Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/cd8206-764e-4a31-ace7-d308542a1d86/1/jx4vfHZ6Iu5vlAP_0vleiEEMGkE.roa
File:                     jx4vfHZ6Iu5vlAP_0vleiEEMGkE.roa (raw, json)
Hash identifier:          a3HqUHsrBCmWeZA/q1a9oUEINmIY/+BAooVjVAKyDwk=
Subject key identifier:   8F:1E:2F:7C:76:7A:22:EE:6F:94:03:FF:D2:F9:5E:88:41:0C:1A:41
Certificate issuer:       /CN=3646142ce3290ab6786d3d30f26b5e41fd684dde
Certificate serial:       018CC26D4192B65028EA74DAF013FC37B258
Authority key identifier: 36:46:14:2C:E3:29:0A:B6:78:6D:3D:30:F2:6B:5E:41:FD:68:4D:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NkYULOMpCrZ4bT0w8mteQf1oTd4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/cd8206-764e-4a31-ace7-d308542a1d86/1/jx4vfHZ6Iu5vlAP_0vleiEEMGkE.roa
Signing time:             Mon 01 Jan 2024 00:29:49 +0000
ROA not before:           Mon 01 Jan 2024 00:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56416
IP address blocks:        91.224.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/cd8206-764e-4a31-ace7-d308542a1d86/1/NkYULOMpCrZ4bT0w8mteQf1oTd4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/cd8206-764e-4a31-ace7-d308542a1d86/1/NkYULOMpCrZ4bT0w8mteQf1oTd4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NkYULOMpCrZ4bT0w8mteQf1oTd4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:41:92:b6:50:28:ea:74:da:f0:13:fc:37:b2:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3646142ce3290ab6786d3d30f26b5e41fd684dde
        Validity
            Not Before: Jan  1 00:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f1e2f7c767a22ee6f9403ffd2f95e88410c1a41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:6f:e4:f7:ab:2f:d3:ce:ff:cb:7a:81:ea:74:
                    28:e2:42:64:3f:2a:2b:a7:77:cd:30:8c:af:87:f3:
                    6a:ea:ed:ea:a5:e5:af:b1:c6:46:c7:a5:4e:55:92:
                    eb:a2:60:3d:fa:0a:e0:2f:e1:e6:d9:3b:a6:f9:b2:
                    d7:85:a0:32:73:24:ad:c2:16:05:12:36:45:c3:a8:
                    f1:83:55:71:9b:a0:5c:43:f3:ee:2d:08:d9:a2:a0:
                    7b:48:f1:8c:34:71:6b:78:5d:e9:89:2e:83:fa:8e:
                    db:0c:47:05:dc:c4:fb:6e:b7:af:32:c8:64:87:54:
                    d5:23:52:bb:4b:f9:6b:d0:78:40:73:c0:84:7f:e2:
                    ac:a3:ee:c4:a1:7d:d9:17:bd:b1:23:b5:5b:7c:46:
                    df:b7:ab:ed:4f:65:90:71:25:97:1a:1c:39:78:0c:
                    ef:64:22:f3:b2:92:69:62:d1:cb:0d:c5:d2:4a:f9:
                    8f:b3:a4:bb:66:4f:e3:80:ea:99:9c:57:5c:1b:b7:
                    51:b3:93:e4:8a:33:70:f1:5d:a9:ba:d5:5f:b7:17:
                    8a:98:1a:7b:9a:c6:9f:3c:41:d3:0d:9e:8e:34:74:
                    f9:24:4f:66:9d:6c:5d:59:6e:18:34:3c:b9:90:09:
                    81:f0:6f:e5:cd:48:35:6b:0b:3e:8f:ce:fd:07:12:
                    06:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:1E:2F:7C:76:7A:22:EE:6F:94:03:FF:D2:F9:5E:88:41:0C:1A:41
            X509v3 Authority Key Identifier:
