Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/DTRMZKXlVGah7hSmdjEE4p3Gzck.roa
File:                     DTRMZKXlVGah7hSmdjEE4p3Gzck.roa (raw, json)
Hash identifier:          hXRDnezP/GUBhcV0jckF5AvYdGG/iNSsPBZuG3zyBs0=
Subject key identifier:   0D:34:4C:64:A5:E5:54:66:A1:EE:14:A6:76:31:04:E2:9D:C6:CD:C9
Certificate issuer:       /CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
Certificate serial:       018EF08EAC76D02923A36CE6C4745CDD5935
Authority key identifier: E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/DTRMZKXlVGah7hSmdjEE4p3Gzck.roa
Signing time:             Thu 18 Apr 2024 09:34:25 +0000
ROA not before:           Thu 18 Apr 2024 09:34:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49217
IP address blocks:        91.228.15.0/24 maxlen: 24
                          94.154.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 07:52:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f0:8e:ac:76:d0:29:23:a3:6c:e6:c4:74:5c:dd:59:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
        Validity
            Not Before: Apr 18 09:34:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d344c64a5e55466a1ee14a6763104e29dc6cdc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:f8:50:61:b5:7e:ee:ce:fc:b3:95:4f:83:40:
                    c4:39:e5:b6:da:e6:76:2d:7c:42:66:84:79:1c:66:
                    d0:ce:01:89:db:47:3d:44:69:4b:66:6f:23:0d:c1:
                    2f:7a:a0:97:70:1a:eb:68:15:6e:a8:85:a2:7c:08:
                    b9:29:92:ea:55:be:87:48:ac:48:ba:b0:c0:4d:6d:
                    9d:7b:7a:ac:37:a2:e7:e6:08:fd:70:90:2d:e8:b0:
                    3a:b6:2d:bf:85:73:3a:08:a9:36:40:ef:2c:d3:9a:
                    5b:df:88:8c:93:f2:03:2a:79:a8:63:85:5c:b3:a7:
                    ed:02:6b:bd:a0:4c:5e:e2:39:a9:9c:90:f7:e2:be:
                    df:68:20:00:0b:3f:a0:0d:10:b8:58:8b:eb:0e:c2:
                    29:8c:69:04:a8:d3:a3:06:17:79:12:24:d4:75:af:
                    ef:d2:4f:d0:b7:a9:c3:cb:31:ef:a6:ed:57:95:79:
                    33:19:9e:95:99:8d:1a:62:52:ee:8d:15:49:11:7c:
                    d2:52:12:84:2a:7e:73:98:c7:ba:92:1a:2b:81:4a:
                    ee:95:3a:f2:ca:f2:42:1e:e8:ec:18:75:08:13:1a:
                    93:fa:51:5c:cf:c8:50:02:36:74:f8:e1:e3:d4:76:
                    2d:91:19:af:0b:e3:55:f0:88:4e:00:23:58:28:d4:
                    17:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:34:4C:64:A5:E5:54:66:A1:EE:14:A6:76:31:04:E2:9D:C6:CD:C9
            X509v3 Authority Key Identifier:
                keyid:E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/DTRMZKXlVGah7hSmdjEE4p3Gzck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.15.0/24
                  94.154.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:91:e1:dc:5f:6b:14:10:0f:11:a6:41:e9:f8:70:fb:9d:16:
         27:7c:ca:0c:29:b7:b3:d6:e8:e5:0b:30:80:28:e9:c2:77:29:
         b0:00:94:98:bf:04:71:5b:17:a2:ac:a3:34:41:be:96:1f:58:
         90:86:7f:04:16:c2:70:59:05:01:23:c4:44:d2:de:7b:eb:8d:
         0a:fc:95:65:f1:64:45:e4:79:20:a0:ad:89:41:ae:98:06:fb:
         d8:ec:40:e0:30:c1:ca:31:ac:28:57:a1:ed:6e:e8:98:55:58:
         7f:4d:9b:ca:c7:ef:c3:da:dd:19:c9:02:ee:6d:64:c3:21:67:
         d4:9f:f0:ef:d6:21:2f:0a:f7:c6:64:94:83:c4:39:b2:92:75:
         f6:f9:55:5a:d7:e2:fb:79:61:0c:41:00:72:31:04:3d:7c:d4:
         ce:08:cd:85:58:e8:87:9b:53:b6:e8:ce:23:7c:d1:e8:2b:63:
         9f:74:31:e6:bf:2b:02:0b:bb:26:79:ce:ae:1a:13:ad:2c:fe:
         12:d7:c8:30:41:67:04:ae:1d:75:12:6d:02:bf:18:96:5f:86:
         d9:91:d4:33:d3:2d:78:89:ce:46:89:4e:c8:49:0c:d3:bf:75:
         be:cb:b4:fa:a9:91:a5:d9:71:2c:e9:f9:90:87:fe:63:9f:07:
         fd:f4:5d:ae
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7wjqx20Ckjo2zmxHRc3Vk1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Y2YzODg0Yjc4MDA3YTI1ZGJlMmUyY2VmMGNjNzNiNjk5
MjFmODgwHhcNMjQwNDE4MDkzNDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDM0NGM2NGE1ZTU1NDY2YTFlZTE0YTY3NjMxMDRlMjlkYzZjZGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/hQYbV+7s78s5VPg0DEOeW22uZ2
LXxCZoR5HGbQzgGJ20c9RGlLZm8jDcEveqCXcBrraBVuqIWifAi5KZLqVb6HSKxI
urDATW2de3qsN6Ln5gj9cJAt6LA6ti2/hXM6CKk2QO8s05pb34iMk/IDKnmoY4Vc
s6ftAmu9oExe4jmpnJD34r7faCAACz+gDRC4WIvrDsIpjGkEqNOjBhd5EiTUda/v
0k/Qt6nDyzHvpu1XlXkzGZ6VmY0aYlLujRVJEXzSUhKEKn5zmMe6khorgUrulTry
yvJCHujsGHUIExqT+lFcz8hQAjZ0+OHj1HYtkRmvC+NV8IhOACNYKNQXsQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA00TGSl5VRmoe4UpnYxBOKdxs3JMB8GA1UdIwQY
MBaAFOfPOIS3gAeiXb4uLO8Mxztpkh+IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgt
YTE4NGYzNTU2ZTQzLzEvRFRSTVpLWGxWR2FoN2hTbWRqRUU0cDNHemNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgtYTE4NGYzNTU2ZTQz
LzEvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+QPAwQA
XpojMA0GCSqGSIb3DQEBCwUAA4IBAQB+keHcX2sUEA8RpkHp+HD7nRYnfMoMKbez
1ujlCzCAKOnCdymwAJSYvwRxWxeirKM0Qb6WH1iQhn8EFsJwWQUBI8RE0t57640K
/JVl8WRF5HkgoK2JQa6YBvvY7EDgMMHKMawoV6HtbuiYVVh/TZvKx+/D2t0ZyQLu
bWTDIWfUn/Dv1iEvCvfGZJSDxDmyknX2+VVa1+L7eWEMQQByMQQ9fNTOCM2FWOiH
m1O26M4jfNHoK2OfdDHmvysCC7smec6uGhOtLP4S18gwQWcErh11Em0CvxiWX4bZ
kdQz0y14ic5GiU7ISQzTv3W+y7T6qZGl2XEs6fmQh/5jnwf99F2u
-----END CERTIFICATE-----