Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/ab5fdc-9d6b-4675-9a13-9d185f738211/1/U_7G7-gioHfyBIxv5CCQXwI5rnI.roa
File:                     U_7G7-gioHfyBIxv5CCQXwI5rnI.roa (raw, json)
Hash identifier:          wnFPDs1q/jqzz/VpgXVjZdhzOwYHhglFAEJ9jtnJUyM=
Subject key identifier:   53:FE:C6:EF:E8:22:A0:77:F2:04:8C:6F:E4:20:90:5F:02:39:AE:72
Certificate issuer:       /CN=e43f23d68937494288dfcc7a0efe1fe74a2036e1
Certificate serial:       018CCA29CF93D9D39B78B1DC7A7753F8B041
Authority key identifier: E4:3F:23:D6:89:37:49:42:88:DF:CC:7A:0E:FE:1F:E7:4A:20:36:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5D8j1ok3SUKI38x6Dv4f50ogNuE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/ab5fdc-9d6b-4675-9a13-9d185f738211/1/U_7G7-gioHfyBIxv5CCQXwI5rnI.roa
Signing time:             Tue 02 Jan 2024 12:33:06 +0000
ROA not before:           Tue 02 Jan 2024 12:33:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207186
IP address blocks:        91.207.154.0/24 maxlen: 24
                          91.207.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/ab5fdc-9d6b-4675-9a13-9d185f738211/1/5D8j1ok3SUKI38x6Dv4f50ogNuE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/ab5fdc-9d6b-4675-9a13-9d185f738211/1/5D8j1ok3SUKI38x6Dv4f50ogNuE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5D8j1ok3SUKI38x6Dv4f50ogNuE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:cf:93:d9:d3:9b:78:b1:dc:7a:77:53:f8:b0:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e43f23d68937494288dfcc7a0efe1fe74a2036e1
        Validity
            Not Before: Jan  2 12:33:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53fec6efe822a077f2048c6fe420905f0239ae72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:6b:c6:46:a5:bf:1b:d8:3e:2d:a7:18:95:da:
                    53:ec:1e:6a:be:b3:07:a6:77:a9:51:96:db:ca:a3:
                    3e:99:6e:1f:51:8f:55:ea:78:de:f9:83:82:78:4d:
                    e1:37:5a:67:c9:c4:7d:ad:0d:c4:64:a9:67:84:61:
                    34:b0:de:52:79:14:f5:93:e9:ac:f9:6a:a0:8c:99:
                    e4:a0:84:57:97:7c:c0:05:17:93:e0:54:f7:0f:60:
                    be:23:15:9e:c1:dd:c5:97:50:d9:f7:bb:b2:1d:9a:
                    ab:7b:7f:2a:06:13:e9:95:47:19:71:19:eb:ea:52:
                    63:17:7d:5e:3e:0f:a9:66:67:61:35:88:ae:f9:dc:
                    12:66:a0:6b:0e:7b:5b:e2:6f:82:69:c6:78:93:ca:
                    64:c2:51:30:72:fc:f7:e1:90:54:21:9e:f9:7e:90:
                    e0:14:ac:57:dd:9c:68:88:7f:2c:65:60:de:98:63:
                    1e:a5:a9:c3:1d:bf:fe:74:64:15:34:93:6c:d3:0f:
                    19:86:d1:af:2b:bc:27:ce:2b:a1:45:7f:a2:4b:4f:
                    61:1b:2d:88:19:dc:34:ed:47:c7:7a:0f:86:fc:6d:
                    c2:a7:de:8c:09:25:ca:6a:00:d6:13:34:32:78:f4:
                    4d:4a:de:14:fc:ff:32:33:ee:6c:4e:7c:24:0f:18:
                    96:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:FE:C6:EF:E8:22:A0:77:F2:04:8C:6F:E4:20:90:5F:02:39:AE:72
            X509v3 Authority Key Identifier:
