Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/e54e89-7b6b-417d-9bc9-62ce84f7075e/1/MF7gUqV1bP0pZdGtgxnh_eyO6I8.roa
File:                     MF7gUqV1bP0pZdGtgxnh_eyO6I8.roa (raw, json)
Hash identifier:          0JqiX5mWGDDw7xsSYSWlOWQFsyBT7AR0VxFuLt/fLTI=
Subject key identifier:   30:5E:E0:52:A5:75:6C:FD:29:65:D1:AD:83:19:E1:FD:EC:8E:E8:8F
Certificate issuer:       /CN=d4a039aeee62103b288c6c8b9692cf5808743e21
Certificate serial:       018CC4923DB2F9A81F9A8AECB01691E19FC9
Authority key identifier: D4:A0:39:AE:EE:62:10:3B:28:8C:6C:8B:96:92:CF:58:08:74:3E:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1KA5ru5iEDsojGyLlpLPWAh0PiE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/e54e89-7b6b-417d-9bc9-62ce84f7075e/1/MF7gUqV1bP0pZdGtgxnh_eyO6I8.roa
Signing time:             Mon 01 Jan 2024 10:29:27 +0000
ROA not before:           Mon 01 Jan 2024 10:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208772
IP address blocks:        91.216.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/e54e89-7b6b-417d-9bc9-62ce84f7075e/1/1KA5ru5iEDsojGyLlpLPWAh0PiE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/e54e89-7b6b-417d-9bc9-62ce84f7075e/1/1KA5ru5iEDsojGyLlpLPWAh0PiE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1KA5ru5iEDsojGyLlpLPWAh0PiE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:3d:b2:f9:a8:1f:9a:8a:ec:b0:16:91:e1:9f:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4a039aeee62103b288c6c8b9692cf5808743e21
        Validity
            Not Before: Jan  1 10:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=305ee052a5756cfd2965d1ad8319e1fdec8ee88f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:17:f8:c9:9d:8c:cd:97:7f:8c:10:53:69:bf:
                    58:bd:05:f8:f9:7e:07:61:c3:55:bb:67:6b:a5:c5:
                    d8:0a:e8:14:2d:5f:1b:cd:8f:c8:0e:02:dd:74:d4:
                    cd:dc:4e:5f:b9:06:07:80:d7:75:c2:db:92:b2:1f:
                    43:c2:f4:8d:45:c2:9a:01:97:ad:15:b1:8a:a6:61:
                    d0:74:c1:cc:91:34:e0:bb:9a:c7:42:74:c5:c9:6f:
                    54:af:b2:eb:24:56:26:6e:71:46:5b:1a:9b:c9:ad:
                    5c:ec:2a:58:ba:5a:ee:2a:ce:88:e3:4c:d3:ab:fc:
                    5b:40:10:0a:83:ce:19:4a:1a:80:30:88:d0:22:f8:
                    24:47:7d:f7:2a:90:9e:6b:44:c5:46:8c:ab:12:5a:
                    63:a8:7a:f8:d6:72:69:88:27:af:a3:95:46:f4:d8:
                    ca:6b:ee:91:be:45:c8:bd:de:b2:7c:a1:3b:b5:50:
                    e6:bf:84:ed:f0:b8:7b:26:00:8d:5d:bc:d7:8e:bc:
                    08:76:ba:f0:78:33:d3:bb:62:fe:6c:79:37:97:06:
                    0a:0b:20:93:b6:8b:4e:e1:2f:1d:ee:98:61:6f:98:
                    46:a1:d3:63:96:9c:c1:3d:03:8f:77:13:50:0b:97:
                    14:20:19:b5:5e:8d:c5:49:a7:0b:f0:92:13:43:77:
                    cd:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:5E:E0:52:A5:75:6C:FD:29:65:D1:AD:83:19:E1:FD:EC:8E:E8:8F
            X509v3 Authority Key Identifier:
