Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/wRIjf3m7WJXn0mR8XjyT6mycqO0.roa
File:                     wRIjf3m7WJXn0mR8XjyT6mycqO0.roa (raw, json)
Hash identifier:          Xo6YpPe3Y8/Vpx/nYcP5n5Hb5UA1pYTNC92hhDMd+ro=
Subject key identifier:   C1:12:23:7F:79:BB:58:95:E7:D2:64:7C:5E:3C:93:EA:6C:9C:A8:ED
Certificate issuer:       /CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
Certificate serial:       018F1035BE4EB779FF50D11DE3168EF98411
Authority key identifier: E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/wRIjf3m7WJXn0mR8XjyT6mycqO0.roa
Signing time:             Wed 24 Apr 2024 13:05:08 +0000
ROA not before:           Wed 24 Apr 2024 13:05:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208485
IP address blocks:        91.228.12.0/24 maxlen: 24
                          94.154.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:10:35:be:4e:b7:79:ff:50:d1:1d:e3:16:8e:f9:84:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
        Validity
            Not Before: Apr 24 13:05:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c112237f79bb5895e7d2647c5e3c93ea6c9ca8ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:5c:71:05:dc:1e:7b:17:f9:6f:77:8d:9a:50:
                    0d:c3:90:96:6b:ba:72:28:b5:28:4e:61:aa:e1:2f:
                    b3:17:48:d9:45:85:6a:38:49:1c:f6:41:4f:8a:75:
                    ee:62:30:99:15:68:c7:d5:a7:82:0f:aa:87:93:39:
                    67:83:70:59:a0:8b:c7:ef:bc:84:65:57:5e:da:0c:
                    06:b2:a9:ba:5b:f3:be:19:01:5b:79:ef:e4:c2:6a:
                    59:c7:d4:7d:23:f2:ae:86:f2:bf:88:98:77:14:f1:
                    b0:a0:bc:a7:5e:bc:bd:c2:2e:4e:a4:f2:6d:3c:9d:
                    ce:03:21:32:6f:03:9a:20:1e:60:95:82:9c:b1:7b:
                    b8:e4:a9:ef:d3:26:af:a1:85:8e:c7:4f:95:08:7e:
                    10:ec:6d:f1:d0:f6:12:8b:00:af:16:28:29:36:13:
                    c7:12:41:da:e5:ef:99:60:d0:70:8f:26:8f:0f:d2:
                    12:03:13:a4:e4:da:ea:45:ff:b7:c6:d9:c0:65:36:
                    61:e6:58:9b:3c:42:1d:17:d5:9e:e8:19:27:0f:6a:
                    a7:b5:2b:6a:d2:a8:d7:96:c7:d7:df:62:8f:21:41:
                    dc:0a:96:f9:21:e6:8f:1b:13:b2:1d:3a:a0:e8:51:
                    1f:25:ff:97:77:13:4f:a6:c4:41:f5:e1:99:b3:21:
                    87:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:12:23:7F:79:BB:58:95:E7:D2:64:7C:5E:3C:93:EA:6C:9C:A8:ED
            X509v3 Authority Key Identifier:
                keyid:E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/wRIjf3m7WJXn0mR8XjyT6mycqO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.12.0/24
                  94.154.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:37:91:21:e5:07:0e:6e:ce:6e:91:38:1d:ee:1c:1e:f5:2e:
         e5:bf:1a:75:ff:4f:c9:c3:47:68:50:c0:a0:75:82:25:79:58:
         a0:bd:7c:24:c9:6b:e8:71:a5:14:13:22:78:0d:0d:6e:94:0e:
         6a:41:cc:a6:06:75:26:97:ab:bf:28:db:d3:a5:48:f5:ee:87:
         6c:33:08:01:5c:cb:5a:4a:38:6f:0c:5a:11:e3:33:ba:b6:c3:
         45:d9:bd:1c:4c:be:b1:fc:40:e1:64:2d:04:2c:2f:f5:21:49:
         2a:69:20:00:31:46:bd:50:ff:e7:1d:15:9b:c8:fe:d1:32:0c:
         c7:94:60:a4:39:fb:3f:31:6b:7f:07:ad:30:a4:0f:57:9d:50:
         cc:59:03:db:95:16:c4:c1:6f:30:0b:75:2c:38:47:ba:e6:17:
         88:d9:18:13:31:e8:de:07:95:dd:53:93:b6:af:e6:1d:5e:ab:
         a7:4f:36:3c:b2:e8:d2:21:98:13:3c:c8:e4:3e:61:a0:92:c2:
         8c:4b:dd:83:f9:93:f0:4c:f5:5c:36:4f:15:f6:2a:57:82:d2:
         78:8e:32:2e:07:26:ed:89:19:c6:3b:8a:14:fb:23:79:0d:e7:
         7f:b8:21:61:92:4b:66:1d:32:94:ef:3c:ad:1a:cf:29:e6:e2:
         b2:d2:d2:21
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8QNb5Ot3n/UNEd4xaO+YQRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Y2YzODg0Yjc4MDA3YTI1ZGJlMmUyY2VmMGNjNzNiNjk5
MjFmODgwHhcNMjQwNDI0MTMwNTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTEyMjM3Zjc5YmI1ODk1ZTdkMjY0N2M1ZTNjOTNlYTZjOWNhOGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAllxxBdweexf5b3eNmlANw5CWa7py
KLUoTmGq4S+zF0jZRYVqOEkc9kFPinXuYjCZFWjH1aeCD6qHkzlng3BZoIvH77yE
ZVde2gwGsqm6W/O+GQFbee/kwmpZx9R9I/KuhvK/iJh3FPGwoLynXry9wi5OpPJt
PJ3OAyEybwOaIB5glYKcsXu45Knv0yavoYWOx0+VCH4Q7G3x0PYSiwCvFigpNhPH
EkHa5e+ZYNBwjyaPD9ISAxOk5NrqRf+3xtnAZTZh5libPEIdF9We6BknD2qntStq
0qjXlsfX32KPIUHcCpb5IeaPGxOyHTqg6FEfJf+XdxNPpsRB9eGZsyGHkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMESI395u1iV59JkfF48k+psnKjtMB8GA1UdIwQY
MBaAFOfPOIS3gAeiXb4uLO8Mxztpkh+IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgt
YTE4NGYzNTU2ZTQzLzEvd1JJamYzbTdXSlhuMG1SOFhqeVQ2bXljcU8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgtYTE4NGYzNTU2ZTQz
LzEvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+QMAwQA
XpogMA0GCSqGSIb3DQEBCwUAA4IBAQARN5Eh5QcObs5ukTgd7hwe9S7lvxp1/0/J
w0doUMCgdYIleVigvXwkyWvocaUUEyJ4DQ1ulA5qQcymBnUml6u/KNvTpUj17ods
MwgBXMtaSjhvDFoR4zO6tsNF2b0cTL6x/EDhZC0ELC/1IUkqaSAAMUa9UP/nHRWb
yP7RMgzHlGCkOfs/MWt/B60wpA9XnVDMWQPblRbEwW8wC3UsOEe65heI2RgTMeje
B5XdU5O2r+YdXqunTzY8sujSIZgTPMjkPmGgksKMS92D+ZPwTPVcNk8V9ipXgtJ4
jjIuBybtiRnGO4oU+yN5Ded/uCFhkktmHTKU7zytGs8p5uKy0tIh
-----END CERTIFICATE-----