                keyid:E4:3F:23:D6:89:37:49:42:88:DF:CC:7A:0E:FE:1F:E7:4A:20:36:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5D8j1ok3SUKI38x6Dv4f50ogNuE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/ab5fdc-9d6b-4675-9a13-9d185f738211/1/U_7G7-gioHfyBIxv5CCQXwI5rnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/ab5fdc-9d6b-4675-9a13-9d185f738211/1/5D8j1ok3SUKI38x6Dv4f50ogNuE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.154.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:4c:8f:c4:af:78:31:15:e3:11:44:4f:e9:6b:ad:e6:43:bb:
         5c:0a:77:af:76:36:26:87:8f:d8:c4:bf:74:f8:a3:31:b6:83:
         ab:a1:46:5d:91:3e:d6:09:17:53:2a:21:6c:15:6e:08:9c:ba:
         d7:07:5f:e4:f2:8d:cf:9e:95:2d:5f:13:a3:8e:ed:7e:a2:a5:
         43:85:19:24:5a:a4:6e:4d:00:a7:97:62:1f:de:82:3d:2f:35:
         49:75:81:3d:37:36:c2:e2:b2:64:36:9c:a6:b6:ab:3d:e3:bd:
         65:4c:d5:e5:5f:a5:85:e7:90:2b:54:7c:d3:89:2b:07:2d:eb:
         5e:47:79:0d:11:1e:60:93:df:fb:c7:82:12:97:af:60:9e:58:
         8b:a4:5a:dc:56:ea:80:11:6b:2f:7a:06:53:7c:e1:f5:59:4e:
         4a:23:16:f7:b5:7f:cd:56:db:af:c5:5e:15:b1:03:78:ba:ef:
         36:44:60:9b:e4:e1:2f:a2:f8:44:00:37:6a:f4:03:e8:87:ce:
         15:4e:75:46:5f:5e:a6:2c:78:e7:4b:0e:ff:5a:cd:1f:b5:05:
         40:00:51:cb:41:94:dc:ec:da:5f:ae:59:f3:f6:8c:6c:72:fe:
         b1:13:df:b7:78:da:89:29:1f:bc:9d:74:a0:e4:53:4c:2c:83:
         95:e7:25:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKc+T2dObeLHcendT+LBBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0M2YyM2Q2ODkzNzQ5NDI4OGRmY2M3YTBlZmUxZmU3NGEy
MDM2ZTEwHhcNMjQwMTAyMTIzMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2ZlYzZlZmU4MjJhMDc3ZjIwNDhjNmZlNDIwOTA1ZjAyMzlhZTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWvGRqW/G9g+LacYldpT7B5qvrMH
pnepUZbbyqM+mW4fUY9V6nje+YOCeE3hN1pnycR9rQ3EZKlnhGE0sN5SeRT1k+ms
+WqgjJnkoIRXl3zABReT4FT3D2C+IxWewd3Fl1DZ97uyHZqre38qBhPplUcZcRnr
6lJjF31ePg+pZmdhNYiu+dwSZqBrDntb4m+CacZ4k8pkwlEwcvz34ZBUIZ75fpDg
FKxX3ZxoiH8sZWDemGMepanDHb/+dGQVNJNs0w8ZhtGvK7wnziuhRX+iS09hGy2I
Gdw07UfHeg+G/G3Cp96MCSXKagDWEzQyePRNSt4U/P8yM+5sTnwkDxiWJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFP+xu/oIqB38gSMb+QgkF8COa5yMB8GA1UdIwQY
MBaAFOQ/I9aJN0lCiN/Meg7+H+dKIDbhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUQ4ajFvazNTVUtJMzh4NkR2NGY1MG9nTnVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9hYjVmZGMtOWQ2Yi00Njc1LTlhMTMt
OWQxODVmNzM4MjExLzEvVV83RzctZ2lvSGZ5Qkl4djVDQ1FYd0k1cm5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9hYjVmZGMtOWQ2Yi00Njc1LTlhMTMtOWQxODVmNzM4MjEx
LzEvNUQ4ajFvazNTVUtJMzh4NkR2NGY1MG9nTnVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8+aMA0G
CSqGSIb3DQEBCwUAA4IBAQBXTI/Er3gxFeMRRE/pa63mQ7tcCnevdjYmh4/YxL90
+KMxtoOroUZdkT7WCRdTKiFsFW4InLrXB1/k8o3PnpUtXxOjju1+oqVDhRkkWqRu
TQCnl2If3oI9LzVJdYE9NzbC4rJkNpymtqs9471lTNXlX6WF55ArVHzTiSsHLete
R3kNER5gk9/7x4ISl69gnliLpFrcVuqAEWsvegZTfOH1WU5KIxb3tX/NVtuvxV4V
sQN4uu82RGCb5OEvovhEADdq9APoh84VTnVGX16mLHjnSw7/Ws0ftQVAAFHLQZTc
7Npfrlnz9oxscv6xE9+3eNqJKR+8nXSg5FNMLIOV5yW+
-----END CERTIFICATE-----