Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9e6ab2-03e8-48e9-86f6-563c6b52d086/1/E7NKZU_X34KGNy2YrQGLDOWkFyU.roa
File:                     E7NKZU_X34KGNy2YrQGLDOWkFyU.roa (raw, json)
Hash identifier:          XWzwIVf4XVlPv8zyMmOeJgikwRt09MCRsyj2mH3JOpg=
Subject key identifier:   13:B3:4A:65:4F:D7:DF:82:86:37:2D:98:AD:01:8B:0C:E5:A4:17:25
Certificate issuer:       /CN=6378140dbd4e6ef17020d89b0d4250dffb04811c
Certificate serial:       018CCA2929A0426E8208DD12A60086799029
Authority key identifier: 63:78:14:0D:BD:4E:6E:F1:70:20:D8:9B:0D:42:50:DF:FB:04:81:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y3gUDb1ObvFwINibDUJQ3_sEgRw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9e6ab2-03e8-48e9-86f6-563c6b52d086/1/E7NKZU_X34KGNy2YrQGLDOWkFyU.roa
Signing time:             Tue 02 Jan 2024 12:32:24 +0000
ROA not before:           Tue 02 Jan 2024 12:32:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198876
IP address blocks:        91.240.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9e6ab2-03e8-48e9-86f6-563c6b52d086/1/Y3gUDb1ObvFwINibDUJQ3_sEgRw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9e6ab2-03e8-48e9-86f6-563c6b52d086/1/Y3gUDb1ObvFwINibDUJQ3_sEgRw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y3gUDb1ObvFwINibDUJQ3_sEgRw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:29:a0:42:6e:82:08:dd:12:a6:00:86:79:90:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6378140dbd4e6ef17020d89b0d4250dffb04811c
        Validity
            Not Before: Jan  2 12:32:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13b34a654fd7df8286372d98ad018b0ce5a41725
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a2:df:23:e2:1a:cd:b2:ea:42:82:00:23:d1:
                    e8:42:f6:cf:26:0f:12:0b:41:1e:2f:1f:13:50:f3:
                    82:df:9c:4d:9c:32:6c:1e:01:55:65:7d:7d:47:06:
                    b2:a9:e5:7d:d3:44:51:8d:bc:61:37:3e:48:ab:13:
                    bb:b6:fc:53:e6:da:31:0f:2e:17:34:4d:96:bf:1f:
                    84:c0:aa:6c:4c:ed:17:1c:c4:44:3e:01:f5:22:12:
                    0a:05:9b:7a:a3:d4:8c:10:8d:7e:c9:c9:e2:98:76:
                    c3:ac:80:3d:89:d4:0d:97:62:1b:5e:2b:a9:cb:62:
                    10:5b:cf:4b:31:a8:09:20:0c:92:35:ef:ee:96:9c:
                    f2:a8:45:c1:75:fb:aa:02:6d:9b:1c:92:e8:3c:37:
                    d6:ba:01:71:0c:b6:7b:64:fa:03:8c:4b:34:f3:21:
                    7d:63:bb:fc:56:49:e5:4a:8c:af:f2:3d:2d:7f:a8:
                    ec:cc:d2:c7:1c:cd:06:9d:56:72:6e:1e:21:cb:2c:
                    fd:a7:6e:69:37:e0:83:95:29:99:a3:cc:7b:d3:f0:
                    5e:2d:89:eb:e1:16:c2:25:22:3a:85:78:27:0c:36:
                    39:62:79:58:c7:c6:e0:62:f5:51:19:64:01:ae:00:
                    bc:08:8e:96:0c:a6:2b:bc:04:30:46:5a:7b:84:dc:
                    c4:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:B3:4A:65:4F:D7:DF:82:86:37:2D:98:AD:01:8B:0C:E5:A4:17:25
            X509v3 Authority Key Identifier:
