Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/a70710-fdd7-4146-9821-72cfdaa959a2/1/N53sAUI9wztEoaLe_kClnEAcTQw.roa
File:                     N53sAUI9wztEoaLe_kClnEAcTQw.roa (raw, json)
Hash identifier:          7pbMBuqA1utjGBdSQXU4dThUicW2KWSJxwyRX5yKVnw=
Subject key identifier:   37:9D:EC:01:42:3D:C3:3B:44:A1:A2:DE:FE:40:A5:9C:40:1C:4D:0C
Certificate issuer:       /CN=051607a868daf4846245f3c8bbf9ebe769829ad9
Certificate serial:       0192DC5B80A8716D48C88E1BB516F44D6244
Authority key identifier: 05:16:07:A8:68:DA:F4:84:62:45:F3:C8:BB:F9:EB:E7:69:82:9A:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BRYHqGja9IRiRfPIu_nr52mCmtk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/a70710-fdd7-4146-9821-72cfdaa959a2/1/N53sAUI9wztEoaLe_kClnEAcTQw.roa
Signing time:             Wed 30 Oct 2024 07:37:17 +0000
ROA not before:           Wed 30 Oct 2024 07:37:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39819
IP address blocks:        91.207.28.0/23 maxlen: 23
                          91.213.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/a70710-fdd7-4146-9821-72cfdaa959a2/1/BRYHqGja9IRiRfPIu_nr52mCmtk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/a70710-fdd7-4146-9821-72cfdaa959a2/1/BRYHqGja9IRiRfPIu_nr52mCmtk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BRYHqGja9IRiRfPIu_nr52mCmtk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:dc:5b:80:a8:71:6d:48:c8:8e:1b:b5:16:f4:4d:62:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051607a868daf4846245f3c8bbf9ebe769829ad9
        Validity
            Not Before: Oct 30 07:37:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=379dec01423dc33b44a1a2defe40a59c401c4d0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:5c:2f:df:1c:10:7b:df:53:2a:b1:72:e0:55:
                    68:e7:ac:1b:fc:9b:8c:f2:2e:5b:05:1e:b1:01:38:
                    a7:60:8b:33:46:32:b5:f7:63:62:03:23:a9:ca:2a:
                    22:31:fe:77:69:5f:dd:a4:6b:8e:fc:d6:92:01:47:
                    7c:96:f8:4b:f9:cf:ca:65:6b:52:60:21:ef:a9:87:
                    c4:4c:17:88:a5:f8:79:c7:c8:11:4d:38:f1:d4:57:
                    61:cc:63:61:62:c8:67:28:b1:43:f6:b8:55:a8:7d:
                    05:07:e9:fb:93:97:5b:4f:55:a8:a0:be:2a:df:5d:
                    bd:87:b5:ca:f3:63:d8:a7:b1:99:e8:d6:5e:d0:05:
                    3e:9f:8e:c2:d5:c8:e3:f9:e9:dd:64:bd:a0:1d:f4:
                    de:fc:96:4c:2e:4b:ef:36:1a:e0:89:cd:ae:af:99:
                    5d:6f:18:e6:52:68:77:70:1a:aa:67:80:ff:2a:ba:
                    77:1a:b9:df:45:01:df:05:ce:fd:f1:cd:12:ed:34:
                    d0:09:66:52:c5:98:76:41:64:06:56:db:e3:e2:a5:
                    26:32:30:f6:ec:05:0e:3e:d8:8a:00:8a:a1:ab:e7:
                    d8:fd:2b:74:d5:c1:d9:3e:e1:7e:2c:9a:15:7f:85:
                    69:75:ab:12:74:80:83:bc:6b:a0:95:b4:5c:59:db:
                    8b:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:9D:EC:01:42:3D:C3:3B:44:A1:A2:DE:FE:40:A5:9C:40:1C:4D:0C
            X509v3 Authority Key Identifier:
                keyid:05:16:07:A8:68:DA:F4:84:62:45:F3:C8:BB:F9:EB:E7:69:82:9A:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BRYHqGja9IRiRfPIu_nr52mCmtk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/a70710-fdd7-4146-9821-72cfdaa959a2/1/N53sAUI9wztEoaLe_kClnEAcTQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/a70710-fdd7-4146-9821-72cfdaa959a2/1/BRYHqGja9IRiRfPIu_nr52mCmtk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.28.0/23
                  91.213.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:e1:0c:1a:c3:65:7d:a2:e8:6c:7a:77:18:42:5d:76:73:fe:
         cc:a4:38:41:e0:73:f8:8e:06:fd:d8:64:b0:9f:94:f0:ba:46:
         33:fd:0e:a7:70:82:96:51:0f:c2:15:de:a0:57:b8:5e:f4:94:
         8e:6d:7d:22:68:fe:f2:be:6a:b1:61:fa:5b:e2:e4:58:46:d9:
         5d:96:26:9b:56:4b:bd:8d:63:d9:0a:a0:e4:9f:07:b5:47:4c:
         e7:d9:f8:88:6f:e3:df:ef:2e:e3:67:93:0f:23:62:1c:94:59:
         96:f9:9a:43:62:1b:49:8c:79:ec:3e:b6:dd:12:5b:6b:79:c8:
         d6:41:79:71:00:a9:c1:db:0a:ab:a4:f1:ba:d3:14:0d:f1:b6:
         62:24:27:e3:91:3c:fd:49:e0:94:3f:13:a5:1b:b7:f0:66:ba:
         2e:6b:7f:83:00:84:7b:b7:cb:c3:b7:bb:15:f8:eb:55:8a:dd:
         2d:0b:ce:1b:f9:6d:c7:62:f3:0b:dc:87:07:99:58:96:90:08:
         a7:b9:9d:a6:ba:16:45:08:11:25:56:dc:e2:6b:ca:99:26:75:
         9a:71:15:5d:5f:87:00:d6:3c:02:70:98:6b:5e:0b:41:57:15:
         5c:02:02:cc:1a:d6:82:da:c8:0d:46:b7:8e:b7:f8:92:7d:74:
         c1:0c:7f:9e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLcW4CocW1IyI4btRb0TWJEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MTYwN2E4NjhkYWY0ODQ2MjQ1ZjNjOGJiZjllYmU3Njk4
MjlhZDkwHhcNMjQxMDMwMDczNzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzlkZWMwMTQyM2RjMzNiNDRhMWEyZGVmZTQwYTU5YzQwMWM0ZDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Vwv3xwQe99TKrFy4FVo56wb/JuM
8i5bBR6xATinYIszRjK192NiAyOpyioiMf53aV/dpGuO/NaSAUd8lvhL+c/KZWtS
YCHvqYfETBeIpfh5x8gRTTjx1FdhzGNhYshnKLFD9rhVqH0FB+n7k5dbT1WooL4q
3129h7XK82PYp7GZ6NZe0AU+n47C1cjj+endZL2gHfTe/JZMLkvvNhrgic2ur5ld
bxjmUmh3cBqqZ4D/Krp3GrnfRQHfBc798c0S7TTQCWZSxZh2QWQGVtvj4qUmMjD2
7AUOPtiKAIqhq+fY/St01cHZPuF+LJoVf4VpdasSdICDvGuglbRcWduLqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDed7AFCPcM7RKGi3v5ApZxAHE0MMB8GA1UdIwQY
MBaAFAUWB6ho2vSEYkXzyLv56+dpgprZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlJZSHFHamE5SVJpUmZQSXVfbnI1Mm1DbXRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9hNzA3MTAtZmRkNy00MTQ2LTk4MjEt
NzJjZmRhYTk1OWEyLzEvTjUzc0FVSTl3enRFb2FMZV9rQ2xuRUFjVFF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9hNzA3MTAtZmRkNy00MTQ2LTk4MjEtNzJjZmRhYTk1OWEy
LzEvQlJZSHFHamE5SVJpUmZQSXVfbnI1Mm1DbXRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW88cAwQA
W9XpMA0GCSqGSIb3DQEBCwUAA4IBAQAF4Qwaw2V9ouhsencYQl12c/7MpDhB4HP4
jgb92GSwn5TwukYz/Q6ncIKWUQ/CFd6gV7he9JSObX0iaP7yvmqxYfpb4uRYRtld
liabVku9jWPZCqDknwe1R0zn2fiIb+Pf7y7jZ5MPI2IclFmW+ZpDYhtJjHnsPrbd
EltrecjWQXlxAKnB2wqrpPG60xQN8bZiJCfjkTz9SeCUPxOlG7fwZroua3+DAIR7
t8vDt7sV+OtVit0tC84b+W3HYvML3IcHmViWkAinuZ2muhZFCBElVtzia8qZJnWa
cRVdX4cA1jwCcJhrXgtBVxVcAgLMGtaC2sgNRreOt/iSfXTBDH+e
-----END CERTIFICATE-----