Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/5a8e04-dd07-435a-b1bf-adedcaa3d26e/1/1-zY5nX0Ko1fskucGkupjgZY2m9M.roa
File:                     1-zY5nX0Ko1fskucGkupjgZY2m9M.roa (raw, json)
Hash identifier:          CTQD3sxvPJ8PmIyb9A4G5QzhsjSiUilSLanPUxGsA3A=
Subject key identifier:   FB:36:39:9D:7D:0A:A3:57:EC:92:E7:06:92:EA:63:81:96:36:9B:D3
Certificate issuer:       /CN=9a7edeac0c6c20ea49d492990e4858541d190ff1
Certificate serial:       019034C3EF906679A10DEE86D2A9D7A6FCF3
Authority key identifier: 9A:7E:DE:AC:0C:6C:20:EA:49:D4:92:99:0E:48:58:54:1D:19:0F:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mn7erAxsIOpJ1JKZDkhYVB0ZD_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/5a8e04-dd07-435a-b1bf-adedcaa3d26e/1/1-zY5nX0Ko1fskucGkupjgZY2m9M.roa
Signing time:             Thu 20 Jun 2024 08:29:34 +0000
ROA not before:           Thu 20 Jun 2024 08:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6698
IP address blocks:        91.213.175.0/24 maxlen: 24
                          91.237.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/5a8e04-dd07-435a-b1bf-adedcaa3d26e/1/mn7erAxsIOpJ1JKZDkhYVB0ZD_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/5a8e04-dd07-435a-b1bf-adedcaa3d26e/1/mn7erAxsIOpJ1JKZDkhYVB0ZD_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mn7erAxsIOpJ1JKZDkhYVB0ZD_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:34:c3:ef:90:66:79:a1:0d:ee:86:d2:a9:d7:a6:fc:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a7edeac0c6c20ea49d492990e4858541d190ff1
        Validity
            Not Before: Jun 20 08:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb36399d7d0aa357ec92e70692ea638196369bd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:e4:d9:74:f4:b7:bb:40:9e:a2:27:dc:94:e6:
                    d4:51:55:10:76:47:3f:e6:05:77:59:e6:20:92:4c:
                    91:2d:8e:74:a2:da:d8:a1:0a:0a:5a:a7:c1:d8:ba:
                    21:67:d6:30:fd:f1:83:34:ed:8d:f1:96:f6:1f:21:
                    80:b1:a5:a9:e8:54:1a:db:b2:bc:b8:05:0a:68:fc:
                    c2:51:e9:64:76:1f:47:37:b3:69:e7:14:5a:c7:07:
                    30:11:43:33:26:aa:07:81:fa:4b:16:8b:7c:2f:46:
                    69:ca:05:6b:1b:a7:da:91:cb:e8:a6:ac:d4:81:8a:
                    d8:e1:f1:4a:45:f0:2e:49:d2:ab:f3:f5:f9:58:4d:
                    b9:71:33:3b:b1:36:f5:ed:37:d4:3a:9e:c6:ae:3e:
                    d8:89:73:c8:ac:f7:3d:99:51:e5:bb:f0:5f:81:6c:
                    ec:ed:1a:74:59:2d:b0:9e:a1:6e:a3:72:de:46:d4:
                    60:33:10:c1:ba:c0:9b:bf:bc:89:c2:41:bf:11:49:
                    2a:04:78:83:f4:ad:7c:23:41:18:8e:ec:e2:5c:72:
                    66:84:27:da:0c:18:d5:2e:eb:4b:ac:24:fe:fb:b5:
                    ab:62:31:b8:90:87:6a:56:b7:c4:7a:f8:91:94:7e:
                    b9:57:2d:be:a6:d7:6f:e8:de:e1:26:73:ae:49:af:
                    4a:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:36:39:9D:7D:0A:A3:57:EC:92:E7:06:92:EA:63:81:96:36:9B:D3
            X509v3 Authority Key Identifier:
                keyid:9A:7E:DE:AC:0C:6C:20:EA:49:D4:92:99:0E:48:58:54:1D:19:0F:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mn7erAxsIOpJ1JKZDkhYVB0ZD_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/5a8e04-dd07-435a-b1bf-adedcaa3d26e/1/1-zY5nX0Ko1fskucGkupjgZY2m9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/5a8e04-dd07-435a-b1bf-adedcaa3d26e/1/mn7erAxsIOpJ1JKZDkhYVB0ZD_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.175.0/24
                  91.237.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:90:22:70:6b:31:d5:54:44:22:a2:b4:a4:38:a6:ce:db:1f:
         58:71:85:c4:c7:3c:ba:cb:cb:cd:ba:c5:e8:67:1a:65:5c:ba:
         ea:24:f3:6b:f4:bd:53:87:e0:f5:66:f3:fa:1b:96:3f:a2:56:
         83:2d:f1:4f:ff:97:70:9c:1f:1f:b5:d2:c5:6e:66:eb:04:8a:
         89:3d:9b:55:67:58:3c:e7:6e:93:22:3b:0d:80:85:5d:73:ef:
         1d:6b:dc:28:d5:bf:69:73:ea:9c:f0:59:5e:f5:6e:e0:a3:33:
         c2:bf:04:b5:5b:a4:17:d0:9e:ea:60:e5:40:ae:59:4c:08:c9:
         0a:0c:6d:56:6c:6a:0c:e4:bb:14:dc:28:0a:b7:19:12:61:2b:
         f5:0c:cb:e7:0a:b6:26:31:dd:1a:c0:8b:ae:dd:2d:80:ec:d1:
         a1:c9:75:b2:87:72:58:a5:14:64:66:f3:8d:aa:6f:69:57:c4:
         94:7e:a9:15:1f:24:2c:21:75:b1:79:0b:f3:92:09:0a:22:69:
         29:57:97:11:0b:6b:1b:82:74:43:c1:cf:3f:97:e2:30:99:6f:
         29:4e:6e:47:19:0b:56:9d:05:d6:28:4a:ab:81:ff:e0:aa:b6:
         7f:4a:39:ac:8a:a1:44:52:e1:77:9a:0b:0c:fb:c5:52:dc:72:
         2e:a4:49:9e
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZA0w++QZnmhDe6G0qnXpvzzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhN2VkZWFjMGM2YzIwZWE0OWQ0OTI5OTBlNDg1ODU0MWQx
OTBmZjEwHhcNMjQwNjIwMDgyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjM2Mzk5ZDdkMGFhMzU3ZWM5MmU3MDY5MmVhNjM4MTk2MzY5YmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2OTZdPS3u0CeoifclObUUVUQdkc/
5gV3WeYgkkyRLY50otrYoQoKWqfB2LohZ9Yw/fGDNO2N8Zb2HyGAsaWp6FQa27K8
uAUKaPzCUelkdh9HN7Np5xRaxwcwEUMzJqoHgfpLFot8L0ZpygVrG6fakcvopqzU
gYrY4fFKRfAuSdKr8/X5WE25cTM7sTb17TfUOp7Grj7YiXPIrPc9mVHlu/BfgWzs
7Rp0WS2wnqFuo3LeRtRgMxDBusCbv7yJwkG/EUkqBHiD9K18I0EYjuziXHJmhCfa
DBjVLutLrCT++7WrYjG4kIdqVrfEeviRlH65Vy2+ptdv6N7hJnOuSa9KNQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPs2OZ19CqNX7JLnBpLqY4GWNpvTMB8GA1UdIwQY
MBaAFJp+3qwMbCDqSdSSmQ5IWFQdGQ/xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbW43ZXJBeHNJT3BKMUpLWkRraFlWQjBaRF9FLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My81YThlMDQtZGQwNy00MzVhLWIxYmYt
YWRlZGNhYTNkMjZlLzEvMS16WTVuWDBLbzFmc2t1Y0drdXBqZ1pZMm05TS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTMvNWE4ZTA0LWRkMDctNDM1YS1iMWJmLWFkZWRjYWEzZDI2
ZS8xL21uN2VyQXhzSU9wSjFKS1pEa2hZVkIwWkRfRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAFvVrwME
AFvt+jANBgkqhkiG9w0BAQsFAAOCAQEAbZAicGsx1VREIqK0pDimztsfWHGFxMc8
usvLzbrF6GcaZVy66iTza/S9U4fg9Wbz+huWP6JWgy3xT/+XcJwfH7XSxW5m6wSK
iT2bVWdYPOdukyI7DYCFXXPvHWvcKNW/aXPqnPBZXvVu4KMzwr8EtVukF9Ce6mDl
QK5ZTAjJCgxtVmxqDOS7FNwoCrcZEmEr9QzL5wq2JjHdGsCLrt0tgOzRocl1sody
WKUUZGbzjapvaVfElH6pFR8kLCF1sXkL85IJCiJpKVeXEQtrG4J0Q8HPP5fiMJlv
KU5uRxkLVp0F1ihKq4H/4Kq2f0o5rIqhRFLhd5oLDPvFUtxyLqRJng==
-----END CERTIFICATE-----