Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/6470ac-1809-4d59-8714-73bdcb9de755/1/5ctNsSU-AK1mNcgeN-tSOhymBPw.roa
File:                     5ctNsSU-AK1mNcgeN-tSOhymBPw.roa (raw, json)
Hash identifier:          9Nn/45pU0I7iirKloXE5JLCekBWiYtjpSwJ9NxJHKFo=
Subject key identifier:   E5:CB:4D:B1:25:3E:00:AD:66:35:C8:1E:37:EB:52:3A:1C:A6:04:FC
Certificate issuer:       /CN=e62aba64108297582ccae8e7ba86f2cfc9e1d5aa
Certificate serial:       018CC9BBAEC76B0E725F5AF848132412E3D9
Authority key identifier: E6:2A:BA:64:10:82:97:58:2C:CA:E8:E7:BA:86:F2:CF:C9:E1:D5:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5iq6ZBCCl1gsyujnuobyz8nh1ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/6470ac-1809-4d59-8714-73bdcb9de755/1/5ctNsSU-AK1mNcgeN-tSOhymBPw.roa
Signing time:             Tue 02 Jan 2024 10:32:49 +0000
ROA not before:           Tue 02 Jan 2024 10:32:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198216
IP address blocks:        91.198.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/6470ac-1809-4d59-8714-73bdcb9de755/1/5iq6ZBCCl1gsyujnuobyz8nh1ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/6470ac-1809-4d59-8714-73bdcb9de755/1/5iq6ZBCCl1gsyujnuobyz8nh1ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5iq6ZBCCl1gsyujnuobyz8nh1ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:ae:c7:6b:0e:72:5f:5a:f8:48:13:24:12:e3:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e62aba64108297582ccae8e7ba86f2cfc9e1d5aa
        Validity
            Not Before: Jan  2 10:32:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5cb4db1253e00ad6635c81e37eb523a1ca604fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:50:43:1a:26:d0:29:02:49:5a:79:78:90:9e:
                    ec:d2:7f:ab:97:fe:b6:0a:9b:22:eb:f8:98:0f:91:
                    17:0a:6f:be:f1:a2:fa:49:93:40:7d:17:8f:b8:5d:
                    15:61:be:7c:2c:14:23:6a:bb:40:13:b7:6b:83:39:
                    47:da:97:ac:fe:d0:12:45:17:ce:ef:00:86:53:d7:
                    5a:87:c1:7f:3d:3c:89:e3:5b:4d:52:b2:00:f8:42:
                    99:d9:5b:cb:1f:ab:93:4a:73:72:75:b8:75:7a:ee:
                    0e:05:a7:a2:1e:f8:51:d4:64:5b:f7:02:16:95:4b:
                    5f:f5:02:76:5f:2b:59:12:62:cb:60:3b:89:e9:c7:
                    82:22:1f:56:ce:13:14:8a:dc:da:5a:c2:24:1d:46:
                    5b:c1:1f:7a:6c:f0:d9:d6:6b:a7:f9:87:91:a1:d5:
                    b8:1a:cf:4a:ab:31:33:88:d4:93:18:83:b0:c1:68:
                    7e:aa:66:02:b0:53:d9:c3:61:f0:db:e7:62:60:fd:
                    c2:8d:9a:98:7e:bb:fe:5f:f4:ac:7c:da:19:6d:4c:
                    32:49:d7:c6:04:22:06:b3:96:b0:1a:1e:7b:da:3a:
                    76:a1:5d:08:3b:9f:10:d3:4c:b6:6b:87:d0:47:7c:
                    9a:96:37:a4:08:c2:7c:7c:cb:dc:3f:0d:b5:7c:8d:
                    6d:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:CB:4D:B1:25:3E:00:AD:66:35:C8:1E:37:EB:52:3A:1C:A6:04:FC
            X509v3 Authority Key Identifier:
