Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/23db5c-1a10-44c6-9d77-bb5caac2e903/1/7Ubso5FdbE6ZVPGCJdUs8ldLo7U.roa
File:                     7Ubso5FdbE6ZVPGCJdUs8ldLo7U.roa (raw, json)
Hash identifier:          tWUhwGRkp2Wsw0AlBIbHfFNBO7ZZIwFLWe7kWJVHhhU=
Subject key identifier:   ED:46:EC:A3:91:5D:6C:4E:99:54:F1:82:25:D5:2C:F2:57:4B:A3:B5
Certificate issuer:       /CN=8dc69c6bbe89e7c0479b617744a4424f66674944
Certificate serial:       019420D5E96FD59884671A04C57A934D0C62
Authority key identifier: 8D:C6:9C:6B:BE:89:E7:C0:47:9B:61:77:44:A4:42:4F:66:67:49:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jcaca76J58BHm2F3RKRCT2ZnSUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/23db5c-1a10-44c6-9d77-bb5caac2e903/1/7Ubso5FdbE6ZVPGCJdUs8ldLo7U.roa
Signing time:             Wed 01 Jan 2025 07:47:57 +0000
ROA not before:           Wed 01 Jan 2025 07:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199239
IP address blocks:        91.92.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/23db5c-1a10-44c6-9d77-bb5caac2e903/1/jcaca76J58BHm2F3RKRCT2ZnSUQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/23db5c-1a10-44c6-9d77-bb5caac2e903/1/jcaca76J58BHm2F3RKRCT2ZnSUQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jcaca76J58BHm2F3RKRCT2ZnSUQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:e9:6f:d5:98:84:67:1a:04:c5:7a:93:4d:0c:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8dc69c6bbe89e7c0479b617744a4424f66674944
        Validity
            Not Before: Jan  1 07:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed46eca3915d6c4e9954f18225d52cf2574ba3b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:d0:18:e2:d3:a5:cd:7e:3d:87:1e:17:f6:aa:
                    e1:dd:d5:8c:b4:2f:17:b5:5b:b6:a7:48:56:7e:c0:
                    88:9f:44:13:0c:a8:81:54:94:c0:bf:79:ec:0a:b3:
                    15:29:20:b5:7f:8c:47:42:11:82:91:a3:dc:71:34:
                    d7:ab:1e:c5:58:f4:77:d6:61:1f:e7:ed:2e:bd:93:
                    91:e5:62:1d:c9:0a:13:c3:db:71:b5:f4:93:f5:1f:
                    6c:de:ec:a3:83:a2:cc:82:06:28:a0:b1:04:e0:fb:
                    f3:17:e7:f8:b5:1d:86:1d:0d:0c:07:1a:66:a8:6e:
                    2a:78:10:4d:87:27:b9:33:74:9e:12:ed:9a:c5:0d:
                    e8:df:05:2e:f2:08:ed:5f:2e:34:2c:23:bd:b5:28:
                    c4:7a:98:12:56:b4:20:11:09:31:4d:aa:27:27:28:
                    01:e1:da:09:86:ed:97:96:e8:8f:2f:09:b6:aa:70:
                    fa:49:62:10:7a:7c:28:01:d0:d9:61:d7:3d:6e:99:
                    21:e0:0a:5e:4d:fa:5c:33:01:3c:06:1a:c3:a9:b2:
                    5e:4f:46:90:99:18:7a:9e:1e:b6:ad:0e:fd:f4:69:
                    3c:35:b4:eb:11:0b:c7:8e:d2:1e:b3:af:9e:44:7f:
                    e5:68:5e:5b:47:bd:2d:e2:8e:cd:5f:5d:23:84:20:
                    2e:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:46:EC:A3:91:5D:6C:4E:99:54:F1:82:25:D5:2C:F2:57:4B:A3:B5
            X509v3 Authority Key Identifier:
