Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/6160c9-d2e5-439c-a25a-5d8700f65a38/1/ft7xh59tqK7_5hcrgRjbzwOYESY.roa
File:                     ft7xh59tqK7_5hcrgRjbzwOYESY.roa (raw, json)
Hash identifier:          0KzPAQHT+ZzN589dBPkpXLJuRqz1sSp02qjgmpLxh6U=
Subject key identifier:   7E:DE:F1:87:9F:6D:A8:AE:FF:E6:17:2B:81:18:DB:CF:03:98:11:26
Certificate issuer:       /CN=0fea8ae19061acc5489ac2719082acea5a2fc5d3
Certificate serial:       018CCA2A382DD34550FFAF235B62CC1288AD
Authority key identifier: 0F:EA:8A:E1:90:61:AC:C5:48:9A:C2:71:90:82:AC:EA:5A:2F:C5:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D-qK4ZBhrMVImsJxkIKs6lovxdM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/6160c9-d2e5-439c-a25a-5d8700f65a38/1/ft7xh59tqK7_5hcrgRjbzwOYESY.roa
Signing time:             Tue 02 Jan 2024 12:33:33 +0000
ROA not before:           Tue 02 Jan 2024 12:33:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62005
IP address blocks:        91.236.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/6160c9-d2e5-439c-a25a-5d8700f65a38/1/D-qK4ZBhrMVImsJxkIKs6lovxdM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/6160c9-d2e5-439c-a25a-5d8700f65a38/1/D-qK4ZBhrMVImsJxkIKs6lovxdM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D-qK4ZBhrMVImsJxkIKs6lovxdM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:38:2d:d3:45:50:ff:af:23:5b:62:cc:12:88:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0fea8ae19061acc5489ac2719082acea5a2fc5d3
        Validity
            Not Before: Jan  2 12:33:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7edef1879f6da8aeffe6172b8118dbcf03981126
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ce:dd:50:ab:75:13:33:8d:fc:3b:1b:35:1a:
                    f9:d8:59:c1:4a:7c:8a:cd:3d:d4:f5:fb:e0:92:d5:
                    10:e7:80:a6:12:7a:2b:52:e7:42:0e:8f:b2:86:45:
                    a2:0b:f6:b7:15:21:6f:49:74:4a:58:41:92:a7:f9:
                    4c:86:0a:0f:eb:94:81:34:fd:05:4a:ef:93:27:18:
                    22:d7:56:62:ca:bf:ca:3a:ad:e0:ce:9e:09:d6:b1:
                    f4:39:85:ca:23:22:32:34:00:51:a9:ce:0b:58:57:
                    59:96:a1:9e:fa:94:36:af:6c:4f:d7:30:8c:29:00:
                    4b:e1:6e:25:66:c4:de:3e:7f:1a:dc:90:74:aa:d5:
                    37:a0:df:11:7f:b2:33:8c:f3:0f:d5:e4:b8:f8:2f:
                    c8:90:9c:83:91:e2:7e:ed:69:42:cc:6c:07:5f:97:
                    fc:d8:e6:b9:7e:78:11:ec:c0:37:2e:26:ce:dc:56:
                    cd:f5:a7:a5:aa:89:64:6e:2b:86:99:ad:f1:5c:ad:
                    cd:cc:93:cd:c3:67:cb:78:74:9f:c7:49:c5:74:e9:
                    65:73:03:f5:fb:09:21:f6:06:1e:39:a8:19:3b:f5:
                    48:28:45:c6:6d:de:bb:7b:d6:2d:bd:54:95:9b:5e:
                    d3:34:dd:46:e4:79:00:6a:b3:a3:66:83:4f:cb:85:
                    33:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:DE:F1:87:9F:6D:A8:AE:FF:E6:17:2B:81:18:DB:CF:03:98:11:26
            X509v3 Authority Key Identifier:
