Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/840dc1-83fc-4f9d-be5e-1939883bb1f8/1/rFBtk7BNW9OlcoysrG0wDP8usQk.roa
File:                     rFBtk7BNW9OlcoysrG0wDP8usQk.roa (raw, json)
Hash identifier:          MEu8Ib9zublPmKLqVMvoyHuwO1CqDrz6VrZJ1JKtuyU=
Subject key identifier:   AC:50:6D:93:B0:4D:5B:D3:A5:72:8C:AC:AC:6D:30:0C:FF:2E:B1:09
Certificate issuer:       /CN=f3b7dd54dab02fe8cde8a85e569f827088979419
Certificate serial:       018CC94BE0002045129E52C22206B9A09D1C
Authority key identifier: F3:B7:DD:54:DA:B0:2F:E8:CD:E8:A8:5E:56:9F:82:70:88:97:94:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/87fdVNqwL-jN6KheVp-CcIiXlBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/840dc1-83fc-4f9d-be5e-1939883bb1f8/1/rFBtk7BNW9OlcoysrG0wDP8usQk.roa
Signing time:             Tue 02 Jan 2024 08:30:42 +0000
ROA not before:           Tue 02 Jan 2024 08:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42791
IP address blocks:        91.213.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/840dc1-83fc-4f9d-be5e-1939883bb1f8/1/87fdVNqwL-jN6KheVp-CcIiXlBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/840dc1-83fc-4f9d-be5e-1939883bb1f8/1/87fdVNqwL-jN6KheVp-CcIiXlBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/87fdVNqwL-jN6KheVp-CcIiXlBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 20:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:e0:00:20:45:12:9e:52:c2:22:06:b9:a0:9d:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3b7dd54dab02fe8cde8a85e569f827088979419
        Validity
            Not Before: Jan  2 08:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac506d93b04d5bd3a5728cacac6d300cff2eb109
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:54:bc:7e:80:ae:b3:72:f1:ab:04:24:50:b5:
                    3c:d7:a2:bc:9b:63:d7:74:56:75:73:1c:77:b9:0d:
                    66:47:ca:43:13:ef:d8:b2:b7:f8:b5:ad:4f:65:1e:
                    91:21:72:be:d6:34:0b:3d:9e:43:80:88:ce:71:a0:
                    77:d0:e9:4b:1f:13:d9:83:dc:5e:78:b7:45:08:ea:
                    00:6a:cb:92:69:90:5d:d3:fc:e0:51:48:cf:42:4a:
                    c8:bf:fc:ca:62:2e:f8:b1:0b:89:19:00:57:f8:2c:
                    cc:3d:4a:3f:1d:f9:21:02:96:cb:e1:2b:e6:1e:03:
                    c3:9e:e6:61:dc:24:9c:54:42:4b:e0:1c:c0:62:bb:
                    42:97:68:fd:a4:1e:89:8a:77:56:28:f1:a0:b9:33:
                    a4:4d:83:20:15:fe:ee:d5:2d:8b:7f:29:81:5f:46:
                    5f:60:ce:6a:2b:18:74:ba:d3:fe:e3:11:df:a6:57:
                    d1:30:46:7d:71:a9:35:6c:ff:e6:3d:62:cf:e9:8d:
                    e9:ab:53:b7:ad:3c:54:06:c0:0b:fd:4b:64:03:7a:
                    3a:01:68:83:04:2a:27:ef:9c:00:32:54:2c:f0:30:
                    23:2f:6c:41:d3:7a:e3:08:02:7a:0d:58:ae:06:23:
                    07:30:1e:77:35:b3:16:aa:af:64:e8:50:7d:62:e3:
                    4e:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:50:6D:93:B0:4D:5B:D3:A5:72:8C:AC:AC:6D:30:0C:FF:2E:B1:09
            X509v3 Authority Key Identifier:
                keyid:F3:B7:DD:54:DA:B0:2F:E8:CD:E8:A8:5E:56:9F:82:70:88:97:94:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/87fdVNqwL-jN6KheVp-CcIiXlBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/840dc1-83fc-4f9d-be5e-1939883bb1f8/1/rFBtk7BNW9OlcoysrG0wDP8usQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/840dc1-83fc-4f9d-be5e-1939883bb1f8/1/87fdVNqwL-jN6KheVp-CcIiXlBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:e7:6f:b8:53:e9:e2:96:6a:d2:e4:ef:57:93:1e:da:eb:d5:
         aa:d8:0e:0d:c2:ec:6a:18:50:5b:55:c6:c5:a3:cc:61:59:86:
         16:3a:2b:7f:ab:a7:2f:af:7c:0d:7d:93:2a:0c:ce:37:28:44:
         d7:cf:39:2b:ad:d3:eb:aa:18:54:90:a3:73:10:15:12:da:a6:
         91:17:0c:d2:6c:3b:d1:51:44:e6:63:a1:bc:0c:4f:3d:68:7f:
         02:ef:25:35:84:8f:29:d7:c0:32:4b:f3:dc:e4:f1:9f:db:26:
         69:94:dc:a2:c7:37:43:67:15:be:9e:ed:75:62:37:06:11:f2:
         dc:24:fb:3a:03:6d:86:97:20:a9:ca:d7:97:dc:9f:43:bb:d0:
         db:48:44:ec:d8:15:7c:b2:ad:9c:9a:a7:28:51:51:60:85:fc:
         8c:a4:59:35:77:fb:c8:f5:36:a2:66:f0:d5:7b:8a:50:d0:96:
         64:37:fc:e0:3a:9d:1e:2d:f5:a1:12:3d:1b:97:9a:8c:cc:ee:
         a1:74:3c:56:e6:63:f6:4c:0a:7d:81:aa:16:5b:55:aa:f3:b9:
         ad:fe:02:3a:4b:08:9c:ab:3f:df:1a:5a:29:92:f1:37:47:ed:
         e0:79:8f:ee:a6:56:8e:32:6b:9a:c3:92:02:9d:2c:28:c1:ed:
         0d:8f:e8:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJS+AAIEUSnlLCIga5oJ0cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzYjdkZDU0ZGFiMDJmZThjZGU4YTg1ZTU2OWY4MjcwODg5
Nzk0MTkwHhcNMjQwMTAyMDgzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzUwNmQ5M2IwNGQ1YmQzYTU3MjhjYWNhYzZkMzAwY2ZmMmViMTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh1S8foCus3LxqwQkULU816K8m2PX
dFZ1cxx3uQ1mR8pDE+/Ysrf4ta1PZR6RIXK+1jQLPZ5DgIjOcaB30OlLHxPZg9xe
eLdFCOoAasuSaZBd0/zgUUjPQkrIv/zKYi74sQuJGQBX+CzMPUo/HfkhApbL4Svm
HgPDnuZh3CScVEJL4BzAYrtCl2j9pB6JindWKPGguTOkTYMgFf7u1S2LfymBX0Zf
YM5qKxh0utP+4xHfplfRMEZ9cak1bP/mPWLP6Y3pq1O3rTxUBsAL/UtkA3o6AWiD
BCon75wAMlQs8DAjL2xB03rjCAJ6DViuBiMHMB53NbMWqq9k6FB9YuNOWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKxQbZOwTVvTpXKMrKxtMAz/LrEJMB8GA1UdIwQY
MBaAFPO33VTasC/ozeioXlafgnCIl5QZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODdmZFZOcXdMLWpONktoZVZwLUNjSWlYbEJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS84NDBkYzEtODNmYy00ZjlkLWJlNWUt
MTkzOTg4M2JiMWY4LzEvckZCdGs3Qk5XOU9sY295c3JHMHdEUDh1c1FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS84NDBkYzEtODNmYy00ZjlkLWJlNWUtMTkzOTg4M2JiMWY4
LzEvODdmZFZOcXdMLWpONktoZVZwLUNjSWlYbEJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9WDMA0G
CSqGSIb3DQEBCwUAA4IBAQBn52+4U+nilmrS5O9Xkx7a69Wq2A4NwuxqGFBbVcbF
o8xhWYYWOit/q6cvr3wNfZMqDM43KETXzzkrrdPrqhhUkKNzEBUS2qaRFwzSbDvR
UUTmY6G8DE89aH8C7yU1hI8p18AyS/Pc5PGf2yZplNyixzdDZxW+nu11YjcGEfLc
JPs6A22GlyCpyteX3J9Du9DbSETs2BV8sq2cmqcoUVFghfyMpFk1d/vI9TaiZvDV
e4pQ0JZkN/zgOp0eLfWhEj0bl5qMzO6hdDxW5mP2TAp9gaoWW1Wq87mt/gI6Swic
qz/fGlopkvE3R+3geY/uplaOMmuaw5ICnSwowe0Nj+hR
-----END CERTIFICATE-----