                keyid:8D:C6:9C:6B:BE:89:E7:C0:47:9B:61:77:44:A4:42:4F:66:67:49:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jcaca76J58BHm2F3RKRCT2ZnSUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/23db5c-1a10-44c6-9d77-bb5caac2e903/1/7Ubso5FdbE6ZVPGCJdUs8ldLo7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/23db5c-1a10-44c6-9d77-bb5caac2e903/1/jcaca76J58BHm2F3RKRCT2ZnSUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.92.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:31:4b:79:d3:71:09:95:f8:2e:3c:fa:68:04:51:45:bf:91:
         23:68:76:ab:ee:fe:44:e7:af:cb:40:4d:6f:4c:ec:db:16:a8:
         56:e1:af:67:c1:e3:66:9f:69:da:9f:36:ab:da:f9:1d:43:66:
         cc:ef:ec:1f:e5:8d:84:44:ac:f9:46:71:8f:67:7e:55:15:7b:
         7d:f4:a8:64:75:ee:dd:57:e3:d0:a4:ba:73:aa:5b:d4:10:62:
         86:0f:dc:8b:db:8a:e4:74:81:49:35:b5:20:52:ca:ee:65:e2:
         bf:e4:ed:34:70:42:59:1c:8b:8c:61:84:a0:70:96:3c:fa:4a:
         7d:05:91:ed:6e:77:5b:4f:cf:15:6b:13:b4:34:b8:ed:c5:4d:
         28:d5:a7:4e:50:ff:c8:8a:71:18:81:2e:5c:d6:1a:d8:be:c6:
         c4:2a:72:d6:d8:e5:61:a0:59:c9:38:aa:91:85:cb:7d:d9:19:
         9f:c1:b9:e4:6f:e3:aa:25:ea:4d:7f:42:9e:4e:90:31:8b:df:
         07:fb:c0:69:56:b2:0c:fd:c4:20:cf:4d:97:36:00:3b:63:2e:
         2c:f6:5b:d2:43:91:ca:22:c6:c2:da:67:00:08:2d:5a:96:46:
         c0:69:12:f2:6d:22:e6:a5:01:d7:44:3c:04:b6:47:20:54:1d:
         0a:ed:30:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1elv1ZiEZxoExXqTTQxiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYzY5YzZiYmU4OWU3YzA0NzliNjE3NzQ0YTQ0MjRmNjY2
NzQ5NDQwHhcNMjUwMTAxMDc0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDQ2ZWNhMzkxNWQ2YzRlOTk1NGYxODIyNWQ1MmNmMjU3NGJhM2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdAY4tOlzX49hx4X9qrh3dWMtC8X
tVu2p0hWfsCIn0QTDKiBVJTAv3nsCrMVKSC1f4xHQhGCkaPccTTXqx7FWPR31mEf
5+0uvZOR5WIdyQoTw9txtfST9R9s3uyjg6LMggYooLEE4PvzF+f4tR2GHQ0MBxpm
qG4qeBBNhye5M3SeEu2axQ3o3wUu8gjtXy40LCO9tSjEepgSVrQgEQkxTaonJygB
4doJhu2XluiPLwm2qnD6SWIQenwoAdDZYdc9bpkh4ApeTfpcMwE8BhrDqbJeT0aQ
mRh6nh62rQ799Gk8NbTrEQvHjtIes6+eRH/laF5bR70t4o7NX10jhCAuswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO1G7KORXWxOmVTxgiXVLPJXS6O1MB8GA1UdIwQY
MBaAFI3GnGu+iefAR5thd0SkQk9mZ0lEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamNhY2E3Nko1OEJIbTJGM1JLUkNUMlpuU1VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8yM2RiNWMtMWExMC00NGM2LTlkNzct
YmI1Y2FhYzJlOTAzLzEvN1Vic281RmRiRTZaVlBHQ0pkVXM4bGRMbzdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8yM2RiNWMtMWExMC00NGM2LTlkNzctYmI1Y2FhYzJlOTAz
LzEvamNhY2E3Nko1OEJIbTJGM1JLUkNUMlpuU1VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW1xzMA0G
CSqGSIb3DQEBCwUAA4IBAQCWMUt503EJlfguPPpoBFFFv5EjaHar7v5E56/LQE1v
TOzbFqhW4a9nweNmn2nanzar2vkdQ2bM7+wf5Y2ERKz5RnGPZ35VFXt99Khkde7d
V+PQpLpzqlvUEGKGD9yL24rkdIFJNbUgUsruZeK/5O00cEJZHIuMYYSgcJY8+kp9
BZHtbndbT88VaxO0NLjtxU0o1adOUP/IinEYgS5c1hrYvsbEKnLW2OVhoFnJOKqR
hct92Rmfwbnkb+OqJepNf0KeTpAxi98H+8BpVrIM/cQgz02XNgA7Yy4s9lvSQ5HK
IsbC2mcACC1alkbAaRLybSLmpQHXRDwEtkcgVB0K7TC3
-----END CERTIFICATE-----