Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/aca994-f3c0-45a4-a642-6d7602d24c83/1/Jx5Iq1NqrQ22Px26jC41rReDmfs.roa
File:                     Jx5Iq1NqrQ22Px26jC41rReDmfs.roa (raw, json)
Hash identifier:          Xvst1jFiqqpPMtZ8rxM51yatT4RC+z87EnIxcczfucA=
Subject key identifier:   27:1E:48:AB:53:6A:AD:0D:B6:3F:1D:BA:8C:2E:35:AD:17:83:99:FB
Certificate issuer:       /CN=8e6d75b4e4986faccb614b334e45d5e039352a9c
Certificate serial:       018CC8015902E8E8FE9E2B680E81B5390075
Authority key identifier: 8E:6D:75:B4:E4:98:6F:AC:CB:61:4B:33:4E:45:D5:E0:39:35:2A:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jm11tOSYb6zLYUszTkXV4Dk1Kpw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/aca994-f3c0-45a4-a642-6d7602d24c83/1/Jx5Iq1NqrQ22Px26jC41rReDmfs.roa
Signing time:             Tue 02 Jan 2024 02:29:40 +0000
ROA not before:           Tue 02 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20691
IP address blocks:        91.209.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/aca994-f3c0-45a4-a642-6d7602d24c83/1/jm11tOSYb6zLYUszTkXV4Dk1Kpw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/aca994-f3c0-45a4-a642-6d7602d24c83/1/jm11tOSYb6zLYUszTkXV4Dk1Kpw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jm11tOSYb6zLYUszTkXV4Dk1Kpw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:59:02:e8:e8:fe:9e:2b:68:0e:81:b5:39:00:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e6d75b4e4986faccb614b334e45d5e039352a9c
        Validity
            Not Before: Jan  2 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=271e48ab536aad0db63f1dba8c2e35ad178399fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:70:c5:2c:ba:f1:f9:3a:28:7e:f3:2c:0c:fd:
                    23:a7:9e:ec:9f:3f:79:89:5a:99:48:82:5b:6c:3e:
                    57:f2:68:86:99:17:19:49:88:58:f9:ab:92:79:4f:
                    9b:f3:83:d5:14:c4:da:11:46:3c:81:81:6a:9e:93:
                    2e:c7:f6:06:a7:fe:46:5a:3b:53:68:11:48:51:af:
                    02:6f:fc:ce:d1:8d:28:1a:35:ab:c8:66:89:8a:f0:
                    42:40:54:05:38:17:4b:93:9a:5f:9e:24:df:39:75:
                    df:5d:e5:6d:a3:a8:5c:59:c4:df:aa:d4:a1:bd:a0:
                    32:88:e2:6f:10:20:78:ec:e8:23:1a:5b:7c:96:99:
                    23:9c:57:98:67:ee:af:64:90:8e:80:57:5d:de:27:
                    70:b2:75:ad:c8:65:9e:65:2b:6f:08:93:10:8b:de:
                    7e:c0:4f:75:82:7a:c3:43:ae:31:a8:8c:74:27:23:
                    5f:d6:fb:56:20:53:28:ed:d6:f7:aa:7b:5f:91:2f:
                    fd:f2:a6:94:f4:9a:58:87:5f:9b:e3:5a:f2:89:75:
                    1a:f8:5f:ee:9b:c6:54:d9:f6:1d:b4:08:e0:9a:9c:
                    ec:0f:e7:f1:a3:76:da:03:63:82:d9:20:50:cb:29:
                    12:6a:5d:67:2b:21:d2:da:4e:72:c4:2a:a3:3b:13:
                    44:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:1E:48:AB:53:6A:AD:0D:B6:3F:1D:BA:8C:2E:35:AD:17:83:99:FB
            X509v3 Authority Key Identifier:
