Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/5xyMZ6CVQu92HGQmddxdhmaw9VQ.roa
File:                     5xyMZ6CVQu92HGQmddxdhmaw9VQ.roa (raw, json)
Hash identifier:          ySWQPdfPPyrjTvIA8UMRfuq2O2NgxoDW0qbHrIVa92k=
Subject key identifier:   E7:1C:8C:67:A0:95:42:EF:76:1C:64:26:75:DC:5D:86:66:B0:F5:54
Certificate issuer:       /CN=07f231365985828d5a9663ed1b440624b24fec13
Certificate serial:       018CC3B6A0C1A885B28AF4E8EC394BEBDDA0
Authority key identifier: 07:F2:31:36:59:85:82:8D:5A:96:63:ED:1B:44:06:24:B2:4F:EC:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/5xyMZ6CVQu92HGQmddxdhmaw9VQ.roa
Signing time:             Mon 01 Jan 2024 06:29:34 +0000
ROA not before:           Mon 01 Jan 2024 06:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        91.199.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a0:c1:a8:85:b2:8a:f4:e8:ec:39:4b:eb:dd:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07f231365985828d5a9663ed1b440624b24fec13
        Validity
            Not Before: Jan  1 06:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e71c8c67a09542ef761c642675dc5d8666b0f554
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:12:24:4b:52:58:72:68:79:cf:a3:f0:3b:e4:
                    3a:29:dd:24:36:31:af:3e:61:88:f5:64:97:4c:d5:
                    54:5a:e9:86:a3:5a:75:ed:5b:2e:47:63:50:5f:44:
                    b1:46:9b:d6:84:ea:b2:35:4a:b0:74:3d:67:12:7b:
                    c7:f1:d6:0b:0b:f6:5e:49:ad:96:cc:f9:c8:92:ab:
                    3d:cf:a4:fc:cf:0e:92:e1:35:61:c8:0d:64:5c:d6:
                    96:60:28:b6:34:dd:12:2b:90:44:ec:c3:05:af:a4:
                    18:7a:63:43:91:7f:e5:8a:df:a7:26:37:90:54:4d:
                    0c:2b:41:00:8e:8d:5a:d7:d1:e4:ad:d5:31:c3:5f:
                    03:ce:fd:95:5e:7b:93:34:47:02:65:d2:52:4d:df:
                    3e:a7:ea:ae:a9:6f:15:5a:83:0e:f1:ae:6d:a5:a9:
                    a6:6d:72:d1:20:38:25:1b:9b:a8:a2:3f:29:d0:fb:
                    44:5b:b4:27:4c:20:ab:71:03:be:a0:72:72:6a:cb:
                    b4:bb:51:eb:c5:d4:f5:14:e2:ea:a5:21:f7:a1:36:
                    5a:3b:08:0d:3a:19:62:b7:56:b9:41:ed:89:b7:3e:
                    d2:cd:b7:a4:aa:b1:29:48:8f:a9:9e:55:8c:3b:b0:
                    8e:c4:c0:72:40:ce:ff:95:1f:a8:f5:bc:8f:bf:80:
                    68:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:1C:8C:67:A0:95:42:EF:76:1C:64:26:75:DC:5D:86:66:B0:F5:54
            X509v3 Authority Key Identifier:
                keyid:07:F2:31:36:59:85:82:8D:5A:96:63:ED:1B:44:06:24:B2:4F:EC:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/5xyMZ6CVQu92HGQmddxdhmaw9VQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:c4:0f:d5:f0:46:e9:39:d8:ca:c3:02:20:77:b9:dc:36:25:
