Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/y4_u6jmAtI6tlWVCWmH8wvZDVz0.roa
File:                     y4_u6jmAtI6tlWVCWmH8wvZDVz0.roa (raw, json)
Hash identifier:          oghy7D2kYSP5lnsEAK8Pdnr7BmqhXcT1nLJbMSA1bkE=
Subject key identifier:   CB:8F:EE:EA:39:80:B4:8E:AD:95:65:42:5A:61:FC:C2:F6:43:57:3D
Certificate issuer:       /CN=347b487848fff63533d87c324ecc51c2c3ea2adb
Certificate serial:       01922E0C454B38068BD0EBB69A1F19677A1E
Authority key identifier: 34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/y4_u6jmAtI6tlWVCWmH8wvZDVz0.roa
Signing time:             Thu 26 Sep 2024 11:16:48 +0000
ROA not before:           Thu 26 Sep 2024 11:16:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     967
IP address blocks:        91.217.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:2e:0c:45:4b:38:06:8b:d0:eb:b6:9a:1f:19:67:7a:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=347b487848fff63533d87c324ecc51c2c3ea2adb
        Validity
            Not Before: Sep 26 11:16:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb8feeea3980b48ead9565425a61fcc2f643573d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:50:08:a3:32:8a:df:78:a1:77:60:87:ca:74:
                    db:a5:fb:99:2f:84:c8:93:cb:f8:04:70:b1:b0:38:
                    5e:8f:7b:3c:0a:58:77:0f:b9:29:a9:a3:6a:fa:b2:
                    f2:73:60:c3:ac:bf:d3:8f:72:de:0c:8d:aa:85:dd:
                    5b:76:d2:b3:11:f4:42:6d:a6:0a:08:2f:c8:73:7b:
                    c8:a2:f5:be:df:86:f9:f3:66:e5:34:b6:8a:26:51:
                    84:70:83:34:d2:22:f7:73:4e:39:26:a5:f2:b1:34:
                    79:07:ea:d5:14:46:2b:98:4c:64:d3:f3:24:0e:a1:
                    74:22:27:05:ec:33:36:6a:9c:52:5e:ff:d6:b8:fe:
                    56:03:8f:44:2f:3f:8f:97:98:6a:79:15:9d:83:99:
                    8a:bf:88:d7:66:1d:dd:6c:48:0f:68:10:e1:d5:8c:
                    4f:e3:20:03:f0:ca:11:67:60:4e:3e:fd:cd:15:3d:
                    99:a2:5c:9c:10:77:38:01:3f:30:c5:c1:bf:ee:27:
                    33:50:20:62:97:3b:03:45:04:3b:80:1f:24:06:c0:
                    36:d4:c9:b1:63:7f:2e:aa:71:a1:c6:5e:3f:71:a9:
                    cc:53:c2:bd:1a:1d:89:15:3c:85:54:bc:10:8b:6a:
                    f9:65:23:27:3a:73:9e:13:bc:df:26:f2:d8:b4:80:
                    b5:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:8F:EE:EA:39:80:B4:8E:AD:95:65:42:5A:61:FC:C2:F6:43:57:3D
            X509v3 Authority Key Identifier:
                keyid:34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/y4_u6jmAtI6tlWVCWmH8wvZDVz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:d4:33:f7:df:ed:ad:e1:0b:95:4f:78:5e:81:48:ea:27:f2:
         7b:be:c7:dc:87:39:8c:b8:4e:ef:cb:f7:05:dc:86:b8:5c:1d:
         1c:f9:d1:46:cd:e6:6e:33:61:6e:59:8c:e6:ae:6c:7e:da:3d:
         45:03:d3:9b:d6:e1:08:91:70:71:bd:47:28:89:46:56:47:13:
         12:bd:8c:ba:b7:51:79:4c:97:c2:4d:05:fc:6e:c0:6b:53:8e:
         d9:58:e4:a8:39:8c:5a:1f:ff:f4:37:b8:9d:ed:74:53:39:1a:
         07:e9:51:66:b6:fe:ef:3c:64:2e:96:bf:52:f5:5f:e7:4a:0a:
         1f:ef:b5:73:f9:51:1b:17:69:1d:89:04:e9:4e:4f:56:16:46:
         95:4b:93:2e:63:fd:90:65:a0:27:d4:53:9c:02:2c:97:50:c2:
         c9:6f:17:90:8f:c6:e0:1c:22:0b:43:e8:d8:41:20:f1:ed:29:
         f2:fb:fd:14:ce:7b:6c:61:44:34:5d:3a:8e:45:5e:08:e8:6b:
         d5:9f:f3:8b:3f:b0:47:40:ea:eb:a7:06:de:7d:17:35:14:c4:
         d7:d6:0d:d9:ec:6b:6d:9b:02:ef:02:a1:f9:88:7b:df:ab:c0:
         83:5b:2a:b1:7d:db:ae:cb:12:5c:9a:4d:05:99:1e:ec:ba:6d:
         6e:68:77:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIuDEVLOAaL0Ou2mh8ZZ3oeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0N2I0ODc4NDhmZmY2MzUzM2Q4N2MzMjRlY2M1MWMyYzNl
YTJhZGIwHhcNMjQwOTI2MTExNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjhmZWVlYTM5ODBiNDhlYWQ5NTY1NDI1YTYxZmNjMmY2NDM1NzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlAIozKK33ihd2CHynTbpfuZL4TI
k8v4BHCxsDhej3s8Clh3D7kpqaNq+rLyc2DDrL/Tj3LeDI2qhd1bdtKzEfRCbaYK
CC/Ic3vIovW+34b582blNLaKJlGEcIM00iL3c045JqXysTR5B+rVFEYrmExk0/Mk
DqF0IicF7DM2apxSXv/WuP5WA49ELz+Pl5hqeRWdg5mKv4jXZh3dbEgPaBDh1YxP
4yAD8MoRZ2BOPv3NFT2ZolycEHc4AT8wxcG/7iczUCBilzsDRQQ7gB8kBsA21Mmx
Y38uqnGhxl4/canMU8K9Gh2JFTyFVLwQi2r5ZSMnOnOeE7zfJvLYtIC1FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMuP7uo5gLSOrZVlQlph/ML2Q1c9MB8GA1UdIwQY
MBaAFDR7SHhI//Y1M9h8Mk7MUcLD6irbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2It
MjMwYjNiNzJhMTc1LzEveTRfdTZqbUF0STZ0bFdWQ1dtSDh3dlpEVnowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2ItMjMwYjNiNzJhMTc1
LzEvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9mgMA0G
CSqGSIb3DQEBCwUAA4IBAQDH1DP33+2t4QuVT3hegUjqJ/J7vsfchzmMuE7vy/cF
3Ia4XB0c+dFGzeZuM2FuWYzmrmx+2j1FA9Ob1uEIkXBxvUcoiUZWRxMSvYy6t1F5
TJfCTQX8bsBrU47ZWOSoOYxaH//0N7id7XRTORoH6VFmtv7vPGQulr9S9V/nSgof
77Vz+VEbF2kdiQTpTk9WFkaVS5MuY/2QZaAn1FOcAiyXUMLJbxeQj8bgHCILQ+jY
QSDx7Sny+/0UzntsYUQ0XTqORV4I6GvVn/OLP7BHQOrrpwbefRc1FMTX1g3Z7Gtt
mwLvAqH5iHvfq8CDWyqxfduuyxJcmk0FmR7sum1uaHfe
-----END CERTIFICATE-----