                keyid:D4:A0:39:AE:EE:62:10:3B:28:8C:6C:8B:96:92:CF:58:08:74:3E:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1KA5ru5iEDsojGyLlpLPWAh0PiE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/e54e89-7b6b-417d-9bc9-62ce84f7075e/1/MF7gUqV1bP0pZdGtgxnh_eyO6I8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/e54e89-7b6b-417d-9bc9-62ce84f7075e/1/1KA5ru5iEDsojGyLlpLPWAh0PiE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:c3:d3:53:68:7b:96:7d:b8:8e:e2:95:28:ad:83:4b:f2:6d:
         67:eb:03:a9:d3:0f:b1:14:56:6d:7c:2a:1c:83:60:bf:0c:e1:
         bc:14:ed:7b:a1:72:75:c0:95:64:a2:96:33:fd:f5:59:07:cc:
         0c:91:a9:8f:58:c5:c5:30:da:a8:da:a8:76:59:84:fd:64:64:
         8a:45:08:e2:3c:f0:58:ab:6f:85:e2:39:8a:19:02:a8:d7:cb:
         cb:0e:f5:02:3d:d0:dd:2b:f8:b9:f3:27:d6:0e:35:83:95:d0:
         1b:06:58:7c:e3:70:ef:21:0c:f8:96:27:6a:85:c8:70:6a:91:
         71:6e:2b:12:74:67:e6:74:05:55:cb:85:c2:b8:07:35:28:a2:
         7f:96:59:94:b6:86:6e:9e:89:5c:10:df:9b:50:2a:e5:3e:ab:
         cb:10:29:a1:0b:36:0a:d5:bb:61:ee:cb:e2:3f:08:0b:6d:db:
         ff:9e:be:41:a4:9e:7f:4b:a5:73:54:43:79:b2:0a:83:ee:36:
         ad:ef:ff:c0:c5:02:74:29:6b:92:05:70:e5:48:47:22:c2:ab:
         34:32:da:dd:96:a6:f1:16:28:12:a7:66:70:06:ff:4a:20:09:
         fe:cc:8a:74:c3:99:87:d5:ba:93:7e:09:8d:75:83:2d:8f:5a:
         b0:7e:4b:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkj2y+agfmorssBaR4Z/JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0YTAzOWFlZWU2MjEwM2IyODhjNmM4Yjk2OTJjZjU4MDg3
NDNlMjEwHhcNMjQwMTAxMTAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDVlZTA1MmE1NzU2Y2ZkMjk2NWQxYWQ4MzE5ZTFmZGVjOGVlODhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBf4yZ2MzZd/jBBTab9YvQX4+X4H
YcNVu2drpcXYCugULV8bzY/IDgLddNTN3E5fuQYHgNd1wtuSsh9DwvSNRcKaAZet
FbGKpmHQdMHMkTTgu5rHQnTFyW9Ur7LrJFYmbnFGWxqbya1c7CpYulruKs6I40zT
q/xbQBAKg84ZShqAMIjQIvgkR333KpCea0TFRoyrElpjqHr41nJpiCevo5VG9NjK
a+6RvkXIvd6yfKE7tVDmv4Tt8Lh7JgCNXbzXjrwIdrrweDPTu2L+bHk3lwYKCyCT
totO4S8d7phhb5hGodNjlpzBPQOPdxNQC5cUIBm1Xo3FSacL8JITQ3fN/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDBe4FKldWz9KWXRrYMZ4f3sjuiPMB8GA1UdIwQY
MBaAFNSgOa7uYhA7KIxsi5aSz1gIdD4hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUtBNXJ1NWlFRHNvakd5TGxwTFBXQWgwUGlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9lNTRlODktN2I2Yi00MTdkLTliYzkt
NjJjZTg0ZjcwNzVlLzEvTUY3Z1VxVjFiUDBwWmRHdGd4bmhfZXlPNkk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9lNTRlODktN2I2Yi00MTdkLTliYzktNjJjZTg0ZjcwNzVl
LzEvMUtBNXJ1NWlFRHNvakd5TGxwTFBXQWgwUGlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9gjMA0G
CSqGSIb3DQEBCwUAA4IBAQBgw9NTaHuWfbiO4pUorYNL8m1n6wOp0w+xFFZtfCoc
g2C/DOG8FO17oXJ1wJVkopYz/fVZB8wMkamPWMXFMNqo2qh2WYT9ZGSKRQjiPPBY
q2+F4jmKGQKo18vLDvUCPdDdK/i58yfWDjWDldAbBlh843DvIQz4lidqhchwapFx
bisSdGfmdAVVy4XCuAc1KKJ/llmUtoZunolcEN+bUCrlPqvLECmhCzYK1bth7svi
PwgLbdv/nr5BpJ5/S6VzVEN5sgqD7jat7//AxQJ0KWuSBXDlSEciwqs0Mtrdlqbx
FigSp2ZwBv9KIAn+zIp0w5mH1bqTfgmNdYMtj1qwfkvB
-----END CERTIFICATE-----