Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/f7c9d1-0f5b-42f5-931d-1dc0b84a1c7e/1/90E-1oTk3dbxIsnj45nACUWMVUo.roa
File:                     90E-1oTk3dbxIsnj45nACUWMVUo.roa (raw, json)
Hash identifier:          UL6Hr2SbciyU2lqvmZZqhDtA1GGNt9C3cDIhD+6opk4=
Subject key identifier:   F7:41:3E:D6:84:E4:DD:D6:F1:22:C9:E3:E3:99:C0:09:45:8C:55:4A
Certificate issuer:       /CN=614799c67c08547d80bb35d02dae505d5a65dc5b
Certificate serial:       018CC5000BE6B2DB62A9C414059D1AF1AD11
Authority key identifier: 61:47:99:C6:7C:08:54:7D:80:BB:35:D0:2D:AE:50:5D:5A:65:DC:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YUeZxnwIVH2AuzXQLa5QXVpl3Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/f7c9d1-0f5b-42f5-931d-1dc0b84a1c7e/1/90E-1oTk3dbxIsnj45nACUWMVUo.roa
Signing time:             Mon 01 Jan 2024 12:29:23 +0000
ROA not before:           Mon 01 Jan 2024 12:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47692
IP address blocks:        79.142.189.0/24 maxlen: 24
                          79.142.190.0/24 maxlen: 24
                          79.142.191.0/24 maxlen: 24
                          79.142.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/f7c9d1-0f5b-42f5-931d-1dc0b84a1c7e/1/YUeZxnwIVH2AuzXQLa5QXVpl3Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/f7c9d1-0f5b-42f5-931d-1dc0b84a1c7e/1/YUeZxnwIVH2AuzXQLa5QXVpl3Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YUeZxnwIVH2AuzXQLa5QXVpl3Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:0b:e6:b2:db:62:a9:c4:14:05:9d:1a:f1:ad:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=614799c67c08547d80bb35d02dae505d5a65dc5b
        Validity
            Not Before: Jan  1 12:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7413ed684e4ddd6f122c9e3e399c009458c554a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:76:a6:42:06:9a:45:c3:87:b1:af:aa:b6:de:
                    74:65:88:5d:7e:4f:87:5d:5f:11:cf:ed:db:2b:b8:
                    fd:a6:16:dc:12:37:79:21:df:72:ef:e7:f6:57:c4:
                    ed:21:20:78:5a:24:55:48:89:e8:39:92:b5:91:4e:
                    28:6b:7a:bf:3a:bb:ae:84:19:0a:cb:69:48:62:57:
                    6f:e0:ef:78:bc:44:ce:a6:cf:d1:5b:5b:25:d2:79:
                    be:67:b7:cf:c1:f9:bf:78:a6:01:93:14:c8:5d:cc:
                    5e:a3:dc:a0:81:1f:3b:64:6f:8d:52:6e:45:ff:0f:
                    b7:31:a7:a9:3e:b1:db:e4:6a:4c:36:32:0e:a5:1d:
                    a1:fd:17:f2:fd:e6:75:86:91:77:7e:d9:58:27:d0:
                    64:3f:48:8b:87:c8:c3:a8:b0:f2:c8:bc:80:b3:a9:
                    91:1d:13:4a:04:69:f5:81:c0:9d:79:5e:e5:af:9b:
                    96:6c:bb:0d:97:92:23:16:c2:3b:a1:ae:33:65:f9:
                    e7:32:94:1c:52:ec:3e:2e:06:03:6d:53:37:90:98:
                    93:4c:f2:b6:55:d7:f6:f4:f5:21:29:3e:eb:0a:63:
                    81:c6:61:64:d6:b1:b5:06:cd:f9:27:3f:f7:af:d9:
                    e1:56:cd:66:40:1f:4d:0a:92:9a:48:64:2b:05:51:
                    18:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:41:3E:D6:84:E4:DD:D6:F1:22:C9:E3:E3:99:C0:09:45:8C:55:4A
            X509v3 Authority Key Identifier:
