Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/VmoQZGDHTjJz0JRDwDAhbI-SYCY.roa
File:                     VmoQZGDHTjJz0JRDwDAhbI-SYCY.roa (raw, json)
Hash identifier:          OhrOORfsivgnzqJYr1azfu4+oobPv4UA60aJiRtqZV0=
Subject key identifier:   56:6A:10:64:60:C7:4E:32:73:D0:94:43:C0:30:21:6C:8F:92:60:26
Certificate issuer:       /CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
Certificate serial:       0192244E5FC33C597C1D92A1B5CBE681DF31
Authority key identifier: E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/VmoQZGDHTjJz0JRDwDAhbI-SYCY.roa
Signing time:             Tue 24 Sep 2024 13:52:48 +0000
ROA not before:           Tue 24 Sep 2024 13:52:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        91.228.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:24:4e:5f:c3:3c:59:7c:1d:92:a1:b5:cb:e6:81:df:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
        Validity
            Not Before: Sep 24 13:52:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=566a106460c74e3273d09443c030216c8f926026
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:c6:6d:9e:a2:6a:d6:85:3b:c4:19:ae:2f:84:
                    e3:4b:e3:86:04:b8:c4:4e:78:b8:96:33:ea:f2:e3:
                    5c:45:1d:9e:12:88:cf:61:0c:4c:59:de:55:c1:d3:
                    86:33:cc:70:83:ab:38:91:4a:a9:57:de:26:16:e0:
                    9d:74:7e:25:51:b9:9e:e5:c2:8a:4f:61:2c:df:a0:
                    3f:2f:d3:c4:bc:1e:73:90:d7:0a:fd:2e:c5:ab:a9:
                    12:7d:88:da:a8:a7:6a:9d:ff:8f:7f:e2:b1:95:a9:
                    1f:87:08:9d:ff:7c:b2:d5:a5:85:d4:d1:6c:88:b3:
                    85:6a:f4:cd:40:58:5a:3c:a5:cb:f6:45:d0:97:2d:
                    65:21:ca:ab:25:35:ee:4b:8f:4e:0c:ae:9c:57:fe:
                    4e:5f:04:54:c3:45:53:64:46:74:d6:70:bb:57:17:
                    3e:bf:f6:51:5c:ed:87:ae:a1:91:e3:b4:1d:00:62:
                    48:0a:73:85:74:f8:2c:87:ed:e6:f8:2c:6c:31:06:
                    f6:7b:52:ea:c3:6e:4d:c8:27:fa:f5:1d:7a:35:8e:
                    19:61:64:b0:2f:d1:79:40:67:b6:7a:52:4f:23:06:
                    91:6e:58:1c:ef:88:2b:5f:71:75:94:b2:9e:ef:db:
                    42:45:86:e2:f9:a9:3a:54:ed:c1:63:1f:18:da:73:
                    51:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:6A:10:64:60:C7:4E:32:73:D0:94:43:C0:30:21:6C:8F:92:60:26
            X509v3 Authority Key Identifier:
                keyid:E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/VmoQZGDHTjJz0JRDwDAhbI-SYCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:9a:e9:ff:e9:f7:cc:55:73:fe:b4:0c:8a:50:35:4b:d4:cc:
         94:9e:0b:05:13:1f:e7:6e:13:50:3a:19:d2:f1:00:1a:f3:47:
         2e:cc:63:56:a9:d3:bd:2e:16:de:8b:ab:7c:15:41:dd:28:4a:
         be:06:91:21:19:90:75:00:4e:56:43:fb:aa:6a:03:ba:c9:21:
         e9:cc:f6:a3:9f:d8:7d:7b:58:70:87:7b:55:ef:aa:98:d1:22:
         1d:fd:be:c0:4b:52:e8:b1:7d:30:ae:f8:cf:6b:6c:e3:fc:9f:
         0d:f4:71:fa:f5:22:27:a5:dc:ac:56:a9:99:1f:44:c2:c4:63:
         b8:0b:db:04:80:2a:4f:99:dd:93:41:26:39:25:ce:4d:fa:10:
         dc:7d:e8:4a:5e:0d:4b:27:54:ea:fc:8b:25:81:46:55:ab:0b:
         27:93:e7:73:0b:ca:66:e9:7b:cf:55:74:76:ac:06:e9:ec:16:
         15:96:86:6f:7a:20:aa:80:de:eb:d5:2e:5a:3e:c9:c6:31:1d:
         8b:21:8b:4d:fe:06:c8:61:dc:16:b0:6a:c2:db:41:ab:86:0a:
         78:8d:a9:b1:62:6b:86:c3:36:d9:12:4e:e1:e4:91:59:47:e3:
         23:aa:ff:76:a9:7d:85:00:40:24:9a:63:08:f8:51:7b:ef:44:
         89:62:c1:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIkTl/DPFl8HZKhtcvmgd8xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Y2YzODg0Yjc4MDA3YTI1ZGJlMmUyY2VmMGNjNzNiNjk5
MjFmODgwHhcNMjQwOTI0MTM1MjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjZhMTA2NDYwYzc0ZTMyNzNkMDk0NDNjMDMwMjE2YzhmOTI2MDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1sZtnqJq1oU7xBmuL4TjS+OGBLjE
Tni4ljPq8uNcRR2eEojPYQxMWd5VwdOGM8xwg6s4kUqpV94mFuCddH4lUbme5cKK
T2Es36A/L9PEvB5zkNcK/S7Fq6kSfYjaqKdqnf+Pf+Kxlakfhwid/3yy1aWF1NFs
iLOFavTNQFhaPKXL9kXQly1lIcqrJTXuS49ODK6cV/5OXwRUw0VTZEZ01nC7Vxc+
v/ZRXO2HrqGR47QdAGJICnOFdPgsh+3m+CxsMQb2e1Lqw25NyCf69R16NY4ZYWSw
L9F5QGe2elJPIwaRblgc74grX3F1lLKe79tCRYbi+ak6VO3BYx8Y2nNRRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFZqEGRgx04yc9CUQ8AwIWyPkmAmMB8GA1UdIwQY
MBaAFOfPOIS3gAeiXb4uLO8Mxztpkh+IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgt
YTE4NGYzNTU2ZTQzLzEvVm1vUVpHREhUakp6MEpSRHdEQWhiSS1TWUNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgtYTE4NGYzNTU2ZTQz
LzEvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+QNMA0G
CSqGSIb3DQEBCwUAA4IBAQCPmun/6ffMVXP+tAyKUDVL1MyUngsFEx/nbhNQOhnS
8QAa80cuzGNWqdO9Lhbei6t8FUHdKEq+BpEhGZB1AE5WQ/uqagO6ySHpzPajn9h9
e1hwh3tV76qY0SId/b7AS1LosX0wrvjPa2zj/J8N9HH69SInpdysVqmZH0TCxGO4
C9sEgCpPmd2TQSY5Jc5N+hDcfehKXg1LJ1Tq/IslgUZVqwsnk+dzC8pm6XvPVXR2
rAbp7BYVloZveiCqgN7r1S5aPsnGMR2LIYtN/gbIYdwWsGrC20Grhgp4jamxYmuG
wzbZEk7h5JFZR+Mjqv92qX2FAEAkmmMI+FF770SJYsER
-----END CERTIFICATE-----