                keyid:63:78:14:0D:BD:4E:6E:F1:70:20:D8:9B:0D:42:50:DF:FB:04:81:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y3gUDb1ObvFwINibDUJQ3_sEgRw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9e6ab2-03e8-48e9-86f6-563c6b52d086/1/E7NKZU_X34KGNy2YrQGLDOWkFyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9e6ab2-03e8-48e9-86f6-563c6b52d086/1/Y3gUDb1ObvFwINibDUJQ3_sEgRw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:fa:3f:56:2c:06:08:7a:d4:18:15:5b:fd:06:69:d5:2e:6b:
         1a:49:95:dd:38:b5:71:ed:93:8c:7b:a8:36:c5:50:07:4d:d6:
         72:8f:6b:fa:3e:3b:49:94:84:13:c6:fa:1f:09:fb:43:37:9e:
         5b:00:8e:85:16:0c:2e:c5:ea:e2:cc:3b:1d:1f:ad:da:e0:9c:
         fd:bb:fc:de:84:20:7f:e7:62:25:34:90:1f:06:ca:bc:6b:bf:
         f7:dd:d9:b4:d5:17:d8:7e:92:58:3f:b2:17:33:44:b7:d0:36:
         2c:f4:47:92:40:af:97:27:01:b5:b7:7a:2e:0b:e1:71:8a:72:
         d4:cc:14:c3:95:7c:c1:cf:6f:89:d5:d2:d2:e1:09:9f:27:cf:
         5d:2e:e4:11:df:0a:55:b1:b7:30:99:e0:4a:19:03:c2:2a:7a:
         a6:9f:b7:75:8b:fd:cd:d0:d4:9e:f6:71:c1:fb:5f:f0:d5:8e:
         e7:ed:93:e7:ef:29:ff:9d:a9:a8:45:66:84:99:37:86:24:63:
         aa:d3:28:9b:53:1a:e6:a1:e4:bd:8f:cc:ce:87:4e:e6:d4:70:
         e6:48:97:39:b2:24:33:fe:23:7d:4b:14:b2:83:4a:a1:57:4d:
         d9:c6:50:3b:f6:10:93:d3:79:02:bc:64:5d:ac:3b:5b:29:17:
         17:f2:99:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKSmgQm6CCN0SpgCGeZApMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNzgxNDBkYmQ0ZTZlZjE3MDIwZDg5YjBkNDI1MGRmZmIw
NDgxMWMwHhcNMjQwMTAyMTIzMjI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2IzNGE2NTRmZDdkZjgyODYzNzJkOThhZDAxOGIwY2U1YTQxNzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6LfI+IazbLqQoIAI9HoQvbPJg8S
C0EeLx8TUPOC35xNnDJsHgFVZX19RwayqeV900RRjbxhNz5IqxO7tvxT5toxDy4X
NE2Wvx+EwKpsTO0XHMREPgH1IhIKBZt6o9SMEI1+ycnimHbDrIA9idQNl2IbXiup
y2IQW89LMagJIAySNe/ulpzyqEXBdfuqAm2bHJLoPDfWugFxDLZ7ZPoDjEs08yF9
Y7v8VknlSoyv8j0tf6jszNLHHM0GnVZybh4hyyz9p25pN+CDlSmZo8x70/BeLYnr
4RbCJSI6hXgnDDY5YnlYx8bgYvVRGWQBrgC8CI6WDKYrvAQwRlp7hNzEVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBOzSmVP19+ChjctmK0BiwzlpBclMB8GA1UdIwQY
MBaAFGN4FA29Tm7xcCDYmw1CUN/7BIEcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTNnVURiMU9idkZ3SU5pYkRVSlEzX3NFZ1J3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85ZTZhYjItMDNlOC00OGU5LTg2ZjYt
NTYzYzZiNTJkMDg2LzEvRTdOS1pVX1gzNEtHTnkyWXJRR0xET1drRnlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85ZTZhYjItMDNlOC00OGU5LTg2ZjYtNTYzYzZiNTJkMDg2
LzEvWTNnVURiMU9idkZ3SU5pYkRVSlEzX3NFZ1J3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/AbMA0G
CSqGSIb3DQEBCwUAA4IBAQBi+j9WLAYIetQYFVv9BmnVLmsaSZXdOLVx7ZOMe6g2
xVAHTdZyj2v6PjtJlIQTxvofCftDN55bAI6FFgwuxerizDsdH63a4Jz9u/zehCB/
52IlNJAfBsq8a7/33dm01RfYfpJYP7IXM0S30DYs9EeSQK+XJwG1t3ouC+FxinLU
zBTDlXzBz2+J1dLS4QmfJ89dLuQR3wpVsbcwmeBKGQPCKnqmn7d1i/3N0NSe9nHB
+1/w1Y7n7ZPn7yn/namoRWaEmTeGJGOq0yibUxrmoeS9j8zOh07m1HDmSJc5siQz
/iN9SxSyg0qhV03ZxlA79hCT03kCvGRdrDtbKRcX8pnh
-----END CERTIFICATE-----