                keyid:61:47:99:C6:7C:08:54:7D:80:BB:35:D0:2D:AE:50:5D:5A:65:DC:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YUeZxnwIVH2AuzXQLa5QXVpl3Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/f7c9d1-0f5b-42f5-931d-1dc0b84a1c7e/1/90E-1oTk3dbxIsnj45nACUWMVUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/f7c9d1-0f5b-42f5-931d-1dc0b84a1c7e/1/YUeZxnwIVH2AuzXQLa5QXVpl3Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.142.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         91:53:ba:5a:15:16:7d:b3:ec:39:25:16:34:1a:4f:5b:2f:d2:
         fa:ea:c9:ff:e2:e8:ff:75:3c:24:ce:7a:58:3f:98:92:00:09:
         e7:d3:16:e8:ae:2d:29:26:a8:cd:e4:83:73:7b:0a:b4:6d:78:
         60:e0:37:dc:36:49:b3:d2:ed:28:5a:4b:62:b3:41:64:81:14:
         64:6f:aa:70:64:4e:a8:12:b9:6f:88:2d:a4:6a:bf:e6:00:40:
         cf:72:ba:fa:b1:6e:03:db:9a:9b:97:5e:66:6f:e6:30:fc:03:
         6c:ff:ee:7c:0d:bd:73:b7:bf:ab:05:3e:66:b8:a7:16:6e:90:
         fc:5e:31:89:da:42:68:d0:cf:5a:ad:6b:71:8d:c4:f4:c9:6c:
         1a:1c:8c:ba:76:85:91:b0:0c:92:f2:34:33:9f:7f:8a:78:49:
         5f:ff:2c:6b:d3:71:a2:97:ac:0e:48:0f:7a:eb:86:de:af:f0:
         62:83:b1:ed:0a:8f:95:57:5e:41:ef:74:c9:5b:7b:5c:28:2f:
         17:78:8d:a2:7b:48:75:d4:3e:9e:e3:84:e5:58:da:26:ac:87:
         aa:02:86:06:d2:e3:41:73:ae:13:51:8e:64:65:74:52:14:65:
         a9:65:2e:39:18:a6:a1:9e:27:83:db:4f:a2:f7:0a:93:d3:2f:
         05:56:dc:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAAvmsttiqcQUBZ0a8a0RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxNDc5OWM2N2MwODU0N2Q4MGJiMzVkMDJkYWU1MDVkNWE2
NWRjNWIwHhcNMjQwMTAxMTIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzQxM2VkNjg0ZTRkZGQ2ZjEyMmM5ZTNlMzk5YzAwOTQ1OGM1NTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3amQgaaRcOHsa+qtt50ZYhdfk+H
XV8Rz+3bK7j9phbcEjd5Id9y7+f2V8TtISB4WiRVSInoOZK1kU4oa3q/OruuhBkK
y2lIYldv4O94vETOps/RW1sl0nm+Z7fPwfm/eKYBkxTIXcxeo9yggR87ZG+NUm5F
/w+3MaepPrHb5GpMNjIOpR2h/Rfy/eZ1hpF3ftlYJ9BkP0iLh8jDqLDyyLyAs6mR
HRNKBGn1gcCdeV7lr5uWbLsNl5IjFsI7oa4zZfnnMpQcUuw+LgYDbVM3kJiTTPK2
Vdf29PUhKT7rCmOBxmFk1rG1Bs35Jz/3r9nhVs1mQB9NCpKaSGQrBVEYpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPdBPtaE5N3W8SLJ4+OZwAlFjFVKMB8GA1UdIwQY
MBaAFGFHmcZ8CFR9gLs10C2uUF1aZdxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVVlWnhud0lWSDJBdXpYUUxhNVFYVnBsM0ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9mN2M5ZDEtMGY1Yi00MmY1LTkzMWQt
MWRjMGI4NGExYzdlLzEvOTBFLTFvVGszZGJ4SXNuajQ1bkFDVVdNVlVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9mN2M5ZDEtMGY1Yi00MmY1LTkzMWQtMWRjMGI4NGExYzdl
LzEvWVVlWnhud0lWSDJBdXpYUUxhNVFYVnBsM0ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCT468MA0G
CSqGSIb3DQEBCwUAA4IBAQCRU7paFRZ9s+w5JRY0Gk9bL9L66sn/4uj/dTwkznpY
P5iSAAnn0xbori0pJqjN5INzewq0bXhg4DfcNkmz0u0oWktis0FkgRRkb6pwZE6o
ErlviC2kar/mAEDPcrr6sW4D25qbl15mb+Yw/ANs/+58Db1zt7+rBT5muKcWbpD8
XjGJ2kJo0M9arWtxjcT0yWwaHIy6doWRsAyS8jQzn3+KeElf/yxr03Gil6wOSA96
64ber/Big7HtCo+VV15B73TJW3tcKC8XeI2ie0h11D6e44TlWNomrIeqAoYG0uNB
c64TUY5kZXRSFGWpZS45GKahnieD20+i9wqT0y8FVtxv
-----END CERTIFICATE-----