Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/AqxfMWCGQdnm3wLsnqLTJtezd3A.roa
File:                     AqxfMWCGQdnm3wLsnqLTJtezd3A.roa (raw, json)
Hash identifier:          nw7zBDLiFRmK2dCjY3y27tWrCPdIPxQ+CNpVxqd3tsg=
Subject key identifier:   02:AC:5F:31:60:86:41:D9:E6:DF:02:EC:9E:A2:D3:26:D7:B3:77:70
Certificate issuer:       /CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
Certificate serial:       01932AE9193A616408423422469E139863AD
Authority key identifier: E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/AqxfMWCGQdnm3wLsnqLTJtezd3A.roa
Signing time:             Thu 14 Nov 2024 13:42:19 +0000
ROA not before:           Thu 14 Nov 2024 13:42:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60707
IP address blocks:        91.228.12.0/24 maxlen: 24
                          91.228.14.0/24 maxlen: 24
                          94.154.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2a:e9:19:3a:61:64:08:42:34:22:46:9e:13:98:63:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
        Validity
            Not Before: Nov 14 13:42:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02ac5f31608641d9e6df02ec9ea2d326d7b37770
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:2b:13:99:67:ad:b2:0d:d8:2c:24:cb:56:47:
                    fe:c5:cb:e3:d2:f7:5c:b4:b1:7b:2a:65:30:79:3c:
                    b8:4c:7c:26:42:bb:34:30:12:53:69:98:98:5b:18:
                    d6:bf:a7:cf:a7:2d:30:09:74:8c:45:67:4c:f0:9e:
                    ff:e3:32:2c:b0:25:dc:cc:21:27:23:47:4f:5f:50:
                    d8:16:1a:7e:78:e6:2a:99:20:a3:a0:70:84:14:7f:
                    15:4b:2b:81:19:40:22:45:59:67:33:9c:53:40:ec:
                    82:df:95:70:c3:e8:e5:c7:9f:1b:1c:3a:99:37:40:
                    f0:b9:5b:fe:15:60:dc:00:ce:97:00:37:93:7f:a5:
                    79:d3:75:0c:da:79:b1:df:c0:a0:ee:13:28:56:73:
                    b7:a4:89:63:5d:3e:2d:93:95:6f:40:c3:a8:01:dc:
                    23:a2:8e:04:8e:0e:7e:f0:41:1b:ab:4d:f0:7f:e4:
                    f3:53:1e:75:e0:a3:d2:d8:58:ed:e9:b9:12:ab:f7:
                    7b:8d:44:17:32:be:f8:75:97:28:79:2b:4f:18:0e:
                    2e:c7:ee:62:e6:1b:2a:9b:0c:91:8e:eb:76:b1:f8:
                    75:38:27:c6:f4:23:cd:40:b0:c5:a9:a1:a1:9f:74:
                    10:a7:35:28:d1:dc:d1:bd:54:4e:a1:d4:d4:ea:1b:
                    4b:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:AC:5F:31:60:86:41:D9:E6:DF:02:EC:9E:A2:D3:26:D7:B3:77:70
            X509v3 Authority Key Identifier:
                keyid:E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/AqxfMWCGQdnm3wLsnqLTJtezd3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.12.0/24
                  91.228.14.0/24
                  94.154.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:0c:d9:ad:82:d2:6c:7e:f9:2b:28:1e:84:20:be:b0:a3:6b:
         62:2f:7e:5e:c1:ee:9f:ec:d9:32:19:8d:74:ce:b6:be:a1:86:
         9a:15:2b:ae:f6:3f:f1:67:b9:e5:79:b5:c8:9a:d4:02:99:ba:
         9d:a7:d0:71:7b:5e:1d:74:8e:9a:9e:38:52:64:c8:ca:1f:c7:
         26:7e:7a:f6:e6:18:5b:55:ec:55:58:6e:d4:76:9f:31:cc:96:
         1c:a1:69:0e:80:94:cd:a8:a7:30:d5:8a:71:44:6e:ee:1f:8c:
         88:51:a7:b8:3b:31:9c:9c:7a:d0:48:8d:d2:1d:85:e9:92:3d:
         c6:da:5e:00:34:03:d8:1a:50:e5:78:fa:bb:87:ff:09:20:e0:
         a5:17:be:53:67:7e:d2:fd:21:ab:5f:e6:38:8d:16:50:44:29:
         c8:a6:db:15:96:d5:ba:26:f8:6e:15:b6:4a:08:d5:80:62:cd:
         7b:58:a3:99:6a:0b:a6:db:fb:1f:4f:f5:69:2e:4b:44:bc:f0:
         e9:d4:24:34:7b:97:33:07:55:98:c2:3a:5d:dc:30:45:de:fd:
         bd:54:62:8c:d1:8f:a5:64:06:09:67:88:d2:e3:a7:ef:3e:35:
         54:d8:71:7e:9d:e2:65:49:f8:8d:85:1f:10:af:98:61:be:52:
         54:5a:97:46
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZMq6Rk6YWQIQjQiRp4TmGOtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Y2YzODg0Yjc4MDA3YTI1ZGJlMmUyY2VmMGNjNzNiNjk5
MjFmODgwHhcNMjQxMTE0MTM0MjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmFjNWYzMTYwODY0MWQ5ZTZkZjAyZWM5ZWEyZDMyNmQ3YjM3NzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArysTmWetsg3YLCTLVkf+xcvj0vdc
tLF7KmUweTy4THwmQrs0MBJTaZiYWxjWv6fPpy0wCXSMRWdM8J7/4zIssCXczCEn
I0dPX1DYFhp+eOYqmSCjoHCEFH8VSyuBGUAiRVlnM5xTQOyC35Vww+jlx58bHDqZ
N0DwuVv+FWDcAM6XADeTf6V503UM2nmx38Cg7hMoVnO3pIljXT4tk5VvQMOoAdwj
oo4Ejg5+8EEbq03wf+TzUx514KPS2Fjt6bkSq/d7jUQXMr74dZcoeStPGA4ux+5i
5hsqmwyRjut2sfh1OCfG9CPNQLDFqaGhn3QQpzUo0dzRvVROodTU6htLuQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAKsXzFghkHZ5t8C7J6i0ybXs3dwMB8GA1UdIwQY
MBaAFOfPOIS3gAeiXb4uLO8Mxztpkh+IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgt
YTE4NGYzNTU2ZTQzLzEvQXF4Zk1XQ0dRZG5tM3dMc25xTFRKdGV6ZDNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgtYTE4NGYzNTU2ZTQz
LzEvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW+QMAwQA
W+QOAwQAXpokMA0GCSqGSIb3DQEBCwUAA4IBAQBdDNmtgtJsfvkrKB6EIL6wo2ti
L35ewe6f7NkyGY10zra+oYaaFSuu9j/xZ7nlebXImtQCmbqdp9Bxe14ddI6anjhS
ZMjKH8cmfnr25hhbVexVWG7Udp8xzJYcoWkOgJTNqKcw1YpxRG7uH4yIUae4OzGc
nHrQSI3SHYXpkj3G2l4ANAPYGlDlePq7h/8JIOClF75TZ37S/SGrX+Y4jRZQRCnI
ptsVltW6JvhuFbZKCNWAYs17WKOZagum2/sfT/VpLktEvPDp1CQ0e5czB1WYwjpd
3DBF3v29VGKM0Y+lZAYJZ4jS46fvPjVU2HF+neJlSfiNhR8Qr5hhvlJUWpdG
-----END CERTIFICATE-----