                keyid:E6:2A:BA:64:10:82:97:58:2C:CA:E8:E7:BA:86:F2:CF:C9:E1:D5:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5iq6ZBCCl1gsyujnuobyz8nh1ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/6470ac-1809-4d59-8714-73bdcb9de755/1/5ctNsSU-AK1mNcgeN-tSOhymBPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/6470ac-1809-4d59-8714-73bdcb9de755/1/5iq6ZBCCl1gsyujnuobyz8nh1ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:6d:25:57:13:5e:0a:29:78:43:ed:4b:08:86:49:8f:4d:1c:
         14:5f:6d:b6:fd:4d:b1:c8:ff:c3:26:3e:9d:bf:e9:3f:2a:c5:
         20:0f:d6:e0:1a:e4:98:20:05:d9:c6:0f:92:33:ad:f4:e9:03:
         9f:eb:50:9d:42:6a:e5:f9:b2:04:ed:5c:e4:26:90:c3:57:7f:
         8f:c5:66:9f:56:46:e5:1d:5b:70:d8:61:aa:17:23:c2:bc:cc:
         74:5e:77:4c:3c:25:13:f3:92:74:e5:80:84:e1:1c:ec:a5:d0:
         4b:4e:29:0d:10:6f:9f:ac:df:6f:74:62:61:b4:94:8f:3e:d4:
         b2:9a:b5:cc:be:bd:6b:6f:94:9e:b8:64:2d:d2:cd:1e:ce:62:
         26:3a:1c:12:24:8d:70:f5:d4:55:8c:c0:0e:55:5e:6c:12:54:
         48:6d:66:23:9e:f7:69:be:9d:e1:0c:82:48:56:a6:26:39:06:
         a6:ee:5f:55:b0:c5:99:18:69:bc:db:0d:f8:61:6c:98:38:3a:
         5e:69:6c:78:20:fe:c1:04:75:5a:59:0d:30:fd:47:1a:f7:08:
         e1:31:9c:5f:9a:44:05:f3:5b:22:c5:8c:1d:43:58:74:19:28:
         34:06:6f:b9:45:0d:19:50:60:6a:39:af:25:24:0f:77:3b:fd:
         64:21:79:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu67Haw5yX1r4SBMkEuPZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MmFiYTY0MTA4Mjk3NTgyY2NhZThlN2JhODZmMmNmYzll
MWQ1YWEwHhcNMjQwMTAyMTAzMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWNiNGRiMTI1M2UwMGFkNjYzNWM4MWUzN2ViNTIzYTFjYTYwNGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlFBDGibQKQJJWnl4kJ7s0n+rl/62
Cpsi6/iYD5EXCm++8aL6SZNAfRePuF0VYb58LBQjartAE7drgzlH2pes/tASRRfO
7wCGU9dah8F/PTyJ41tNUrIA+EKZ2VvLH6uTSnNydbh1eu4OBaeiHvhR1GRb9wIW
lUtf9QJ2XytZEmLLYDuJ6ceCIh9WzhMUitzaWsIkHUZbwR96bPDZ1mun+YeRodW4
Gs9KqzEziNSTGIOwwWh+qmYCsFPZw2Hw2+diYP3CjZqYfrv+X/SsfNoZbUwySdfG
BCIGs5awGh572jp2oV0IO58Q00y2a4fQR3yaljekCMJ8fMvcPw21fI1tuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOXLTbElPgCtZjXIHjfrUjocpgT8MB8GA1UdIwQY
MBaAFOYqumQQgpdYLMro57qG8s/J4dWqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWlxNlpCQ0NsMWdzeXVqbnVvYnl6OG5oMWFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy82NDcwYWMtMTgwOS00ZDU5LTg3MTQt
NzNiZGNiOWRlNzU1LzEvNWN0TnNTVS1BSzFtTmNnZU4tdFNPaHltQlB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy82NDcwYWMtMTgwOS00ZDU5LTg3MTQtNzNiZGNiOWRlNzU1
LzEvNWlxNlpCQ0NsMWdzeXVqbnVvYnl6OG5oMWFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8bZMA0G
CSqGSIb3DQEBCwUAA4IBAQBRbSVXE14KKXhD7UsIhkmPTRwUX222/U2xyP/DJj6d
v+k/KsUgD9bgGuSYIAXZxg+SM6306QOf61CdQmrl+bIE7VzkJpDDV3+PxWafVkbl
HVtw2GGqFyPCvMx0XndMPCUT85J05YCE4RzspdBLTikNEG+frN9vdGJhtJSPPtSy
mrXMvr1rb5SeuGQt0s0ezmImOhwSJI1w9dRVjMAOVV5sElRIbWYjnvdpvp3hDIJI
VqYmOQam7l9VsMWZGGm82w34YWyYODpeaWx4IP7BBHVaWQ0w/Uca9wjhMZxfmkQF
81sixYwdQ1h0GSg0Bm+5RQ0ZUGBqOa8lJA93O/1kIXnL
-----END CERTIFICATE-----