Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/8332cb-fd4b-49d9-b0a1-89def0082e2a/1/79VsR-5nub7DUrhryJn99r0sSJE.roa
File:                     79VsR-5nub7DUrhryJn99r0sSJE.roa (raw, json)
Hash identifier:          PKoaa5fww3RYvMlarfjIhYGHHPB9uxMDQ5a1vOFmd9k=
Subject key identifier:   EF:D5:6C:47:EE:67:B9:BE:C3:52:B8:6B:C8:99:FD:F6:BD:2C:48:91
Certificate issuer:       /CN=7036e04e53b9d3967cf9d418e78b60bbad075831
Certificate serial:       019522C5B844FE95536A7D2201A6360F6ABF
Authority key identifier: 70:36:E0:4E:53:B9:D3:96:7C:F9:D4:18:E7:8B:60:BB:AD:07:58:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cDbgTlO505Z8-dQY54tgu60HWDE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/8332cb-fd4b-49d9-b0a1-89def0082e2a/1/79VsR-5nub7DUrhryJn99r0sSJE.roa
Signing time:             Thu 20 Feb 2025 09:52:17 +0000
ROA not before:           Thu 20 Feb 2025 09:52:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51821
IP address blocks:        91.216.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/8332cb-fd4b-49d9-b0a1-89def0082e2a/1/cDbgTlO505Z8-dQY54tgu60HWDE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/8332cb-fd4b-49d9-b0a1-89def0082e2a/1/cDbgTlO505Z8-dQY54tgu60HWDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cDbgTlO505Z8-dQY54tgu60HWDE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:22:c5:b8:44:fe:95:53:6a:7d:22:01:a6:36:0f:6a:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7036e04e53b9d3967cf9d418e78b60bbad075831
        Validity
            Not Before: Feb 20 09:52:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=efd56c47ee67b9bec352b86bc899fdf6bd2c4891
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:19:6b:2a:9a:21:c2:7e:e0:6d:59:98:51:6e:
                    55:20:87:cd:43:79:3e:fb:bd:15:51:e2:09:15:cd:
                    74:17:ee:05:cd:4b:a5:01:c0:9d:8f:6b:8c:67:8c:
                    f8:f2:01:83:e6:70:da:a3:09:fa:b6:38:75:54:bf:
                    32:27:13:55:d5:9a:49:a8:07:4c:8d:24:56:e7:5e:
                    b8:1e:d5:ff:8e:ad:31:24:f4:54:7a:82:25:2c:0f:
                    4d:e3:0d:3c:98:7f:3a:b6:e0:a4:dc:d0:c6:ec:98:
                    a2:5a:21:2b:bd:cd:23:cc:86:2d:e5:c9:31:f4:2e:
                    fc:75:00:c1:d3:ce:c4:25:71:19:64:56:6f:07:17:
                    92:8f:69:c4:ec:b6:67:dc:6d:29:a3:c0:1b:45:43:
                    b6:24:19:6a:d5:9f:b8:e3:cf:a6:de:e8:30:3f:3f:
                    16:d7:1c:9f:3d:6f:26:e5:60:83:40:3c:d2:46:e2:
                    29:9d:74:2a:76:d4:7e:71:78:dd:99:98:e4:1d:d2:
                    0e:ae:c4:15:ff:75:af:69:be:24:6c:32:8d:d2:9a:
                    f2:ff:c8:2a:0c:ea:7a:67:69:12:e7:f5:a8:f4:08:
                    b7:06:a2:92:29:8a:f1:89:86:ec:c6:d6:b7:f3:4b:
                    99:a4:e1:21:1b:96:29:6f:b4:f1:f1:0c:d0:de:19:
                    e9:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:D5:6C:47:EE:67:B9:BE:C3:52:B8:6B:C8:99:FD:F6:BD:2C:48:91
            X509v3 Authority Key Identifier:
