Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/0LDsu8q8BNCVXMdgo8IAmxRh6lg.roa
File:                     0LDsu8q8BNCVXMdgo8IAmxRh6lg.roa (raw, json)
Hash identifier:          G5jGPy0QrJ03EB2ETPwF643gtEqN7L0Vq2ZY/sUU8MU=
Subject key identifier:   D0:B0:EC:BB:CA:BC:04:D0:95:5C:C7:60:A3:C2:00:9B:14:61:EA:58
Certificate issuer:       /CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
Certificate serial:       01959609A6DD9837707C8F3059142F8B6009
Authority key identifier: E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/0LDsu8q8BNCVXMdgo8IAmxRh6lg.roa
Signing time:             Fri 14 Mar 2025 19:02:49 +0000
ROA not before:           Fri 14 Mar 2025 19:02:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211539
IP address blocks:        91.228.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:96:09:a6:dd:98:37:70:7c:8f:30:59:14:2f:8b:60:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
        Validity
            Not Before: Mar 14 19:02:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d0b0ecbbcabc04d0955cc760a3c2009b1461ea58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:85:94:45:83:71:a2:9c:70:a0:bf:a9:cf:ba:
                    36:af:56:36:ae:ff:0c:ff:72:df:bc:61:7a:89:fe:
                    82:de:d3:62:8a:ba:08:17:62:15:e5:fa:ba:7d:c4:
                    f9:6e:2e:11:b9:fd:c4:9f:d1:a9:1d:04:8f:69:30:
                    4d:e5:57:b4:1a:82:ab:b7:eb:17:80:d6:94:78:bf:
                    e3:d1:26:b9:d7:27:54:ee:55:d2:77:15:15:a3:1f:
                    a8:8c:b6:bf:7b:6a:80:7d:ac:e4:c9:79:af:b5:56:
                    21:d3:15:63:ac:39:34:b0:d1:54:80:1d:de:84:fc:
                    c9:8b:5c:71:50:97:2c:23:4b:58:88:5a:8a:fe:e0:
                    39:c2:3c:02:af:d6:d0:8d:04:80:11:37:2f:c6:1d:
                    2a:00:01:08:51:8b:74:24:20:5b:e7:b3:d8:f4:ab:
                    48:48:51:f7:8d:16:88:df:26:f4:fc:5a:5d:11:c4:
                    b6:46:01:24:7b:a1:fa:34:3b:51:45:3d:3f:f2:ec:
                    30:92:4b:39:4f:16:ec:ef:5f:c5:d9:0f:0e:13:57:
                    e5:34:c5:1d:69:ae:29:7e:a2:b5:92:15:47:a6:ea:
                    d1:66:33:fa:ab:00:8e:f5:ac:a6:5f:87:ee:d7:a1:
                    96:c9:7b:3b:21:da:b0:91:46:32:b7:11:c2:0c:c3:
                    fa:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:B0:EC:BB:CA:BC:04:D0:95:5C:C7:60:A3:C2:00:9B:14:61:EA:58
            X509v3 Authority Key Identifier:
                keyid:E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/0LDsu8q8BNCVXMdgo8IAmxRh6lg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:d0:73:6b:3b:da:bc:e8:f9:d5:fe:34:18:2a:c2:eb:e1:8c:
         75:f9:e2:bb:d0:ab:5c:a4:d7:94:1b:a6:aa:18:2e:13:84:30:
         0d:93:e0:c4:38:ae:9f:1b:f6:1b:44:17:aa:b4:38:f4:c4:5b:
         a5:49:ff:cd:ad:cf:7d:0a:cc:57:40:4a:7b:8e:62:cc:1c:77:
         10:e8:57:97:41:56:a5:b3:50:6e:4a:94:2a:07:df:8c:a3:cb:
         e9:48:3b:66:62:5b:dc:ee:d8:57:b1:23:a2:2b:d1:fd:04:c4:
         b7:61:3b:98:0e:10:13:88:ee:6f:d7:e9:f0:5b:fd:a1:6b:32:
         9c:59:23:8b:61:ff:5f:88:6f:44:c2:bb:04:a5:15:70:e3:a2:
         2d:6a:67:38:a7:30:c7:b1:69:6e:c3:25:b7:2f:0a:2b:c2:a0:
         76:30:6f:b2:fd:be:84:fc:92:5b:46:ff:d4:8b:ab:bb:0e:07:
         03:21:24:04:a8:13:e8:aa:80:4e:6c:94:1b:11:00:30:26:2d:
         5c:3e:84:c7:24:e3:6a:87:0a:a0:54:3b:b9:d3:65:c0:f0:54:
         22:47:e8:8a:e2:9e:e5:9e:b5:e0:d7:b7:c7:6e:4b:79:0b:1d:
         4c:28:d6:e9:3d:10:65:56:1b:24:63:e1:e6:0d:3b:04:41:90:
         c8:37:fe:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWWCabdmDdwfI8wWRQvi2AJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Y2YzODg0Yjc4MDA3YTI1ZGJlMmUyY2VmMGNjNzNiNjk5
MjFmODgwHhcNMjUwMzE0MTkwMjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGIwZWNiYmNhYmMwNGQwOTU1Y2M3NjBhM2MyMDA5YjE0NjFlYTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4WURYNxopxwoL+pz7o2r1Y2rv8M
/3LfvGF6if6C3tNiiroIF2IV5fq6fcT5bi4Ruf3En9GpHQSPaTBN5Ve0GoKrt+sX
gNaUeL/j0Sa51ydU7lXSdxUVox+ojLa/e2qAfazkyXmvtVYh0xVjrDk0sNFUgB3e
hPzJi1xxUJcsI0tYiFqK/uA5wjwCr9bQjQSAETcvxh0qAAEIUYt0JCBb57PY9KtI
SFH3jRaI3yb0/FpdEcS2RgEke6H6NDtRRT0/8uwwkks5Txbs71/F2Q8OE1flNMUd
aa4pfqK1khVHpurRZjP6qwCO9aymX4fu16GWyXs7IdqwkUYytxHCDMP6dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNCw7LvKvATQlVzHYKPCAJsUYepYMB8GA1UdIwQY
MBaAFOfPOIS3gAeiXb4uLO8Mxztpkh+IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgt
YTE4NGYzNTU2ZTQzLzEvMExEc3U4cThCTkNWWE1kZ284SUFteFJoNmxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgtYTE4NGYzNTU2ZTQz
LzEvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+QPMA0G
CSqGSIb3DQEBCwUAA4IBAQCO0HNrO9q86PnV/jQYKsLr4Yx1+eK70KtcpNeUG6aq
GC4ThDANk+DEOK6fG/YbRBeqtDj0xFulSf/Nrc99CsxXQEp7jmLMHHcQ6FeXQVal
s1BuSpQqB9+Mo8vpSDtmYlvc7thXsSOiK9H9BMS3YTuYDhATiO5v1+nwW/2hazKc
WSOLYf9fiG9EwrsEpRVw46Itamc4pzDHsWluwyW3LworwqB2MG+y/b6E/JJbRv/U
i6u7DgcDISQEqBPoqoBObJQbEQAwJi1cPoTHJONqhwqgVDu502XA8FQiR+iK4p7l
nrXg17fHbkt5Cx1MKNbpPRBlVhskY+HmDTsEQZDIN/4I
-----END CERTIFICATE-----