:67:96:a1:23:f5:b4:2c:8c:9f:60:51:99:49:e2:
                    c7:e6:f2:6a:3c:84:a0:65:b9:71:d6:26:ef:a8:78:
                    d9:a5:30:db:86:1c:97:c7:6d:d2:80:e5:ab:a4:6e:
                    a1:be:fb:c3:34:8a:0f:f2:d6:fa:08:a7:0c:72:5f:
                    2a:35:a0:85:c9:35:3d:42:2d:58:9c:ac:ec:e7:5e:
                    a0:ce:a5:51:37:4c:97:4e:ce:47:bc:ad:7e:12:a3:
                    74:16:ae:75:64:d3:52:d2:73:c2:e9:41:50:93:59:
                    3d:a1:a6:84:f1:5a:81:fc:88:49:01:0e:54:9b:be:
                    c3:b9:c4:06:3e:00:f0:32:88:44:1b:4d:23:a5:a0:
                    0a:05:bf:8e:2e:a5:11:b8:63:de:dd:11:04:84:7e:
                    97:40:96:79:03:6d:b0:e9:f4:63:a0:a4:79:63:ef:
                    b9:f8:7a:f5:79:00:62:a6:b9:ab:ca:37:80:df:15:
                    76:c0:d1:80:b3:b3:09:bd:f6:ac:85:74:9a:94:de:
                    b8:58:51:f9:56:2e:fc:20:c9:41:08:98:59:fb:0a:
                    19:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:AD:FC:71:E7:59:58:7F:70:F5:B5:07:BB:9B:E9:27:CB:F5:7A:6B
            X509v3 Authority Key Identifier:
                keyid:11:0E:56:17:73:08:C2:0C:42:FB:F4:2F:31:0F:4C:0E:F6:B2:78:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EQ5WF3MIwgxC-_QvMQ9MDvayeJA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/0e5711-2fd4-40ca-9136-6f4e6585b54b/1/z638cedZWH9w9bUHu5vpJ8v1ems.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/0e5711-2fd4-40ca-9136-6f4e6585b54b/1/EQ5WF3MIwgxC-_QvMQ9MDvayeJA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:b4:4f:40:82:67:2d:a3:30:0d:40:64:f9:93:f3:66:76:6b:
         30:d7:c7:a4:44:8e:a3:5c:6f:9a:7b:82:72:f2:51:0e:be:ba:
         cf:85:45:99:83:27:a3:87:f3:bf:97:52:4f:9f:67:3b:3c:a7:
         05:3e:a2:31:13:98:05:3b:6c:de:7e:0d:19:4f:66:10:98:19:
         f4:88:b7:69:d6:1c:04:26:63:89:4d:38:98:07:f5:95:da:b7:
         20:f7:f4:93:5c:11:18:9f:aa:4f:78:23:58:0b:a6:2e:10:e5:
         47:27:51:e5:a0:15:e3:96:20:9f:b7:4b:7d:0e:65:f1:77:6d:
         4b:bf:ad:88:90:28:32:7e:20:9b:30:cf:70:1f:fb:27:b6:95:
         e1:08:42:3a:8d:6f:b2:7a:d8:84:f7:a3:f7:16:09:a7:6e:7f:
         3b:8d:4b:11:09:ee:04:c6:71:d9:93:1e:0a:9a:ee:80:63:63:
         c8:e1:f4:24:ee:f1:09:fa:f9:8c:2a:fe:9c:61:d2:18:48:6c:
         c9:22:e9:9d:55:2d:e9:03:ab:91:bf:50:89:24:a4:ce:a1:61:
         1b:82:43:c9:95:61:a2:c8:17:2f:e4:91:0f:ae:2c:a5:59:bf:
         68:f1:27:10:d6:d8:36:a1:87:9c:cf:d4:06:ad:30:83:cf:9e:
         c9:84:6e:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS0HFH3ZMUbmVMbyGsTduMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMGU1NjE3NzMwOGMyMGM0MmZiZjQyZjMxMGY0YzBlZjZi
Mjc4OTAwHhcNMjQwMTAxMTgzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmFkZmM3MWU3NTk1ODdmNzBmNWI1MDdiYjliZTkyN2NiZjU3YTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhd9b+gpsdEJMCATpfeF77QUV6ZkD
C01fl9Iwew8rnRyNUgCzQUVSScxSgJAkZ5ahI/W0LIyfYFGZSeLH5vJqPISgZblx
1ibvqHjZpTDbhhyXx23SgOWrpG6hvvvDNIoP8tb6CKcMcl8qNaCFyTU9Qi1YnKzs
516gzqVRN0yXTs5HvK1+EqN0Fq51ZNNS0nPC6UFQk1k9oaaE8VqB/IhJAQ5Um77D
ucQGPgDwMohEG00jpaAKBb+OLqURuGPe3REEhH6XQJZ5A22w6fRjoKR5Y++5+Hr1
eQBiprmryjeA3xV2wNGAs7MJvfashXSalN64WFH5Vi78IMlBCJhZ+woZXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM+t/HHnWVh/cPW1B7ub6SfL9XprMB8GA1UdIwQY
MBaAFBEOVhdzCMIMQvv0LzEPTA72sniQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVE1V0YzTUl3Z3hDLV9Rdk1ROU1EdmF5ZUpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8wZTU3MTEtMmZkNC00MGNhLTkxMzYt
NmY0ZTY1ODViNTRiLzEvejYzOGNlZFpXSDl3OWJVSHU1dnBKOHYxZW1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8wZTU3MTEtMmZkNC00MGNhLTkxMzYtNmY0ZTY1ODViNTRi
LzEvRVE1V0YzTUl3Z3hDLV9Rdk1ROU1EdmF5ZUpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW84wMA0G
CSqGSIb3DQEBCwUAA4IBAQAstE9AgmctozANQGT5k/Nmdmsw18ekRI6jXG+ae4Jy
8lEOvrrPhUWZgyejh/O/l1JPn2c7PKcFPqIxE5gFO2zefg0ZT2YQmBn0iLdp1hwE
JmOJTTiYB/WV2rcg9/STXBEYn6pPeCNYC6YuEOVHJ1HloBXjliCft0t9DmXxd21L
v62IkCgyfiCbMM9wH/sntpXhCEI6jW+yetiE96P3Fgmnbn87jUsRCe4ExnHZkx4K
mu6AY2PI4fQk7vEJ+vmMKv6cYdIYSGzJIumdVS3pA6uRv1CJJKTOoWEbgkPJlWGi
yBcv5JEPriylWb9o8ScQ1tg2oYecz9QGrTCDz57JhG4+
-----END CERTIFICATE-----