         5e:c4:36:64:09:d6:7a:a2:8d:42:b6:b8:c0:8f:7b:d0:98:da:
         92:94:aa:c5:9c:98:7d:4a:36:57:cd:af:ad:57:30:d9:ce:7a:
         ad:0e:c1:85:bf:47:4c:0f:57:73:ba:73:3c:f7:36:74:cc:c3:
         37:fd:a5:04:50:4e:cd:59:47:09:01:34:79:9a:b3:af:ad:00:
         a0:dd:87:75:72:3f:f7:d1:39:ad:4e:5f:f2:a2:8f:a2:aa:36:
         df:35:36:e0:2c:4b:07:32:42:1b:12:37:bd:c9:9b:6a:78:cd:
         88:76:ce:16:81:d8:71:1e:48:84:b6:36:a4:34:37:e6:78:a5:
         1e:7f:aa:b2:31:29:fc:0c:6a:f6:ad:22:b6:17:bd:c7:b8:47:
         12:fb:d0:40:c7:a9:96:a8:43:28:35:e4:75:d4:e4:ae:8c:b4:
         ec:f6:f8:d0:01:8d:11:33:3c:8a:58:64:27:e4:5f:b1:b6:5c:
         20:b7:14:bb:b9:e2:03:e2:c4:4f:ea:67:c8:99:49:8d:94:a6:
         28:50:c6:73:3d:73:95:25:0c:8e:c3:24:d2:e0:e4:44:70:dd:
         8d:8a:33:62:49:06:69:02:60:9d:70:6f:88:0e:6a:ca:97:1e:
         9e:20:10:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtqDBqIWyivTo7DlL692gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZjIzMTM2NTk4NTgyOGQ1YTk2NjNlZDFiNDQwNjI0YjI0
ZmVjMTMwHhcNMjQwMTAxMDYyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzFjOGM2N2EwOTU0MmVmNzYxYzY0MjY3NWRjNWQ4NjY2YjBmNTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhIkS1JYcmh5z6PwO+Q6Kd0kNjGv
PmGI9WSXTNVUWumGo1p17VsuR2NQX0SxRpvWhOqyNUqwdD1nEnvH8dYLC/ZeSa2W
zPnIkqs9z6T8zw6S4TVhyA1kXNaWYCi2NN0SK5BE7MMFr6QYemNDkX/lit+nJjeQ
VE0MK0EAjo1a19HkrdUxw18Dzv2VXnuTNEcCZdJSTd8+p+quqW8VWoMO8a5tpamm
bXLRIDglG5uooj8p0PtEW7QnTCCrcQO+oHJyasu0u1HrxdT1FOLqpSH3oTZaOwgN
Ohlit1a5Qe2Jtz7SzbekqrEpSI+pnlWMO7COxMByQM7/lR+o9byPv4Bo0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOccjGeglULvdhxkJnXcXYZmsPVUMB8GA1UdIwQY
MBaAFAfyMTZZhYKNWpZj7RtEBiSyT+wTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9JeE5sbUZnbzFhbG1QdEcwUUdKTEpQN0JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9lZjVmYjMtM2U1Ni00Yjc3LWFhYzct
MDg1ZmEwYTU2MDUyLzEvNXh5TVo2Q1ZRdTkySEdRbWRkeGRobWF3OVZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9lZjVmYjMtM2U1Ni00Yjc3LWFhYzctMDg1ZmEwYTU2MDUy
LzEvQl9JeE5sbUZnbzFhbG1QdEcwUUdKTEpQN0JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8cqMA0G
CSqGSIb3DQEBCwUAA4IBAQCzxA/V8EbpOdjKwwIgd7ncNiVexDZkCdZ6oo1CtrjA
j3vQmNqSlKrFnJh9SjZXza+tVzDZznqtDsGFv0dMD1dzunM89zZ0zMM3/aUEUE7N
WUcJATR5mrOvrQCg3Yd1cj/30TmtTl/yoo+iqjbfNTbgLEsHMkIbEje9yZtqeM2I
ds4WgdhxHkiEtjakNDfmeKUef6qyMSn8DGr2rSK2F73HuEcS+9BAx6mWqEMoNeR1
1OSujLTs9vjQAY0RMzyKWGQn5F+xtlwgtxS7ueID4sRP6mfImUmNlKYoUMZzPXOV
JQyOwyTS4OREcN2NijNiSQZpAmCdcG+IDmrKlx6eIBAn
-----END CERTIFICATE-----