Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/5e80b4-cb16-4a35-b429-229ae9f728d6/1/1favdYYY_m115fJbPCqnNQTQC-4.roa
File:                     1favdYYY_m115fJbPCqnNQTQC-4.roa (raw, json)
Hash identifier:          JqdrpIAPsvsNkIpUiM7hC8jOVuzgCWUVOGVp30lphlM=
Subject key identifier:   D5:F6:AF:75:86:18:FE:6D:75:E5:F2:5B:3C:2A:A7:35:04:D0:0B:EE
Certificate issuer:       /CN=e8ecf8e4ec9b442a95374c2a3c7e784b076187cc
Certificate serial:       0194258FCCD0A3717804ED30C0A21903C3CF
Authority key identifier: E8:EC:F8:E4:EC:9B:44:2A:95:37:4C:2A:3C:7E:78:4B:07:61:87:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6Oz45OybRCqVN0wqPH54Swdhh8w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/5e80b4-cb16-4a35-b429-229ae9f728d6/1/1favdYYY_m115fJbPCqnNQTQC-4.roa
Signing time:             Thu 02 Jan 2025 05:49:28 +0000
ROA not before:           Thu 02 Jan 2025 05:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5610
IP address blocks:        91.232.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/5e80b4-cb16-4a35-b429-229ae9f728d6/1/6Oz45OybRCqVN0wqPH54Swdhh8w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/5e80b4-cb16-4a35-b429-229ae9f728d6/1/6Oz45OybRCqVN0wqPH54Swdhh8w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6Oz45OybRCqVN0wqPH54Swdhh8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:cc:d0:a3:71:78:04:ed:30:c0:a2:19:03:c3:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8ecf8e4ec9b442a95374c2a3c7e784b076187cc
        Validity
            Not Before: Jan  2 05:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5f6af758618fe6d75e5f25b3c2aa73504d00bee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d2:bd:55:f5:1a:01:51:c7:5a:fc:cc:c4:17:
                    5f:a5:e3:ea:e5:a3:d6:84:0a:31:b8:89:19:6a:47:
                    34:f3:22:34:6e:cc:18:53:38:9b:4d:21:b8:b4:e7:
                    1e:df:05:79:c5:82:85:c9:84:db:82:f7:66:91:d6:
                    65:5e:b8:4a:a8:8f:3a:8e:a2:90:91:5e:94:34:d2:
                    2a:e5:be:53:4b:cf:47:ba:76:49:d1:32:67:b7:19:
                    b1:4b:03:ee:76:19:4d:d4:29:23:c8:fc:87:0e:2e:
                    b9:4d:70:f8:41:3d:76:16:c0:37:07:fe:36:58:3b:
                    98:10:e5:59:11:01:d0:bd:6d:64:08:71:d3:83:fb:
                    2b:c0:94:a8:7f:89:da:80:43:d6:8c:dc:75:af:4a:
                    57:f7:bd:ed:57:32:3d:5d:93:58:d2:b4:9e:07:40:
                    06:aa:c2:8d:6c:ba:29:0b:b8:d1:0e:44:07:4d:9c:
                    45:0d:42:d3:4f:83:ef:20:1f:a1:e4:f7:88:7f:55:
                    30:fc:68:26:42:f8:ed:08:3a:29:71:70:e7:ce:d7:
                    68:a0:1c:12:39:25:d2:e0:54:23:6d:9a:40:45:dd:
                    15:8a:41:45:48:a1:7f:f4:21:04:fc:a7:55:8e:48:
                    a1:db:de:8c:e3:d4:b4:b3:8a:3f:b6:14:09:25:ef:
                    c2:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:F6:AF:75:86:18:FE:6D:75:E5:F2:5B:3C:2A:A7:35:04:D0:0B:EE
            X509v3 Authority Key Identifier:
                keyid:E8:EC:F8:E4:EC:9B:44:2A:95:37:4C:2A:3C:7E:78:4B:07:61:87:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6Oz45OybRCqVN0wqPH54Swdhh8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/5e80b4-cb16-4a35-b429-229ae9f728d6/1/1favdYYY_m115fJbPCqnNQTQC-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/5e80b4-cb16-4a35-b429-229ae9f728d6/1/6Oz45OybRCqVN0wqPH54Swdhh8w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:a1:d6:3b:18:90:5c:c1:4e:0c:0e:6e:8b:f3:c4:bc:7a:ae:
         9d:88:4c:1a:09:80:6e:35:66:fe:5a:d2:17:f4:87:99:4b:b6:
         58:cd:d1:7a:1a:00:79:b4:d0:56:48:ea:86:77:6a:c0:f9:0f:
         5d:a6:3b:38:ea:7e:01:5a:05:0c:13:b4:72:ef:42:32:82:ff:
         6c:86:95:1b:aa:86:f7:f8:33:3a:4e:cd:0c:67:31:e6:65:dc:
         56:d7:cf:2c:55:f9:bb:58:81:63:83:48:3f:41:c3:0a:2b:98:
         85:24:c8:1f:ed:c6:cc:a7:0a:b3:bb:be:13:88:74:34:17:60:
         7d:54:75:b1:ab:e5:aa:05:cf:b4:fc:76:6c:a4:e2:12:6a:b5:
         7c:a4:03:76:11:04:4b:8f:ec:8b:ea:98:d9:ce:26:96:72:e6:
         12:e0:7e:52:b7:37:58:2f:b0:20:8e:9d:34:b5:fa:07:09:f3:
         f8:b5:dd:ea:5f:58:8d:0a:83:e9:88:b2:da:c0:30:f6:bb:b2:
         12:ef:9c:31:6c:65:d5:55:99:c8:c3:b6:72:77:44:65:a6:93:
         f6:a9:58:5e:5e:bb:09:9f:0b:5d:9f:aa:36:53:ae:b1:d9:29:
         39:57:05:10:24:ef:60:d0:e0:3f:f4:1e:44:3a:8c:a6:77:ed:
         e7:bd:3f:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj8zQo3F4BO0wwKIZA8PPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4ZWNmOGU0ZWM5YjQ0MmE5NTM3NGMyYTNjN2U3ODRiMDc2
MTg3Y2MwHhcNMjUwMTAyMDU0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWY2YWY3NTg2MThmZTZkNzVlNWYyNWIzYzJhYTczNTA0ZDAwYmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptK9VfUaAVHHWvzMxBdfpePq5aPW
hAoxuIkZakc08yI0bswYUzibTSG4tOce3wV5xYKFyYTbgvdmkdZlXrhKqI86jqKQ
kV6UNNIq5b5TS89HunZJ0TJntxmxSwPudhlN1CkjyPyHDi65TXD4QT12FsA3B/42
WDuYEOVZEQHQvW1kCHHTg/srwJSof4nagEPWjNx1r0pX973tVzI9XZNY0rSeB0AG
qsKNbLopC7jRDkQHTZxFDULTT4PvIB+h5PeIf1Uw/GgmQvjtCDopcXDnztdooBwS
OSXS4FQjbZpARd0VikFFSKF/9CEE/KdVjkih296M49S0s4o/thQJJe/CUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNX2r3WGGP5tdeXyWzwqpzUE0AvuMB8GA1UdIwQY
MBaAFOjs+OTsm0QqlTdMKjx+eEsHYYfMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNk96NDVPeWJSQ3FWTjB3cVBINTRTd2RoaDh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS81ZTgwYjQtY2IxNi00YTM1LWI0Mjkt
MjI5YWU5ZjcyOGQ2LzEvMWZhdmRZWVlfbTExNWZKYlBDcW5OUVRRQy00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS81ZTgwYjQtY2IxNi00YTM1LWI0MjktMjI5YWU5ZjcyOGQ2
LzEvNk96NDVPeWJSQ3FWTjB3cVBINTRTd2RoaDh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+hSMA0G
CSqGSIb3DQEBCwUAA4IBAQAIodY7GJBcwU4MDm6L88S8eq6diEwaCYBuNWb+WtIX
9IeZS7ZYzdF6GgB5tNBWSOqGd2rA+Q9dpjs46n4BWgUME7Ry70Iygv9shpUbqob3
+DM6Ts0MZzHmZdxW188sVfm7WIFjg0g/QcMKK5iFJMgf7cbMpwqzu74TiHQ0F2B9
VHWxq+WqBc+0/HZspOISarV8pAN2EQRLj+yL6pjZziaWcuYS4H5StzdYL7Agjp00
tfoHCfP4td3qX1iNCoPpiLLawDD2u7IS75wxbGXVVZnIw7Zyd0RlppP2qVheXrsJ
nwtdn6o2U66x2Sk5VwUQJO9g0OA/9B5EOoymd+3nvT/1
-----END CERTIFICATE-----