                keyid:36:46:14:2C:E3:29:0A:B6:78:6D:3D:30:F2:6B:5E:41:FD:68:4D:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NkYULOMpCrZ4bT0w8mteQf1oTd4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/cd8206-764e-4a31-ace7-d308542a1d86/1/jx4vfHZ6Iu5vlAP_0vleiEEMGkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/cd8206-764e-4a31-ace7-d308542a1d86/1/NkYULOMpCrZ4bT0w8mteQf1oTd4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:86:bb:61:f9:6f:87:be:fb:fe:b2:34:9c:89:90:1f:1d:cb:
         67:1b:fa:b2:49:5b:8a:ec:2c:50:23:b1:3b:6d:4d:7c:82:a5:
         ad:ea:94:ad:fd:c1:c3:32:90:3c:24:9b:49:28:83:dd:e7:12:
         be:be:b4:0a:57:ee:7a:52:6f:23:2f:56:48:74:ff:7e:bb:f2:
         ec:8b:22:cb:4d:77:08:82:cb:4e:7c:31:9b:14:10:fd:4c:d2:
         59:6e:20:9a:cc:1d:82:e8:19:e7:c6:b0:2c:75:09:d3:4f:58:
         4c:eb:fa:32:83:31:88:a7:f2:65:4a:e4:13:c3:fc:1c:cb:79:
         8b:7c:c8:e5:94:94:40:58:6b:27:94:c7:4d:f0:9b:2b:c9:3a:
         48:10:c9:cc:44:59:6d:53:b5:b5:47:d5:0c:78:57:e3:79:fe:
         ef:bf:60:c7:be:c2:2b:46:39:d7:e9:f2:e2:3c:64:73:c4:6f:
         7f:8a:04:7d:c1:db:1b:d6:ae:e0:18:a7:15:7f:ab:cb:c2:3a:
         8b:4c:11:14:6f:aa:ca:16:e0:d5:af:fa:26:d2:df:11:27:89:
         3d:72:73:80:2a:91:62:95:6a:46:55:fb:ef:f0:4b:4a:11:11:
         c8:2a:01:7c:4e:a7:81:f1:a9:6a:74:c0:c4:51:7f:76:ee:78:
         83:9c:ec:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbUGStlAo6nTa8BP8N7JYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2NDYxNDJjZTMyOTBhYjY3ODZkM2QzMGYyNmI1ZTQxZmQ2
ODRkZGUwHhcNMjQwMTAxMDAyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjFlMmY3Yzc2N2EyMmVlNmY5NDAzZmZkMmY5NWU4ODQxMGMxYTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApm/k96sv087/y3qB6nQo4kJkPyor
p3fNMIyvh/Nq6u3qpeWvscZGx6VOVZLromA9+grgL+Hm2Tum+bLXhaAycyStwhYF
EjZFw6jxg1Vxm6BcQ/PuLQjZoqB7SPGMNHFreF3piS6D+o7bDEcF3MT7brevMshk
h1TVI1K7S/lr0HhAc8CEf+Kso+7EoX3ZF72xI7VbfEbft6vtT2WQcSWXGhw5eAzv
ZCLzspJpYtHLDcXSSvmPs6S7Zk/jgOqZnFdcG7dRs5PkijNw8V2putVftxeKmBp7
msafPEHTDZ6ONHT5JE9mnWxdWW4YNDy5kAmB8G/lzUg1aws+j879BxIGGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI8eL3x2eiLub5QD/9L5XohBDBpBMB8GA1UdIwQY
MBaAFDZGFCzjKQq2eG09MPJrXkH9aE3eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmtZVUxPTXBDclo0YlQwdzhtdGVRZjFvVGQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9jZDgyMDYtNzY0ZS00YTMxLWFjZTct
ZDMwODU0MmExZDg2LzEvang0dmZIWjZJdTV2bEFQXzB2bGVpRUVNR2tFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9jZDgyMDYtNzY0ZS00YTMxLWFjZTctZDMwODU0MmExZDg2
LzEvTmtZVUxPTXBDclo0YlQwdzhtdGVRZjFvVGQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+BwMA0G
CSqGSIb3DQEBCwUAA4IBAQBlhrth+W+Hvvv+sjSciZAfHctnG/qySVuK7CxQI7E7
bU18gqWt6pSt/cHDMpA8JJtJKIPd5xK+vrQKV+56Um8jL1ZIdP9+u/LsiyLLTXcI
gstOfDGbFBD9TNJZbiCazB2C6BnnxrAsdQnTT1hM6/oygzGIp/JlSuQTw/wcy3mL
fMjllJRAWGsnlMdN8JsryTpIEMnMRFltU7W1R9UMeFfjef7vv2DHvsIrRjnX6fLi
PGRzxG9/igR9wdsb1q7gGKcVf6vLwjqLTBEUb6rKFuDVr/om0t8RJ4k9cnOAKpFi
lWpGVfvv8EtKERHIKgF8TqeB8alqdMDEUX927niDnOzc
-----END CERTIFICATE-----