                keyid:70:36:E0:4E:53:B9:D3:96:7C:F9:D4:18:E7:8B:60:BB:AD:07:58:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cDbgTlO505Z8-dQY54tgu60HWDE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/8332cb-fd4b-49d9-b0a1-89def0082e2a/1/79VsR-5nub7DUrhryJn99r0sSJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/8332cb-fd4b-49d9-b0a1-89def0082e2a/1/cDbgTlO505Z8-dQY54tgu60HWDE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:b6:68:de:bf:18:18:95:e3:0f:f0:14:5d:9d:8d:02:07:dc:
         e0:e0:64:f5:93:fe:2b:c6:47:a4:66:37:6a:ec:61:ee:dd:a8:
         4d:0f:2d:dd:f2:0f:e8:f0:94:d5:d1:06:7b:f7:8c:63:99:49:
         86:43:93:3b:29:ce:a4:47:ab:e3:2f:56:1e:ae:36:0a:17:1a:
         f4:96:f2:9e:b5:f8:b4:f4:85:e3:d6:78:ec:df:f8:76:c3:78:
         81:0b:a3:c3:65:ac:e6:a3:f3:43:63:ff:42:75:cf:6d:76:77:
         27:96:1a:f5:35:77:fb:a9:1e:aa:10:f2:69:8a:a8:8d:d4:bf:
         f8:fb:8e:23:01:25:cb:cb:41:24:3d:98:cb:d4:3b:14:bc:53:
         41:62:35:e6:70:0f:e3:73:c8:b4:2f:89:73:01:e0:45:23:49:
         de:2c:e7:83:97:f0:a7:fb:2f:4e:90:93:c4:50:f3:87:b1:be:
         37:cd:55:52:61:dc:27:17:62:86:51:a8:cc:0a:1c:9f:cc:26:
         dc:14:6f:2e:79:d7:8d:c2:08:cf:ca:cd:8b:48:f7:02:5c:6c:
         0f:7f:ab:de:73:39:c5:52:98:98:86:7e:48:95:b9:0d:a8:b0:
         5d:7b:34:ee:65:31:f4:8c:0f:87:5d:dd:07:88:c5:04:84:41:
         07:0c:7c:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUixbhE/pVTan0iAaY2D2q/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMzZlMDRlNTNiOWQzOTY3Y2Y5ZDQxOGU3OGI2MGJiYWQw
NzU4MzEwHhcNMjUwMjIwMDk1MjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmQ1NmM0N2VlNjdiOWJlYzM1MmI4NmJjODk5ZmRmNmJkMmM0ODkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBlrKpohwn7gbVmYUW5VIIfNQ3k+
+70VUeIJFc10F+4FzUulAcCdj2uMZ4z48gGD5nDaown6tjh1VL8yJxNV1ZpJqAdM
jSRW5164HtX/jq0xJPRUeoIlLA9N4w08mH86tuCk3NDG7JiiWiErvc0jzIYt5ckx
9C78dQDB087EJXEZZFZvBxeSj2nE7LZn3G0po8AbRUO2JBlq1Z+448+m3ugwPz8W
1xyfPW8m5WCDQDzSRuIpnXQqdtR+cXjdmZjkHdIOrsQV/3Wvab4kbDKN0pry/8gq
DOp6Z2kS5/Wo9Ai3BqKSKYrxiYbsxta380uZpOEhG5Ypb7Tx8QzQ3hnp+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO/VbEfuZ7m+w1K4a8iZ/fa9LEiRMB8GA1UdIwQY
MBaAFHA24E5TudOWfPnUGOeLYLutB1gxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0RiZ1RsTzUwNVo4LWRRWTU0dGd1NjBIV0RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC84MzMyY2ItZmQ0Yi00OWQ5LWIwYTEt
ODlkZWYwMDgyZTJhLzEvNzlWc1ItNW51YjdEVXJocnlKbjk5cjBzU0pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC84MzMyY2ItZmQ0Yi00OWQ5LWIwYTEtODlkZWYwMDgyZTJh
LzEvY0RiZ1RsTzUwNVo4LWRRWTU0dGd1NjBIV0RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9g+MA0G
CSqGSIb3DQEBCwUAA4IBAQB8tmjevxgYleMP8BRdnY0CB9zg4GT1k/4rxkekZjdq
7GHu3ahNDy3d8g/o8JTV0QZ794xjmUmGQ5M7Kc6kR6vjL1YerjYKFxr0lvKetfi0
9IXj1njs3/h2w3iBC6PDZazmo/NDY/9Cdc9tdncnlhr1NXf7qR6qEPJpiqiN1L/4
+44jASXLy0EkPZjL1DsUvFNBYjXmcA/jc8i0L4lzAeBFI0neLOeDl/Cn+y9OkJPE
UPOHsb43zVVSYdwnF2KGUajMChyfzCbcFG8uedeNwgjPys2LSPcCXGwPf6vecznF
UpiYhn5IlbkNqLBdezTuZTH0jA+HXd0HiMUEhEEHDHxp
-----END CERTIFICATE-----