Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/7RJ23OA0YDNJKaif9mhYBQyDu8U.roa
File:                     7RJ23OA0YDNJKaif9mhYBQyDu8U.roa (raw, json)
Hash identifier:          RYSJRubaGiPtrm1MpZfo5XhbG4BpMkyx+qaURe5CJmE=
Subject key identifier:   ED:12:76:DC:E0:34:60:33:49:29:A8:9F:F6:68:58:05:0C:83:BB:C5
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018EA8B3C53C9B979A3F15D67DCDF0B463BF
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/7RJ23OA0YDNJKaif9mhYBQyDu8U.roa
Signing time:             Thu 04 Apr 2024 10:42:17 +0000
ROA not before:           Thu 04 Apr 2024 10:42:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57013
IP address blocks:        91.231.187.0/24 maxlen: 24
                          92.63.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 20:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a8:b3:c5:3c:9b:97:9a:3f:15:d6:7d:cd:f0:b4:63:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Apr  4 10:42:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed1276dce03460334929a89ff66858050c83bbc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:69:dc:b7:ff:5f:0f:1f:4c:02:4b:9f:11:71:
                    c4:35:4e:0d:7e:6e:a9:c5:97:53:7a:6c:87:21:fa:
                    ee:23:ba:e3:2d:1a:39:1b:8a:79:c8:9f:d0:fc:30:
                    27:13:37:7c:33:6e:32:79:f5:37:c7:1f:fe:7a:ad:
                    10:46:b6:25:d4:07:77:8f:9c:5a:0d:fd:73:c5:6e:
                    01:1d:b2:66:ba:a6:8f:90:ac:0f:6e:a8:b2:f0:63:
                    30:59:2b:37:21:77:2b:30:40:54:7e:7e:08:3d:8f:
                    bf:5f:1b:cd:a9:31:90:38:cd:99:9a:20:a1:44:fc:
                    0b:77:48:ad:6c:02:a8:43:98:2a:9b:3d:4a:cb:ba:
                    71:fc:a8:41:76:27:cd:f9:89:86:97:a2:82:31:20:
                    89:99:81:26:16:a9:b9:cc:4f:83:b3:e4:c5:76:59:
                    6b:a6:73:71:6f:58:ab:bf:3e:ec:29:7a:11:d9:ab:
                    a5:1a:f8:cf:9b:ae:cc:62:49:98:4c:20:2d:aa:38:
                    73:d0:01:34:6e:52:f6:d2:fa:69:92:7e:d2:f8:c2:
                    57:b8:36:69:bf:b7:d5:f6:d9:92:d8:6a:d2:c1:e1:
                    19:b1:38:e5:cf:5e:08:c2:51:0a:dd:c8:ac:b4:40:
                    8a:75:a7:64:15:05:85:36:38:39:36:a1:72:b2:1b:
                    8a:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:12:76:DC:E0:34:60:33:49:29:A8:9F:F6:68:58:05:0C:83:BB:C5
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/7RJ23OA0YDNJKaif9mhYBQyDu8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.187.0/24
                  92.63.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:e9:7e:74:9d:f3:d6:55:97:66:2d:e2:6e:27:39:16:3d:af:
         36:b1:0d:11:a6:a8:65:9a:ee:e9:81:41:e6:48:73:e7:d9:6c:
         0b:35:4b:bb:18:ca:00:d5:87:0b:50:cf:c9:12:79:33:fa:18:
         0a:ec:78:0c:4b:6a:21:f6:72:d1:36:93:71:4f:ec:8a:82:ea:
         c6:97:09:2a:69:c2:df:f5:d2:9a:b8:78:83:88:94:85:37:d5:
         08:2a:4c:c8:4d:ea:3b:c7:94:5a:5d:36:9b:db:a6:a5:7a:93:
         e5:1c:fa:27:c8:55:f4:b1:8d:05:0b:8c:05:5e:49:7a:6a:0e:
         b2:10:24:ba:27:7d:d0:a7:5f:02:c2:80:d7:cd:3d:a2:67:51:
         0a:2c:d2:83:20:e6:07:23:a6:68:49:7b:af:65:4d:ce:a3:5f:
         30:4c:af:0c:dd:00:9c:12:15:9f:2f:dd:be:87:af:f9:06:1b:
         e4:2e:8f:40:23:98:c8:b5:ec:34:af:15:52:79:92:a7:fd:ac:
         b9:b6:83:27:0f:53:6a:f0:f5:ec:a4:5c:8a:ac:55:b0:cb:55:
         37:02:71:c1:71:f4:d8:61:90:b6:0b:f8:d9:2a:dc:58:73:c8:
         d1:bb:17:5c:26:7d:97:30:d8:aa:9b:c3:cb:ed:68:ef:b6:39:
         46:55:a5:14
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6os8U8m5eaPxXWfc3wtGO/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwNDA0MTA0MjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDEyNzZkY2UwMzQ2MDMzNDkyOWE4OWZmNjY4NTgwNTBjODNiYmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmnct/9fDx9MAkufEXHENU4Nfm6p
xZdTemyHIfruI7rjLRo5G4p5yJ/Q/DAnEzd8M24yefU3xx/+eq0QRrYl1Ad3j5xa
Df1zxW4BHbJmuqaPkKwPbqiy8GMwWSs3IXcrMEBUfn4IPY+/XxvNqTGQOM2ZmiCh
RPwLd0itbAKoQ5gqmz1Ky7px/KhBdifN+YmGl6KCMSCJmYEmFqm5zE+Ds+TFdllr
pnNxb1irvz7sKXoR2aulGvjPm67MYkmYTCAtqjhz0AE0blL20vppkn7S+MJXuDZp
v7fV9tmS2GrSweEZsTjlz14IwlEK3cistECKdadkFQWFNjg5NqFyshuKkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO0SdtzgNGAzSSmon/ZoWAUMg7vFMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvN1JKMjNPQTBZRE5KS2FpZjltaFlCUXlEdThVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+e7AwQA
XD+1MA0GCSqGSIb3DQEBCwUAA4IBAQCP6X50nfPWVZdmLeJuJzkWPa82sQ0Rpqhl
mu7pgUHmSHPn2WwLNUu7GMoA1YcLUM/JEnkz+hgK7HgMS2oh9nLRNpNxT+yKgurG
lwkqacLf9dKauHiDiJSFN9UIKkzITeo7x5RaXTab26alepPlHPonyFX0sY0FC4wF
Xkl6ag6yECS6J33Qp18CwoDXzT2iZ1EKLNKDIOYHI6ZoSXuvZU3Oo18wTK8M3QCc
EhWfL92+h6/5BhvkLo9AI5jItew0rxVSeZKn/ay5toMnD1Nq8PXspFyKrFWwy1U3
AnHBcfTYYZC2C/jZKtxYc8jRuxdcJn2XMNiqm8PL7WjvtjlGVaUU
-----END CERTIFICATE-----