Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/7lacSGraqTGoKqaT-zAuzKx29Fk.roa
File:                     7lacSGraqTGoKqaT-zAuzKx29Fk.roa (raw, json)
Hash identifier:          FcCPAhyHMElJytjQ2WhAIPJGkfaFqPbC3K17eZo24Pw=
Subject key identifier:   EE:56:9C:48:6A:DA:A9:31:A8:2A:A6:93:FB:30:2E:CC:AC:76:F4:59
Certificate issuer:       /CN=e783b62ab8aea520770c57404be7771f679ec0b5
Certificate serial:       019425FC64C2487D30D86185036F92A6912D
Authority key identifier: E7:83:B6:2A:B8:AE:A5:20:77:0C:57:40:4B:E7:77:1F:67:9E:C0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/54O2KriupSB3DFdAS-d3H2eewLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/7lacSGraqTGoKqaT-zAuzKx29Fk.roa
Signing time:             Thu 02 Jan 2025 07:48:05 +0000
ROA not before:           Thu 02 Jan 2025 07:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20712
IP address blocks:        91.244.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/54O2KriupSB3DFdAS-d3H2eewLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/54O2KriupSB3DFdAS-d3H2eewLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/54O2KriupSB3DFdAS-d3H2eewLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 01:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:64:c2:48:7d:30:d8:61:85:03:6f:92:a6:91:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e783b62ab8aea520770c57404be7771f679ec0b5
        Validity
            Not Before: Jan  2 07:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee569c486adaa931a82aa693fb302eccac76f459
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:7b:a3:ac:69:46:e6:28:ce:97:af:38:48:0e:
                    59:b5:e4:7f:25:3b:4a:1b:10:a6:64:fe:7b:13:05:
                    4f:a6:08:f2:8d:6d:02:05:13:9b:29:8f:10:8d:0c:
                    ac:f1:13:01:c1:4d:37:ef:cb:35:1e:5b:c1:ff:97:
                    e1:4a:18:77:bb:f6:53:1a:59:a2:e1:37:97:81:8a:
                    89:f2:09:96:0f:be:c6:97:78:24:26:33:c0:4f:c0:
                    9a:5b:52:29:90:8d:89:7f:ed:8c:9a:d5:99:f2:e6:
                    32:9d:f6:28:2f:64:cd:2f:8b:2c:b0:52:b0:12:94:
                    74:26:74:b7:c7:8c:8f:11:c5:02:e8:a8:9d:42:3f:
                    6c:80:44:bc:12:a7:67:89:2a:ec:e0:06:6a:d6:5a:
                    3e:fa:f5:6f:26:f2:56:ad:01:6d:5e:a1:f6:fd:85:
                    21:f2:35:97:b0:e4:a9:ff:3e:d1:97:64:08:06:15:
                    95:bb:11:3e:f7:87:af:0a:25:10:99:20:9a:63:ad:
                    3b:b0:d0:18:1b:11:f9:6b:d8:81:c0:b9:48:33:2b:
                    c3:a6:3a:fa:3e:e4:0a:5a:21:1d:e7:2f:99:cf:df:
                    38:21:2d:14:cf:c2:47:b0:cd:0d:db:1c:a2:22:a9:
                    e5:50:8a:47:00:37:d5:da:36:fc:a9:d4:ed:b2:7d:
                    61:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:56:9C:48:6A:DA:A9:31:A8:2A:A6:93:FB:30:2E:CC:AC:76:F4:59
            X509v3 Authority Key Identifier:
                keyid:E7:83:B6:2A:B8:AE:A5:20:77:0C:57:40:4B:E7:77:1F:67:9E:C0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/54O2KriupSB3DFdAS-d3H2eewLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/7lacSGraqTGoKqaT-zAuzKx29Fk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/54O2KriupSB3DFdAS-d3H2eewLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.244.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:00:a1:79:e8:0e:d9:d2:9a:57:d0:a6:e0:2b:cf:4e:fb:99:
         88:e0:3c:96:ec:cd:b1:1f:21:9b:de:32:ae:35:ed:36:02:5b:
         67:82:62:9b:d9:04:bf:f1:0d:72:b5:f1:92:11:b2:15:fc:00:
         5c:39:53:33:2c:ff:64:8b:1a:eb:74:d4:a1:87:3b:fe:f2:21:
         40:ed:34:21:70:47:ab:37:0a:a2:56:6b:77:ab:52:99:76:be:
         89:87:a7:88:fc:51:de:58:d0:68:c7:d0:b0:b3:a6:3d:3c:25:
         2b:6f:43:06:ee:68:10:f5:7c:c2:2e:31:ec:1e:75:a6:74:c6:
         a1:42:bd:88:92:f6:0a:c5:0d:0a:cd:d9:d9:ec:5e:59:be:05:
         b9:3a:2d:37:a0:95:c4:fd:47:1c:8c:2e:7e:0f:d3:b9:9b:b7:
         9a:65:10:d5:06:03:ba:5a:3e:8d:84:6c:23:c5:dd:e0:0c:23:
         e4:6e:13:d1:6d:52:32:35:a3:97:3c:b5:61:55:a9:95:99:9e:
         96:b3:6e:46:fe:31:c6:c4:a3:b0:2a:21:8c:90:d7:e6:cd:30:
         60:57:b5:8b:1a:ba:ad:e1:c0:9e:c5:3b:51:00:21:41:ae:cf:
         c0:78:ca:e6:9e:30:9f:45:04:6d:68:a9:ca:9d:88:fd:ed:c2:
         8e:88:2e:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/GTCSH0w2GGFA2+SppEtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ODNiNjJhYjhhZWE1MjA3NzBjNTc0MDRiZTc3NzFmNjc5
ZWMwYjUwHhcNMjUwMTAyMDc0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTU2OWM0ODZhZGFhOTMxYTgyYWE2OTNmYjMwMmVjY2FjNzZmNDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA43ujrGlG5ijOl684SA5ZteR/JTtK
GxCmZP57EwVPpgjyjW0CBRObKY8QjQys8RMBwU0378s1HlvB/5fhShh3u/ZTGlmi
4TeXgYqJ8gmWD77Gl3gkJjPAT8CaW1IpkI2Jf+2MmtWZ8uYynfYoL2TNL4sssFKw
EpR0JnS3x4yPEcUC6KidQj9sgES8EqdniSrs4AZq1lo++vVvJvJWrQFtXqH2/YUh
8jWXsOSp/z7Rl2QIBhWVuxE+94evCiUQmSCaY607sNAYGxH5a9iBwLlIMyvDpjr6
PuQKWiEd5y+Zz984IS0Uz8JHsM0N2xyiIqnlUIpHADfV2jb8qdTtsn1hVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO5WnEhq2qkxqCqmk/swLsysdvRZMB8GA1UdIwQY
MBaAFOeDtiq4rqUgdwxXQEvndx9nnsC1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTRPMktyaXVwU0IzREZkQVMtZDNIMmVld0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS9mYWRiM2YtZGM5Ni00OTAyLTg2ZWIt
MTlkZjViNGQxMDE0LzEvN2xhY1NHcmFxVEdvS3FhVC16QXV6S3gyOUZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS9mYWRiM2YtZGM5Ni00OTAyLTg2ZWItMTlkZjViNGQxMDE0
LzEvNTRPMktyaXVwU0IzREZkQVMtZDNIMmVld0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/TvMA0G
CSqGSIb3DQEBCwUAA4IBAQBuAKF56A7Z0ppX0KbgK89O+5mI4DyW7M2xHyGb3jKu
Ne02AltngmKb2QS/8Q1ytfGSEbIV/ABcOVMzLP9kixrrdNShhzv+8iFA7TQhcEer
NwqiVmt3q1KZdr6Jh6eI/FHeWNBox9Cws6Y9PCUrb0MG7mgQ9XzCLjHsHnWmdMah
Qr2IkvYKxQ0KzdnZ7F5ZvgW5Oi03oJXE/UccjC5+D9O5m7eaZRDVBgO6Wj6NhGwj
xd3gDCPkbhPRbVIyNaOXPLVhVamVmZ6Ws25G/jHGxKOwKiGMkNfmzTBgV7WLGrqt
4cCexTtRACFBrs/AeMrmnjCfRQRtaKnKnYj97cKOiC7+
-----END CERTIFICATE-----