Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/e754d6-0dac-4246-9fd6-202a0980c176/1/h7br1PvThZ1F6h29QgaLAHtNqU8.roa
File:                     h7br1PvThZ1F6h29QgaLAHtNqU8.roa (raw, json)
Hash identifier:          B3MPGFbjtHATwc4IjIjXNImYdBzjKJUScw77N/GL5WY=
Subject key identifier:   87:B6:EB:D4:FB:D3:85:9D:45:EA:1D:BD:42:06:8B:00:7B:4D:A9:4F
Certificate issuer:       /CN=d895bee5605630f7048b1ffb3f003b39d29e47a0
Certificate serial:       018F5DDD5234191EC280954B0DC09BB88580
Authority key identifier: D8:95:BE:E5:60:56:30:F7:04:8B:1F:FB:3F:00:3B:39:D2:9E:47:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2JW-5WBWMPcEix_7PwA7OdKeR6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/e754d6-0dac-4246-9fd6-202a0980c176/1/h7br1PvThZ1F6h29QgaLAHtNqU8.roa
Signing time:             Thu 09 May 2024 14:58:56 +0000
ROA not before:           Thu 09 May 2024 14:58:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202391
IP address blocks:        91.217.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/e754d6-0dac-4246-9fd6-202a0980c176/1/2JW-5WBWMPcEix_7PwA7OdKeR6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/e754d6-0dac-4246-9fd6-202a0980c176/1/2JW-5WBWMPcEix_7PwA7OdKeR6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2JW-5WBWMPcEix_7PwA7OdKeR6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:5d:dd:52:34:19:1e:c2:80:95:4b:0d:c0:9b:b8:85:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d895bee5605630f7048b1ffb3f003b39d29e47a0
        Validity
            Not Before: May  9 14:58:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87b6ebd4fbd3859d45ea1dbd42068b007b4da94f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:50:6b:0b:b9:eb:bf:e5:d6:3d:18:4e:53:a2:
                    c6:a6:95:a4:cb:ae:1a:39:b6:d6:30:32:ad:ed:9b:
                    89:8f:9b:ef:3e:69:1d:b6:56:74:09:07:57:81:44:
                    c6:95:ea:c4:22:9f:3d:4e:34:0e:79:6d:99:5b:26:
                    da:95:a4:55:a9:03:34:c0:0d:20:8b:42:04:96:4b:
                    88:f1:c3:41:10:b7:7e:0c:44:a0:09:4e:6d:51:79:
                    72:38:83:ac:35:97:28:74:b9:71:34:7f:9e:ec:e1:
                    b1:22:9d:32:68:12:75:23:24:ab:37:ab:29:c6:c8:
                    8a:db:a1:a6:a8:e2:c4:9e:ee:86:52:df:98:94:4b:
                    ef:3e:7d:a1:3b:cc:f1:7e:22:9c:e1:45:f7:60:2c:
                    6d:b4:60:42:c0:9a:e3:fd:a2:bb:94:2d:4b:d0:17:
                    07:a7:69:5c:a4:d9:76:09:d2:96:db:a9:37:5e:8e:
                    53:4b:a4:dd:75:49:32:43:f5:ca:6b:f4:05:20:1b:
                    2d:9e:0c:ea:78:50:1d:ef:69:f9:9b:b4:2b:9b:59:
                    6d:7a:b4:34:f4:d3:fd:2d:0f:ad:b8:3a:e5:5d:58:
                    ba:c9:48:32:6f:4f:12:f3:6c:79:01:9c:6c:4d:07:
                    b5:8d:1c:7c:f4:3b:d8:de:f8:6d:5a:cd:2c:8a:2a:
                    bc:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:B6:EB:D4:FB:D3:85:9D:45:EA:1D:BD:42:06:8B:00:7B:4D:A9:4F
            X509v3 Authority Key Identifier:
                keyid:D8:95:BE:E5:60:56:30:F7:04:8B:1F:FB:3F:00:3B:39:D2:9E:47:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2JW-5WBWMPcEix_7PwA7OdKeR6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e754d6-0dac-4246-9fd6-202a0980c176/1/h7br1PvThZ1F6h29QgaLAHtNqU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e754d6-0dac-4246-9fd6-202a0980c176/1/2JW-5WBWMPcEix_7PwA7OdKeR6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:0c:5a:a8:a8:ee:c4:8c:fb:2c:27:86:8c:6b:33:a3:b9:2b:
         f4:de:d9:92:13:0b:a2:d3:01:e1:95:68:91:8b:60:32:fb:a6:
         b9:8b:43:ad:f3:2b:6a:23:4b:3a:4c:c2:16:e2:03:50:3c:1e:
         e3:6a:84:58:b8:7f:b8:ed:a6:7f:c8:38:be:ae:43:6a:b0:20:
         2d:c4:4c:32:b8:aa:00:c7:5a:1d:9c:95:db:13:df:1a:4c:9b:
         24:69:a2:32:99:bf:81:23:b6:d6:c7:f3:39:c8:f6:47:af:17:
         de:9b:85:a1:97:f2:db:fc:7d:47:0b:07:c7:42:2e:95:fa:c7:
         ea:e2:da:10:90:0f:f8:ae:32:7b:f7:82:a4:d3:79:2e:a5:25:
         e9:05:60:41:ee:b1:87:95:2a:a9:ca:8f:d6:3a:f7:f2:7d:13:
         0e:95:14:ae:f9:4b:78:64:ce:fd:ae:2f:35:3e:be:91:83:10:
         86:3b:40:ae:f6:0e:1c:ea:a3:17:56:b3:5b:59:bd:81:49:7e:
         16:b1:db:db:5d:2f:ff:06:6b:94:bc:01:92:e1:ee:f9:89:f5:
         a0:f0:7a:7c:f6:93:2d:2b:15:e1:58:70:5e:27:c5:68:08:71:
         97:d1:68:46:80:88:14:cf:5a:92:da:32:1c:a3:fe:ba:23:56:
         4b:5e:67:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9d3VI0GR7CgJVLDcCbuIWAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4OTViZWU1NjA1NjMwZjcwNDhiMWZmYjNmMDAzYjM5ZDI5
ZTQ3YTAwHhcNMjQwNTA5MTQ1ODU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2I2ZWJkNGZiZDM4NTlkNDVlYTFkYmQ0MjA2OGIwMDdiNGRhOTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4VBrC7nrv+XWPRhOU6LGppWky64a
ObbWMDKt7ZuJj5vvPmkdtlZ0CQdXgUTGlerEIp89TjQOeW2ZWybalaRVqQM0wA0g
i0IElkuI8cNBELd+DESgCU5tUXlyOIOsNZcodLlxNH+e7OGxIp0yaBJ1IySrN6sp
xsiK26GmqOLEnu6GUt+YlEvvPn2hO8zxfiKc4UX3YCxttGBCwJrj/aK7lC1L0BcH
p2lcpNl2CdKW26k3Xo5TS6TddUkyQ/XKa/QFIBstngzqeFAd72n5m7Qrm1lterQ0
9NP9LQ+tuDrlXVi6yUgyb08S82x5AZxsTQe1jRx89DvY3vhtWs0siiq8ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIe269T704WdReodvUIGiwB7TalPMB8GA1UdIwQY
MBaAFNiVvuVgVjD3BIsf+z8AOznSnkegMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkpXLTVXQldNUGNFaXhfN1B3QTdPZEtlUjZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9lNzU0ZDYtMGRhYy00MjQ2LTlmZDYt
MjAyYTA5ODBjMTc2LzEvaDdicjFQdlRoWjFGNmgyOVFnYUxBSHROcVU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9lNzU0ZDYtMGRhYy00MjQ2LTlmZDYtMjAyYTA5ODBjMTc2
LzEvMkpXLTVXQldNUGNFaXhfN1B3QTdPZEtlUjZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9nxMA0G
CSqGSIb3DQEBCwUAA4IBAQAqDFqoqO7EjPssJ4aMazOjuSv03tmSEwui0wHhlWiR
i2Ay+6a5i0Ot8ytqI0s6TMIW4gNQPB7jaoRYuH+47aZ/yDi+rkNqsCAtxEwyuKoA
x1odnJXbE98aTJskaaIymb+BI7bWx/M5yPZHrxfem4Whl/Lb/H1HCwfHQi6V+sfq
4toQkA/4rjJ794Kk03kupSXpBWBB7rGHlSqpyo/WOvfyfRMOlRSu+Ut4ZM79ri81
Pr6RgxCGO0Cu9g4c6qMXVrNbWb2BSX4WsdvbXS//BmuUvAGS4e75ifWg8Hp89pMt
KxXhWHBeJ8VoCHGX0WhGgIgUz1qS2jIco/66I1ZLXmdH
-----END CERTIFICATE-----