                keyid:0F:EA:8A:E1:90:61:AC:C5:48:9A:C2:71:90:82:AC:EA:5A:2F:C5:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D-qK4ZBhrMVImsJxkIKs6lovxdM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/6160c9-d2e5-439c-a25a-5d8700f65a38/1/ft7xh59tqK7_5hcrgRjbzwOYESY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/6160c9-d2e5-439c-a25a-5d8700f65a38/1/D-qK4ZBhrMVImsJxkIKs6lovxdM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:18:08:4d:d3:59:85:d4:ee:32:b3:5b:19:2a:18:bc:12:83:
         ea:c3:0c:e1:f9:6c:10:13:ce:81:91:41:57:88:f6:05:51:a9:
         c9:e2:61:7a:e8:87:74:0f:bb:b6:d8:64:e4:56:e9:51:4e:3f:
         ef:1a:00:0c:14:4f:9f:97:2b:38:e5:13:ec:8e:66:dc:5a:55:
         3b:03:65:42:d0:34:8b:e3:63:21:c3:01:ea:9b:73:2c:33:e3:
         fe:09:9e:fa:3e:2e:20:cc:a5:82:97:7f:c9:fc:77:bb:88:8b:
         0f:96:82:1d:38:ca:38:b5:ad:16:cb:08:ce:f4:33:f6:ab:bf:
         38:87:9c:c8:b7:bd:80:bb:10:14:4a:58:09:c2:12:24:c3:ca:
         b3:3f:79:98:b5:41:c2:43:47:7a:27:28:3f:e6:91:05:0f:ef:
         8a:72:47:53:c3:51:88:c9:5a:a1:a2:14:8c:00:2a:3b:f6:a2:
         87:90:66:1d:21:f3:31:96:02:0d:f3:8b:fe:2b:f1:cc:c4:c8:
         f0:6f:06:65:80:76:52:a6:58:75:66:1e:a9:6f:11:50:bf:2d:
         b8:05:dd:a4:f5:e6:08:78:c4:74:46:12:f1:dc:c9:14:57:37:
         b0:d0:9d:53:fb:e9:b4:2e:bf:e0:8b:c7:4d:4d:8f:e4:e2:df:
         0a:14:6f:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKjgt00VQ/68jW2LMEoitMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZWE4YWUxOTA2MWFjYzU0ODlhYzI3MTkwODJhY2VhNWEy
ZmM1ZDMwHhcNMjQwMTAyMTIzMzMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWRlZjE4NzlmNmRhOGFlZmZlNjE3MmI4MTE4ZGJjZjAzOTgxMTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqc7dUKt1EzON/DsbNRr52FnBSnyK
zT3U9fvgktUQ54CmEnorUudCDo+yhkWiC/a3FSFvSXRKWEGSp/lMhgoP65SBNP0F
Su+TJxgi11Ziyr/KOq3gzp4J1rH0OYXKIyIyNABRqc4LWFdZlqGe+pQ2r2xP1zCM
KQBL4W4lZsTePn8a3JB0qtU3oN8Rf7IzjPMP1eS4+C/IkJyDkeJ+7WlCzGwHX5f8
2Oa5fngR7MA3LibO3FbN9aelqolkbiuGma3xXK3NzJPNw2fLeHSfx0nFdOllcwP1
+wkh9gYeOagZO/VIKEXGbd67e9YtvVSVm17TNN1G5HkAarOjZoNPy4UzKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH7e8Yefbaiu/+YXK4EY288DmBEmMB8GA1UdIwQY
MBaAFA/qiuGQYazFSJrCcZCCrOpaL8XTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRC1xSzRaQmhyTVZJbXNKeGtJS3M2bG92eGRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC82MTYwYzktZDJlNS00MzljLWEyNWEt
NWQ4NzAwZjY1YTM4LzEvZnQ3eGg1OXRxSzdfNWhjcmdSamJ6d09ZRVNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC82MTYwYzktZDJlNS00MzljLWEyNWEtNWQ4NzAwZjY1YTM4
LzEvRC1xSzRaQmhyTVZJbXNKeGtJS3M2bG92eGRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+zmMA0G
CSqGSIb3DQEBCwUAA4IBAQAiGAhN01mF1O4ys1sZKhi8EoPqwwzh+WwQE86BkUFX
iPYFUanJ4mF66Id0D7u22GTkVulRTj/vGgAMFE+flys45RPsjmbcWlU7A2VC0DSL
42MhwwHqm3MsM+P+CZ76Pi4gzKWCl3/J/He7iIsPloIdOMo4ta0WywjO9DP2q784
h5zIt72AuxAUSlgJwhIkw8qzP3mYtUHCQ0d6Jyg/5pEFD++KckdTw1GIyVqhohSM
ACo79qKHkGYdIfMxlgIN84v+K/HMxMjwbwZlgHZSplh1Zh6pbxFQvy24Bd2k9eYI
eMR0RhLx3MkUVzew0J1T++m0Lr/gi8dNTY/k4t8KFG+q
-----END CERTIFICATE-----