Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/hmdNJ7PnSClrlZRfBTw5cwKYk6s.roa
File:                     hmdNJ7PnSClrlZRfBTw5cwKYk6s.roa (raw, json)
Hash identifier:          g5Swvwaesn/2OSE/yZMY3lqRGaIOG0ghqe/94Y5et7I=
Subject key identifier:   86:67:4D:27:B3:E7:48:29:6B:95:94:5F:05:3C:39:73:02:98:93:AB
Certificate issuer:       /CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
Certificate serial:       018F19B2B4E245CCC484AC92E9B2E7A0D8D2
Authority key identifier: E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/hmdNJ7PnSClrlZRfBTw5cwKYk6s.roa
Signing time:             Fri 26 Apr 2024 09:18:13 +0000
ROA not before:           Fri 26 Apr 2024 09:18:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        91.228.14.0/24 maxlen: 24
                          94.154.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:19:b2:b4:e2:45:cc:c4:84:ac:92:e9:b2:e7:a0:d8:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
        Validity
            Not Before: Apr 26 09:18:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86674d27b3e748296b95945f053c3973029893ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:c5:6d:ff:d1:7d:dd:0f:30:f7:27:7b:e3:89:
                    55:96:37:c5:18:14:c1:5d:98:c3:6d:3e:0d:1f:2e:
                    4b:6c:27:c6:04:8d:8b:3d:94:b0:35:30:87:78:c0:
                    03:bb:ba:04:f6:f4:23:ed:03:8e:06:39:8b:a0:89:
                    d5:11:1f:c1:83:b4:8c:79:96:4c:4e:b7:91:b0:f1:
                    d3:6b:67:c6:0b:d9:f1:40:0d:6b:29:7a:22:45:37:
                    ca:bd:1a:6e:3d:59:dd:f4:48:20:78:fa:2d:1c:77:
                    98:35:9d:bc:76:9b:89:8f:81:75:7d:68:76:06:a6:
                    cc:85:fb:21:89:45:69:3b:32:49:59:87:8b:c0:0d:
                    38:a8:ff:d1:d1:35:17:5e:33:39:15:59:18:c9:54:
                    48:bf:27:8f:bf:84:89:0d:78:dd:ac:a2:e4:f9:ee:
                    a4:e4:84:73:f5:b5:32:db:df:6d:00:9c:7c:17:48:
                    34:99:93:cc:f9:b7:7e:61:5b:33:20:92:2b:2e:e1:
                    1c:a0:49:46:82:9e:67:4d:1f:1a:1d:0f:48:86:65:
                    c0:2d:8b:95:16:5c:2f:43:57:2f:3b:60:e1:76:7b:
                    19:e6:bb:25:0b:31:0d:86:db:db:51:1c:df:c4:53:
                    91:7c:fb:63:af:8f:c0:f3:96:4b:0e:5b:6f:b1:d7:
                    93:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:67:4D:27:B3:E7:48:29:6B:95:94:5F:05:3C:39:73:02:98:93:AB
            X509v3 Authority Key Identifier:
                keyid:E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/hmdNJ7PnSClrlZRfBTw5cwKYk6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.14.0/24
                  94.154.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:c7:5c:95:a5:34:ad:c3:31:a1:ac:46:4a:52:2b:35:5d:ed:
         7d:7d:6f:fa:1a:41:fc:d6:8d:e0:79:58:6a:d7:c8:f5:f3:de:
         1f:56:0b:4c:95:5b:c4:53:f5:92:a8:20:19:6a:7f:be:15:0f:
         a8:62:4f:ef:2b:5b:81:6d:56:d5:56:85:96:fe:9a:b2:f1:14:
         37:b2:f9:e0:1d:3d:75:83:55:d9:00:0e:d2:20:9d:20:06:14:
         a6:cc:b6:00:6e:a3:25:dd:76:03:2d:66:dd:5d:d3:d5:4e:26:
         47:39:27:bd:83:2e:43:d1:ba:be:c0:34:68:d5:85:08:a4:88:
         20:46:63:7b:5c:36:65:db:84:cd:04:c6:89:29:d9:87:6a:25:
         f0:2f:78:b9:a8:09:73:af:51:c3:58:6f:c1:d6:6f:de:96:c7:
         0b:a0:d9:b4:66:24:e0:05:77:8a:85:ff:aa:33:18:63:bd:7e:
         09:29:bd:e5:b8:17:51:00:82:f3:04:53:a0:94:f1:ff:83:89:
         90:fe:69:71:d9:1a:bc:d5:a2:83:02:af:bf:a2:01:5e:27:bf:
         a4:0e:5f:7f:b3:24:58:a3:9a:50:44:d7:ce:ea:b0:da:eb:a2:
         72:47:f9:71:e6:5b:f0:2d:f9:c9:8d:de:6a:8c:51:d8:52:ea:
         b5:9d:52:a1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8ZsrTiRczEhKyS6bLnoNjSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Y2YzODg0Yjc4MDA3YTI1ZGJlMmUyY2VmMGNjNzNiNjk5
MjFmODgwHhcNMjQwNDI2MDkxODEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjY3NGQyN2IzZTc0ODI5NmI5NTk0NWYwNTNjMzk3MzAyOTg5M2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgsVt/9F93Q8w9yd744lVljfFGBTB
XZjDbT4NHy5LbCfGBI2LPZSwNTCHeMADu7oE9vQj7QOOBjmLoInVER/Bg7SMeZZM
TreRsPHTa2fGC9nxQA1rKXoiRTfKvRpuPVnd9EggePotHHeYNZ28dpuJj4F1fWh2
BqbMhfshiUVpOzJJWYeLwA04qP/R0TUXXjM5FVkYyVRIvyePv4SJDXjdrKLk+e6k
5IRz9bUy299tAJx8F0g0mZPM+bd+YVszIJIrLuEcoElGgp5nTR8aHQ9IhmXALYuV
FlwvQ1cvO2DhdnsZ5rslCzENhtvbURzfxFORfPtjr4/A85ZLDltvsdeT6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIZnTSez50gpa5WUXwU8OXMCmJOrMB8GA1UdIwQY
MBaAFOfPOIS3gAeiXb4uLO8Mxztpkh+IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgt
YTE4NGYzNTU2ZTQzLzEvaG1kTko3UG5TQ2xybFpSZkJUdzVjd0tZazZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgtYTE4NGYzNTU2ZTQz
LzEvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+QOAwQA
XpokMA0GCSqGSIb3DQEBCwUAA4IBAQCZx1yVpTStwzGhrEZKUis1Xe19fW/6GkH8
1o3geVhq18j1894fVgtMlVvEU/WSqCAZan++FQ+oYk/vK1uBbVbVVoWW/pqy8RQ3
svngHT11g1XZAA7SIJ0gBhSmzLYAbqMl3XYDLWbdXdPVTiZHOSe9gy5D0bq+wDRo
1YUIpIggRmN7XDZl24TNBMaJKdmHaiXwL3i5qAlzr1HDWG/B1m/elscLoNm0ZiTg
BXeKhf+qMxhjvX4JKb3luBdRAILzBFOglPH/g4mQ/mlx2Rq81aKDAq+/ogFeJ7+k
Dl9/syRYo5pQRNfO6rDa66JyR/lx5lvwLfnJjd5qjFHYUuq1nVKh
-----END CERTIFICATE-----