                keyid:8E:6D:75:B4:E4:98:6F:AC:CB:61:4B:33:4E:45:D5:E0:39:35:2A:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jm11tOSYb6zLYUszTkXV4Dk1Kpw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/aca994-f3c0-45a4-a642-6d7602d24c83/1/Jx5Iq1NqrQ22Px26jC41rReDmfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/aca994-f3c0-45a4-a642-6d7602d24c83/1/jm11tOSYb6zLYUszTkXV4Dk1Kpw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:0a:bd:8c:41:f5:f9:24:83:fe:65:b9:dd:03:ca:6e:76:a5:
         56:8b:75:8a:3f:63:e1:56:d6:e4:c7:21:16:4a:c1:ee:ee:88:
         8b:e1:7d:42:4d:a6:f7:fd:f5:36:95:15:2d:a3:ed:88:1f:76:
         6a:7a:b9:19:3f:53:91:a9:1a:f9:1a:a4:20:ce:f9:5c:2f:86:
         f7:b9:75:f8:c0:f7:1f:66:b3:77:a9:4a:c2:7d:ed:af:c2:47:
         ec:6d:5e:3c:42:99:80:67:8d:ab:fb:30:a4:5c:f6:c3:c4:cb:
         f5:50:bb:65:13:5d:5c:52:5f:72:73:da:30:91:27:01:dd:84:
         23:49:88:57:fe:a6:c4:c1:79:54:52:c8:3f:76:b3:8a:d7:ed:
         c5:1a:ef:54:23:9d:bd:bd:16:80:77:5d:54:0d:d3:c0:1b:cf:
         7f:5a:02:10:43:c9:e6:80:e4:e6:43:ce:ee:8b:bb:6a:1f:24:
         03:da:c8:16:35:57:56:09:b2:30:30:3c:56:81:12:1b:2e:63:
         85:37:88:52:f9:a0:f9:a9:50:60:02:f0:84:c1:b2:9a:73:3e:
         b9:44:ef:ca:f2:69:3e:3a:a4:74:8b:36:6c:6e:80:b8:97:a0:
         d2:8c:5c:8e:01:de:24:99:ca:fe:84:d8:f1:5a:a0:a6:09:a9:
         eb:57:79:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAVkC6Oj+nitoDoG1OQB1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNmQ3NWI0ZTQ5ODZmYWNjYjYxNGIzMzRlNDVkNWUwMzkz
NTJhOWMwHhcNMjQwMTAyMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzFlNDhhYjUzNmFhZDBkYjYzZjFkYmE4YzJlMzVhZDE3ODM5OWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzXDFLLrx+ToofvMsDP0jp57snz95
iVqZSIJbbD5X8miGmRcZSYhY+auSeU+b84PVFMTaEUY8gYFqnpMux/YGp/5GWjtT
aBFIUa8Cb/zO0Y0oGjWryGaJivBCQFQFOBdLk5pfniTfOXXfXeVto6hcWcTfqtSh
vaAyiOJvECB47OgjGlt8lpkjnFeYZ+6vZJCOgFdd3idwsnWtyGWeZStvCJMQi95+
wE91gnrDQ64xqIx0JyNf1vtWIFMo7db3qntfkS/98qaU9JpYh1+b41ryiXUa+F/u
m8ZU2fYdtAjgmpzsD+fxo3baA2OC2SBQyykSal1nKyHS2k5yxCqjOxNEHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCceSKtTaq0Ntj8duowuNa0Xg5n7MB8GA1UdIwQY
MBaAFI5tdbTkmG+sy2FLM05F1eA5NSqcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam0xMXRPU1liNnpMWVVzelRrWFY0RGsxS3B3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9hY2E5OTQtZjNjMC00NWE0LWE2NDIt
NmQ3NjAyZDI0YzgzLzEvSng1SXExTnFyUTIyUHgyNmpDNDFyUmVEbWZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9hY2E5OTQtZjNjMC00NWE0LWE2NDItNmQ3NjAyZDI0Yzgz
LzEvam0xMXRPU1liNnpMWVVzelRrWFY0RGsxS3B3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9G8MA0G
CSqGSIb3DQEBCwUAA4IBAQCFCr2MQfX5JIP+ZbndA8pudqVWi3WKP2PhVtbkxyEW
SsHu7oiL4X1CTab3/fU2lRUto+2IH3ZqerkZP1ORqRr5GqQgzvlcL4b3uXX4wPcf
ZrN3qUrCfe2vwkfsbV48QpmAZ42r+zCkXPbDxMv1ULtlE11cUl9yc9owkScB3YQj
SYhX/qbEwXlUUsg/drOK1+3FGu9UI529vRaAd11UDdPAG89/WgIQQ8nmgOTmQ87u
i7tqHyQD2sgWNVdWCbIwMDxWgRIbLmOFN4hS+aD5qVBgAvCEwbKacz65RO/K8mk+
OqR0izZsboC4l6DSjFyOAd4kmcr+hNjxWqCmCanrV3na
-----END CERTIFICATE-----